Documentation ¶
Overview ¶
Package v1alpha1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1alpha1
Index ¶
- Constants
- Variables
- type AWSAuth
- type AWSAuthSecretRef
- type AWSJWTAuth
- type AWSProvider
- type AWSServiceType
- type AkeylessAuth
- type AkeylessAuthSecretRef
- type AkeylessKubernetesAuth
- type AkeylessProvider
- type AlibabaAuth
- type AlibabaAuthSecretRef
- type AlibabaProvider
- type AlibabaRRSAAuth
- type AzureAuthType
- type AzureKVAuth
- type AzureKVProvider
- type CAProvider
- type CAProviderType
- type CertAuth
- type ClusterSecretStore
- func (c *ClusterSecretStore) ConvertFrom(betaRaw conversion.Hub) error
- func (c *ClusterSecretStore) ConvertTo(betaRaw conversion.Hub) error
- func (c *ClusterSecretStore) Copy() GenericStore
- func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
- func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
- func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
- func (c *ClusterSecretStore) GetNamespacedName() string
- func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
- func (c *ClusterSecretStore) GetStatus() SecretStoreStatus
- func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
- func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)
- func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
- type ClusterSecretStoreList
- type ExternalSecret
- func (alpha *ExternalSecret) ConvertFrom(betaRaw conversion.Hub) error
- func (alpha *ExternalSecret) ConvertTo(betaRaw conversion.Hub) error
- func (in *ExternalSecret) DeepCopy() *ExternalSecret
- func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)
- func (in *ExternalSecret) DeepCopyObject() runtime.Object
- func (alpha *ExternalSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
- type ExternalSecretConditionType
- type ExternalSecretConversionStrategy
- type ExternalSecretCreationPolicy
- type ExternalSecretData
- type ExternalSecretDataRemoteRef
- type ExternalSecretList
- type ExternalSecretSpec
- type ExternalSecretStatus
- type ExternalSecretStatusCondition
- type ExternalSecretTarget
- type ExternalSecretTemplate
- type ExternalSecretTemplateMetadata
- type FakeProvider
- type FakeProviderData
- type GCPSMAuth
- type GCPSMAuthSecretRef
- type GCPSMProvider
- type GCPWorkloadIdentity
- type GenericStore
- type GitlabAuth
- type GitlabProvider
- type GitlabSecretRef
- type IBMAuth
- type IBMAuthSecretRef
- type IBMProvider
- type KubernetesAuth
- type KubernetesProvider
- type KubernetesServer
- type OracleAuth
- type OraclePrincipalType
- type OracleProvider
- type OracleSecretRef
- type PasswordDepotAuth
- type PasswordDepotProvider
- type PasswordDepotSecretRef
- type PushSecret
- type PushSecretConditionType
- type PushSecretConversionStrategy
- type PushSecretData
- func (in *PushSecretData) DeepCopy() *PushSecretData
- func (in *PushSecretData) DeepCopyInto(out *PushSecretData)
- func (d PushSecretData) GetMetadata() *apiextensionsv1.JSON
- func (d PushSecretData) GetProperty() string
- func (d PushSecretData) GetRemoteKey() string
- func (d PushSecretData) GetSecretKey() string
- type PushSecretDeletionPolicy
- type PushSecretList
- type PushSecretMatch
- type PushSecretRemoteRef
- type PushSecretSecret
- type PushSecretSelector
- type PushSecretSpec
- type PushSecretStatus
- type PushSecretStatusCondition
- type PushSecretStoreRef
- type PushSecretUpdatePolicy
- type SecretStore
- func (c *SecretStore) ConvertFrom(betaRaw conversion.Hub) error
- func (c *SecretStore) ConvertTo(betaRaw conversion.Hub) error
- func (c *SecretStore) Copy() GenericStore
- func (in *SecretStore) DeepCopy() *SecretStore
- func (in *SecretStore) DeepCopyInto(out *SecretStore)
- func (in *SecretStore) DeepCopyObject() runtime.Object
- func (c *SecretStore) GetNamespacedName() string
- func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *SecretStore) GetSpec() *SecretStoreSpec
- func (c *SecretStore) GetStatus() SecretStoreStatus
- func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
- func (c *SecretStore) SetStatus(status SecretStoreStatus)
- func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
- type SecretStoreConditionType
- type SecretStoreList
- type SecretStoreProvider
- type SecretStoreRef
- type SecretStoreRetrySettings
- type SecretStoreSpec
- type SecretStoreStatus
- type SecretStoreStatusCondition
- type ServiceAccountAuth
- type SyncedPushSecretsMap
- type TemplateEngineVersion
- type TemplateFrom
- type TemplateRef
- type TemplateRefItem
- type TokenAuth
- type VaultAppRole
- type VaultAuth
- type VaultCertAuth
- type VaultJwtAuth
- type VaultKVStoreVersion
- type VaultKubernetesAuth
- type VaultKubernetesServiceAccountTokenAuth
- type VaultLdapAuth
- type VaultProvider
- type WebhookCAProvider
- type WebhookCAProviderType
- type WebhookProvider
- type WebhookResult
- type WebhookSecret
- type YandexLockboxAuth
- type YandexLockboxCAProvider
- type YandexLockboxProvider
Constants ¶
const ( // ConditionReasonSecretSynced indicates that the secrets was synced. ConditionReasonSecretSynced = "SecretSynced" // ConditionReasonSecretSyncedError indicates that there was an error syncing the secret. ConditionReasonSecretSyncedError = "SecretSyncedError" // ConditionReasonSecretDeleted indicates that the secret has been deleted. ConditionReasonSecretDeleted = "SecretDeleted" ReasonInvalidStoreRef = "InvalidStoreRef" ReasonProviderClientConfig = "InvalidProviderClientConfig" ReasonUpdateFailed = "UpdateFailed" ReasonUpdated = "Updated" )
const ( ReasonSynced = "Synced" ReasonErrored = "Errored" )
const ( Group = "external-secrets.io" Version = "v1alpha1" )
Package type metadata.
const ( SecretStoreReady SecretStoreConditionType = "Ready" ReasonInvalidStore = "InvalidStoreConfiguration" ReasonInvalidProviderConfig = "InvalidProviderConfig" ReasonValidationFailed = "ValidationFailed" ReasonStoreValid = "Valid" )
const (
// AnnotationDataHash is used to ensure consistency.
AnnotationDataHash = "reconcile.external-secrets.io/data-hash"
)
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects. SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} AddToScheme = SchemeBuilder.AddToScheme )
var ( ExtSecretKind = reflect.TypeOf(ExternalSecret{}).Name() ExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String() ExtSecretKindAPIVersion = ExtSecretKind + "." + SchemeGroupVersion.String() ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind) )
ExternalSecret type metadata.
var ( SecretStoreKind = reflect.TypeOf(SecretStore{}).Name() SecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String() SecretStoreKindAPIVersion = SecretStoreKind + "." + SchemeGroupVersion.String() SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind) )
SecretStore type metadata.
var ( ClusterSecretStoreKind = reflect.TypeOf(ClusterSecretStore{}).Name() ClusterSecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String() ClusterSecretStoreKindAPIVersion = ClusterSecretStoreKind + "." + SchemeGroupVersion.String() ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind) )
ClusterSecretStore type metadata.
var ( PushSecretKind = reflect.TypeOf(PushSecret{}).Name() PushSecretGroupKind = schema.GroupKind{Group: Group, Kind: PushSecretKind}.String() PushSecretKindAPIVersion = PushSecretKind + "." + SchemeGroupVersion.String() PushSecretGroupVersionKind = SchemeGroupVersion.WithKind(PushSecretKind) )
Functions ¶
This section is empty.
Types ¶
type AWSAuth ¶
type AWSAuth struct { // +optional SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"` // +optional JWTAuth *AWSJWTAuth `json:"jwt,omitempty"` }
AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.
func (*AWSAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.
func (*AWSAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSAuthSecretRef ¶
type AWSAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` // The SecretAccessKey is used for authentication SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` }
AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
func (*AWSAuthSecretRef) DeepCopy ¶
func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.
func (*AWSAuthSecretRef) DeepCopyInto ¶
func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSJWTAuth ¶ added in v0.3.0
type AWSJWTAuth struct {
ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}
Authenticate against AWS using service account tokens.
func (*AWSJWTAuth) DeepCopy ¶ added in v0.3.0
func (in *AWSJWTAuth) DeepCopy() *AWSJWTAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSJWTAuth.
func (*AWSJWTAuth) DeepCopyInto ¶ added in v0.3.0
func (in *AWSJWTAuth) DeepCopyInto(out *AWSJWTAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSProvider ¶
type AWSProvider struct { // Service defines which service should be used to fetch the secrets Service AWSServiceType `json:"service"` // Auth defines the information necessary to authenticate against AWS // if not set aws sdk will infer credentials from your environment // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional Auth AWSAuth `json:"auth,omitempty"` // Role is a Role ARN which the SecretManager provider will assume // +optional Role string `json:"role,omitempty"` // AWS Region to be used for the provider Region string `json:"region"` }
AWSProvider configures a store to sync secrets with AWS.
func (*AWSProvider) DeepCopy ¶
func (in *AWSProvider) DeepCopy() *AWSProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.
func (*AWSProvider) DeepCopyInto ¶
func (in *AWSProvider) DeepCopyInto(out *AWSProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSServiceType ¶
type AWSServiceType string
AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore
const ( // AWSServiceSecretsManager is the AWS SecretsManager. // see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html AWSServiceSecretsManager AWSServiceType = "SecretsManager" // AWSServiceParameterStore is the AWS SystemsManager ParameterStore. // see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html AWSServiceParameterStore AWSServiceType = "ParameterStore" )
type AkeylessAuth ¶ added in v0.3.9
type AkeylessAuth struct { // Reference to a Secret that contains the details // to authenticate with Akeyless. // +optional SecretRef AkeylessAuthSecretRef `json:"secretRef,omitempty"` // Kubernetes authenticates with Akeyless by passing the ServiceAccount // token stored in the named Secret resource. // +optional KubernetesAuth *AkeylessKubernetesAuth `json:"kubernetesAuth,omitempty"` }
func (*AkeylessAuth) DeepCopy ¶ added in v0.3.9
func (in *AkeylessAuth) DeepCopy() *AkeylessAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuth.
func (*AkeylessAuth) DeepCopyInto ¶ added in v0.3.9
func (in *AkeylessAuth) DeepCopyInto(out *AkeylessAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessAuthSecretRef ¶ added in v0.3.9
type AkeylessAuthSecretRef struct { // The SecretAccessID is used for authentication AccessID esmeta.SecretKeySelector `json:"accessID,omitempty"` AccessType esmeta.SecretKeySelector `json:"accessType,omitempty"` AccessTypeParam esmeta.SecretKeySelector `json:"accessTypeParam,omitempty"` }
AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.
func (*AkeylessAuthSecretRef) DeepCopy ¶ added in v0.3.9
func (in *AkeylessAuthSecretRef) DeepCopy() *AkeylessAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuthSecretRef.
func (*AkeylessAuthSecretRef) DeepCopyInto ¶ added in v0.3.9
func (in *AkeylessAuthSecretRef) DeepCopyInto(out *AkeylessAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessKubernetesAuth ¶ added in v0.6.0
type AkeylessKubernetesAuth struct { // the Akeyless Kubernetes auth-method access-id AccessID string `json:"accessID"` // Kubernetes-auth configuration name in Akeyless-Gateway K8sConfName string `json:"k8sConfName"` // Optional service account field containing the name of a kubernetes ServiceAccount. // If the service account is specified, the service account secret token JWT will be used // for authenticating with Akeyless. If the service account selector is not supplied, // the secretRef will be used instead. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // Optional secret field containing a Kubernetes ServiceAccount JWT used // for authenticating with Akeyless. If a name is specified without a key, // `token` is the default. If one is not specified, the one bound to // the controller will be used. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
Authenticate with Kubernetes ServiceAccount token stored.
func (*AkeylessKubernetesAuth) DeepCopy ¶ added in v0.6.0
func (in *AkeylessKubernetesAuth) DeepCopy() *AkeylessKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessKubernetesAuth.
func (*AkeylessKubernetesAuth) DeepCopyInto ¶ added in v0.6.0
func (in *AkeylessKubernetesAuth) DeepCopyInto(out *AkeylessKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessProvider ¶ added in v0.3.9
type AkeylessProvider struct { // Akeyless GW API Url from which the secrets to be fetched from. AkeylessGWApiURL *string `json:"akeylessGWApiURL"` // Auth configures how the operator authenticates with Akeyless. Auth *AkeylessAuth `json:"authSecretRef"` // PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used // if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate Akeyless Gateway certificate. // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` }
AkeylessProvider Configures an store to sync secrets using Akeyless KV.
func (*AkeylessProvider) DeepCopy ¶ added in v0.3.9
func (in *AkeylessProvider) DeepCopy() *AkeylessProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessProvider.
func (*AkeylessProvider) DeepCopyInto ¶ added in v0.3.9
func (in *AkeylessProvider) DeepCopyInto(out *AkeylessProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaAuth ¶ added in v0.3.6
type AlibabaAuth struct { // +optional SecretRef *AlibabaAuthSecretRef `json:"secretRef,omitempty"` // +optional RRSAAuth *AlibabaRRSAAuth `json:"rrsa,omitempty"` }
AlibabaAuth contains a secretRef for credentials.
func (*AlibabaAuth) DeepCopy ¶ added in v0.3.6
func (in *AlibabaAuth) DeepCopy() *AlibabaAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuth.
func (*AlibabaAuth) DeepCopyInto ¶ added in v0.3.6
func (in *AlibabaAuth) DeepCopyInto(out *AlibabaAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaAuthSecretRef ¶ added in v0.3.6
type AlibabaAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef"` // The AccessKeySecret is used for authentication AccessKeySecret esmeta.SecretKeySelector `json:"accessKeySecretSecretRef"` }
AlibabaAuthSecretRef holds secret references for Alibaba credentials.
func (*AlibabaAuthSecretRef) DeepCopy ¶ added in v0.3.6
func (in *AlibabaAuthSecretRef) DeepCopy() *AlibabaAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuthSecretRef.
func (*AlibabaAuthSecretRef) DeepCopyInto ¶ added in v0.3.6
func (in *AlibabaAuthSecretRef) DeepCopyInto(out *AlibabaAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaProvider ¶ added in v0.3.6
type AlibabaProvider struct { Auth AlibabaAuth `json:"auth"` // Alibaba Region to be used for the provider RegionID string `json:"regionID"` }
AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.
func (*AlibabaProvider) DeepCopy ¶ added in v0.3.6
func (in *AlibabaProvider) DeepCopy() *AlibabaProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaProvider.
func (*AlibabaProvider) DeepCopyInto ¶ added in v0.3.6
func (in *AlibabaProvider) DeepCopyInto(out *AlibabaProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaRRSAAuth ¶ added in v0.7.3
type AlibabaRRSAAuth struct { OIDCProviderARN string `json:"oidcProviderArn"` OIDCTokenFilePath string `json:"oidcTokenFilePath"` RoleARN string `json:"roleArn"` SessionName string `json:"sessionName"` }
Authenticate against Alibaba using RRSA.
func (*AlibabaRRSAAuth) DeepCopy ¶ added in v0.7.3
func (in *AlibabaRRSAAuth) DeepCopy() *AlibabaRRSAAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaRRSAAuth.
func (*AlibabaRRSAAuth) DeepCopyInto ¶ added in v0.7.3
func (in *AlibabaRRSAAuth) DeepCopyInto(out *AlibabaRRSAAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAuthType ¶ added in v0.5.0
type AzureAuthType string
AuthType describes how to authenticate to the Azure Keyvault Only one of the following auth types may be specified. If none of the following auth type is specified, the default one is ServicePrincipal. +kubebuilder:validation:Enum=ServicePrincipal;ManagedIdentity;WorkloadIdentity
const ( // Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret. AzureServicePrincipal AzureAuthType = "ServicePrincipal" // Using Managed Identity to authenticate. Used with aad-pod-identity installed in the cluster. AzureManagedIdentity AzureAuthType = "ManagedIdentity" // Using Workload Identity service accounts to authenticate. AzureWorkloadIdentity AzureAuthType = "WorkloadIdentity" )
type AzureKVAuth ¶ added in v0.2.0
type AzureKVAuth struct { // The Azure clientId of the service principle used for authentication. // +optional ClientID *smmeta.SecretKeySelector `json:"clientId,omitempty"` // The Azure ClientSecret of the service principle used for authentication. // +optional ClientSecret *smmeta.SecretKeySelector `json:"clientSecret,omitempty"` }
Configuration used to authenticate with Azure.
func (*AzureKVAuth) DeepCopy ¶ added in v0.2.0
func (in *AzureKVAuth) DeepCopy() *AzureKVAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.
func (*AzureKVAuth) DeepCopyInto ¶ added in v0.2.0
func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureKVProvider ¶ added in v0.2.0
type AzureKVProvider struct { // Auth type defines how to authenticate to the keyvault service. // Valid values are: // - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) // - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) // +optional // +kubebuilder:default=ServicePrincipal AuthType *AzureAuthType `json:"authType,omitempty"` // Vault Url from which the secrets to be fetched from. VaultURL *string `json:"vaultUrl"` // TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. // +optional TenantID *string `json:"tenantId,omitempty"` // Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. // +optional AuthSecretRef *AzureKVAuth `json:"authSecretRef,omitempty"` // ServiceAccountRef specified the service account // that should be used when authenticating with WorkloadIdentity. // +optional ServiceAccountRef *smmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // If multiple Managed Identity is assigned to the pod, you can select the one to be used // +optional IdentityID *string `json:"identityId,omitempty"` }
Configures an store to sync secrets using Azure KV.
func (*AzureKVProvider) DeepCopy ¶ added in v0.2.0
func (in *AzureKVProvider) DeepCopy() *AzureKVProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.
func (*AzureKVProvider) DeepCopyInto ¶ added in v0.2.0
func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CAProvider ¶ added in v0.3.7
type CAProvider struct { // The type of provider to use such as "Secret", or "ConfigMap". // +kubebuilder:validation:Enum="Secret";"ConfigMap" Type CAProviderType `json:"type"` // The name of the object located at the provider type. // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=63 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` }
Defines a location to fetch the cert for the vault provider from.
func (*CAProvider) DeepCopy ¶ added in v0.3.7
func (in *CAProvider) DeepCopy() *CAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAProvider.
func (*CAProvider) DeepCopyInto ¶ added in v0.3.7
func (in *CAProvider) DeepCopyInto(out *CAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CAProviderType ¶ added in v0.3.7
type CAProviderType string
const ( CAProviderTypeSecret CAProviderType = "Secret" CAProviderTypeConfigMap CAProviderType = "ConfigMap" )
type CertAuth ¶ added in v0.5.0
type CertAuth struct { ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"` ClientKey esmeta.SecretKeySelector `json:"clientKey,omitempty"` }
func (*CertAuth) DeepCopy ¶ added in v0.5.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertAuth.
func (*CertAuth) DeepCopyInto ¶ added in v0.5.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSecretStore ¶
type ClusterSecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec SecretStoreSpec `json:"spec,omitempty"` Status SecretStoreStatus `json:"status,omitempty"` }
ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:deprecatedversion +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={external-secrets},shortName=css
func (*ClusterSecretStore) ConvertFrom ¶ added in v0.5.0
func (c *ClusterSecretStore) ConvertFrom(betaRaw conversion.Hub) error
func (*ClusterSecretStore) ConvertTo ¶ added in v0.5.0
func (c *ClusterSecretStore) ConvertTo(betaRaw conversion.Hub) error
func (*ClusterSecretStore) Copy ¶
func (c *ClusterSecretStore) Copy() GenericStore
func (*ClusterSecretStore) DeepCopy ¶
func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.
func (*ClusterSecretStore) DeepCopyInto ¶
func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStore) DeepCopyObject ¶
func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterSecretStore) GetNamespacedName ¶
func (c *ClusterSecretStore) GetNamespacedName() string
func (*ClusterSecretStore) GetObjectMeta ¶
func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*ClusterSecretStore) GetSpec ¶
func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
func (*ClusterSecretStore) GetStatus ¶ added in v0.4.2
func (c *ClusterSecretStore) GetStatus() SecretStoreStatus
func (*ClusterSecretStore) GetTypeMeta ¶ added in v0.4.2
func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
func (*ClusterSecretStore) SetStatus ¶ added in v0.4.2
func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)
func (*ClusterSecretStore) SetupWebhookWithManager ¶ added in v0.5.0
func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
type ClusterSecretStoreList ¶
type ClusterSecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterSecretStore `json:"items"` }
ClusterSecretStoreList contains a list of ClusterSecretStore resources.
func (*ClusterSecretStoreList) DeepCopy ¶
func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.
func (*ClusterSecretStoreList) DeepCopyInto ¶
func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStoreList) DeepCopyObject ¶
func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecret ¶
type ExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ExternalSecretSpec `json:"spec,omitempty"` Status ExternalSecretStatus `json:"status,omitempty"` }
ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:deprecatedversion +kubebuilder:resource:scope=Namespaced,categories={external-secrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`
func (*ExternalSecret) ConvertFrom ¶ added in v0.5.0
func (alpha *ExternalSecret) ConvertFrom(betaRaw conversion.Hub) error
func (*ExternalSecret) ConvertTo ¶ added in v0.5.0
func (alpha *ExternalSecret) ConvertTo(betaRaw conversion.Hub) error
func (*ExternalSecret) DeepCopy ¶
func (in *ExternalSecret) DeepCopy() *ExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.
func (*ExternalSecret) DeepCopyInto ¶
func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecret) DeepCopyObject ¶
func (in *ExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ExternalSecret) SetupWebhookWithManager ¶ added in v0.5.0
func (alpha *ExternalSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
type ExternalSecretConditionType ¶
type ExternalSecretConditionType string
const ( ExternalSecretReady ExternalSecretConditionType = "Ready" ExternalSecretDeleted ExternalSecretConditionType = "Deleted" )
type ExternalSecretConversionStrategy ¶ added in v0.5.0
type ExternalSecretConversionStrategy string
+kubebuilder:validation:Enum=Default;Unicode
const ( ExternalSecretConversionDefault ExternalSecretConversionStrategy = "Default" ExternalSecretConversionUnicode ExternalSecretConversionStrategy = "Unicode" )
type ExternalSecretCreationPolicy ¶
type ExternalSecretCreationPolicy string
ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. +kubebuilder:validation:Enum=Owner;Merge;None
const ( // Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource. Owner ExternalSecretCreationPolicy = "Owner" // Merge does not create the Secret, but merges the data fields to the Secret. Merge ExternalSecretCreationPolicy = "Merge" // None does not create a Secret (future use with injector). None ExternalSecretCreationPolicy = "None" )
type ExternalSecretData ¶
type ExternalSecretData struct { // The key in the Kubernetes Secret to store the value. // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ SecretKey string `json:"secretKey"` RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` }
ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
func (*ExternalSecretData) DeepCopy ¶
func (in *ExternalSecretData) DeepCopy() *ExternalSecretData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.
func (*ExternalSecretData) DeepCopyInto ¶
func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataRemoteRef ¶
type ExternalSecretDataRemoteRef struct { // Key is the key used in the Provider, mandatory Key string `json:"key"` // Used to select a specific version of the Provider value, if supported // +optional Version string `json:"version,omitempty"` // Used to select a specific property of the Provider value (if a map), if supported // +optional Property string `json:"property,omitempty"` // Used to define a conversion Strategy // +optional // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` }
ExternalSecretDataRemoteRef defines Provider data location.
func (*ExternalSecretDataRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataRemoteRef) DeepCopy() *ExternalSecretDataRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.
func (*ExternalSecretDataRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataRemoteRef) DeepCopyInto(out *ExternalSecretDataRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretList ¶
type ExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ExternalSecret `json:"items"` }
ExternalSecretList contains a list of ExternalSecret resources.
func (*ExternalSecretList) DeepCopy ¶
func (in *ExternalSecretList) DeepCopy() *ExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.
func (*ExternalSecretList) DeepCopyInto ¶
func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretList) DeepCopyObject ¶
func (in *ExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecretSpec ¶
type ExternalSecretSpec struct { SecretStoreRef SecretStoreRef `json:"secretStoreRef"` Target ExternalSecretTarget `json:"target"` // RefreshInterval is the amount of time before the values are read again from the SecretStore provider // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" // May be set to zero to fetch and create it once. Defaults to 1h. // +kubebuilder:default="1h" RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` // Data defines the connection between the Kubernetes Secret keys and the Provider data // +optional Data []ExternalSecretData `json:"data,omitempty"` // DataFrom is used to fetch all properties from a specific Provider data // If multiple entries are specified, the Secret keys are merged in the specified order // +optional DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"` }
ExternalSecretSpec defines the desired state of ExternalSecret.
func (*ExternalSecretSpec) DeepCopy ¶
func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.
func (*ExternalSecretSpec) DeepCopyInto ¶
func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatus ¶
type ExternalSecretStatus struct { // +nullable // refreshTime is the time and date the external secret was fetched and // the target secret updated RefreshTime metav1.Time `json:"refreshTime,omitempty"` // SyncedResourceVersion keeps track of the last synced version SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"` // +optional Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"` // Binding represents a servicebinding.io Provisioned Service reference to the secret Binding corev1.LocalObjectReference `json:"binding,omitempty"` }
func (*ExternalSecretStatus) DeepCopy ¶
func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.
func (*ExternalSecretStatus) DeepCopyInto ¶
func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatusCondition ¶
type ExternalSecretStatusCondition struct { Type ExternalSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*ExternalSecretStatusCondition) DeepCopy ¶
func (in *ExternalSecretStatusCondition) DeepCopy() *ExternalSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.
func (*ExternalSecretStatusCondition) DeepCopyInto ¶
func (in *ExternalSecretStatusCondition) DeepCopyInto(out *ExternalSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTarget ¶
type ExternalSecretTarget struct { // The name of the Secret resource to be managed. // Defaults to the .metadata.name of the ExternalSecret resource // +optional // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name,omitempty"` // CreationPolicy defines rules on how to create the resulting Secret. // Defaults to "Owner" // +optional // +kubebuilder:default="Owner" CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` // Template defines a blueprint for the created Secret resource. // +optional Template *ExternalSecretTemplate `json:"template,omitempty"` // Immutable defines if the final secret will be immutable // +optional Immutable bool `json:"immutable,omitempty"` }
ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
func (*ExternalSecretTarget) DeepCopy ¶
func (in *ExternalSecretTarget) DeepCopy() *ExternalSecretTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.
func (*ExternalSecretTarget) DeepCopyInto ¶
func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplate ¶
type ExternalSecretTemplate struct { // +optional Type corev1.SecretType `json:"type,omitempty"` // EngineVersion specifies the template engine version // that should be used to compile/execute the // template specified in .data and .templateFrom[]. // +kubebuilder:default="v1" EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"` // +optional Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"` // +optional Data map[string]string `json:"data,omitempty"` // +optional TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"` }
ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448
func (*ExternalSecretTemplate) DeepCopy ¶
func (in *ExternalSecretTemplate) DeepCopy() *ExternalSecretTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.
func (*ExternalSecretTemplate) DeepCopyInto ¶
func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplateMetadata ¶
type ExternalSecretTemplateMetadata struct { // +optional Annotations map[string]string `json:"annotations,omitempty"` // +optional Labels map[string]string `json:"labels,omitempty"` }
ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
func (*ExternalSecretTemplateMetadata) DeepCopy ¶
func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.
func (*ExternalSecretTemplateMetadata) DeepCopyInto ¶
func (in *ExternalSecretTemplateMetadata) DeepCopyInto(out *ExternalSecretTemplateMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FakeProvider ¶ added in v0.4.0
type FakeProvider struct {
Data []FakeProviderData `json:"data"`
}
FakeProvider configures a fake provider that returns static values.
func (*FakeProvider) DeepCopy ¶ added in v0.4.0
func (in *FakeProvider) DeepCopy() *FakeProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProvider.
func (*FakeProvider) DeepCopyInto ¶ added in v0.4.0
func (in *FakeProvider) DeepCopyInto(out *FakeProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FakeProviderData ¶ added in v0.4.0
type FakeProviderData struct { Key string `json:"key"` Value string `json:"value,omitempty"` ValueMap map[string]string `json:"valueMap,omitempty"` Version string `json:"version,omitempty"` }
func (*FakeProviderData) DeepCopy ¶ added in v0.4.0
func (in *FakeProviderData) DeepCopy() *FakeProviderData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProviderData.
func (*FakeProviderData) DeepCopyInto ¶ added in v0.4.0
func (in *FakeProviderData) DeepCopyInto(out *FakeProviderData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMAuth ¶ added in v0.2.0
type GCPSMAuth struct { // +optional SecretRef *GCPSMAuthSecretRef `json:"secretRef,omitempty"` // +optional WorkloadIdentity *GCPWorkloadIdentity `json:"workloadIdentity,omitempty"` }
func (*GCPSMAuth) DeepCopy ¶ added in v0.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.
func (*GCPSMAuth) DeepCopyInto ¶ added in v0.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMAuthSecretRef ¶ added in v0.2.0
type GCPSMAuthSecretRef struct { // The SecretAccessKey is used for authentication // +optional SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` }
func (*GCPSMAuthSecretRef) DeepCopy ¶ added in v0.2.0
func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.
func (*GCPSMAuthSecretRef) DeepCopyInto ¶ added in v0.2.0
func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMProvider ¶ added in v0.2.0
type GCPSMProvider struct { // Auth defines the information necessary to authenticate against GCP // +optional Auth GCPSMAuth `json:"auth,omitempty"` // ProjectID project where secret is located ProjectID string `json:"projectID,omitempty"` }
GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.
func (*GCPSMProvider) DeepCopy ¶ added in v0.2.0
func (in *GCPSMProvider) DeepCopy() *GCPSMProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.
func (*GCPSMProvider) DeepCopyInto ¶ added in v0.2.0
func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPWorkloadIdentity ¶ added in v0.3.11
type GCPWorkloadIdentity struct { ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` ClusterLocation string `json:"clusterLocation"` ClusterName string `json:"clusterName"` ClusterProjectID string `json:"clusterProjectID,omitempty"` }
func (*GCPWorkloadIdentity) DeepCopy ¶ added in v0.3.11
func (in *GCPWorkloadIdentity) DeepCopy() *GCPWorkloadIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPWorkloadIdentity.
func (*GCPWorkloadIdentity) DeepCopyInto ¶ added in v0.3.11
func (in *GCPWorkloadIdentity) DeepCopyInto(out *GCPWorkloadIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GenericStore ¶
type GenericStore interface { runtime.Object metav1.Object GetObjectMeta() *metav1.ObjectMeta GetTypeMeta() *metav1.TypeMeta GetSpec() *SecretStoreSpec GetNamespacedName() string GetStatus() SecretStoreStatus SetStatus(status SecretStoreStatus) Copy() GenericStore }
GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.
type GitlabAuth ¶ added in v0.3.5
type GitlabAuth struct {
SecretRef GitlabSecretRef `json:"SecretRef"`
}
func (*GitlabAuth) DeepCopy ¶ added in v0.3.5
func (in *GitlabAuth) DeepCopy() *GitlabAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabAuth.
func (*GitlabAuth) DeepCopyInto ¶ added in v0.3.5
func (in *GitlabAuth) DeepCopyInto(out *GitlabAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitlabProvider ¶ added in v0.3.5
type GitlabProvider struct { // URL configures the GitLab instance URL. Defaults to https://gitlab.com/. URL string `json:"url,omitempty"` // Auth configures how secret-manager authenticates with a GitLab instance. Auth GitlabAuth `json:"auth"` // ProjectID specifies a project where secrets are located. ProjectID string `json:"projectID,omitempty"` }
Configures a store to sync secrets with a GitLab instance.
func (*GitlabProvider) DeepCopy ¶ added in v0.3.5
func (in *GitlabProvider) DeepCopy() *GitlabProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabProvider.
func (*GitlabProvider) DeepCopyInto ¶ added in v0.3.5
func (in *GitlabProvider) DeepCopyInto(out *GitlabProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitlabSecretRef ¶ added in v0.3.5
type GitlabSecretRef struct { // AccessToken is used for authentication. AccessToken esmeta.SecretKeySelector `json:"accessToken,omitempty"` }
func (*GitlabSecretRef) DeepCopy ¶ added in v0.3.5
func (in *GitlabSecretRef) DeepCopy() *GitlabSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabSecretRef.
func (*GitlabSecretRef) DeepCopyInto ¶ added in v0.3.5
func (in *GitlabSecretRef) DeepCopyInto(out *GitlabSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuth ¶ added in v0.2.2
type IBMAuth struct {
SecretRef IBMAuthSecretRef `json:"secretRef"`
}
func (*IBMAuth) DeepCopy ¶ added in v0.2.2
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuth.
func (*IBMAuth) DeepCopyInto ¶ added in v0.2.2
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuthSecretRef ¶ added in v0.2.2
type IBMAuthSecretRef struct { // The SecretAccessKey is used for authentication // +optional SecretAPIKey esmeta.SecretKeySelector `json:"secretApiKeySecretRef,omitempty"` }
func (*IBMAuthSecretRef) DeepCopy ¶ added in v0.2.2
func (in *IBMAuthSecretRef) DeepCopy() *IBMAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthSecretRef.
func (*IBMAuthSecretRef) DeepCopyInto ¶ added in v0.2.2
func (in *IBMAuthSecretRef) DeepCopyInto(out *IBMAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMProvider ¶ added in v0.2.2
type IBMProvider struct { // Auth configures how secret-manager authenticates with the IBM secrets manager. Auth IBMAuth `json:"auth"` // ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance ServiceURL *string `json:"serviceUrl,omitempty"` }
Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.
func (*IBMProvider) DeepCopy ¶ added in v0.2.2
func (in *IBMProvider) DeepCopy() *IBMProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMProvider.
func (*IBMProvider) DeepCopyInto ¶ added in v0.2.2
func (in *IBMProvider) DeepCopyInto(out *IBMProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesAuth ¶ added in v0.5.0
type KubernetesAuth struct { // has both clientCert and clientKey as secretKeySelector // +optional Cert *CertAuth `json:"cert,omitempty"` // use static token to authenticate with // +optional Token *TokenAuth `json:"token,omitempty"` // points to a service account that should be used for authentication // +optional ServiceAccount *ServiceAccountAuth `json:"serviceAccount,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*KubernetesAuth) DeepCopy ¶ added in v0.5.0
func (in *KubernetesAuth) DeepCopy() *KubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuth.
func (*KubernetesAuth) DeepCopyInto ¶ added in v0.5.0
func (in *KubernetesAuth) DeepCopyInto(out *KubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesProvider ¶ added in v0.5.0
type KubernetesProvider struct { // configures the Kubernetes server Address. Server KubernetesServer `json:"server,omitempty"` // Auth configures how secret-manager authenticates with a Kubernetes instance. Auth KubernetesAuth `json:"auth"` // Remote namespace to fetch the secrets from // +optional // +kubebuilder:default=default // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=63 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ RemoteNamespace string `json:"remoteNamespace,omitempty"` }
Configures a store to sync secrets with a Kubernetes instance.
func (*KubernetesProvider) DeepCopy ¶ added in v0.5.0
func (in *KubernetesProvider) DeepCopy() *KubernetesProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesProvider.
func (*KubernetesProvider) DeepCopyInto ¶ added in v0.5.0
func (in *KubernetesProvider) DeepCopyInto(out *KubernetesProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesServer ¶ added in v0.5.0
type KubernetesServer struct { // configures the Kubernetes server Address. // +kubebuilder:default=kubernetes.default // +optional URL string `json:"url,omitempty"` // CABundle is a base64-encoded CA certificate // +optional CABundle []byte `json:"caBundle,omitempty"` // see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` }
func (*KubernetesServer) DeepCopy ¶ added in v0.5.0
func (in *KubernetesServer) DeepCopy() *KubernetesServer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServer.
func (*KubernetesServer) DeepCopyInto ¶ added in v0.5.0
func (in *KubernetesServer) DeepCopyInto(out *KubernetesServer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleAuth ¶ added in v0.3.6
type OracleAuth struct { // Tenancy is the tenancy OCID where user is located. Tenancy string `json:"tenancy"` // User is an access OCID specific to the account. User string `json:"user"` // SecretRef to pass through sensitive information. SecretRef OracleSecretRef `json:"secretRef"` }
func (*OracleAuth) DeepCopy ¶ added in v0.3.6
func (in *OracleAuth) DeepCopy() *OracleAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleAuth.
func (*OracleAuth) DeepCopyInto ¶ added in v0.3.6
func (in *OracleAuth) DeepCopyInto(out *OracleAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OraclePrincipalType ¶ added in v0.9.8
type OraclePrincipalType string
+kubebuilder:validation:Enum="";UserPrincipal;InstancePrincipal;Workload
const ( // UserPrincipal represents a user principal. UserPrincipal OraclePrincipalType = "UserPrincipal" // InstancePrincipal represents a instance principal. InstancePrincipal OraclePrincipalType = "InstancePrincipal" // WorkloadPrincipal represents a workload principal. WorkloadPrincipal OraclePrincipalType = "Workload" )
type OracleProvider ¶ added in v0.3.6
type OracleProvider struct { // Region is the region where vault is located. Region string `json:"region"` // Vault is the vault's OCID of the specific vault where secret is located. Vault string `json:"vault"` // Compartment is the vault compartment OCID. // Required for PushSecret // +optional Compartment string `json:"compartment,omitempty"` // EncryptionKey is the OCID of the encryption key within the vault. // Required for PushSecret // +optional EncryptionKey string `json:"encryptionKey,omitempty"` // The type of principal to use for authentication. If left blank, the Auth struct will // determine the principal type. This optional field must be specified if using // workload identity. // +optional PrincipalType OraclePrincipalType `json:"principalType,omitempty"` // Auth configures how secret-manager authenticates with the Oracle Vault. // If empty, instance principal is used. Optionally, the authenticating principal type // and/or user data may be supplied for the use of workload identity and user principal. // +optional Auth *OracleAuth `json:"auth,omitempty"` // ServiceAccountRef specified the service account // that should be used when authenticating with WorkloadIdentity. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` }
Configures an store to sync secrets using a Oracle Vault backend.
func (*OracleProvider) DeepCopy ¶ added in v0.3.6
func (in *OracleProvider) DeepCopy() *OracleProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleProvider.
func (*OracleProvider) DeepCopyInto ¶ added in v0.3.6
func (in *OracleProvider) DeepCopyInto(out *OracleProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleSecretRef ¶ added in v0.3.6
type OracleSecretRef struct { // PrivateKey is the user's API Signing Key in PEM format, used for authentication. PrivateKey esmeta.SecretKeySelector `json:"privatekey"` // Fingerprint is the fingerprint of the API private key. Fingerprint esmeta.SecretKeySelector `json:"fingerprint"` }
func (*OracleSecretRef) DeepCopy ¶ added in v0.3.6
func (in *OracleSecretRef) DeepCopy() *OracleSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleSecretRef.
func (*OracleSecretRef) DeepCopyInto ¶ added in v0.3.6
func (in *OracleSecretRef) DeepCopyInto(out *OracleSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PasswordDepotAuth ¶ added in v0.9.14
type PasswordDepotAuth struct {
SecretRef PasswordDepotSecretRef `json:"secretRef"`
}
func (*PasswordDepotAuth) DeepCopy ¶ added in v0.9.14
func (in *PasswordDepotAuth) DeepCopy() *PasswordDepotAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotAuth.
func (*PasswordDepotAuth) DeepCopyInto ¶ added in v0.9.14
func (in *PasswordDepotAuth) DeepCopyInto(out *PasswordDepotAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PasswordDepotProvider ¶ added in v0.9.14
type PasswordDepotProvider struct { // URL configures the Password Depot instance URL. Host string `json:"host"` // Database to use as source Database string `json:"database"` // Auth configures how secret-manager authenticates with a Password Depot instance. Auth PasswordDepotAuth `json:"auth"` }
Configures a store to sync secrets with a Password Depot instance.
func (*PasswordDepotProvider) DeepCopy ¶ added in v0.9.14
func (in *PasswordDepotProvider) DeepCopy() *PasswordDepotProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotProvider.
func (*PasswordDepotProvider) DeepCopyInto ¶ added in v0.9.14
func (in *PasswordDepotProvider) DeepCopyInto(out *PasswordDepotProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PasswordDepotSecretRef ¶ added in v0.9.14
type PasswordDepotSecretRef struct { // Username / Password is used for authentication. Credentials esmeta.SecretKeySelector `json:"credentials,omitempty"` }
func (*PasswordDepotSecretRef) DeepCopy ¶ added in v0.9.14
func (in *PasswordDepotSecretRef) DeepCopy() *PasswordDepotSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotSecretRef.
func (*PasswordDepotSecretRef) DeepCopyInto ¶ added in v0.9.14
func (in *PasswordDepotSecretRef) DeepCopyInto(out *PasswordDepotSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecret ¶ added in v0.7.0
type PushSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec PushSecretSpec `json:"spec,omitempty"` Status PushSecretStatus `json:"status,omitempty"` }
func (*PushSecret) DeepCopy ¶ added in v0.7.0
func (in *PushSecret) DeepCopy() *PushSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecret.
func (*PushSecret) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecret) DeepCopyInto(out *PushSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PushSecret) DeepCopyObject ¶ added in v0.7.0
func (in *PushSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PushSecretConditionType ¶ added in v0.7.0
type PushSecretConditionType string
PushSecretConditionType indicates the condition of the PushSecret.
const (
PushSecretReady PushSecretConditionType = "Ready"
)
type PushSecretConversionStrategy ¶ added in v0.9.15
type PushSecretConversionStrategy string
+kubebuilder:validation:Enum=None;ReverseUnicode
const ( PushSecretConversionNone PushSecretConversionStrategy = "None" PushSecretConversionReverseUnicode PushSecretConversionStrategy = "ReverseUnicode" )
type PushSecretData ¶ added in v0.7.0
type PushSecretData struct { // Match a given Secret Key to be pushed to the provider. Match PushSecretMatch `json:"match"` // Metadata is metadata attached to the secret. // The structure of metadata is provider specific, please look it up in the provider documentation. // +optional Metadata *apiextensionsv1.JSON `json:"metadata,omitempty"` // +optional // Used to define a conversion Strategy for the secret keys // +kubebuilder:default="None" ConversionStrategy PushSecretConversionStrategy `json:"conversionStrategy,omitempty"` }
func (*PushSecretData) DeepCopy ¶ added in v0.7.0
func (in *PushSecretData) DeepCopy() *PushSecretData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretData.
func (*PushSecretData) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretData) DeepCopyInto(out *PushSecretData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (PushSecretData) GetMetadata ¶ added in v0.9.9
func (d PushSecretData) GetMetadata() *apiextensionsv1.JSON
func (PushSecretData) GetProperty ¶ added in v0.9.9
func (d PushSecretData) GetProperty() string
func (PushSecretData) GetRemoteKey ¶ added in v0.9.9
func (d PushSecretData) GetRemoteKey() string
func (PushSecretData) GetSecretKey ¶ added in v0.9.9
func (d PushSecretData) GetSecretKey() string
type PushSecretDeletionPolicy ¶ added in v0.7.0
type PushSecretDeletionPolicy string
+kubebuilder:validation:Enum=Delete;None
const ( PushSecretDeletionPolicyDelete PushSecretDeletionPolicy = "Delete" PushSecretDeletionPolicyNone PushSecretDeletionPolicy = "None" )
type PushSecretList ¶ added in v0.7.0
type PushSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []PushSecret `json:"items"` }
+kubebuilder:object:root=true +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` PushSecretList contains a list of PushSecret resources.
func (*PushSecretList) DeepCopy ¶ added in v0.7.0
func (in *PushSecretList) DeepCopy() *PushSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretList.
func (*PushSecretList) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretList) DeepCopyInto(out *PushSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PushSecretList) DeepCopyObject ¶ added in v0.7.0
func (in *PushSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PushSecretMatch ¶ added in v0.7.0
type PushSecretMatch struct { // Secret Key to be pushed // +optional SecretKey string `json:"secretKey,omitempty"` // Remote Refs to push to providers. RemoteRef PushSecretRemoteRef `json:"remoteRef"` }
func (*PushSecretMatch) DeepCopy ¶ added in v0.7.0
func (in *PushSecretMatch) DeepCopy() *PushSecretMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretMatch.
func (*PushSecretMatch) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretMatch) DeepCopyInto(out *PushSecretMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecretRemoteRef ¶ added in v0.7.0
type PushSecretRemoteRef struct { // Name of the resulting provider secret. RemoteKey string `json:"remoteKey"` // Name of the property in the resulting secret // +optional Property string `json:"property,omitempty"` }
func (*PushSecretRemoteRef) DeepCopy ¶ added in v0.7.0
func (in *PushSecretRemoteRef) DeepCopy() *PushSecretRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretRemoteRef.
func (*PushSecretRemoteRef) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretRemoteRef) DeepCopyInto(out *PushSecretRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (PushSecretRemoteRef) GetProperty ¶ added in v0.7.3
func (r PushSecretRemoteRef) GetProperty() string
func (PushSecretRemoteRef) GetRemoteKey ¶ added in v0.7.0
func (r PushSecretRemoteRef) GetRemoteKey() string
type PushSecretSecret ¶ added in v0.7.0
type PushSecretSecret struct { // Name of the Secret. // The Secret must exist in the same namespace as the PushSecret manifest. // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` }
func (*PushSecretSecret) DeepCopy ¶ added in v0.7.0
func (in *PushSecretSecret) DeepCopy() *PushSecretSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretSecret.
func (*PushSecretSecret) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretSecret) DeepCopyInto(out *PushSecretSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecretSelector ¶ added in v0.7.0
type PushSecretSelector struct { // Select a Secret to Push. // +optional Secret *PushSecretSecret `json:"secret,omitempty"` // Point to a generator to create a Secret. // +optional GeneratorRef *esv1beta1.GeneratorRef `json:"generatorRef,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*PushSecretSelector) DeepCopy ¶ added in v0.7.0
func (in *PushSecretSelector) DeepCopy() *PushSecretSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretSelector.
func (*PushSecretSelector) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretSelector) DeepCopyInto(out *PushSecretSelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecretSpec ¶ added in v0.7.0
type PushSecretSpec struct { // The Interval to which External Secrets will try to push a secret definition RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` SecretStoreRefs []PushSecretStoreRef `json:"secretStoreRefs"` // UpdatePolicy to handle Secrets in the provider. // +kubebuilder:default="Replace" // +optional UpdatePolicy PushSecretUpdatePolicy `json:"updatePolicy,omitempty"` // Deletion Policy to handle Secrets in the provider. // +kubebuilder:default="None" // +optional DeletionPolicy PushSecretDeletionPolicy `json:"deletionPolicy,omitempty"` // The Secret Selector (k8s source) for the Push Secret Selector PushSecretSelector `json:"selector"` // Secret Data that should be pushed to providers Data []PushSecretData `json:"data,omitempty"` // Template defines a blueprint for the created Secret resource. // +optional Template *esv1beta1.ExternalSecretTemplate `json:"template,omitempty"` }
PushSecretSpec configures the behavior of the PushSecret.
func (*PushSecretSpec) DeepCopy ¶ added in v0.7.0
func (in *PushSecretSpec) DeepCopy() *PushSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretSpec.
func (*PushSecretSpec) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretSpec) DeepCopyInto(out *PushSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecretStatus ¶ added in v0.7.0
type PushSecretStatus struct { // +nullable // refreshTime is the time and date the external secret was fetched and // the target secret updated RefreshTime metav1.Time `json:"refreshTime,omitempty"` // SyncedResourceVersion keeps track of the last synced version. SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"` // Synced PushSecrets, including secrets that already exist in provider. // Matches secret stores to PushSecretData that was stored to that secret store. // +optional SyncedPushSecrets SyncedPushSecretsMap `json:"syncedPushSecrets,omitempty"` // +optional Conditions []PushSecretStatusCondition `json:"conditions,omitempty"` }
PushSecretStatus indicates the history of the status of PushSecret.
func (*PushSecretStatus) DeepCopy ¶ added in v0.7.0
func (in *PushSecretStatus) DeepCopy() *PushSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretStatus.
func (*PushSecretStatus) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretStatus) DeepCopyInto(out *PushSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecretStatusCondition ¶ added in v0.7.0
type PushSecretStatusCondition struct { Type PushSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
PushSecretStatusCondition indicates the status of the PushSecret.
func (*PushSecretStatusCondition) DeepCopy ¶ added in v0.7.0
func (in *PushSecretStatusCondition) DeepCopy() *PushSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretStatusCondition.
func (*PushSecretStatusCondition) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretStatusCondition) DeepCopyInto(out *PushSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecretStoreRef ¶ added in v0.7.0
type PushSecretStoreRef struct { // Optionally, sync to the SecretStore of the given name // +optional // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name,omitempty"` // Optionally, sync to secret stores with label selector // +optional LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"` // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) // +optional // +kubebuilder:default="SecretStore" // +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore Kind string `json:"kind,omitempty"` }
func (*PushSecretStoreRef) DeepCopy ¶ added in v0.7.0
func (in *PushSecretStoreRef) DeepCopy() *PushSecretStoreRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretStoreRef.
func (*PushSecretStoreRef) DeepCopyInto ¶ added in v0.7.0
func (in *PushSecretStoreRef) DeepCopyInto(out *PushSecretStoreRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecretUpdatePolicy ¶ added in v0.9.14
type PushSecretUpdatePolicy string
+kubebuilder:validation:Enum=Replace;IfNotExists
const ( PushSecretUpdatePolicyReplace PushSecretUpdatePolicy = "Replace" PushSecretUpdatePolicyIfNotExists PushSecretUpdatePolicy = "IfNotExists" )
type SecretStore ¶
type SecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec SecretStoreSpec `json:"spec,omitempty"` Status SecretStoreStatus `json:"status,omitempty"` }
SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:subresource:status +kubebuilder:deprecatedversion +kubebuilder:resource:scope=Namespaced,categories={external-secrets},shortName=ss
func (*SecretStore) ConvertFrom ¶ added in v0.5.0
func (c *SecretStore) ConvertFrom(betaRaw conversion.Hub) error
func (*SecretStore) ConvertTo ¶ added in v0.5.0
func (c *SecretStore) ConvertTo(betaRaw conversion.Hub) error
func (*SecretStore) Copy ¶
func (c *SecretStore) Copy() GenericStore
func (*SecretStore) DeepCopy ¶
func (in *SecretStore) DeepCopy() *SecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.
func (*SecretStore) DeepCopyInto ¶
func (in *SecretStore) DeepCopyInto(out *SecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStore) DeepCopyObject ¶
func (in *SecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretStore) GetNamespacedName ¶
func (c *SecretStore) GetNamespacedName() string
func (*SecretStore) GetObjectMeta ¶
func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*SecretStore) GetSpec ¶
func (c *SecretStore) GetSpec() *SecretStoreSpec
func (*SecretStore) GetStatus ¶ added in v0.4.2
func (c *SecretStore) GetStatus() SecretStoreStatus
func (*SecretStore) GetTypeMeta ¶ added in v0.4.2
func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
func (*SecretStore) SetStatus ¶ added in v0.4.2
func (c *SecretStore) SetStatus(status SecretStoreStatus)
func (*SecretStore) SetupWebhookWithManager ¶ added in v0.5.0
func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
type SecretStoreConditionType ¶
type SecretStoreConditionType string
type SecretStoreList ¶
type SecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []SecretStore `json:"items"` }
SecretStoreList contains a list of SecretStore resources.
func (*SecretStoreList) DeepCopy ¶
func (in *SecretStoreList) DeepCopy() *SecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.
func (*SecretStoreList) DeepCopyInto ¶
func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStoreList) DeepCopyObject ¶
func (in *SecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecretStoreProvider ¶
type SecretStoreProvider struct { // AWS configures this store to sync secrets using AWS Secret Manager provider // +optional AWS *AWSProvider `json:"aws,omitempty"` // AzureKV configures this store to sync secrets using Azure Key Vault provider // +optional AzureKV *AzureKVProvider `json:"azurekv,omitempty"` // Akeyless configures this store to sync secrets using Akeyless Vault provider // +optional Akeyless *AkeylessProvider `json:"akeyless,omitempty"` // Vault configures this store to sync secrets using Hashi provider // +optional Vault *VaultProvider `json:"vault,omitempty"` // GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider // +optional GCPSM *GCPSMProvider `json:"gcpsm,omitempty"` // Oracle configures this store to sync secrets using Oracle Vault provider // +optional Oracle *OracleProvider `json:"oracle,omitempty"` // IBM configures this store to sync secrets using IBM Cloud provider // +optional IBM *IBMProvider `json:"ibm,omitempty"` // YandexLockbox configures this store to sync secrets using Yandex Lockbox provider // +optional YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"` // GitLab configures this store to sync secrets using GitLab Variables provider // +optional Gitlab *GitlabProvider `json:"gitlab,omitempty"` // Alibaba configures this store to sync secrets using Alibaba Cloud provider // +optional Alibaba *AlibabaProvider `json:"alibaba,omitempty"` // Webhook configures this store to sync secrets using a generic templated webhook // +optional Webhook *WebhookProvider `json:"webhook,omitempty"` // Kubernetes configures this store to sync secrets using a Kubernetes cluster provider // +optional Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"` PasswordDepot *PasswordDepotProvider `json:"passworddepot,omitempty"` // Fake configures a store with static key/value pairs // +optional Fake *FakeProvider `json:"fake,omitempty"` }
SecretStoreProvider contains the provider-specific configration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*SecretStoreProvider) DeepCopy ¶
func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.
func (*SecretStoreProvider) DeepCopyInto ¶
func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRef ¶
type SecretStoreRef struct { // Name of the SecretStore resource // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name,omitempty"` // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) // Defaults to `SecretStore` // +optional // +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore Kind string `json:"kind,omitempty"` }
SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
func (*SecretStoreRef) DeepCopy ¶
func (in *SecretStoreRef) DeepCopy() *SecretStoreRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.
func (*SecretStoreRef) DeepCopyInto ¶
func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRetrySettings ¶ added in v0.3.10
type SecretStoreRetrySettings struct { MaxRetries *int32 `json:"maxRetries,omitempty"` RetryInterval *string `json:"retryInterval,omitempty"` }
func (*SecretStoreRetrySettings) DeepCopy ¶ added in v0.3.10
func (in *SecretStoreRetrySettings) DeepCopy() *SecretStoreRetrySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRetrySettings.
func (*SecretStoreRetrySettings) DeepCopyInto ¶ added in v0.3.10
func (in *SecretStoreRetrySettings) DeepCopyInto(out *SecretStoreRetrySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreSpec ¶
type SecretStoreSpec struct { // Used to select the correct ESO controller (think: ingress.ingressClassName) // The ESO controller is instantiated with a specific controller name and filters ES based on this property // +optional Controller string `json:"controller,omitempty"` // Used to configure the provider. Only one provider may be set Provider *SecretStoreProvider `json:"provider"` // Used to configure http retries if failed // +optional RetrySettings *SecretStoreRetrySettings `json:"retrySettings,omitempty"` }
SecretStoreSpec defines the desired state of SecretStore.
func (*SecretStoreSpec) DeepCopy ¶
func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.
func (*SecretStoreSpec) DeepCopyInto ¶
func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatus ¶
type SecretStoreStatus struct { // +optional Conditions []SecretStoreStatusCondition `json:"conditions,omitempty"` }
SecretStoreStatus defines the observed state of the SecretStore.
func (*SecretStoreStatus) DeepCopy ¶
func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.
func (*SecretStoreStatus) DeepCopyInto ¶
func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatusCondition ¶
type SecretStoreStatusCondition struct { Type SecretStoreConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*SecretStoreStatusCondition) DeepCopy ¶
func (in *SecretStoreStatusCondition) DeepCopy() *SecretStoreStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.
func (*SecretStoreStatusCondition) DeepCopyInto ¶
func (in *SecretStoreStatusCondition) DeepCopyInto(out *SecretStoreStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceAccountAuth ¶ added in v0.5.0
type ServiceAccountAuth struct {
ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccount,omitempty"`
}
func (*ServiceAccountAuth) DeepCopy ¶ added in v0.5.0
func (in *ServiceAccountAuth) DeepCopy() *ServiceAccountAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountAuth.
func (*ServiceAccountAuth) DeepCopyInto ¶ added in v0.5.0
func (in *ServiceAccountAuth) DeepCopyInto(out *ServiceAccountAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SyncedPushSecretsMap ¶ added in v0.7.0
type SyncedPushSecretsMap map[string]map[string]PushSecretData
func (SyncedPushSecretsMap) DeepCopy ¶ added in v0.7.0
func (in SyncedPushSecretsMap) DeepCopy() SyncedPushSecretsMap
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncedPushSecretsMap.
func (SyncedPushSecretsMap) DeepCopyInto ¶ added in v0.7.0
func (in SyncedPushSecretsMap) DeepCopyInto(out *SyncedPushSecretsMap)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateEngineVersion ¶ added in v0.4.3
type TemplateEngineVersion string
+kubebuilder:validation:Enum=v1;v2
const ( TemplateEngineV1 TemplateEngineVersion = "v1" TemplateEngineV2 TemplateEngineVersion = "v2" )
type TemplateFrom ¶ added in v0.2.2
type TemplateFrom struct { ConfigMap *TemplateRef `json:"configMap,omitempty"` Secret *TemplateRef `json:"secret,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*TemplateFrom) DeepCopy ¶ added in v0.2.2
func (in *TemplateFrom) DeepCopy() *TemplateFrom
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.
func (*TemplateFrom) DeepCopyInto ¶ added in v0.2.2
func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateRef ¶ added in v0.2.2
type TemplateRef struct { // The name of the ConfigMap/Secret resource // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` // A list of keys in the ConfigMap/Secret to use as templates for Secret data Items []TemplateRefItem `json:"items"` }
func (*TemplateRef) DeepCopy ¶ added in v0.2.2
func (in *TemplateRef) DeepCopy() *TemplateRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.
func (*TemplateRef) DeepCopyInto ¶ added in v0.2.2
func (in *TemplateRef) DeepCopyInto(out *TemplateRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateRefItem ¶ added in v0.2.2
type TemplateRefItem struct { // A key in the ConfigMap/Secret // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key"` }
func (*TemplateRefItem) DeepCopy ¶ added in v0.2.2
func (in *TemplateRefItem) DeepCopy() *TemplateRefItem
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.
func (*TemplateRefItem) DeepCopyInto ¶ added in v0.2.2
func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TokenAuth ¶ added in v0.5.0
type TokenAuth struct {
BearerToken esmeta.SecretKeySelector `json:"bearerToken,omitempty"`
}
func (*TokenAuth) DeepCopy ¶ added in v0.5.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenAuth.
func (*TokenAuth) DeepCopyInto ¶ added in v0.5.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAppRole ¶
type VaultAppRole struct { // Path where the App Role authentication backend is mounted // in Vault, e.g: "approle" // +kubebuilder:default=approle Path string `json:"path"` // RoleID configured in the App Role authentication backend when setting // up the authentication backend in Vault. RoleID string `json:"roleId"` // Reference to a key in a Secret that contains the App Role secret used // to authenticate with Vault. // The `key` field must be specified and denotes which entry within the Secret // resource is used as the app role secret. SecretRef esmeta.SecretKeySelector `json:"secretRef"` }
VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
func (*VaultAppRole) DeepCopy ¶
func (in *VaultAppRole) DeepCopy() *VaultAppRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (*VaultAppRole) DeepCopyInto ¶
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAuth ¶
type VaultAuth struct { // TokenSecretRef authenticates with Vault by presenting a token. // +optional TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"` // AppRole authenticates with Vault using the App Role auth mechanism, // with the role and secret stored in a Kubernetes Secret resource. // +optional AppRole *VaultAppRole `json:"appRole,omitempty"` // Kubernetes authenticates with Vault by passing the ServiceAccount // token stored in the named Secret resource to the Vault server. // +optional Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"` // Ldap authenticates with Vault by passing username/password pair using // the LDAP authentication method // +optional Ldap *VaultLdapAuth `json:"ldap,omitempty"` // Jwt authenticates with Vault by passing role and JWT token using the // JWT/OIDC authentication method // +optional Jwt *VaultJwtAuth `json:"jwt,omitempty"` // Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate // Cert authentication method // +optional Cert *VaultCertAuth `json:"cert,omitempty"` }
VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `jwt` or `cert` can be specified.
func (*VaultAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (*VaultAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertAuth ¶ added in v0.3.3
type VaultCertAuth struct { // ClientCert is a certificate to authenticate using the Cert Vault // authentication method // +optional ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"` // SecretRef to a key in a Secret resource containing client private key to // authenticate with Vault using the Cert authentication method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.
func (*VaultCertAuth) DeepCopy ¶ added in v0.3.3
func (in *VaultCertAuth) DeepCopy() *VaultCertAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertAuth.
func (*VaultCertAuth) DeepCopyInto ¶ added in v0.3.3
func (in *VaultCertAuth) DeepCopyInto(out *VaultCertAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultJwtAuth ¶ added in v0.1.3
type VaultJwtAuth struct { // Path where the JWT authentication backend is mounted // in Vault, e.g: "jwt" // +kubebuilder:default=jwt Path string `json:"path"` // Role is a JWT role to authenticate using the JWT/OIDC Vault // authentication method // +optional Role string `json:"role,omitempty"` // Optional SecretRef that refers to a key in a Secret resource containing JWT token to // authenticate with Vault using the JWT/OIDC authentication method. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // Optional ServiceAccountToken specifies the Kubernetes service account for which to request // a token for with the `TokenRequest` API. // +optional KubernetesServiceAccountToken *VaultKubernetesServiceAccountTokenAuth `json:"kubernetesServiceAccountToken,omitempty"` }
VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.
func (*VaultJwtAuth) DeepCopy ¶ added in v0.1.3
func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.
func (*VaultJwtAuth) DeepCopyInto ¶ added in v0.1.3
func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVStoreVersion ¶
type VaultKVStoreVersion string
const ( VaultKVStoreV1 VaultKVStoreVersion = "v1" VaultKVStoreV2 VaultKVStoreVersion = "v2" )
type VaultKubernetesAuth ¶
type VaultKubernetesAuth struct { // Path where the Kubernetes authentication backend is mounted in Vault, e.g: // "kubernetes" // +kubebuilder:default=kubernetes Path string `json:"mountPath"` // Optional service account field containing the name of a kubernetes ServiceAccount. // If the service account is specified, the service account secret token JWT will be used // for authenticating with Vault. If the service account selector is not supplied, // the secretRef will be used instead. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // Optional secret field containing a Kubernetes ServiceAccount JWT used // for authenticating with Vault. If a name is specified without a key, // `token` is the default. If one is not specified, the one bound to // the controller will be used. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // A required field containing the Vault Role to assume. A Role binds a // Kubernetes ServiceAccount with a set of Vault policies. Role string `json:"role"` }
Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.
func (*VaultKubernetesAuth) DeepCopy ¶
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (*VaultKubernetesAuth) DeepCopyInto ¶
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKubernetesServiceAccountTokenAuth ¶ added in v0.5.0
type VaultKubernetesServiceAccountTokenAuth struct { // Service account field containing the name of a kubernetes ServiceAccount. ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` // Optional audiences field that will be used to request a temporary Kubernetes service // account token for the service account referenced by `serviceAccountRef`. // Defaults to a single audience `vault` it not specified. // +optional Audiences *[]string `json:"audiences,omitempty"` // Optional expiration time in seconds that will be used to request a temporary // Kubernetes service account token for the service account referenced by // `serviceAccountRef`. // Defaults to 10 minutes. // +optional ExpirationSeconds *int64 `json:"expirationSeconds,omitempty"` }
VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.
func (*VaultKubernetesServiceAccountTokenAuth) DeepCopy ¶ added in v0.5.0
func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopy() *VaultKubernetesServiceAccountTokenAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesServiceAccountTokenAuth.
func (*VaultKubernetesServiceAccountTokenAuth) DeepCopyInto ¶ added in v0.5.0
func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopyInto(out *VaultKubernetesServiceAccountTokenAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultLdapAuth ¶ added in v0.1.3
type VaultLdapAuth struct { // Path where the LDAP authentication backend is mounted // in Vault, e.g: "ldap" // +kubebuilder:default=ldap Path string `json:"path"` // Username is a LDAP user name used to authenticate using the LDAP Vault // authentication method Username string `json:"username"` // SecretRef to a key in a Secret resource containing password for the LDAP // user used to authenticate with Vault using the LDAP authentication // method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.
func (*VaultLdapAuth) DeepCopy ¶ added in v0.1.3
func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.
func (*VaultLdapAuth) DeepCopyInto ¶ added in v0.1.3
func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultProvider ¶
type VaultProvider struct { // Auth configures how secret-manager authenticates with the Vault server. Auth VaultAuth `json:"auth"` // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". Server string `json:"server"` // Path is the mount path of the Vault KV backend endpoint, e.g: // "secret". The v2 KV secret engine version specific "/data" path suffix // for fetching secrets from Vault is optional and will be appended // if not present in specified path. // +optional Path *string `json:"path,omitempty"` // Version is the Vault KV secret engine version. This can be either "v1" or // "v2". Version defaults to "v2". // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum="v1";"v2" // +kubebuilder:default:="v2" Version VaultKVStoreVersion `json:"version"` // Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows // Vault environments to support Secure Multi-tenancy. e.g: "ns1". // More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces // +optional Namespace *string `json:"namespace,omitempty"` // PEM encoded CA bundle used to validate Vault server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate Vault server certificate. // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` // ReadYourWrites ensures isolated read-after-write semantics by // providing discovered cluster replication states in each request. // More information about eventual consistency in Vault can be found here // https://www.vaultproject.io/docs/enterprise/consistency // +optional ReadYourWrites bool `json:"readYourWrites,omitempty"` // ForwardInconsistent tells Vault to forward read-after-write requests to the Vault // leader instead of simply retrying within a loop. This can increase performance if // the option is enabled serverside. // https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header // +optional ForwardInconsistent bool `json:"forwardInconsistent,omitempty"` }
Configures an store to sync secrets using a HashiCorp Vault KV backend.
func (*VaultProvider) DeepCopy ¶
func (in *VaultProvider) DeepCopy() *VaultProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.
func (*VaultProvider) DeepCopyInto ¶
func (in *VaultProvider) DeepCopyInto(out *VaultProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookCAProvider ¶ added in v0.4.0
type WebhookCAProvider struct { // The type of provider to use such as "Secret", or "ConfigMap". // +kubebuilder:validation:Enum="Secret";"ConfigMap" Type WebhookCAProviderType `json:"type"` // The name of the object located at the provider type. // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=253 // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=63 // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` }
Defines a location to fetch the cert for the webhook provider from.
func (*WebhookCAProvider) DeepCopy ¶ added in v0.4.0
func (in *WebhookCAProvider) DeepCopy() *WebhookCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookCAProvider.
func (*WebhookCAProvider) DeepCopyInto ¶ added in v0.4.0
func (in *WebhookCAProvider) DeepCopyInto(out *WebhookCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookCAProviderType ¶ added in v0.4.0
type WebhookCAProviderType string
const ( WebhookCAProviderTypeSecret WebhookCAProviderType = "Secret" WebhookCAProviderTypeConfigMap WebhookCAProviderType = "ConfigMap" )
type WebhookProvider ¶ added in v0.4.0
type WebhookProvider struct { // Webhook Method // +optional, default GET Method string `json:"method,omitempty"` // Webhook url to call URL string `json:"url"` // Headers // +optional Headers map[string]string `json:"headers,omitempty"` // Body // +optional Body string `json:"body,omitempty"` // Timeout // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` // Result formatting Result WebhookResult `json:"result"` // Secrets to fill in templates // These secrets will be passed to the templating function as key value pairs under the given name // +optional Secrets []WebhookSecret `json:"secrets,omitempty"` // PEM encoded CA bundle used to validate webhook server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate webhook server certificate. // +optional CAProvider *WebhookCAProvider `json:"caProvider,omitempty"` }
AkeylessProvider Configures an store to sync secrets using Akeyless KV.
func (*WebhookProvider) DeepCopy ¶ added in v0.4.0
func (in *WebhookProvider) DeepCopy() *WebhookProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookProvider.
func (*WebhookProvider) DeepCopyInto ¶ added in v0.4.0
func (in *WebhookProvider) DeepCopyInto(out *WebhookProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookResult ¶ added in v0.4.0
type WebhookResult struct { // Json path of return value // +optional JSONPath string `json:"jsonPath,omitempty"` }
func (*WebhookResult) DeepCopy ¶ added in v0.4.0
func (in *WebhookResult) DeepCopy() *WebhookResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookResult.
func (*WebhookResult) DeepCopyInto ¶ added in v0.4.0
func (in *WebhookResult) DeepCopyInto(out *WebhookResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookSecret ¶ added in v0.4.0
type WebhookSecret struct { // Name of this secret in templates Name string `json:"name"` // Secret ref to fill in credentials SecretRef esmeta.SecretKeySelector `json:"secretRef"` }
func (*WebhookSecret) DeepCopy ¶ added in v0.4.0
func (in *WebhookSecret) DeepCopy() *WebhookSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSecret.
func (*WebhookSecret) DeepCopyInto ¶ added in v0.4.0
func (in *WebhookSecret) DeepCopyInto(out *WebhookSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxAuth ¶ added in v0.3.5
type YandexLockboxAuth struct { // The authorized key used for authentication // +optional AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"` }
func (*YandexLockboxAuth) DeepCopy ¶ added in v0.3.5
func (in *YandexLockboxAuth) DeepCopy() *YandexLockboxAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxAuth.
func (*YandexLockboxAuth) DeepCopyInto ¶ added in v0.3.5
func (in *YandexLockboxAuth) DeepCopyInto(out *YandexLockboxAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxCAProvider ¶ added in v0.3.11
type YandexLockboxCAProvider struct {
Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}
func (*YandexLockboxCAProvider) DeepCopy ¶ added in v0.3.11
func (in *YandexLockboxCAProvider) DeepCopy() *YandexLockboxCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxCAProvider.
func (*YandexLockboxCAProvider) DeepCopyInto ¶ added in v0.3.11
func (in *YandexLockboxCAProvider) DeepCopyInto(out *YandexLockboxCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxProvider ¶ added in v0.3.5
type YandexLockboxProvider struct { // Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') // +optional APIEndpoint string `json:"apiEndpoint,omitempty"` // Auth defines the information necessary to authenticate against Yandex Lockbox Auth YandexLockboxAuth `json:"auth"` // The provider for the CA bundle to use to validate Yandex.Cloud server certificate. // +optional CAProvider *YandexLockboxCAProvider `json:"caProvider,omitempty"` }
YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.
func (*YandexLockboxProvider) DeepCopy ¶ added in v0.3.5
func (in *YandexLockboxProvider) DeepCopy() *YandexLockboxProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxProvider.
func (*YandexLockboxProvider) DeepCopyInto ¶ added in v0.3.5
func (in *YandexLockboxProvider) DeepCopyInto(out *YandexLockboxProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- doc.go
- externalsecret_conversion.go
- externalsecret_types.go
- externalsecret_webhook.go
- generic_store.go
- pushsecret_types.go
- register.go
- secretstore_akeyless_types.go
- secretstore_alibaba_types.go
- secretstore_aws_types.go
- secretstore_azurekv_types.go
- secretstore_conversion.go
- secretstore_fake_types.go
- secretstore_gcpsm_types.go
- secretstore_gitlab_types.go
- secretstore_ibm_types.go
- secretstore_kubernetes_types.go
- secretstore_oracle_types.go
- secretstore_passworddepot_types.go
- secretstore_types.go
- secretstore_vault_types.go
- secretstore_webhook.go
- secretstore_webhook_types.go
- secretstore_yandexlockbox_types.go
- zz_generated.deepcopy.go