v1alpha1

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 29, 2021 License: Apache-2.0 Imports: 8 Imported by: 2

Documentation

Overview

Package v1alpha1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1alpha1

Index

Constants

View Source 
const (
	// ConditionReasonSecretSynced indicates that the secrets was synced.
	ConditionReasonSecretSynced = "SecretSynced"
	// ConditionReasonSecretSyncedError indicates that there was an error syncing the secret.
	ConditionReasonSecretSyncedError = "SecretSyncedError"
)
View Source 
const (
	Group   = "external-secrets.io"
	Version = "v1alpha1"
)

Package type metadata.

Variables

View Source 
var (
	// SchemeGroupVersion is group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source 
var (
	ExtSecretKind             = reflect.TypeOf(ExternalSecret{}).Name()
	ExtSecretGroupKind        = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String()
	ExtSecretKindAPIVersion   = ExtSecretKind + "." + SchemeGroupVersion.String()
	ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind)
)

ExternalSecret type metadata.

View Source 
var (
	SecretStoreKind             = reflect.TypeOf(SecretStore{}).Name()
	SecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String()
	SecretStoreKindAPIVersion   = SecretStoreKind + "." + SchemeGroupVersion.String()
	SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind)
)

SecretStore type metadata.

View Source 
var (
	ClusterSecretStoreKind             = reflect.TypeOf(ClusterSecretStore{}).Name()
	ClusterSecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String()
	ClusterSecretStoreKindAPIVersion   = ClusterSecretStoreKind + "." + SchemeGroupVersion.String()
	ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind)
)

ClusterSecretStore type metadata.

Functions

This section is empty.

Types

type AWSAuth 

type AWSAuth struct {
	// +optional
	SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	JWTAuth *AWSJWTAuth `json:"jwt,omitempty"`
}

AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.

func (*AWSAuth) DeepCopy 

func (in *AWSAuth) DeepCopy() *AWSAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.

func (*AWSAuth) DeepCopyInto 

func (in *AWSAuth) DeepCopyInto(out *AWSAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSAuthSecretRef 

type AWSAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`

	// The SecretAccessKey is used for authentication
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.

func (*AWSAuthSecretRef) DeepCopy 

func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.

func (*AWSAuthSecretRef) DeepCopyInto 

func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSJWTAuth added in v0.3.0 

type AWSJWTAuth struct {
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}

Authenticate against AWS using service account tokens.

func (*AWSJWTAuth) DeepCopy added in v0.3.0 

func (in *AWSJWTAuth) DeepCopy() *AWSJWTAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSJWTAuth.

func (*AWSJWTAuth) DeepCopyInto added in v0.3.0 

func (in *AWSJWTAuth) DeepCopyInto(out *AWSJWTAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSProvider 

type AWSProvider struct {
	// Service defines which service should be used to fetch the secrets
	Service AWSServiceType `json:"service"`

	// Auth defines the information necessary to authenticate against AWS
	// if not set aws sdk will infer credentials from your environment
	// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
	// +optional
	Auth AWSAuth `json:"auth"`

	// Role is a Role ARN which the SecretManager provider will assume
	// +optional
	Role string `json:"role,omitempty"`

	// AWS Region to be used for the provider
	Region string `json:"region"`
}

AWSProvider configures a store to sync secrets with AWS.

func (*AWSProvider) DeepCopy 

func (in *AWSProvider) DeepCopy() *AWSProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.

func (*AWSProvider) DeepCopyInto 

func (in *AWSProvider) DeepCopyInto(out *AWSProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSServiceType 

type AWSServiceType string

AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore 

const (
	// AWSServiceSecretsManager is the AWS SecretsManager.
	// see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
	AWSServiceSecretsManager AWSServiceType = "SecretsManager"
	// AWSServiceParameterStore is the AWS SystemsManager ParameterStore.
	// see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
	AWSServiceParameterStore AWSServiceType = "ParameterStore"
)

type AzureKVAuth added in v0.2.0 

type AzureKVAuth struct {
	// The Azure clientId of the service principle used for authentication.
	ClientID *smmeta.SecretKeySelector `json:"clientId"`
	// The Azure ClientSecret of the service principle used for authentication.
	ClientSecret *smmeta.SecretKeySelector `json:"clientSecret"`
}

Configuration used to authenticate with Azure.

func (*AzureKVAuth) DeepCopy added in v0.2.0 

func (in *AzureKVAuth) DeepCopy() *AzureKVAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.

func (*AzureKVAuth) DeepCopyInto added in v0.2.0 

func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureKVProvider added in v0.2.0 

type AzureKVProvider struct {
	// Vault Url from which the secrets to be fetched from.
	VaultURL *string `json:"vaultUrl"`
	// TenantID configures the Azure Tenant to send requests to.
	TenantID *string `json:"tenantId"`
	// Auth configures how the operator authenticates with Azure.
	AuthSecretRef *AzureKVAuth `json:"authSecretRef"`
}

Configures an store to sync secrets using Azure KV.

func (*AzureKVProvider) DeepCopy added in v0.2.0 

func (in *AzureKVProvider) DeepCopy() *AzureKVProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.

func (*AzureKVProvider) DeepCopyInto added in v0.2.0 

func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSecretStore 

type ClusterSecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css

func (*ClusterSecretStore) Copy 

func (c *ClusterSecretStore) Copy() GenericStore

func (*ClusterSecretStore) DeepCopy 

func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.

func (*ClusterSecretStore) DeepCopyInto 

func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStore) DeepCopyObject 

func (in *ClusterSecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterSecretStore) GetNamespacedName 

func (c *ClusterSecretStore) GetNamespacedName() string

func (*ClusterSecretStore) GetObjectMeta 

func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*ClusterSecretStore) GetSpec 

func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec

type ClusterSecretStoreList 

type ClusterSecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterSecretStore `json:"items"`
}

ClusterSecretStoreList contains a list of ClusterSecretStore resources.

func (*ClusterSecretStoreList) DeepCopy 

func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.

func (*ClusterSecretStoreList) DeepCopyInto 

func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStoreList) DeepCopyObject 

func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecret 

type ExternalSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ExternalSecretSpec   `json:"spec,omitempty"`
	Status ExternalSecretStatus `json:"status,omitempty"`
}

ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval`

func (*ExternalSecret) DeepCopy 

func (in *ExternalSecret) DeepCopy() *ExternalSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.

func (*ExternalSecret) DeepCopyInto 

func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecret) DeepCopyObject 

func (in *ExternalSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecretConditionType 

type ExternalSecretConditionType string
const (
	ExternalSecretReady ExternalSecretConditionType = "Ready"
)

type ExternalSecretCreationPolicy 

type ExternalSecretCreationPolicy string

ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. 

const (
	// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.
	Owner ExternalSecretCreationPolicy = "Owner"

	// Merge does not create the Secret, but merges the data fields to the Secret.
	Merge ExternalSecretCreationPolicy = "Merge"

	// None does not create a Secret (future use with injector).
	None ExternalSecretCreationPolicy = "None"
)

type ExternalSecretData 

type ExternalSecretData struct {
	SecretKey string `json:"secretKey"`

	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
}

ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.

func (*ExternalSecretData) DeepCopy 

func (in *ExternalSecretData) DeepCopy() *ExternalSecretData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.

func (*ExternalSecretData) DeepCopyInto 

func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDataRemoteRef 

type ExternalSecretDataRemoteRef struct {
	// Key is the key used in the Provider, mandatory
	Key string `json:"key"`

	// Used to select a specific version of the Provider value, if supported
	// +optional
	Version string `json:"version,omitempty"`

	// +optional
	// Used to select a specific property of the Provider value (if a map), if supported
	Property string `json:"property,omitempty"`
}

ExternalSecretDataRemoteRef defines Provider data location.

func (*ExternalSecretDataRemoteRef) DeepCopy 

func (in *ExternalSecretDataRemoteRef) DeepCopy() *ExternalSecretDataRemoteRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.

func (*ExternalSecretDataRemoteRef) DeepCopyInto 

func (in *ExternalSecretDataRemoteRef) DeepCopyInto(out *ExternalSecretDataRemoteRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretList 

type ExternalSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ExternalSecret `json:"items"`
}

ExternalSecretList contains a list of ExternalSecret resources.

func (*ExternalSecretList) DeepCopy 

func (in *ExternalSecretList) DeepCopy() *ExternalSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.

func (*ExternalSecretList) DeepCopyInto 

func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecretList) DeepCopyObject 

func (in *ExternalSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecretSpec 

type ExternalSecretSpec struct {
	SecretStoreRef SecretStoreRef `json:"secretStoreRef"`

	Target ExternalSecretTarget `json:"target"`

	// RefreshInterval is the amount of time before the values are read again from the SecretStore provider
	// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
	// May be set to zero to fetch and create it once. Defaults to 1h.
	// +kubebuilder:default="1h"
	RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"`

	// Data defines the connection between the Kubernetes Secret keys and the Provider data
	// +optional
	Data []ExternalSecretData `json:"data,omitempty"`

	// DataFrom is used to fetch all properties from a specific Provider data
	// If multiple entries are specified, the Secret keys are merged in the specified order
	// +optional
	DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"`
}

ExternalSecretSpec defines the desired state of ExternalSecret.

func (*ExternalSecretSpec) DeepCopy 

func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.

func (*ExternalSecretSpec) DeepCopyInto 

func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatus 

type ExternalSecretStatus struct {
	// +nullable
	// refreshTime is the time and date the external secret was fetched and
	// the target secret updated
	RefreshTime metav1.Time `json:"refreshTime,omitempty"`

	// SyncedResourceVersion keeps track of the last synced version
	SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"`

	// +optional
	Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"`
}

func (*ExternalSecretStatus) DeepCopy 

func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.

func (*ExternalSecretStatus) DeepCopyInto 

func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatusCondition 

type ExternalSecretStatusCondition struct {
	Type   ExternalSecretConditionType `json:"type"`
	Status corev1.ConditionStatus      `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*ExternalSecretStatusCondition) DeepCopy 

func (in *ExternalSecretStatusCondition) DeepCopy() *ExternalSecretStatusCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.

func (*ExternalSecretStatusCondition) DeepCopyInto 

func (in *ExternalSecretStatusCondition) DeepCopyInto(out *ExternalSecretStatusCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTarget 

type ExternalSecretTarget struct {
	// Name defines the name of the Secret resource to be managed
	// This field is immutable
	// Defaults to the .metadata.name of the ExternalSecret resource
	// +optional
	Name string `json:"name,omitempty"`

	// CreationPolicy defines rules on how to create the resulting Secret
	// Defaults to 'Owner'
	// +optional
	// +kubebuilder:default="Owner"
	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`

	// Template defines a blueprint for the created Secret resource.
	// +optional
	Template *ExternalSecretTemplate `json:"template,omitempty"`
}

ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.

func (*ExternalSecretTarget) DeepCopy 

func (in *ExternalSecretTarget) DeepCopy() *ExternalSecretTarget

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.

func (*ExternalSecretTarget) DeepCopyInto 

func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplate 

type ExternalSecretTemplate struct {
	// +optional
	Type corev1.SecretType `json:"type,omitempty"`

	// +optional
	Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"`

	// +optional
	Data map[string]string `json:"data,omitempty"`

	// +optional
	TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"`
}

ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448

func (*ExternalSecretTemplate) DeepCopy 

func (in *ExternalSecretTemplate) DeepCopy() *ExternalSecretTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.

func (*ExternalSecretTemplate) DeepCopyInto 

func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplateMetadata 

type ExternalSecretTemplateMetadata struct {
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// +optional
	Labels map[string]string `json:"labels,omitempty"`
}

ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.

func (*ExternalSecretTemplateMetadata) DeepCopy 

func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMetadata

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.

func (*ExternalSecretTemplateMetadata) DeepCopyInto 

func (in *ExternalSecretTemplateMetadata) DeepCopyInto(out *ExternalSecretTemplateMetadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuth added in v0.2.0 

type GCPSMAuth struct {
	SecretRef GCPSMAuthSecretRef `json:"secretRef"`
}

func (*GCPSMAuth) DeepCopy added in v0.2.0 

func (in *GCPSMAuth) DeepCopy() *GCPSMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.

func (*GCPSMAuth) DeepCopyInto added in v0.2.0 

func (in *GCPSMAuth) DeepCopyInto(out *GCPSMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuthSecretRef added in v0.2.0 

type GCPSMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	// +optional
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

func (*GCPSMAuthSecretRef) DeepCopy added in v0.2.0 

func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.

func (*GCPSMAuthSecretRef) DeepCopyInto added in v0.2.0 

func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMProvider added in v0.2.0 

type GCPSMProvider struct {
	// Auth defines the information necessary to authenticate against GCP
	Auth GCPSMAuth `json:"auth"`

	// ProjectID project where secret is located
	ProjectID string `json:"projectID,omitempty"`
}

GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.

func (*GCPSMProvider) DeepCopy added in v0.2.0 

func (in *GCPSMProvider) DeepCopy() *GCPSMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.

func (*GCPSMProvider) DeepCopyInto added in v0.2.0 

func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenericStore 

type GenericStore interface {
	runtime.Object
	metav1.Object

	GetObjectMeta() *metav1.ObjectMeta
	GetSpec() *SecretStoreSpec
	GetNamespacedName() string
}

GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.

type IBMAuth added in v0.2.2 

type IBMAuth struct {
	SecretRef IBMAuthSecretRef `json:"secretRef"`
}

func (*IBMAuth) DeepCopy added in v0.2.2 

func (in *IBMAuth) DeepCopy() *IBMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuth.

func (*IBMAuth) DeepCopyInto added in v0.2.2 

func (in *IBMAuth) DeepCopyInto(out *IBMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMAuthSecretRef added in v0.2.2 

type IBMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	// +optional
	SecretAPIKey esmeta.SecretKeySelector `json:"secretApiKeySecretRef,omitempty"`
}

func (*IBMAuthSecretRef) DeepCopy added in v0.2.2 

func (in *IBMAuthSecretRef) DeepCopy() *IBMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthSecretRef.

func (*IBMAuthSecretRef) DeepCopyInto added in v0.2.2 

func (in *IBMAuthSecretRef) DeepCopyInto(out *IBMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMProvider added in v0.2.2 

type IBMProvider struct {
	// Auth configures how secret-manager authenticates with the IBM secrets manager.
	Auth IBMAuth `json:"auth"`

	// ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance
	ServiceURL *string `json:"serviceUrl,omitempty"`
}

Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.

func (*IBMProvider) DeepCopy added in v0.2.2 

func (in *IBMProvider) DeepCopy() *IBMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMProvider.

func (*IBMProvider) DeepCopyInto added in v0.2.2 

func (in *IBMProvider) DeepCopyInto(out *IBMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStore 

type SecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss

func (*SecretStore) Copy 

func (c *SecretStore) Copy() GenericStore

func (*SecretStore) DeepCopy 

func (in *SecretStore) DeepCopy() *SecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.

func (*SecretStore) DeepCopyInto 

func (in *SecretStore) DeepCopyInto(out *SecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStore) DeepCopyObject 

func (in *SecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretStore) GetNamespacedName 

func (c *SecretStore) GetNamespacedName() string

func (*SecretStore) GetObjectMeta 

func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*SecretStore) GetSpec 

func (c *SecretStore) GetSpec() *SecretStoreSpec

type SecretStoreConditionType 

type SecretStoreConditionType string
const (
	SecretStoreReady SecretStoreConditionType = "Ready"
)

type SecretStoreList 

type SecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretStore `json:"items"`
}

SecretStoreList contains a list of SecretStore resources.

func (*SecretStoreList) DeepCopy 

func (in *SecretStoreList) DeepCopy() *SecretStoreList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.

func (*SecretStoreList) DeepCopyInto 

func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStoreList) DeepCopyObject 

func (in *SecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecretStoreProvider 

type SecretStoreProvider struct {
	// AWS configures this store to sync secrets using AWS Secret Manager provider
	// +optional
	AWS *AWSProvider `json:"aws,omitempty"`

	// AzureKV configures this store to sync secrets using Azure Key Vault provider
	// +optional
	AzureKV *AzureKVProvider `json:"azurekv,omitempty"`

	// Vault configures this store to sync secrets using Hashi provider
	// +optional
	Vault *VaultProvider `json:"vault,omitempty"`

	// GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider
	// +optional
	GCPSM *GCPSMProvider `json:"gcpsm,omitempty"`

	// IBM configures this store to sync secrets using IBM Cloud provider
	// +optional
	IBM *IBMProvider `json:"ibm,omitempty"`
}

SecretStoreProvider contains the provider-specific configration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*SecretStoreProvider) DeepCopy 

func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.

func (*SecretStoreProvider) DeepCopyInto 

func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreRef 

type SecretStoreRef struct {
	// Name of the SecretStore resource
	Name string `json:"name"`

	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
	// Defaults to `SecretStore`
	// +optional
	Kind string `json:"kind,omitempty"`
}

SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.

func (*SecretStoreRef) DeepCopy 

func (in *SecretStoreRef) DeepCopy() *SecretStoreRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.

func (*SecretStoreRef) DeepCopyInto 

func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreSpec 

type SecretStoreSpec struct {
	// Used to select the correct KES controller (think: ingress.ingressClassName)
	// The KES controller is instantiated with a specific controller name and filters ES based on this property
	// +optional
	Controller string `json:"controller"`

	// Used to configure the provider. Only one provider may be set
	Provider *SecretStoreProvider `json:"provider"`
}

SecretStoreSpec defines the desired state of SecretStore.

func (*SecretStoreSpec) DeepCopy 

func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.

func (*SecretStoreSpec) DeepCopyInto 

func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatus 

type SecretStoreStatus struct {
	// +optional
	Conditions []SecretStoreStatusCondition `json:"conditions"`
}

SecretStoreStatus defines the observed state of the SecretStore.

func (*SecretStoreStatus) DeepCopy 

func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.

func (*SecretStoreStatus) DeepCopyInto 

func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatusCondition 

type SecretStoreStatusCondition struct {
	Type   SecretStoreConditionType `json:"type"`
	Status corev1.ConditionStatus   `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*SecretStoreStatusCondition) DeepCopy 

func (in *SecretStoreStatusCondition) DeepCopy() *SecretStoreStatusCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.

func (*SecretStoreStatusCondition) DeepCopyInto 

func (in *SecretStoreStatusCondition) DeepCopyInto(out *SecretStoreStatusCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateFrom added in v0.2.2 

type TemplateFrom struct {
	ConfigMap *TemplateRef `json:"configMap,omitempty"`
	Secret    *TemplateRef `json:"secret,omitempty"`
}

+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*TemplateFrom) DeepCopy added in v0.2.2 

func (in *TemplateFrom) DeepCopy() *TemplateFrom

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.

func (*TemplateFrom) DeepCopyInto added in v0.2.2 

func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateRef added in v0.2.2 

type TemplateRef struct {
	Name  string            `json:"name"`
	Items []TemplateRefItem `json:"items"`
}

func (*TemplateRef) DeepCopy added in v0.2.2 

func (in *TemplateRef) DeepCopy() *TemplateRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.

func (*TemplateRef) DeepCopyInto added in v0.2.2 

func (in *TemplateRef) DeepCopyInto(out *TemplateRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateRefItem added in v0.2.2 

type TemplateRefItem struct {
	Key string `json:"key"`
}

func (*TemplateRefItem) DeepCopy added in v0.2.2 

func (in *TemplateRefItem) DeepCopy() *TemplateRefItem

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.

func (*TemplateRefItem) DeepCopyInto added in v0.2.2 

func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAppRole 

type VaultAppRole struct {
	// Path where the App Role authentication backend is mounted
	// in Vault, e.g: "approle"
	// +kubebuilder:default=approle
	Path string `json:"path"`

	// RoleID configured in the App Role authentication backend when setting
	// up the authentication backend in Vault.
	RoleID string `json:"roleId"`

	// Reference to a key in a Secret that contains the App Role secret used
	// to authenticate with Vault.
	// The `key` field must be specified and denotes which entry within the Secret
	// resource is used as the app role secret.
	SecretRef esmeta.SecretKeySelector `json:"secretRef"`
}

VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.

func (*VaultAppRole) DeepCopy 

func (in *VaultAppRole) DeepCopy() *VaultAppRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.

func (*VaultAppRole) DeepCopyInto 

func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAuth 

type VaultAuth struct {
	// TokenSecretRef authenticates with Vault by presenting a token.
	// +optional
	TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`

	// AppRole authenticates with Vault using the App Role auth mechanism,
	// with the role and secret stored in a Kubernetes Secret resource.
	// +optional
	AppRole *VaultAppRole `json:"appRole,omitempty"`

	// Kubernetes authenticates with Vault by passing the ServiceAccount
	// token stored in the named Secret resource to the Vault server.
	// +optional
	Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`

	// Ldap authenticates with Vault by passing username/password pair using
	// the LDAP authentication method
	// +optional
	Ldap *VaultLdapAuth `json:"ldap,omitempty"`

	// Jwt authenticates with Vault by passing role and JWT token using the
	// JWT/OIDC authentication method
	// +optional
	Jwt *VaultJwtAuth `json:"jwt,omitempty"`
}

VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap` or `jwt` can be specified.

func (*VaultAuth) DeepCopy 

func (in *VaultAuth) DeepCopy() *VaultAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.

func (*VaultAuth) DeepCopyInto 

func (in *VaultAuth) DeepCopyInto(out *VaultAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultJwtAuth added in v0.1.3 

type VaultJwtAuth struct {
	// Role is a JWT role to authenticate using the JWT/OIDC Vault
	// authentication method
	// +optional
	Role string `json:"role"`

	// SecretRef to a key in a Secret resource containing JWT token to
	// authenticate with Vault using the JWT/OIDC authentication method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.

func (*VaultJwtAuth) DeepCopy added in v0.1.3 

func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.

func (*VaultJwtAuth) DeepCopyInto added in v0.1.3 

func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVStoreVersion 

type VaultKVStoreVersion string
const (
	VaultKVStoreV1 VaultKVStoreVersion = "v1"
	VaultKVStoreV2 VaultKVStoreVersion = "v2"
)

type VaultKubernetesAuth 

type VaultKubernetesAuth struct {
	// Path where the Kubernetes authentication backend is mounted in Vault, e.g:
	// "kubernetes"
	// +kubebuilder:default=kubernetes
	Path string `json:"mountPath"`

	// Optional service account field containing the name of a kubernetes ServiceAccount.
	// If the service account is specified, the service account secret token JWT will be used
	// for authenticating with Vault. If the service account selector is not supplied,
	// the secretRef will be used instead.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// Optional secret field containing a Kubernetes ServiceAccount JWT used
	// for authenticating with Vault. If a name is specified without a key,
	// `token` is the default. If one is not specified, the one bound to
	// the controller will be used.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// A required field containing the Vault Role to assume. A Role binds a
	// Kubernetes ServiceAccount with a set of Vault policies.
	Role string `json:"role"`
}

Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.

func (*VaultKubernetesAuth) DeepCopy 

func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.

func (*VaultKubernetesAuth) DeepCopyInto 

func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultLdapAuth added in v0.1.3 

type VaultLdapAuth struct {
	// Username is a LDAP user name used to authenticate using the LDAP Vault
	// authentication method
	Username string `json:"username"`

	// SecretRef to a key in a Secret resource containing password for the LDAP
	// user used to authenticate with Vault using the LDAP authentication
	// method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.

func (*VaultLdapAuth) DeepCopy added in v0.1.3 

func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.

func (*VaultLdapAuth) DeepCopyInto added in v0.1.3 

func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultProvider 

type VaultProvider struct {
	// Auth configures how secret-manager authenticates with the Vault server.
	Auth VaultAuth `json:"auth"`

	// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
	Server string `json:"server"`

	// Path is the mount path of the Vault KV backend endpoint, e.g:
	// "secret". The v2 KV secret engine version specific "/data" path suffix
	// for fetching secrets from Vault is optional and will be appended
	// if not present in specified path.
	Path string `json:"path"`

	// Version is the Vault KV secret engine version. This can be either "v1" or
	// "v2". Version defaults to "v2".
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum="v1";"v2"
	// +kubebuilder:default:="v2"
	Version VaultKVStoreVersion `json:"version"`

	// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
	// Vault environments to support Secure Multi-tenancy. e.g: "ns1".
	// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
	// +optional
	Namespace *string `json:"namespace,omitempty"`

	// PEM encoded CA bundle used to validate Vault server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`
}

Configures an store to sync secrets using a HashiCorp Vault KV backend.

func (*VaultProvider) DeepCopy 

func (in *VaultProvider) DeepCopy() *VaultProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.

func (*VaultProvider) DeepCopyInto 

func (in *VaultProvider) DeepCopyInto(out *VaultProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.