Documentation ¶
Overview ¶
Package v1beta1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1beta1
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func ForceRegister(s Provider, storeSpec *SecretStoreProvider)
- func Register(s Provider, storeSpec *SecretStoreProvider)
- type AWSAuth
- type AWSAuthSecretRef
- type AWSJWTAuth
- type AWSProvider
- type AWSServiceType
- type AkeylessAuth
- type AkeylessAuthSecretRef
- type AkeylessProvider
- type AlibabaAuth
- type AlibabaAuthSecretRef
- type AlibabaProvider
- type AzureAuthType
- type AzureKVAuth
- type AzureKVProvider
- type CAProvider
- type CAProviderType
- type CertAuth
- type ClusterExternalSecret
- type ClusterExternalSecretConditionType
- type ClusterExternalSecretList
- type ClusterExternalSecretNamespaceFailure
- type ClusterExternalSecretSpec
- type ClusterExternalSecretStatus
- type ClusterExternalSecretStatusCondition
- type ClusterSecretStore
- func (c *ClusterSecretStore) Copy() GenericStore
- func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
- func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
- func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
- func (c *ClusterSecretStore) GetNamespacedName() string
- func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
- func (c *ClusterSecretStore) GetStatus() SecretStoreStatus
- func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
- func (*ClusterSecretStore) Hub()
- func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)
- func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
- type ClusterSecretStoreList
- type ExternalSecret
- type ExternalSecretConditionType
- type ExternalSecretConversionStrategy
- type ExternalSecretCreationPolicy
- type ExternalSecretData
- type ExternalSecretDataFromRemoteRef
- type ExternalSecretDataRemoteRef
- type ExternalSecretDeletionPolicy
- type ExternalSecretFind
- type ExternalSecretList
- type ExternalSecretSpec
- type ExternalSecretStatus
- type ExternalSecretStatusCondition
- type ExternalSecretTarget
- type ExternalSecretTemplate
- type ExternalSecretTemplateMetadata
- type ExternalSecretValidator
- func (in *ExternalSecretValidator) DeepCopy() *ExternalSecretValidator
- func (in *ExternalSecretValidator) DeepCopyInto(out *ExternalSecretValidator)
- func (esv *ExternalSecretValidator) ValidateCreate(ctx context.Context, obj runtime.Object) error
- func (esv *ExternalSecretValidator) ValidateDelete(ctx context.Context, obj runtime.Object) error
- func (esv *ExternalSecretValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) error
- type FakeProvider
- type FakeProviderData
- type FindName
- type GCPSMAuth
- type GCPSMAuthSecretRef
- type GCPSMProvider
- type GCPWorkloadIdentity
- type GenericStore
- type GenericStoreValidator
- func (in *GenericStoreValidator) DeepCopy() *GenericStoreValidator
- func (in *GenericStoreValidator) DeepCopyInto(out *GenericStoreValidator)
- func (r *GenericStoreValidator) ValidateCreate(ctx context.Context, obj runtime.Object) error
- func (r *GenericStoreValidator) ValidateDelete(ctx context.Context, obj runtime.Object) error
- func (r *GenericStoreValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) error
- type GitlabAuth
- type GitlabProvider
- type GitlabSecretRef
- type IBMAuth
- type IBMAuthSecretRef
- type IBMProvider
- type KubernetesAuth
- type KubernetesProvider
- type KubernetesServer
- type NoSecretError
- type OracleAuth
- type OracleProvider
- type OracleSecretRef
- type Provider
- type SecretStore
- func (c *SecretStore) Copy() GenericStore
- func (in *SecretStore) DeepCopy() *SecretStore
- func (in *SecretStore) DeepCopyInto(out *SecretStore)
- func (in *SecretStore) DeepCopyObject() runtime.Object
- func (c *SecretStore) GetNamespacedName() string
- func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *SecretStore) GetSpec() *SecretStoreSpec
- func (c *SecretStore) GetStatus() SecretStoreStatus
- func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
- func (*SecretStore) Hub()
- func (c *SecretStore) SetStatus(status SecretStoreStatus)
- func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
- type SecretStoreConditionType
- type SecretStoreList
- type SecretStoreProvider
- type SecretStoreRef
- type SecretStoreRetrySettings
- type SecretStoreSpec
- type SecretStoreStatus
- type SecretStoreStatusCondition
- type SecretsClient
- type ServiceAccountAuth
- type TemplateEngineVersion
- type TemplateFrom
- type TemplateRef
- type TemplateRefItem
- type TokenAuth
- type VaultAppRole
- type VaultAuth
- type VaultCertAuth
- type VaultJwtAuth
- type VaultKVStoreVersion
- type VaultKubernetesAuth
- type VaultKubernetesServiceAccountTokenAuth
- type VaultLdapAuth
- type VaultProvider
- type WebhookCAProvider
- type WebhookCAProviderType
- type WebhookProvider
- type WebhookResult
- type WebhookSecret
- type YandexLockboxAuth
- type YandexLockboxCAProvider
- type YandexLockboxProvider
Constants ¶
const ( // ConditionReasonSecretSynced indicates that the secrets was synced. ConditionReasonSecretSynced = "SecretSynced" // ConditionReasonSecretSyncedError indicates that there was an error syncing the secret. ConditionReasonSecretSyncedError = "SecretSyncedError" // ConditionReasonSecretDeleted indicates that the secret has been deleted. ConditionReasonSecretDeleted = "SecretDeleted" ReasonInvalidStoreRef = "InvalidStoreRef" ReasonProviderClientConfig = "InvalidProviderClientConfig" ReasonUpdateFailed = "UpdateFailed" ReasonUpdated = "Updated" ReasonDeleted = "Deleted" )
const ( Group = "external-secrets.io" Version = "v1beta1" )
Package type metadata.
const ( SecretStoreReady SecretStoreConditionType = "Ready" ReasonInvalidStore = "InvalidStoreConfiguration" ReasonInvalidProviderConfig = "InvalidProviderConfig" ReasonValidationFailed = "ValidationFailed" ReasonStoreValid = "Valid" )
const (
// AnnotationDataHash is used to ensure consistency.
AnnotationDataHash = "reconcile.external-secrets.io/data-hash"
)
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects. SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} AddToScheme = SchemeBuilder.AddToScheme )
var ( ExtSecretKind = reflect.TypeOf(ExternalSecret{}).Name() ExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String() ExtSecretKindAPIVersion = ExtSecretKind + "." + SchemeGroupVersion.String() ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind) )
ExternalSecret type metadata.
var ( ClusterExtSecretKind = reflect.TypeOf(ClusterExternalSecret{}).Name() ClusterExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ClusterExtSecretKind}.String() ClusterExtSecretKindAPIVersion = ClusterExtSecretKind + "." + SchemeGroupVersion.String() ClusterExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ClusterExtSecretKind) )
ClusterExternalSecret type metadata.
var ( SecretStoreKind = reflect.TypeOf(SecretStore{}).Name() SecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String() SecretStoreKindAPIVersion = SecretStoreKind + "." + SchemeGroupVersion.String() SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind) )
SecretStore type metadata.
var ( ClusterSecretStoreKind = reflect.TypeOf(ClusterSecretStore{}).Name() ClusterSecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String() ClusterSecretStoreKindAPIVersion = ClusterSecretStoreKind + "." + SchemeGroupVersion.String() ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind) )
ClusterSecretStore type metadata.
var NoSecretErr = NoSecretError{}
Functions ¶
func ForceRegister ¶
func ForceRegister(s Provider, storeSpec *SecretStoreProvider)
ForceRegister adds to store schema, overwriting a store if already registered. Should only be used for testing.
func Register ¶
func Register(s Provider, storeSpec *SecretStoreProvider)
Register a store backend type. Register panics if a backend with the same store is already registered.
Types ¶
type AWSAuth ¶
type AWSAuth struct { // +optional SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"` // +optional JWTAuth *AWSJWTAuth `json:"jwt,omitempty"` }
AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.
func (*AWSAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.
func (*AWSAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSAuthSecretRef ¶
type AWSAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` // The SecretAccessKey is used for authentication SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` }
AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
func (*AWSAuthSecretRef) DeepCopy ¶
func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.
func (*AWSAuthSecretRef) DeepCopyInto ¶
func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSJWTAuth ¶
type AWSJWTAuth struct {
ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}
Authenticate against AWS using service account tokens.
func (*AWSJWTAuth) DeepCopy ¶
func (in *AWSJWTAuth) DeepCopy() *AWSJWTAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSJWTAuth.
func (*AWSJWTAuth) DeepCopyInto ¶
func (in *AWSJWTAuth) DeepCopyInto(out *AWSJWTAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSProvider ¶
type AWSProvider struct { // Service defines which service should be used to fetch the secrets Service AWSServiceType `json:"service"` // Auth defines the information necessary to authenticate against AWS // if not set aws sdk will infer credentials from your environment // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional Auth AWSAuth `json:"auth"` // Role is a Role ARN which the SecretManager provider will assume // +optional Role string `json:"role,omitempty"` // AWS Region to be used for the provider Region string `json:"region"` }
AWSProvider configures a store to sync secrets with AWS.
func (*AWSProvider) DeepCopy ¶
func (in *AWSProvider) DeepCopy() *AWSProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.
func (*AWSProvider) DeepCopyInto ¶
func (in *AWSProvider) DeepCopyInto(out *AWSProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSServiceType ¶
type AWSServiceType string
AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore
const ( // AWSServiceSecretsManager is the AWS SecretsManager. // see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html AWSServiceSecretsManager AWSServiceType = "SecretsManager" // AWSServiceParameterStore is the AWS SystemsManager ParameterStore. // see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html AWSServiceParameterStore AWSServiceType = "ParameterStore" )
type AkeylessAuth ¶
type AkeylessAuth struct {
SecretRef AkeylessAuthSecretRef `json:"secretRef"`
}
func (*AkeylessAuth) DeepCopy ¶
func (in *AkeylessAuth) DeepCopy() *AkeylessAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuth.
func (*AkeylessAuth) DeepCopyInto ¶
func (in *AkeylessAuth) DeepCopyInto(out *AkeylessAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessAuthSecretRef ¶
type AkeylessAuthSecretRef struct { // The SecretAccessID is used for authentication AccessID esmeta.SecretKeySelector `json:"accessID,omitempty"` AccessType esmeta.SecretKeySelector `json:"accessType,omitempty"` AccessTypeParam esmeta.SecretKeySelector `json:"accessTypeParam,omitempty"` }
AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.
func (*AkeylessAuthSecretRef) DeepCopy ¶
func (in *AkeylessAuthSecretRef) DeepCopy() *AkeylessAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuthSecretRef.
func (*AkeylessAuthSecretRef) DeepCopyInto ¶
func (in *AkeylessAuthSecretRef) DeepCopyInto(out *AkeylessAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessProvider ¶
type AkeylessProvider struct { // Akeyless GW API Url from which the secrets to be fetched from. AkeylessGWApiURL *string `json:"akeylessGWApiURL"` // Auth configures how the operator authenticates with Akeyless. Auth *AkeylessAuth `json:"authSecretRef"` }
AkeylessProvider Configures an store to sync secrets using Akeyless KV.
func (*AkeylessProvider) DeepCopy ¶
func (in *AkeylessProvider) DeepCopy() *AkeylessProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessProvider.
func (*AkeylessProvider) DeepCopyInto ¶
func (in *AkeylessProvider) DeepCopyInto(out *AkeylessProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaAuth ¶
type AlibabaAuth struct {
SecretRef AlibabaAuthSecretRef `json:"secretRef"`
}
AlibabaAuth contains a secretRef for credentials.
func (*AlibabaAuth) DeepCopy ¶
func (in *AlibabaAuth) DeepCopy() *AlibabaAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuth.
func (*AlibabaAuth) DeepCopyInto ¶
func (in *AlibabaAuth) DeepCopyInto(out *AlibabaAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaAuthSecretRef ¶
type AlibabaAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef"` // The AccessKeySecret is used for authentication AccessKeySecret esmeta.SecretKeySelector `json:"accessKeySecretSecretRef"` }
AlibabaAuthSecretRef holds secret references for Alibaba credentials.
func (*AlibabaAuthSecretRef) DeepCopy ¶
func (in *AlibabaAuthSecretRef) DeepCopy() *AlibabaAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuthSecretRef.
func (*AlibabaAuthSecretRef) DeepCopyInto ¶
func (in *AlibabaAuthSecretRef) DeepCopyInto(out *AlibabaAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaProvider ¶
type AlibabaProvider struct { Auth *AlibabaAuth `json:"auth"` // +optional Endpoint string `json:"endpoint"` // Alibaba Region to be used for the provider RegionID string `json:"regionID"` }
AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.
func (*AlibabaProvider) DeepCopy ¶
func (in *AlibabaProvider) DeepCopy() *AlibabaProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaProvider.
func (*AlibabaProvider) DeepCopyInto ¶
func (in *AlibabaProvider) DeepCopyInto(out *AlibabaProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAuthType ¶
type AzureAuthType string
AuthType describes how to authenticate to the Azure Keyvault Only one of the following auth types may be specified. If none of the following auth type is specified, the default one is ServicePrincipal. +kubebuilder:validation:Enum=ServicePrincipal;ManagedIdentity;WorkloadIdentity
const ( // Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret. AzureServicePrincipal AzureAuthType = "ServicePrincipal" // Using Managed Identity to authenticate. Used with aad-pod-identity installed in the clister. AzureManagedIdentity AzureAuthType = "ManagedIdentity" // Using Workload Identity service accounts to authenticate. AzureWorkloadIdentity AzureAuthType = "WorkloadIdentity" )
type AzureKVAuth ¶
type AzureKVAuth struct { // The Azure clientId of the service principle used for authentication. // +optional ClientID *smmeta.SecretKeySelector `json:"clientId,omitempty"` // The Azure ClientSecret of the service principle used for authentication. // +optional ClientSecret *smmeta.SecretKeySelector `json:"clientSecret,omitempty"` }
Configuration used to authenticate with Azure.
func (*AzureKVAuth) DeepCopy ¶
func (in *AzureKVAuth) DeepCopy() *AzureKVAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.
func (*AzureKVAuth) DeepCopyInto ¶
func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureKVProvider ¶
type AzureKVProvider struct { // Auth type defines how to authenticate to the keyvault service. // Valid values are: // - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) // - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) // +optional // +kubebuilder:default=ServicePrincipal AuthType *AzureAuthType `json:"authType,omitempty"` // Vault Url from which the secrets to be fetched from. VaultURL *string `json:"vaultUrl"` // TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. // +optional TenantID *string `json:"tenantId,omitempty"` // Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. // +optional AuthSecretRef *AzureKVAuth `json:"authSecretRef,omitempty"` // ServiceAccountRef specified the service account // that should be used when authenticating with WorkloadIdentity. // +optional ServiceAccountRef *smmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // If multiple Managed Identity is assigned to the pod, you can select the one to be used // +optional IdentityID *string `json:"identityId,omitempty"` }
Configures an store to sync secrets using Azure KV.
func (*AzureKVProvider) DeepCopy ¶
func (in *AzureKVProvider) DeepCopy() *AzureKVProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.
func (*AzureKVProvider) DeepCopyInto ¶
func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CAProvider ¶
type CAProvider struct { // The type of provider to use such as "Secret", or "ConfigMap". // +kubebuilder:validation:Enum="Secret";"ConfigMap" Type CAProviderType `json:"type"` // The name of the object located at the provider type. Name string `json:"name"` // The key the value inside of the provider type to use, only used with "Secret" type // +kubebuilder:validation:Optional Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional Namespace *string `json:"namespace,omitempty"` }
Defines a location to fetch the cert for the vault provider from.
func (*CAProvider) DeepCopy ¶
func (in *CAProvider) DeepCopy() *CAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAProvider.
func (*CAProvider) DeepCopyInto ¶
func (in *CAProvider) DeepCopyInto(out *CAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CAProviderType ¶
type CAProviderType string
const ( CAProviderTypeSecret CAProviderType = "Secret" CAProviderTypeConfigMap CAProviderType = "ConfigMap" )
type CertAuth ¶
type CertAuth struct { ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"` ClientKey esmeta.SecretKeySelector `json:"clientKey,omitempty"` }
func (*CertAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertAuth.
func (*CertAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecret ¶
type ClusterExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ClusterExternalSecretSpec `json:"spec,omitempty"` Status ClusterExternalSecretStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:storageversion +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=ces +kubebuilder:subresource:status ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
func (*ClusterExternalSecret) DeepCopy ¶
func (in *ClusterExternalSecret) DeepCopy() *ClusterExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecret.
func (*ClusterExternalSecret) DeepCopyInto ¶
func (in *ClusterExternalSecret) DeepCopyInto(out *ClusterExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterExternalSecret) DeepCopyObject ¶
func (in *ClusterExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterExternalSecretConditionType ¶
type ClusterExternalSecretConditionType string
const ( ClusterExternalSecretReady ClusterExternalSecretConditionType = "Ready" ClusterExternalSecretPartiallyReady ClusterExternalSecretConditionType = "PartiallyReady" ClusterExternalSecretNotReady ClusterExternalSecretConditionType = "NotReady" )
type ClusterExternalSecretList ¶
type ClusterExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterExternalSecret `json:"items"` }
ClusterExternalSecretList contains a list of ClusterExternalSecret.
func (*ClusterExternalSecretList) DeepCopy ¶
func (in *ClusterExternalSecretList) DeepCopy() *ClusterExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretList.
func (*ClusterExternalSecretList) DeepCopyInto ¶
func (in *ClusterExternalSecretList) DeepCopyInto(out *ClusterExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterExternalSecretList) DeepCopyObject ¶
func (in *ClusterExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterExternalSecretNamespaceFailure ¶
type ClusterExternalSecretNamespaceFailure struct { // Namespace is the namespace that failed when trying to apply an ExternalSecret Namespace string `json:"namespace"` // Reason is why the ExternalSecret failed to apply to the namespace // +optional Reason string `json:"reason,omitempty"` }
ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it's reason.
func (*ClusterExternalSecretNamespaceFailure) DeepCopy ¶
func (in *ClusterExternalSecretNamespaceFailure) DeepCopy() *ClusterExternalSecretNamespaceFailure
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretNamespaceFailure.
func (*ClusterExternalSecretNamespaceFailure) DeepCopyInto ¶
func (in *ClusterExternalSecretNamespaceFailure) DeepCopyInto(out *ClusterExternalSecretNamespaceFailure)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretSpec ¶
type ClusterExternalSecretSpec struct { // The spec for the ExternalSecrets to be created ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"` // The name of the external secrets to be created defaults to the name of the ClusterExternalSecret // +optional ExternalSecretName string `json:"externalSecretName"` // The labels to select by to find the Namespaces to create the ExternalSecrets in. NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"` // The time in which the controller should reconcile it's objects and recheck namespaces for labels. RefreshInterval *metav1.Duration `json:"refreshTime,omitempty"` }
ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.
func (*ClusterExternalSecretSpec) DeepCopy ¶
func (in *ClusterExternalSecretSpec) DeepCopy() *ClusterExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretSpec.
func (*ClusterExternalSecretSpec) DeepCopyInto ¶
func (in *ClusterExternalSecretSpec) DeepCopyInto(out *ClusterExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretStatus ¶
type ClusterExternalSecretStatus struct { // Failed namespaces are the namespaces that failed to apply an ExternalSecret // +optional FailedNamespaces []ClusterExternalSecretNamespaceFailure `json:"failedNamespaces,omitempty"` // ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets // +optional ProvisionedNamespaces []string `json:"provisionedNamespaces,omitempty"` // +optional Conditions []ClusterExternalSecretStatusCondition `json:"conditions,omitempty"` }
ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.
func (*ClusterExternalSecretStatus) DeepCopy ¶
func (in *ClusterExternalSecretStatus) DeepCopy() *ClusterExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatus.
func (*ClusterExternalSecretStatus) DeepCopyInto ¶
func (in *ClusterExternalSecretStatus) DeepCopyInto(out *ClusterExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretStatusCondition ¶
type ClusterExternalSecretStatusCondition struct { Type ClusterExternalSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Message string `json:"message,omitempty"` }
func (*ClusterExternalSecretStatusCondition) DeepCopy ¶
func (in *ClusterExternalSecretStatusCondition) DeepCopy() *ClusterExternalSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatusCondition.
func (*ClusterExternalSecretStatusCondition) DeepCopyInto ¶
func (in *ClusterExternalSecretStatusCondition) DeepCopyInto(out *ClusterExternalSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSecretStore ¶
type ClusterSecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec SecretStoreSpec `json:"spec,omitempty"` Status SecretStoreStatus `json:"status,omitempty"` }
ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css
func (*ClusterSecretStore) Copy ¶
func (c *ClusterSecretStore) Copy() GenericStore
func (*ClusterSecretStore) DeepCopy ¶
func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.
func (*ClusterSecretStore) DeepCopyInto ¶
func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStore) DeepCopyObject ¶
func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterSecretStore) GetNamespacedName ¶
func (c *ClusterSecretStore) GetNamespacedName() string
func (*ClusterSecretStore) GetObjectMeta ¶
func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*ClusterSecretStore) GetSpec ¶
func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
func (*ClusterSecretStore) GetStatus ¶
func (c *ClusterSecretStore) GetStatus() SecretStoreStatus
func (*ClusterSecretStore) GetTypeMeta ¶
func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
func (*ClusterSecretStore) Hub ¶
func (*ClusterSecretStore) Hub()
func (*ClusterSecretStore) SetStatus ¶
func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)
func (*ClusterSecretStore) SetupWebhookWithManager ¶
func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
type ClusterSecretStoreList ¶
type ClusterSecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterSecretStore `json:"items"` }
ClusterSecretStoreList contains a list of ClusterSecretStore resources.
func (*ClusterSecretStoreList) DeepCopy ¶
func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.
func (*ClusterSecretStoreList) DeepCopyInto ¶
func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStoreList) DeepCopyObject ¶
func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecret ¶
type ExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ExternalSecretSpec `json:"spec,omitempty"` Status ExternalSecretStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:storageversion ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`
func (*ExternalSecret) DeepCopy ¶
func (in *ExternalSecret) DeepCopy() *ExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.
func (*ExternalSecret) DeepCopyInto ¶
func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecret) DeepCopyObject ¶
func (in *ExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ExternalSecret) Hub ¶
func (*ExternalSecret) Hub()
func (*ExternalSecret) SetupWebhookWithManager ¶
func (r *ExternalSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
type ExternalSecretConditionType ¶
type ExternalSecretConditionType string
const ( ExternalSecretReady ExternalSecretConditionType = "Ready" ExternalSecretDeleted ExternalSecretConditionType = "Deleted" )
type ExternalSecretConversionStrategy ¶
type ExternalSecretConversionStrategy string
const ( ExternalSecretConversionDefault ExternalSecretConversionStrategy = "Default" ExternalSecretConversionUnicode ExternalSecretConversionStrategy = "Unicode" )
type ExternalSecretCreationPolicy ¶
type ExternalSecretCreationPolicy string
ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. +kubebuilder:validation:Enum=Owner;Orphan;Merge;None
const ( // Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource. CreatePolicyOwner ExternalSecretCreationPolicy = "Owner" // Orphan creates the Secret and does not set the ownerReference. // I.e. it will be orphaned after the deletion of the ExternalSecret. CreatePolicyOrphan ExternalSecretCreationPolicy = "Orphan" // Merge does not create the Secret, but merges the data fields to the Secret. CreatePolicyMerge ExternalSecretCreationPolicy = "Merge" // None does not create a Secret (future use with injector). CreatePolicyNone ExternalSecretCreationPolicy = "None" )
type ExternalSecretData ¶
type ExternalSecretData struct { SecretKey string `json:"secretKey"` RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` }
ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
func (*ExternalSecretData) DeepCopy ¶
func (in *ExternalSecretData) DeepCopy() *ExternalSecretData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.
func (*ExternalSecretData) DeepCopyInto ¶
func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataFromRemoteRef ¶
type ExternalSecretDataFromRemoteRef struct { // Used to extract multiple key/value pairs from one secret // +optional Extract *ExternalSecretDataRemoteRef `json:"extract,omitempty"` // Used to find secrets based on tags or regular expressions // +optional Find *ExternalSecretFind `json:"find,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*ExternalSecretDataFromRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataFromRemoteRef) DeepCopy() *ExternalSecretDataFromRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataFromRemoteRef.
func (*ExternalSecretDataFromRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataFromRemoteRef) DeepCopyInto(out *ExternalSecretDataFromRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataRemoteRef ¶
type ExternalSecretDataRemoteRef struct { // Key is the key used in the Provider, mandatory Key string `json:"key"` // Used to select a specific version of the Provider value, if supported // +optional Version string `json:"version,omitempty"` // +optional // Used to select a specific property of the Provider value (if a map), if supported Property string `json:"property,omitempty"` // +optional // Used to define a conversion Strategy // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` }
ExternalSecretDataRemoteRef defines Provider data location.
func (*ExternalSecretDataRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataRemoteRef) DeepCopy() *ExternalSecretDataRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.
func (*ExternalSecretDataRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataRemoteRef) DeepCopyInto(out *ExternalSecretDataRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDeletionPolicy ¶
type ExternalSecretDeletionPolicy string
ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret. +kubebuilder:validation:Enum=Delete;Merge;Retain
const ( // Delete deletes the secret if all provider secrets are deleted. // If a secret gets deleted on the provider side and is not accessible // anymore this is not considered an error and the ExternalSecret // does not go into SecretSyncedError status. DeletionPolicyDelete ExternalSecretDeletionPolicy = "Delete" // Merge removes keys in the secret, but not the secret itself. // If a secret gets deleted on the provider side and is not accessible // anymore this is not considered an error and the ExternalSecret // does not go into SecretSyncedError status. DeletionPolicyMerge ExternalSecretDeletionPolicy = "Merge" // Retain will retain the secret if all provider secrets have been deleted. // If a provider secret does not exist the ExternalSecret gets into the // SecretSyncedError status. DeletionPolicyRetain ExternalSecretDeletionPolicy = "Retain" )
type ExternalSecretFind ¶
type ExternalSecretFind struct { // A root path to start the find operations. // +optional Path *string `json:"path,omitempty"` // Finds secrets based on the name. // +optional Name *FindName `json:"name,omitempty"` // Find secrets based on tags. // +optional Tags map[string]string `json:"tags,omitempty"` // +optional // Used to define a conversion Strategy // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` }
func (*ExternalSecretFind) DeepCopy ¶
func (in *ExternalSecretFind) DeepCopy() *ExternalSecretFind
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretFind.
func (*ExternalSecretFind) DeepCopyInto ¶
func (in *ExternalSecretFind) DeepCopyInto(out *ExternalSecretFind)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretList ¶
type ExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ExternalSecret `json:"items"` }
ExternalSecretList contains a list of ExternalSecret resources.
func (*ExternalSecretList) DeepCopy ¶
func (in *ExternalSecretList) DeepCopy() *ExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.
func (*ExternalSecretList) DeepCopyInto ¶
func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretList) DeepCopyObject ¶
func (in *ExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecretSpec ¶
type ExternalSecretSpec struct { SecretStoreRef SecretStoreRef `json:"secretStoreRef"` Target ExternalSecretTarget `json:"target"` // RefreshInterval is the amount of time before the values are read again from the SecretStore provider // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" // May be set to zero to fetch and create it once. Defaults to 1h. // +kubebuilder:default="1h" RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` // Data defines the connection between the Kubernetes Secret keys and the Provider data // +optional Data []ExternalSecretData `json:"data,omitempty"` // DataFrom is used to fetch all properties from a specific Provider data // If multiple entries are specified, the Secret keys are merged in the specified order // +optional DataFrom []ExternalSecretDataFromRemoteRef `json:"dataFrom,omitempty"` }
ExternalSecretSpec defines the desired state of ExternalSecret.
func (*ExternalSecretSpec) DeepCopy ¶
func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.
func (*ExternalSecretSpec) DeepCopyInto ¶
func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatus ¶
type ExternalSecretStatus struct { // +nullable // refreshTime is the time and date the external secret was fetched and // the target secret updated RefreshTime metav1.Time `json:"refreshTime,omitempty"` // SyncedResourceVersion keeps track of the last synced version SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"` // +optional Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"` }
func (*ExternalSecretStatus) DeepCopy ¶
func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.
func (*ExternalSecretStatus) DeepCopyInto ¶
func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatusCondition ¶
type ExternalSecretStatusCondition struct { Type ExternalSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*ExternalSecretStatusCondition) DeepCopy ¶
func (in *ExternalSecretStatusCondition) DeepCopy() *ExternalSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.
func (*ExternalSecretStatusCondition) DeepCopyInto ¶
func (in *ExternalSecretStatusCondition) DeepCopyInto(out *ExternalSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTarget ¶
type ExternalSecretTarget struct { // Name defines the name of the Secret resource to be managed // This field is immutable // Defaults to the .metadata.name of the ExternalSecret resource // +optional Name string `json:"name,omitempty"` // CreationPolicy defines rules on how to create the resulting Secret // Defaults to 'Owner' // +optional // +kubebuilder:default="Owner" CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` // DeletionPolicy defines rules on how to delete the resulting Secret // Defaults to 'Retain' // +optional // +kubebuilder:default="Retain" DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"` // Template defines a blueprint for the created Secret resource. // +optional Template *ExternalSecretTemplate `json:"template,omitempty"` // Immutable defines if the final secret will be immutable // +optional Immutable bool `json:"immutable,omitempty"` }
ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
func (*ExternalSecretTarget) DeepCopy ¶
func (in *ExternalSecretTarget) DeepCopy() *ExternalSecretTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.
func (*ExternalSecretTarget) DeepCopyInto ¶
func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplate ¶
type ExternalSecretTemplate struct { // +optional Type corev1.SecretType `json:"type,omitempty"` EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"` // +optional Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"` // +optional Data map[string]string `json:"data,omitempty"` // +optional TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"` }
ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448
func (*ExternalSecretTemplate) DeepCopy ¶
func (in *ExternalSecretTemplate) DeepCopy() *ExternalSecretTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.
func (*ExternalSecretTemplate) DeepCopyInto ¶
func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplateMetadata ¶
type ExternalSecretTemplateMetadata struct { // +optional Annotations map[string]string `json:"annotations,omitempty"` // +optional Labels map[string]string `json:"labels,omitempty"` }
ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
func (*ExternalSecretTemplateMetadata) DeepCopy ¶
func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.
func (*ExternalSecretTemplateMetadata) DeepCopyInto ¶
func (in *ExternalSecretTemplateMetadata) DeepCopyInto(out *ExternalSecretTemplateMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretValidator ¶
type ExternalSecretValidator struct{}
func (*ExternalSecretValidator) DeepCopy ¶
func (in *ExternalSecretValidator) DeepCopy() *ExternalSecretValidator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretValidator.
func (*ExternalSecretValidator) DeepCopyInto ¶
func (in *ExternalSecretValidator) DeepCopyInto(out *ExternalSecretValidator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretValidator) ValidateCreate ¶
func (*ExternalSecretValidator) ValidateDelete ¶
func (*ExternalSecretValidator) ValidateUpdate ¶
type FakeProvider ¶
type FakeProvider struct {
Data []FakeProviderData `json:"data"`
}
FakeProvider configures a fake provider that returns static values.
func (*FakeProvider) DeepCopy ¶
func (in *FakeProvider) DeepCopy() *FakeProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProvider.
func (*FakeProvider) DeepCopyInto ¶
func (in *FakeProvider) DeepCopyInto(out *FakeProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FakeProviderData ¶
type FakeProviderData struct { Key string `json:"key"` Value string `json:"value,omitempty"` ValueMap map[string]string `json:"valueMap,omitempty"` Version string `json:"version,omitempty"` }
func (*FakeProviderData) DeepCopy ¶
func (in *FakeProviderData) DeepCopy() *FakeProviderData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProviderData.
func (*FakeProviderData) DeepCopyInto ¶
func (in *FakeProviderData) DeepCopyInto(out *FakeProviderData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FindName ¶
type FindName struct { // Finds secrets base // +optional RegExp string `json:"regexp,omitempty"` }
func (*FindName) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FindName.
func (*FindName) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMAuth ¶
type GCPSMAuth struct { // +optional SecretRef *GCPSMAuthSecretRef `json:"secretRef,omitempty"` // +optional WorkloadIdentity *GCPWorkloadIdentity `json:"workloadIdentity,omitempty"` }
func (*GCPSMAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.
func (*GCPSMAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMAuthSecretRef ¶
type GCPSMAuthSecretRef struct { // The SecretAccessKey is used for authentication // +optional SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` }
func (*GCPSMAuthSecretRef) DeepCopy ¶
func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.
func (*GCPSMAuthSecretRef) DeepCopyInto ¶
func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMProvider ¶
type GCPSMProvider struct { // Auth defines the information necessary to authenticate against GCP // +optional Auth GCPSMAuth `json:"auth,omitempty"` // ProjectID project where secret is located ProjectID string `json:"projectID,omitempty"` }
GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.
func (*GCPSMProvider) DeepCopy ¶
func (in *GCPSMProvider) DeepCopy() *GCPSMProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.
func (*GCPSMProvider) DeepCopyInto ¶
func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPWorkloadIdentity ¶
type GCPWorkloadIdentity struct { ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` ClusterLocation string `json:"clusterLocation"` ClusterName string `json:"clusterName"` ClusterProjectID string `json:"clusterProjectID,omitempty"` }
func (*GCPWorkloadIdentity) DeepCopy ¶
func (in *GCPWorkloadIdentity) DeepCopy() *GCPWorkloadIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPWorkloadIdentity.
func (*GCPWorkloadIdentity) DeepCopyInto ¶
func (in *GCPWorkloadIdentity) DeepCopyInto(out *GCPWorkloadIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GenericStore ¶
type GenericStore interface { runtime.Object metav1.Object GetObjectMeta() *metav1.ObjectMeta GetTypeMeta() *metav1.TypeMeta GetSpec() *SecretStoreSpec GetNamespacedName() string GetStatus() SecretStoreStatus SetStatus(status SecretStoreStatus) Copy() GenericStore }
GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.
type GenericStoreValidator ¶
type GenericStoreValidator struct{}
func (*GenericStoreValidator) DeepCopy ¶
func (in *GenericStoreValidator) DeepCopy() *GenericStoreValidator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericStoreValidator.
func (*GenericStoreValidator) DeepCopyInto ¶
func (in *GenericStoreValidator) DeepCopyInto(out *GenericStoreValidator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GenericStoreValidator) ValidateCreate ¶
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*GenericStoreValidator) ValidateDelete ¶
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*GenericStoreValidator) ValidateUpdate ¶
func (r *GenericStoreValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) error
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type GitlabAuth ¶
type GitlabAuth struct {
SecretRef GitlabSecretRef `json:"SecretRef"`
}
func (*GitlabAuth) DeepCopy ¶
func (in *GitlabAuth) DeepCopy() *GitlabAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabAuth.
func (*GitlabAuth) DeepCopyInto ¶
func (in *GitlabAuth) DeepCopyInto(out *GitlabAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitlabProvider ¶
type GitlabProvider struct { // URL configures the GitLab instance URL. Defaults to https://gitlab.com/. URL string `json:"url,omitempty"` // Auth configures how secret-manager authenticates with a GitLab instance. Auth GitlabAuth `json:"auth"` // ProjectID specifies a project where secrets are located. ProjectID string `json:"projectID,omitempty"` }
Configures a store to sync secrets with a GitLab instance.
func (*GitlabProvider) DeepCopy ¶
func (in *GitlabProvider) DeepCopy() *GitlabProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabProvider.
func (*GitlabProvider) DeepCopyInto ¶
func (in *GitlabProvider) DeepCopyInto(out *GitlabProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitlabSecretRef ¶
type GitlabSecretRef struct { // AccessToken is used for authentication. AccessToken esmeta.SecretKeySelector `json:"accessToken,omitempty"` }
func (*GitlabSecretRef) DeepCopy ¶
func (in *GitlabSecretRef) DeepCopy() *GitlabSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabSecretRef.
func (*GitlabSecretRef) DeepCopyInto ¶
func (in *GitlabSecretRef) DeepCopyInto(out *GitlabSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuth ¶
type IBMAuth struct {
SecretRef IBMAuthSecretRef `json:"secretRef"`
}
func (*IBMAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuth.
func (*IBMAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuthSecretRef ¶
type IBMAuthSecretRef struct { // The SecretAccessKey is used for authentication // +optional SecretAPIKey esmeta.SecretKeySelector `json:"secretApiKeySecretRef,omitempty"` }
func (*IBMAuthSecretRef) DeepCopy ¶
func (in *IBMAuthSecretRef) DeepCopy() *IBMAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthSecretRef.
func (*IBMAuthSecretRef) DeepCopyInto ¶
func (in *IBMAuthSecretRef) DeepCopyInto(out *IBMAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMProvider ¶
type IBMProvider struct { // Auth configures how secret-manager authenticates with the IBM secrets manager. Auth IBMAuth `json:"auth"` // ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance ServiceURL *string `json:"serviceUrl,omitempty"` }
Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.
func (*IBMProvider) DeepCopy ¶
func (in *IBMProvider) DeepCopy() *IBMProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMProvider.
func (*IBMProvider) DeepCopyInto ¶
func (in *IBMProvider) DeepCopyInto(out *IBMProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesAuth ¶
type KubernetesAuth struct { // has both clientCert and clientKey as secretKeySelector // +optional Cert *CertAuth `json:"cert,omitempty"` // use static token to authenticate with // +optional Token *TokenAuth `json:"token,omitempty"` // points to a service account that should be used for authentication // +optional ServiceAccount *ServiceAccountAuth `json:"serviceAccount,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*KubernetesAuth) DeepCopy ¶
func (in *KubernetesAuth) DeepCopy() *KubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuth.
func (*KubernetesAuth) DeepCopyInto ¶
func (in *KubernetesAuth) DeepCopyInto(out *KubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesProvider ¶
type KubernetesProvider struct { // configures the Kubernetes server Address. Server KubernetesServer `json:"server,omitempty"` // Auth configures how secret-manager authenticates with a Kubernetes instance. Auth KubernetesAuth `json:"auth"` // Remote namespace to fetch the secrets from // +kubebuilder:default= default // +optional RemoteNamespace string `json:"remoteNamespace"` }
Configures a store to sync secrets with a Kubernetes instance.
func (*KubernetesProvider) DeepCopy ¶
func (in *KubernetesProvider) DeepCopy() *KubernetesProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesProvider.
func (*KubernetesProvider) DeepCopyInto ¶
func (in *KubernetesProvider) DeepCopyInto(out *KubernetesProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesServer ¶
type KubernetesServer struct { // configures the Kubernetes server Address. // +kubebuilder:default=kubernetes.default // +optional URL string `json:"url,omitempty"` // CABundle is a base64-encoded CA certificate // +optional CABundle []byte `json:"caBundle,omitempty"` // see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` }
func (*KubernetesServer) DeepCopy ¶
func (in *KubernetesServer) DeepCopy() *KubernetesServer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServer.
func (*KubernetesServer) DeepCopyInto ¶
func (in *KubernetesServer) DeepCopyInto(out *KubernetesServer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NoSecretError ¶
type NoSecretError struct{}
NoSecretError shall be returned when a GetSecret can not find the desired secret. This is used for deletionPolicy.
func (*NoSecretError) DeepCopy ¶
func (in *NoSecretError) DeepCopy() *NoSecretError
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoSecretError.
func (*NoSecretError) DeepCopyInto ¶
func (in *NoSecretError) DeepCopyInto(out *NoSecretError)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (NoSecretError) Error ¶
func (NoSecretError) Error() string
type OracleAuth ¶
type OracleAuth struct { // Tenancy is the tenancy OCID where user is located. Tenancy string `json:"tenancy"` // User is an access OCID specific to the account. User string `json:"user"` // SecretRef to pass through sensitive information. SecretRef OracleSecretRef `json:"secretRef"` }
func (*OracleAuth) DeepCopy ¶
func (in *OracleAuth) DeepCopy() *OracleAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleAuth.
func (*OracleAuth) DeepCopyInto ¶
func (in *OracleAuth) DeepCopyInto(out *OracleAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleProvider ¶
type OracleProvider struct { // Region is the region where vault is located. Region string `json:"region"` // Vault is the vault's OCID of the specific vault where secret is located. Vault string `json:"vault"` // Auth configures how secret-manager authenticates with the Oracle Vault. // If empty, use the instance principal, otherwise the user credentials specified in Auth. // +optional Auth *OracleAuth `json:"auth,omitempty"` }
Configures an store to sync secrets using a Oracle Vault backend.
func (*OracleProvider) DeepCopy ¶
func (in *OracleProvider) DeepCopy() *OracleProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleProvider.
func (*OracleProvider) DeepCopyInto ¶
func (in *OracleProvider) DeepCopyInto(out *OracleProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleSecretRef ¶
type OracleSecretRef struct { // PrivateKey is the user's API Signing Key in PEM format, used for authentication. PrivateKey esmeta.SecretKeySelector `json:"privatekey"` // Fingerprint is the fingerprint of the API private key. Fingerprint esmeta.SecretKeySelector `json:"fingerprint"` }
func (*OracleSecretRef) DeepCopy ¶
func (in *OracleSecretRef) DeepCopy() *OracleSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleSecretRef.
func (*OracleSecretRef) DeepCopyInto ¶
func (in *OracleSecretRef) DeepCopyInto(out *OracleSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Provider ¶
type Provider interface { // NewClient constructs a SecretsManager Provider NewClient(ctx context.Context, store GenericStore, kube client.Client, namespace string) (SecretsClient, error) // ValidateStore checks if the provided store is valid ValidateStore(store GenericStore) error }
Provider is a common interface for interacting with secret backends.
func GetProvider ¶
func GetProvider(s GenericStore) (Provider, error)
GetProvider returns the provider from the generic store.
func GetProviderByName ¶
GetProviderByName returns the provider implementation by name.
type SecretStore ¶
type SecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec SecretStoreSpec `json:"spec,omitempty"` Status SecretStoreStatus `json:"status,omitempty"` }
SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss
func (*SecretStore) Copy ¶
func (c *SecretStore) Copy() GenericStore
func (*SecretStore) DeepCopy ¶
func (in *SecretStore) DeepCopy() *SecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.
func (*SecretStore) DeepCopyInto ¶
func (in *SecretStore) DeepCopyInto(out *SecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStore) DeepCopyObject ¶
func (in *SecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretStore) GetNamespacedName ¶
func (c *SecretStore) GetNamespacedName() string
func (*SecretStore) GetObjectMeta ¶
func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*SecretStore) GetSpec ¶
func (c *SecretStore) GetSpec() *SecretStoreSpec
func (*SecretStore) GetStatus ¶
func (c *SecretStore) GetStatus() SecretStoreStatus
func (*SecretStore) GetTypeMeta ¶
func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
func (*SecretStore) Hub ¶
func (*SecretStore) Hub()
func (*SecretStore) SetStatus ¶
func (c *SecretStore) SetStatus(status SecretStoreStatus)
func (*SecretStore) SetupWebhookWithManager ¶
func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
type SecretStoreConditionType ¶
type SecretStoreConditionType string
type SecretStoreList ¶
type SecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []SecretStore `json:"items"` }
SecretStoreList contains a list of SecretStore resources.
func (*SecretStoreList) DeepCopy ¶
func (in *SecretStoreList) DeepCopy() *SecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.
func (*SecretStoreList) DeepCopyInto ¶
func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStoreList) DeepCopyObject ¶
func (in *SecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecretStoreProvider ¶
type SecretStoreProvider struct { // AWS configures this store to sync secrets using AWS Secret Manager provider // +optional AWS *AWSProvider `json:"aws,omitempty"` // AzureKV configures this store to sync secrets using Azure Key Vault provider // +optional AzureKV *AzureKVProvider `json:"azurekv,omitempty"` // Akeyless configures this store to sync secrets using Akeyless Vault provider // +optional Akeyless *AkeylessProvider `json:"akeyless,omitempty"` // Vault configures this store to sync secrets using Hashi provider // +optional Vault *VaultProvider `json:"vault,omitempty"` // GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider // +optional GCPSM *GCPSMProvider `json:"gcpsm,omitempty"` // Oracle configures this store to sync secrets using Oracle Vault provider // +optional Oracle *OracleProvider `json:"oracle,omitempty"` // IBM configures this store to sync secrets using IBM Cloud provider // +optional IBM *IBMProvider `json:"ibm,omitempty"` // YandexLockbox configures this store to sync secrets using Yandex Lockbox provider // +optional YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"` // GItlab configures this store to sync secrets using Gitlab Variables provider // +optional Gitlab *GitlabProvider `json:"gitlab,omitempty"` // Alibaba configures this store to sync secrets using Alibaba Cloud provider // +optional Alibaba *AlibabaProvider `json:"alibaba,omitempty"` // Webhook configures this store to sync secrets using a generic templated webhook // +optional Webhook *WebhookProvider `json:"webhook,omitempty"` // Kubernetes configures this store to sync secrets using a Kubernetes cluster provider // +optional Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"` // Fake configures a store with static key/value pairs // +optional Fake *FakeProvider `json:"fake,omitempty"` }
SecretStoreProvider contains the provider-specific configration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*SecretStoreProvider) DeepCopy ¶
func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.
func (*SecretStoreProvider) DeepCopyInto ¶
func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRef ¶
type SecretStoreRef struct { // Name of the SecretStore resource Name string `json:"name"` // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) // Defaults to `SecretStore` // +optional Kind string `json:"kind,omitempty"` }
SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
func (*SecretStoreRef) DeepCopy ¶
func (in *SecretStoreRef) DeepCopy() *SecretStoreRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.
func (*SecretStoreRef) DeepCopyInto ¶
func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRetrySettings ¶
type SecretStoreRetrySettings struct { MaxRetries *int32 `json:"maxRetries,omitempty"` RetryInterval *string `json:"retryInterval,omitempty"` }
func (*SecretStoreRetrySettings) DeepCopy ¶
func (in *SecretStoreRetrySettings) DeepCopy() *SecretStoreRetrySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRetrySettings.
func (*SecretStoreRetrySettings) DeepCopyInto ¶
func (in *SecretStoreRetrySettings) DeepCopyInto(out *SecretStoreRetrySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreSpec ¶
type SecretStoreSpec struct { // Used to select the correct KES controller (think: ingress.ingressClassName) // The KES controller is instantiated with a specific controller name and filters ES based on this property // +optional Controller string `json:"controller"` // Used to configure the provider. Only one provider may be set Provider *SecretStoreProvider `json:"provider"` // Used to configure http retries if failed // +optional RetrySettings *SecretStoreRetrySettings `json:"retrySettings,omitempty"` }
SecretStoreSpec defines the desired state of SecretStore.
func (*SecretStoreSpec) DeepCopy ¶
func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.
func (*SecretStoreSpec) DeepCopyInto ¶
func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatus ¶
type SecretStoreStatus struct { // +optional Conditions []SecretStoreStatusCondition `json:"conditions"` }
SecretStoreStatus defines the observed state of the SecretStore.
func (*SecretStoreStatus) DeepCopy ¶
func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.
func (*SecretStoreStatus) DeepCopyInto ¶
func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatusCondition ¶
type SecretStoreStatusCondition struct { Type SecretStoreConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*SecretStoreStatusCondition) DeepCopy ¶
func (in *SecretStoreStatusCondition) DeepCopy() *SecretStoreStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.
func (*SecretStoreStatusCondition) DeepCopyInto ¶
func (in *SecretStoreStatusCondition) DeepCopyInto(out *SecretStoreStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretsClient ¶
type SecretsClient interface { // GetSecret returns a single secret from the provider // if GetSecret returns an error with type NoSecretError // then the secret entry will be deleted depending on the deletionPolicy. GetSecret(ctx context.Context, ref ExternalSecretDataRemoteRef) ([]byte, error) // Validate checks if the client is configured correctly // and is able to retrieve secrets from the provider Validate() error // GetSecretMap returns multiple k/v pairs from the provider GetSecretMap(ctx context.Context, ref ExternalSecretDataRemoteRef) (map[string][]byte, error) // GetAllSecrets returns multiple k/v pairs from the provider GetAllSecrets(ctx context.Context, ref ExternalSecretFind) (map[string][]byte, error) Close(ctx context.Context) error }
SecretsClient provides access to secrets.
type ServiceAccountAuth ¶
type ServiceAccountAuth struct {
ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccount,omitempty"`
}
func (*ServiceAccountAuth) DeepCopy ¶
func (in *ServiceAccountAuth) DeepCopy() *ServiceAccountAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountAuth.
func (*ServiceAccountAuth) DeepCopyInto ¶
func (in *ServiceAccountAuth) DeepCopyInto(out *ServiceAccountAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateEngineVersion ¶
type TemplateEngineVersion string
const ( TemplateEngineV1 TemplateEngineVersion = "v1" TemplateEngineV2 TemplateEngineVersion = "v2" )
type TemplateFrom ¶
type TemplateFrom struct { ConfigMap *TemplateRef `json:"configMap,omitempty"` Secret *TemplateRef `json:"secret,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*TemplateFrom) DeepCopy ¶
func (in *TemplateFrom) DeepCopy() *TemplateFrom
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.
func (*TemplateFrom) DeepCopyInto ¶
func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateRef ¶
type TemplateRef struct { Name string `json:"name"` Items []TemplateRefItem `json:"items"` }
func (*TemplateRef) DeepCopy ¶
func (in *TemplateRef) DeepCopy() *TemplateRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.
func (*TemplateRef) DeepCopyInto ¶
func (in *TemplateRef) DeepCopyInto(out *TemplateRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateRefItem ¶
type TemplateRefItem struct {
Key string `json:"key"`
}
func (*TemplateRefItem) DeepCopy ¶
func (in *TemplateRefItem) DeepCopy() *TemplateRefItem
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.
func (*TemplateRefItem) DeepCopyInto ¶
func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TokenAuth ¶
type TokenAuth struct {
BearerToken esmeta.SecretKeySelector `json:"bearerToken,omitempty"`
}
func (*TokenAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenAuth.
func (*TokenAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAppRole ¶
type VaultAppRole struct { // Path where the App Role authentication backend is mounted // in Vault, e.g: "approle" // +kubebuilder:default=approle Path string `json:"path"` // RoleID configured in the App Role authentication backend when setting // up the authentication backend in Vault. RoleID string `json:"roleId"` // Reference to a key in a Secret that contains the App Role secret used // to authenticate with Vault. // The `key` field must be specified and denotes which entry within the Secret // resource is used as the app role secret. SecretRef esmeta.SecretKeySelector `json:"secretRef"` }
VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
func (*VaultAppRole) DeepCopy ¶
func (in *VaultAppRole) DeepCopy() *VaultAppRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (*VaultAppRole) DeepCopyInto ¶
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAuth ¶
type VaultAuth struct { // TokenSecretRef authenticates with Vault by presenting a token. // +optional TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"` // AppRole authenticates with Vault using the App Role auth mechanism, // with the role and secret stored in a Kubernetes Secret resource. // +optional AppRole *VaultAppRole `json:"appRole,omitempty"` // Kubernetes authenticates with Vault by passing the ServiceAccount // token stored in the named Secret resource to the Vault server. // +optional Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"` // Ldap authenticates with Vault by passing username/password pair using // the LDAP authentication method // +optional Ldap *VaultLdapAuth `json:"ldap,omitempty"` // Jwt authenticates with Vault by passing role and JWT token using the // JWT/OIDC authentication method // +optional Jwt *VaultJwtAuth `json:"jwt,omitempty"` // Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate // Cert authentication method // +optional Cert *VaultCertAuth `json:"cert,omitempty"` }
VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `jwt` or `cert` can be specified.
func (*VaultAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (*VaultAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertAuth ¶
type VaultCertAuth struct { // ClientCert is a certificate to authenticate using the Cert Vault // authentication method // +optional ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"` // SecretRef to a key in a Secret resource containing client private key to // authenticate with Vault using the Cert authentication method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.
func (*VaultCertAuth) DeepCopy ¶
func (in *VaultCertAuth) DeepCopy() *VaultCertAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertAuth.
func (*VaultCertAuth) DeepCopyInto ¶
func (in *VaultCertAuth) DeepCopyInto(out *VaultCertAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultJwtAuth ¶
type VaultJwtAuth struct { // Path where the JWT authentication backend is mounted // in Vault, e.g: "jwt" // +kubebuilder:default=jwt Path string `json:"path"` // Role is a JWT role to authenticate using the JWT/OIDC Vault // authentication method // +optional Role string `json:"role"` // Optional SecretRef that refers to a key in a Secret resource containing JWT token to // authenticate with Vault using the JWT/OIDC authentication method. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // Optional ServiceAccountToken specifies the Kubernetes service account for which to request // a token for with the `TokenRequest` API. // +optional KubernetesServiceAccountToken *VaultKubernetesServiceAccountTokenAuth `json:"kubernetesServiceAccountToken,omitempty"` }
VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.
func (*VaultJwtAuth) DeepCopy ¶
func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.
func (*VaultJwtAuth) DeepCopyInto ¶
func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVStoreVersion ¶
type VaultKVStoreVersion string
const ( VaultKVStoreV1 VaultKVStoreVersion = "v1" VaultKVStoreV2 VaultKVStoreVersion = "v2" )
type VaultKubernetesAuth ¶
type VaultKubernetesAuth struct { // Path where the Kubernetes authentication backend is mounted in Vault, e.g: // "kubernetes" // +kubebuilder:default=kubernetes Path string `json:"mountPath"` // Optional service account field containing the name of a kubernetes ServiceAccount. // If the service account is specified, the service account secret token JWT will be used // for authenticating with Vault. If the service account selector is not supplied, // the secretRef will be used instead. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // Optional secret field containing a Kubernetes ServiceAccount JWT used // for authenticating with Vault. If a name is specified without a key, // `token` is the default. If one is not specified, the one bound to // the controller will be used. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // A required field containing the Vault Role to assume. A Role binds a // Kubernetes ServiceAccount with a set of Vault policies. Role string `json:"role"` }
Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.
func (*VaultKubernetesAuth) DeepCopy ¶
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (*VaultKubernetesAuth) DeepCopyInto ¶
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKubernetesServiceAccountTokenAuth ¶
type VaultKubernetesServiceAccountTokenAuth struct { // Service account field containing the name of a kubernetes ServiceAccount. ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` // Optional audiences field that will be used to request a temporary Kubernetes service // account token for the service account referenced by `serviceAccountRef`. // Defaults to a single audience `vault` it not specified. // +optional Audiences *[]string `json:"audiences,omitempty"` // Optional expiration time in seconds that will be used to request a temporary // Kubernetes service account token for the service account referenced by // `serviceAccountRef`. // Defaults to 10 minutes. // +optional ExpirationSeconds *int64 `json:"expirationSeconds,omitempty"` }
VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.
func (*VaultKubernetesServiceAccountTokenAuth) DeepCopy ¶
func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopy() *VaultKubernetesServiceAccountTokenAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesServiceAccountTokenAuth.
func (*VaultKubernetesServiceAccountTokenAuth) DeepCopyInto ¶
func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopyInto(out *VaultKubernetesServiceAccountTokenAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultLdapAuth ¶
type VaultLdapAuth struct { // Path where the LDAP authentication backend is mounted // in Vault, e.g: "ldap" // +kubebuilder:default=ldap Path string `json:"path"` // Username is a LDAP user name used to authenticate using the LDAP Vault // authentication method Username string `json:"username"` // SecretRef to a key in a Secret resource containing password for the LDAP // user used to authenticate with Vault using the LDAP authentication // method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.
func (*VaultLdapAuth) DeepCopy ¶
func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.
func (*VaultLdapAuth) DeepCopyInto ¶
func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultProvider ¶
type VaultProvider struct { // Auth configures how secret-manager authenticates with the Vault server. Auth VaultAuth `json:"auth"` // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". Server string `json:"server"` // Path is the mount path of the Vault KV backend endpoint, e.g: // "secret". The v2 KV secret engine version specific "/data" path suffix // for fetching secrets from Vault is optional and will be appended // if not present in specified path. // +optional Path *string `json:"path"` // Version is the Vault KV secret engine version. This can be either "v1" or // "v2". Version defaults to "v2". // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum="v1";"v2" // +kubebuilder:default:="v2" Version VaultKVStoreVersion `json:"version"` // Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows // Vault environments to support Secure Multi-tenancy. e.g: "ns1". // More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces // +optional Namespace *string `json:"namespace,omitempty"` // PEM encoded CA bundle used to validate Vault server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate Vault server certificate. // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` // ReadYourWrites ensures isolated read-after-write semantics by // providing discovered cluster replication states in each request. // More information about eventual consistency in Vault can be found here // https://www.vaultproject.io/docs/enterprise/consistency // +optional ReadYourWrites bool `json:"readYourWrites,omitempty"` // ForwardInconsistent tells Vault to forward read-after-write requests to the Vault // leader instead of simply retrying within a loop. This can increase performance if // the option is enabled serverside. // https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header // +optional ForwardInconsistent bool `json:"forwardInconsistent,omitempty"` }
Configures an store to sync secrets using a HashiCorp Vault KV backend.
func (*VaultProvider) DeepCopy ¶
func (in *VaultProvider) DeepCopy() *VaultProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.
func (*VaultProvider) DeepCopyInto ¶
func (in *VaultProvider) DeepCopyInto(out *VaultProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookCAProvider ¶
type WebhookCAProvider struct { // The type of provider to use such as "Secret", or "ConfigMap". // +kubebuilder:validation:Enum="Secret";"ConfigMap" Type WebhookCAProviderType `json:"type"` // The name of the object located at the provider type. Name string `json:"name"` // The key the value inside of the provider type to use, only used with "Secret" type // +kubebuilder:validation:Optional Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional Namespace *string `json:"namespace,omitempty"` }
Defines a location to fetch the cert for the webhook provider from.
func (*WebhookCAProvider) DeepCopy ¶
func (in *WebhookCAProvider) DeepCopy() *WebhookCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookCAProvider.
func (*WebhookCAProvider) DeepCopyInto ¶
func (in *WebhookCAProvider) DeepCopyInto(out *WebhookCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookCAProviderType ¶
type WebhookCAProviderType string
const ( WebhookCAProviderTypeSecret WebhookCAProviderType = "Secret" WebhookCAProviderTypeConfigMap WebhookCAProviderType = "ConfigMap" )
type WebhookProvider ¶
type WebhookProvider struct { // Webhook Method // +optional, default GET Method string `json:"method,omitempty"` // Webhook url to call URL string `json:"url"` // Headers // +optional Headers map[string]string `json:"headers,omitempty"` // Body // +optional Body string `json:"body,omitempty"` // Timeout // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` // Result formatting Result WebhookResult `json:"result"` // Secrets to fill in templates // These secrets will be passed to the templating function as key value pairs under the given name // +optional Secrets []WebhookSecret `json:"secrets,omitempty"` // PEM encoded CA bundle used to validate webhook server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate webhook server certificate. // +optional CAProvider *WebhookCAProvider `json:"caProvider,omitempty"` }
AkeylessProvider Configures an store to sync secrets using Akeyless KV.
func (*WebhookProvider) DeepCopy ¶
func (in *WebhookProvider) DeepCopy() *WebhookProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookProvider.
func (*WebhookProvider) DeepCopyInto ¶
func (in *WebhookProvider) DeepCopyInto(out *WebhookProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookResult ¶
type WebhookResult struct { // Json path of return value // +optional JSONPath string `json:"jsonPath,omitempty"` }
func (*WebhookResult) DeepCopy ¶
func (in *WebhookResult) DeepCopy() *WebhookResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookResult.
func (*WebhookResult) DeepCopyInto ¶
func (in *WebhookResult) DeepCopyInto(out *WebhookResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookSecret ¶
type WebhookSecret struct { // Name of this secret in templates Name string `json:"name"` // Secret ref to fill in credentials SecretRef esmeta.SecretKeySelector `json:"secretRef"` }
func (*WebhookSecret) DeepCopy ¶
func (in *WebhookSecret) DeepCopy() *WebhookSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSecret.
func (*WebhookSecret) DeepCopyInto ¶
func (in *WebhookSecret) DeepCopyInto(out *WebhookSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxAuth ¶
type YandexLockboxAuth struct { // The authorized key used for authentication // +optional AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"` }
func (*YandexLockboxAuth) DeepCopy ¶
func (in *YandexLockboxAuth) DeepCopy() *YandexLockboxAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxAuth.
func (*YandexLockboxAuth) DeepCopyInto ¶
func (in *YandexLockboxAuth) DeepCopyInto(out *YandexLockboxAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxCAProvider ¶
type YandexLockboxCAProvider struct {
Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}
func (*YandexLockboxCAProvider) DeepCopy ¶
func (in *YandexLockboxCAProvider) DeepCopy() *YandexLockboxCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxCAProvider.
func (*YandexLockboxCAProvider) DeepCopyInto ¶
func (in *YandexLockboxCAProvider) DeepCopyInto(out *YandexLockboxCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxProvider ¶
type YandexLockboxProvider struct { // Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') // +optional APIEndpoint string `json:"apiEndpoint,omitempty"` // Auth defines the information necessary to authenticate against Yandex Lockbox Auth YandexLockboxAuth `json:"auth"` // The provider for the CA bundle to use to validate Yandex.Cloud server certificate. // +optional CAProvider *YandexLockboxCAProvider `json:"caProvider,omitempty"` }
YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.
func (*YandexLockboxProvider) DeepCopy ¶
func (in *YandexLockboxProvider) DeepCopy() *YandexLockboxProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxProvider.
func (*YandexLockboxProvider) DeepCopyInto ¶
func (in *YandexLockboxProvider) DeepCopyInto(out *YandexLockboxProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- clusterexternalsecret_types.go
- doc.go
- externalsecret_conversion.go
- externalsecret_types.go
- externalsecret_validator.go
- externalsecret_webhook.go
- generic_store.go
- provider.go
- provider_schema.go
- register.go
- secretstore_akeyless_types.go
- secretstore_alibaba_types.go
- secretstore_aws_types.go
- secretstore_azurekv_types.go
- secretstore_conversion.go
- secretstore_fake_types.go
- secretstore_gcpsm_types.go
- secretstore_gitlab_types.go
- secretstore_ibm_types.go
- secretstore_kubernetes_types.go
- secretstore_oracle_types.go
- secretstore_types.go
- secretstore_validator.go
- secretstore_vault_types.go
- secretstore_webhook.go
- secretstore_webhook_types.go
- secretstore_yandexlockbox_types.go
- zz_generated.deepcopy.go