v1alpha1

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2021 License: Apache-2.0 Imports: 8 Imported by: 2

Documentation

Overview

Package v1alpha1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1alpha1

Index

Constants

View Source 
const (
	// ConditionReasonSecretSynced indicates that the secrets was synced.
	ConditionReasonSecretSynced = "SecretSynced"
	// ConditionReasonSecretSyncedError indicates that there was an error syncing the secret.
	ConditionReasonSecretSyncedError = "SecretSyncedError"
)
View Source 
const (
	Group   = "external-secrets.io"
	Version = "v1alpha1"
)

Package type metadata.

Variables

View Source 
var (
	// SchemeGroupVersion is group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source 
var (
	ExtSecretKind             = reflect.TypeOf(ExternalSecret{}).Name()
	ExtSecretGroupKind        = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String()
	ExtSecretKindAPIVersion   = ExtSecretKind + "." + SchemeGroupVersion.String()
	ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind)
)

ExternalSecret type metadata.

View Source 
var (
	SecretStoreKind             = reflect.TypeOf(SecretStore{}).Name()
	SecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String()
	SecretStoreKindAPIVersion   = SecretStoreKind + "." + SchemeGroupVersion.String()
	SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind)
)

SecretStore type metadata.

View Source 
var (
	ClusterSecretStoreKind             = reflect.TypeOf(ClusterSecretStore{}).Name()
	ClusterSecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String()
	ClusterSecretStoreKindAPIVersion   = ClusterSecretStoreKind + "." + SchemeGroupVersion.String()
	ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind)
)

ClusterSecretStore type metadata.

Functions

This section is empty.

Types

type AWSAuth 

type AWSAuth struct {
	SecretRef AWSAuthSecretRef `json:"secretRef"`
}

AWSAuth contains a secretRef for credentials.

func (*AWSAuth) DeepCopy 

func (in *AWSAuth) DeepCopy() *AWSAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.

func (*AWSAuth) DeepCopyInto 

func (in *AWSAuth) DeepCopyInto(out *AWSAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSAuthSecretRef 

type AWSAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`

	// The SecretAccessKey is used for authentication
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

AWSAuthSecretRef holds secret references for aws credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.

func (*AWSAuthSecretRef) DeepCopy 

func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.

func (*AWSAuthSecretRef) DeepCopyInto 

func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSProvider 

type AWSProvider struct {
	// Service defines which service should be used to fetch the secrets
	Service AWSServiceType `json:"service"`

	// Auth defines the information necessary to authenticate against AWS
	// if not set aws sdk will infer credentials from your environment
	// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
	// +nullable
	// +optional
	Auth *AWSAuth `json:"auth"`

	// Role is a Role ARN which the SecretManager provider will assume
	// +optional
	Role string `json:"role,omitempty"`

	// AWS Region to be used for the provider
	Region string `json:"region"`
}

AWSProvider configures a store to sync secrets with AWS.

func (*AWSProvider) DeepCopy 

func (in *AWSProvider) DeepCopy() *AWSProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.

func (*AWSProvider) DeepCopyInto 

func (in *AWSProvider) DeepCopyInto(out *AWSProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSServiceType 

type AWSServiceType string

AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore 

const (
	// AWSServiceSecretsManager is the AWS SecretsManager.
	// see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
	AWSServiceSecretsManager AWSServiceType = "SecretsManager"
	// AWSServiceParameterStore is the AWS SystemsManager ParameterStore.
	// see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
	AWSServiceParameterStore AWSServiceType = "ParameterStore"
)

type AzureKVAuth added in v0.2.0 

type AzureKVAuth struct {
	// The Azure clientId of the service principle used for authentication.
	ClientID *smmeta.SecretKeySelector `json:"clientId"`
	// The Azure ClientSecret of the service principle used for authentication.
	ClientSecret *smmeta.SecretKeySelector `json:"clientSecret"`
}

Configuration used to authenticate with Azure.

func (*AzureKVAuth) DeepCopy added in v0.2.0 

func (in *AzureKVAuth) DeepCopy() *AzureKVAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.

func (*AzureKVAuth) DeepCopyInto added in v0.2.0 

func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureKVProvider added in v0.2.0 

type AzureKVProvider struct {
	// Vault Url from which the secrets to be fetched from.
	VaultURL *string `json:"vaultUrl"`
	// TenantID configures the Azure Tenant to send requests to.
	TenantID *string `json:"tenantId"`
	// Auth configures how the operator authenticates with Azure.
	AuthSecretRef *AzureKVAuth `json:"authSecretRef"`
}

Configures an store to sync secrets using Azure KV.

func (*AzureKVProvider) DeepCopy added in v0.2.0 

func (in *AzureKVProvider) DeepCopy() *AzureKVProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.

func (*AzureKVProvider) DeepCopyInto added in v0.2.0 

func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSecretStore 

type ClusterSecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec SecretStoreSpec `json:"spec,omitempty"`
}

ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css

func (*ClusterSecretStore) Copy 

func (c *ClusterSecretStore) Copy() GenericStore

func (*ClusterSecretStore) DeepCopy 

func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.

func (*ClusterSecretStore) DeepCopyInto 

func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStore) DeepCopyObject 

func (in *ClusterSecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterSecretStore) GetNamespacedName 

func (c *ClusterSecretStore) GetNamespacedName() string

func (*ClusterSecretStore) GetObjectMeta 

func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*ClusterSecretStore) GetSpec 

func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec

type ClusterSecretStoreList 

type ClusterSecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterSecretStore `json:"items"`
}

ClusterSecretStoreList contains a list of ClusterSecretStore resources.

func (*ClusterSecretStoreList) DeepCopy 

func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.

func (*ClusterSecretStoreList) DeepCopyInto 

func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStoreList) DeepCopyObject 

func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecret 

type ExternalSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ExternalSecretSpec   `json:"spec,omitempty"`
	Status ExternalSecretStatus `json:"status,omitempty"`
}

ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval`

func (*ExternalSecret) DeepCopy 

func (in *ExternalSecret) DeepCopy() *ExternalSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.

func (*ExternalSecret) DeepCopyInto 

func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecret) DeepCopyObject 

func (in *ExternalSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecretConditionType 

type ExternalSecretConditionType string
const (
	ExternalSecretReady ExternalSecretConditionType = "Ready"
)

type ExternalSecretCreationPolicy 

type ExternalSecretCreationPolicy string

ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. 

const (
	// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.
	Owner ExternalSecretCreationPolicy = "Owner"

	// Merge does not create the Secret, but merges the data fields to the Secret.
	Merge ExternalSecretCreationPolicy = "Merge"

	// None does not create a Secret (future use with injector).
	None ExternalSecretCreationPolicy = "None"
)

type ExternalSecretData 

type ExternalSecretData struct {
	SecretKey string `json:"secretKey"`

	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
}

ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.

func (*ExternalSecretData) DeepCopy 

func (in *ExternalSecretData) DeepCopy() *ExternalSecretData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.

func (*ExternalSecretData) DeepCopyInto 

func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDataRemoteRef 

type ExternalSecretDataRemoteRef struct {
	// Key is the key used in the Provider, mandatory
	Key string `json:"key"`

	// Used to select a specific version of the Provider value, if supported
	// +optional
	Version string `json:"version,omitempty"`

	// +optional
	// Used to select a specific property of the Provider value (if a map), if supported
	Property string `json:"property,omitempty"`
}

ExternalSecretDataRemoteRef defines Provider data location.

func (*ExternalSecretDataRemoteRef) DeepCopy 

func (in *ExternalSecretDataRemoteRef) DeepCopy() *ExternalSecretDataRemoteRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.

func (*ExternalSecretDataRemoteRef) DeepCopyInto 

func (in *ExternalSecretDataRemoteRef) DeepCopyInto(out *ExternalSecretDataRemoteRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretList 

type ExternalSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ExternalSecret `json:"items"`
}

ExternalSecretList contains a list of ExternalSecret resources.

func (*ExternalSecretList) DeepCopy 

func (in *ExternalSecretList) DeepCopy() *ExternalSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.

func (*ExternalSecretList) DeepCopyInto 

func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecretList) DeepCopyObject 

func (in *ExternalSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecretSpec 

type ExternalSecretSpec struct {
	SecretStoreRef SecretStoreRef `json:"secretStoreRef"`

	Target ExternalSecretTarget `json:"target"`

	// RefreshInterval is the amount of time before the values are read again from the SecretStore provider
	// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
	// May be set to zero to fetch and create it once. Defaults to 1h.
	// +kubebuilder:default="1h"
	RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"`

	// Data defines the connection between the Kubernetes Secret keys and the Provider data
	// +optional
	Data []ExternalSecretData `json:"data,omitempty"`

	// DataFrom is used to fetch all properties from a specific Provider data
	// If multiple entries are specified, the Secret keys are merged in the specified order
	// +optional
	DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"`
}

ExternalSecretSpec defines the desired state of ExternalSecret.

func (*ExternalSecretSpec) DeepCopy 

func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.

func (*ExternalSecretSpec) DeepCopyInto 

func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatus 

type ExternalSecretStatus struct {
	// +nullable
	// refreshTime is the time and date the external secret was fetched and
	// the target secret updated
	RefreshTime metav1.Time `json:"refreshTime,omitempty"`

	// SyncedResourceVersion keeps track of the last synced version
	SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"`

	// +optional
	Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"`
}

func (*ExternalSecretStatus) DeepCopy 

func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.

func (*ExternalSecretStatus) DeepCopyInto 

func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatusCondition 

type ExternalSecretStatusCondition struct {
	Type   ExternalSecretConditionType `json:"type"`
	Status corev1.ConditionStatus      `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*ExternalSecretStatusCondition) DeepCopy 

func (in *ExternalSecretStatusCondition) DeepCopy() *ExternalSecretStatusCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.

func (*ExternalSecretStatusCondition) DeepCopyInto 

func (in *ExternalSecretStatusCondition) DeepCopyInto(out *ExternalSecretStatusCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTarget 

type ExternalSecretTarget struct {
	// Name defines the name of the Secret resource to be managed
	// This field is immutable
	// Defaults to the .metadata.name of the ExternalSecret resource
	// +optional
	Name string `json:"name,omitempty"`

	// CreationPolicy defines rules on how to create the resulting Secret
	// Defaults to 'Owner'
	// +optional
	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`

	// Template defines a blueprint for the created Secret resource.
	// +optional
	Template *ExternalSecretTemplate `json:"template,omitempty"`
}

ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.

func (*ExternalSecretTarget) DeepCopy 

func (in *ExternalSecretTarget) DeepCopy() *ExternalSecretTarget

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.

func (*ExternalSecretTarget) DeepCopyInto 

func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplate 

type ExternalSecretTemplate struct {
	// +optional
	Type corev1.SecretType `json:"type,omitempty"`

	// +optional
	Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"`

	// +optional
	Data map[string]string `json:"data,omitempty"`
}

ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448

func (*ExternalSecretTemplate) DeepCopy 

func (in *ExternalSecretTemplate) DeepCopy() *ExternalSecretTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.

func (*ExternalSecretTemplate) DeepCopyInto 

func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplateMetadata 

type ExternalSecretTemplateMetadata struct {
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// +optional
	Labels map[string]string `json:"labels,omitempty"`
}

ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.

func (*ExternalSecretTemplateMetadata) DeepCopy 

func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMetadata

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.

func (*ExternalSecretTemplateMetadata) DeepCopyInto 

func (in *ExternalSecretTemplateMetadata) DeepCopyInto(out *ExternalSecretTemplateMetadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuth added in v0.2.0 

type GCPSMAuth struct {
	SecretRef GCPSMAuthSecretRef `json:"secretRef"`
}

func (*GCPSMAuth) DeepCopy added in v0.2.0 

func (in *GCPSMAuth) DeepCopy() *GCPSMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.

func (*GCPSMAuth) DeepCopyInto added in v0.2.0 

func (in *GCPSMAuth) DeepCopyInto(out *GCPSMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuthSecretRef added in v0.2.0 

type GCPSMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	// +optional
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

func (*GCPSMAuthSecretRef) DeepCopy added in v0.2.0 

func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.

func (*GCPSMAuthSecretRef) DeepCopyInto added in v0.2.0 

func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMProvider added in v0.2.0 

type GCPSMProvider struct {
	// Auth defines the information necessary to authenticate against GCP
	Auth GCPSMAuth `json:"auth"`

	// ProjectID project where secret is located
	ProjectID string `json:"projectID,omitempty"`
}

GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.

func (*GCPSMProvider) DeepCopy added in v0.2.0 

func (in *GCPSMProvider) DeepCopy() *GCPSMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.

func (*GCPSMProvider) DeepCopyInto added in v0.2.0 

func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenericStore 

type GenericStore interface {
	runtime.Object
	metav1.Object

	GetObjectMeta() *metav1.ObjectMeta
	GetSpec() *SecretStoreSpec
	GetNamespacedName() string
}

GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.

type SecretStore 

type SecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss

func (*SecretStore) Copy 

func (c *SecretStore) Copy() GenericStore

func (*SecretStore) DeepCopy 

func (in *SecretStore) DeepCopy() *SecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.

func (*SecretStore) DeepCopyInto 

func (in *SecretStore) DeepCopyInto(out *SecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStore) DeepCopyObject 

func (in *SecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretStore) GetNamespacedName 

func (c *SecretStore) GetNamespacedName() string

func (*SecretStore) GetObjectMeta 

func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*SecretStore) GetSpec 

func (c *SecretStore) GetSpec() *SecretStoreSpec

type SecretStoreConditionType 

type SecretStoreConditionType string
const (
	SecretStoreReady SecretStoreConditionType = "Ready"
)

type SecretStoreList 

type SecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretStore `json:"items"`
}

SecretStoreList contains a list of SecretStore resources.

func (*SecretStoreList) DeepCopy 

func (in *SecretStoreList) DeepCopy() *SecretStoreList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.

func (*SecretStoreList) DeepCopyInto 

func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStoreList) DeepCopyObject 

func (in *SecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecretStoreProvider 

type SecretStoreProvider struct {
	// AWS configures this store to sync secrets using AWS Secret Manager provider
	// +optional
	AWS *AWSProvider `json:"aws,omitempty"`

	// AzureKV configures this store to sync secrets using Azure Key Vault provider
	// +optional
	AzureKV *AzureKVProvider `json:"azurekv,omitempty"`

	// Vault configures this store to sync secrets using Hashi provider
	// +optional
	Vault *VaultProvider `json:"vault,omitempty"`

	// GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider
	// +optional
	GCPSM *GCPSMProvider `json:"gcpsm,omitempty"`
}

SecretStoreProvider contains the provider-specific configration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*SecretStoreProvider) DeepCopy 

func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.

func (*SecretStoreProvider) DeepCopyInto 

func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreRef 

type SecretStoreRef struct {
	// Name of the SecretStore resource
	Name string `json:"name"`

	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
	// Defaults to `SecretStore`
	// +optional
	Kind string `json:"kind,omitempty"`
}

SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.

func (*SecretStoreRef) DeepCopy 

func (in *SecretStoreRef) DeepCopy() *SecretStoreRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.

func (*SecretStoreRef) DeepCopyInto 

func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreSpec 

type SecretStoreSpec struct {
	// Used to select the correct KES controller (think: ingress.ingressClassName)
	// The KES controller is instantiated with a specific controller name and filters ES based on this property
	// +optional
	Controller string `json:"controller"`

	// Used to configure the provider. Only one provider may be set
	Provider *SecretStoreProvider `json:"provider"`
}

SecretStoreSpec defines the desired state of SecretStore.

func (*SecretStoreSpec) DeepCopy 

func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.

func (*SecretStoreSpec) DeepCopyInto 

func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatus 

type SecretStoreStatus struct {
	// +optional
	Conditions []SecretStoreStatusCondition `json:"conditions"`
}

SecretStoreStatus defines the observed state of the SecretStore.

func (*SecretStoreStatus) DeepCopy 

func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.

func (*SecretStoreStatus) DeepCopyInto 

func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatusCondition 

type SecretStoreStatusCondition struct {
	Type   SecretStoreConditionType `json:"type"`
	Status corev1.ConditionStatus   `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*SecretStoreStatusCondition) DeepCopy 

func (in *SecretStoreStatusCondition) DeepCopy() *SecretStoreStatusCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.

func (*SecretStoreStatusCondition) DeepCopyInto 

func (in *SecretStoreStatusCondition) DeepCopyInto(out *SecretStoreStatusCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAppRole 

type VaultAppRole struct {
	// Path where the App Role authentication backend is mounted
	// in Vault, e.g: "approle"
	// +kubebuilder:default=approle
	Path string `json:"path"`

	// RoleID configured in the App Role authentication backend when setting
	// up the authentication backend in Vault.
	RoleID string `json:"roleId"`

	// Reference to a key in a Secret that contains the App Role secret used
	// to authenticate with Vault.
	// The `key` field must be specified and denotes which entry within the Secret
	// resource is used as the app role secret.
	SecretRef esmeta.SecretKeySelector `json:"secretRef"`
}

VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.

func (*VaultAppRole) DeepCopy 

func (in *VaultAppRole) DeepCopy() *VaultAppRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.

func (*VaultAppRole) DeepCopyInto 

func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAuth 

type VaultAuth struct {
	// TokenSecretRef authenticates with Vault by presenting a token.
	// +optional
	TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`

	// AppRole authenticates with Vault using the App Role auth mechanism,
	// with the role and secret stored in a Kubernetes Secret resource.
	// +optional
	AppRole *VaultAppRole `json:"appRole,omitempty"`

	// Kubernetes authenticates with Vault by passing the ServiceAccount
	// token stored in the named Secret resource to the Vault server.
	// +optional
	Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`

	// Ldap authenticates with Vault by passing username/password pair using
	// the LDAP authentication method
	// +optional
	Ldap *VaultLdapAuth `json:"ldap,omitempty"`

	// Jwt authenticates with Vault by passing role and JWT token using the
	// JWT/OIDC authentication method
	// +optional
	Jwt *VaultJwtAuth `json:"jwt,omitempty"`
}

VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap` or `jwt` can be specified.

func (*VaultAuth) DeepCopy 

func (in *VaultAuth) DeepCopy() *VaultAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.

func (*VaultAuth) DeepCopyInto 

func (in *VaultAuth) DeepCopyInto(out *VaultAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultJwtAuth added in v0.1.3 

type VaultJwtAuth struct {
	// Role is a JWT role to authenticate using the JWT/OIDC Vault
	// authentication method
	// +optional
	Role string `json:"role"`

	// SecretRef to a key in a Secret resource containing JWT token to
	// authenticate with Vault using the JWT/OIDC authentication method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.

func (*VaultJwtAuth) DeepCopy added in v0.1.3 

func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.

func (*VaultJwtAuth) DeepCopyInto added in v0.1.3 

func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVStoreVersion 

type VaultKVStoreVersion string
const (
	VaultKVStoreV1 VaultKVStoreVersion = "v1"
	VaultKVStoreV2 VaultKVStoreVersion = "v2"
)

type VaultKubernetesAuth 

type VaultKubernetesAuth struct {
	// Path where the Kubernetes authentication backend is mounted in Vault, e.g:
	// "kubernetes"
	// +kubebuilder:default=kubernetes
	Path string `json:"mountPath"`

	// Optional service account field containing the name of a kubernetes ServiceAccount.
	// If the service account is specified, the service account secret token JWT will be used
	// for authenticating with Vault. If the service account selector is not supplied,
	// the secretRef will be used instead.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// Optional secret field containing a Kubernetes ServiceAccount JWT used
	// for authenticating with Vault. If a name is specified without a key,
	// `token` is the default. If one is not specified, the one bound to
	// the controller will be used.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// A required field containing the Vault Role to assume. A Role binds a
	// Kubernetes ServiceAccount with a set of Vault policies.
	Role string `json:"role"`
}

Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.

func (*VaultKubernetesAuth) DeepCopy 

func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.

func (*VaultKubernetesAuth) DeepCopyInto 

func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultLdapAuth added in v0.1.3 

type VaultLdapAuth struct {
	// Username is a LDAP user name used to authenticate using the LDAP Vault
	// authentication method
	Username string `json:"username"`

	// SecretRef to a key in a Secret resource containing password for the LDAP
	// user used to authenticate with Vault using the LDAP authentication
	// method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.

func (*VaultLdapAuth) DeepCopy added in v0.1.3 

func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.

func (*VaultLdapAuth) DeepCopyInto added in v0.1.3 

func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultProvider 

type VaultProvider struct {
	// Auth configures how secret-manager authenticates with the Vault server.
	Auth VaultAuth `json:"auth"`

	// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
	Server string `json:"server"`

	// Path is the mount path of the Vault KV backend endpoint, e.g:
	// "secret". The v2 KV secret engine version specific "/data" path suffix
	// for fetching secrets from Vault is optional and will be appended
	// if not present in specified path.
	Path string `json:"path"`

	// Version is the Vault KV secret engine version. This can be either "v1" or
	// "v2". Version defaults to "v2".
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum="v1";"v2"
	// +kubebuilder:default:="v2"
	Version VaultKVStoreVersion `json:"version"`

	// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
	// Vault environments to support Secure Multi-tenancy. e.g: "ns1".
	// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
	// +optional
	Namespace *string `json:"namespace,omitempty"`

	// PEM encoded CA bundle used to validate Vault server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`
}

Configures an store to sync secrets using a HashiCorp Vault KV backend.

func (*VaultProvider) DeepCopy 

func (in *VaultProvider) DeepCopy() *VaultProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.

func (*VaultProvider) DeepCopyInto 

func (in *VaultProvider) DeepCopyInto(out *VaultProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.