v1beta1

package
v0.5.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 12, 2022 License: Apache-2.0 Imports: 14 Imported by: 15

Documentation

Overview

Package v1beta1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1beta1

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// ConditionReasonSecretSynced indicates that the secrets was synced.
	ConditionReasonSecretSynced = "SecretSynced"
	// ConditionReasonSecretSyncedError indicates that there was an error syncing the secret.
	ConditionReasonSecretSyncedError = "SecretSyncedError"
	// ConditionReasonSecretDeleted indicates that the secret has been deleted.
	ConditionReasonSecretDeleted = "SecretDeleted"

	ReasonInvalidStoreRef      = "InvalidStoreRef"
	ReasonUnavailableStore     = "UnavailableStore"
	ReasonProviderClientConfig = "InvalidProviderClientConfig"
	ReasonUpdateFailed         = "UpdateFailed"
	ReasonUpdated              = "Updated"
	ReasonDeleted              = "Deleted"
)
View Source 
const (
	Group   = "external-secrets.io"
	Version = "v1beta1"
)

Package type metadata.

View Source 
const (
	SecretStoreReady SecretStoreConditionType = "Ready"

	ReasonInvalidStore          = "InvalidStoreConfiguration"
	ReasonInvalidProviderConfig = "InvalidProviderConfig"
	ReasonValidationFailed      = "ValidationFailed"
	ReasonStoreValid            = "Valid"
)
View Source 
const (
	// AnnotationDataHash is used to ensure consistency.
	AnnotationDataHash = "reconcile.external-secrets.io/data-hash"
)

Variables

View Source 
var (
	// SchemeGroupVersion is group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source 
var (
	ExtSecretKind             = reflect.TypeOf(ExternalSecret{}).Name()
	ExtSecretGroupKind        = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String()
	ExtSecretKindAPIVersion   = ExtSecretKind + "." + SchemeGroupVersion.String()
	ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind)
)

ExternalSecret type metadata.

View Source 
var (
	ClusterExtSecretKind             = reflect.TypeOf(ClusterExternalSecret{}).Name()
	ClusterExtSecretGroupKind        = schema.GroupKind{Group: Group, Kind: ClusterExtSecretKind}.String()
	ClusterExtSecretKindAPIVersion   = ClusterExtSecretKind + "." + SchemeGroupVersion.String()
	ClusterExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ClusterExtSecretKind)
)

ClusterExternalSecret type metadata.

View Source 
var (
	SecretStoreKind             = reflect.TypeOf(SecretStore{}).Name()
	SecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String()
	SecretStoreKindAPIVersion   = SecretStoreKind + "." + SchemeGroupVersion.String()
	SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind)
)

SecretStore type metadata.

View Source 
var (
	ClusterSecretStoreKind             = reflect.TypeOf(ClusterSecretStore{}).Name()
	ClusterSecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String()
	ClusterSecretStoreKindAPIVersion   = ClusterSecretStoreKind + "." + SchemeGroupVersion.String()
	ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind)
)

ClusterSecretStore type metadata.

View Source 
var NoSecretErr = NoSecretError{}

Functions

func ForceRegister 

func ForceRegister(s Provider, storeSpec *SecretStoreProvider)

ForceRegister adds to store schema, overwriting a store if already registered. Should only be used for testing.

func Register 

func Register(s Provider, storeSpec *SecretStoreProvider)

Register a store backend type. Register panics if a backend with the same store is already registered.

Types

type AWSAuth 

type AWSAuth struct {
	// +optional
	SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	JWTAuth *AWSJWTAuth `json:"jwt,omitempty"`
}

AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.

func (*AWSAuth) DeepCopy 

func (in *AWSAuth) DeepCopy() *AWSAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.

func (*AWSAuth) DeepCopyInto 

func (in *AWSAuth) DeepCopyInto(out *AWSAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSAuthSecretRef 

type AWSAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`

	// The SecretAccessKey is used for authentication
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.

func (*AWSAuthSecretRef) DeepCopy 

func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.

func (*AWSAuthSecretRef) DeepCopyInto 

func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSJWTAuth 

type AWSJWTAuth struct {
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}

Authenticate against AWS using service account tokens.

func (*AWSJWTAuth) DeepCopy 

func (in *AWSJWTAuth) DeepCopy() *AWSJWTAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSJWTAuth.

func (*AWSJWTAuth) DeepCopyInto 

func (in *AWSJWTAuth) DeepCopyInto(out *AWSJWTAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSProvider 

type AWSProvider struct {
	// Service defines which service should be used to fetch the secrets
	Service AWSServiceType `json:"service"`

	// Auth defines the information necessary to authenticate against AWS
	// if not set aws sdk will infer credentials from your environment
	// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
	// +optional
	Auth AWSAuth `json:"auth"`

	// Role is a Role ARN which the SecretManager provider will assume
	// +optional
	Role string `json:"role,omitempty"`

	// AWS Region to be used for the provider
	Region string `json:"region"`
}

AWSProvider configures a store to sync secrets with AWS.

func (*AWSProvider) DeepCopy 

func (in *AWSProvider) DeepCopy() *AWSProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.

func (*AWSProvider) DeepCopyInto 

func (in *AWSProvider) DeepCopyInto(out *AWSProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSServiceType 

type AWSServiceType string

AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore 

const (
	// AWSServiceSecretsManager is the AWS SecretsManager.
	// see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
	AWSServiceSecretsManager AWSServiceType = "SecretsManager"
	// AWSServiceParameterStore is the AWS SystemsManager ParameterStore.
	// see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
	AWSServiceParameterStore AWSServiceType = "ParameterStore"
)

type AkeylessAuth 

type AkeylessAuth struct {
	SecretRef AkeylessAuthSecretRef `json:"secretRef"`
}

func (*AkeylessAuth) DeepCopy 

func (in *AkeylessAuth) DeepCopy() *AkeylessAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuth.

func (*AkeylessAuth) DeepCopyInto 

func (in *AkeylessAuth) DeepCopyInto(out *AkeylessAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AkeylessAuthSecretRef 

type AkeylessAuthSecretRef struct {
	// The SecretAccessID is used for authentication
	AccessID        esmeta.SecretKeySelector `json:"accessID,omitempty"`
	AccessType      esmeta.SecretKeySelector `json:"accessType,omitempty"`
	AccessTypeParam esmeta.SecretKeySelector `json:"accessTypeParam,omitempty"`
}

AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.

func (*AkeylessAuthSecretRef) DeepCopy 

func (in *AkeylessAuthSecretRef) DeepCopy() *AkeylessAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuthSecretRef.

func (*AkeylessAuthSecretRef) DeepCopyInto 

func (in *AkeylessAuthSecretRef) DeepCopyInto(out *AkeylessAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AkeylessProvider 

type AkeylessProvider struct {

	// Akeyless GW API Url from which the secrets to be fetched from.
	AkeylessGWApiURL *string `json:"akeylessGWApiURL"`

	// Auth configures how the operator authenticates with Akeyless.
	Auth *AkeylessAuth `json:"authSecretRef"`
}

AkeylessProvider Configures an store to sync secrets using Akeyless KV.

func (*AkeylessProvider) DeepCopy 

func (in *AkeylessProvider) DeepCopy() *AkeylessProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessProvider.

func (*AkeylessProvider) DeepCopyInto 

func (in *AkeylessProvider) DeepCopyInto(out *AkeylessProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaAuth 

type AlibabaAuth struct {
	SecretRef AlibabaAuthSecretRef `json:"secretRef"`
}

AlibabaAuth contains a secretRef for credentials.

func (*AlibabaAuth) DeepCopy 

func (in *AlibabaAuth) DeepCopy() *AlibabaAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuth.

func (*AlibabaAuth) DeepCopyInto 

func (in *AlibabaAuth) DeepCopyInto(out *AlibabaAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaAuthSecretRef 

type AlibabaAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef"`
	// The AccessKeySecret is used for authentication
	AccessKeySecret esmeta.SecretKeySelector `json:"accessKeySecretSecretRef"`
}

AlibabaAuthSecretRef holds secret references for Alibaba credentials.

func (*AlibabaAuthSecretRef) DeepCopy 

func (in *AlibabaAuthSecretRef) DeepCopy() *AlibabaAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuthSecretRef.

func (*AlibabaAuthSecretRef) DeepCopyInto 

func (in *AlibabaAuthSecretRef) DeepCopyInto(out *AlibabaAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaProvider 

type AlibabaProvider struct {
	Auth *AlibabaAuth `json:"auth"`
	// +optional
	Endpoint string `json:"endpoint"`
	// Alibaba Region to be used for the provider
	RegionID string `json:"regionID"`
}

AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.

func (*AlibabaProvider) DeepCopy 

func (in *AlibabaProvider) DeepCopy() *AlibabaProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaProvider.

func (*AlibabaProvider) DeepCopyInto 

func (in *AlibabaProvider) DeepCopyInto(out *AlibabaProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureAuthType 

type AzureAuthType string

AuthType describes how to authenticate to the Azure Keyvault Only one of the following auth types may be specified. If none of the following auth type is specified, the default one is ServicePrincipal. +kubebuilder:validation:Enum=ServicePrincipal;ManagedIdentity;WorkloadIdentity 

const (
	// Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret.
	AzureServicePrincipal AzureAuthType = "ServicePrincipal"

	// Using Managed Identity to authenticate. Used with aad-pod-identity installed in the clister.
	AzureManagedIdentity AzureAuthType = "ManagedIdentity"

	// Using Workload Identity service accounts to authenticate.
	AzureWorkloadIdentity AzureAuthType = "WorkloadIdentity"
)

type AzureKVAuth 

type AzureKVAuth struct {
	// The Azure clientId of the service principle used for authentication.
	// +optional
	ClientID *smmeta.SecretKeySelector `json:"clientId,omitempty"`

	// The Azure ClientSecret of the service principle used for authentication.
	// +optional
	ClientSecret *smmeta.SecretKeySelector `json:"clientSecret,omitempty"`
}

Configuration used to authenticate with Azure.

func (*AzureKVAuth) DeepCopy 

func (in *AzureKVAuth) DeepCopy() *AzureKVAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.

func (*AzureKVAuth) DeepCopyInto 

func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureKVProvider 

type AzureKVProvider struct {
	// Auth type defines how to authenticate to the keyvault service.
	// Valid values are:
	// - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
	// - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
	// +optional
	// +kubebuilder:default=ServicePrincipal
	AuthType *AzureAuthType `json:"authType,omitempty"`

	// Vault Url from which the secrets to be fetched from.
	VaultURL *string `json:"vaultUrl"`

	// TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
	// +optional
	TenantID *string `json:"tenantId,omitempty"`

	// Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type.
	// +optional
	AuthSecretRef *AzureKVAuth `json:"authSecretRef,omitempty"`

	// ServiceAccountRef specified the service account
	// that should be used when authenticating with WorkloadIdentity.
	// +optional
	ServiceAccountRef *smmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// If multiple Managed Identity is assigned to the pod, you can select the one to be used
	// +optional
	IdentityID *string `json:"identityId,omitempty"`
}

Configures an store to sync secrets using Azure KV.

func (*AzureKVProvider) DeepCopy 

func (in *AzureKVProvider) DeepCopy() *AzureKVProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.

func (*AzureKVProvider) DeepCopyInto 

func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CAProvider 

type CAProvider struct {
	// The type of provider to use such as "Secret", or "ConfigMap".
	// +kubebuilder:validation:Enum="Secret";"ConfigMap"
	Type CAProviderType `json:"type"`

	// The name of the object located at the provider type.
	Name string `json:"name"`

	// The key the value inside of the provider type to use, only used with "Secret" type
	// +kubebuilder:validation:Optional
	Key string `json:"key,omitempty"`

	// The namespace the Provider type is in.
	// +optional
	Namespace *string `json:"namespace,omitempty"`
}

Defines a location to fetch the cert for the vault provider from.

func (*CAProvider) DeepCopy 

func (in *CAProvider) DeepCopy() *CAProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAProvider.

func (*CAProvider) DeepCopyInto 

func (in *CAProvider) DeepCopyInto(out *CAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CAProviderType 

type CAProviderType string
const (
	CAProviderTypeSecret    CAProviderType = "Secret"
	CAProviderTypeConfigMap CAProviderType = "ConfigMap"
)

type CertAuth 

type CertAuth struct {
	ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"`
	ClientKey  esmeta.SecretKeySelector `json:"clientKey,omitempty"`
}

func (*CertAuth) DeepCopy 

func (in *CertAuth) DeepCopy() *CertAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertAuth.

func (*CertAuth) DeepCopyInto 

func (in *CertAuth) DeepCopyInto(out *CertAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterExternalSecret 

type ClusterExternalSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ClusterExternalSecretSpec   `json:"spec,omitempty"`
	Status ClusterExternalSecretStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:storageversion +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=ces +kubebuilder:subresource:status ClusterExternalSecret is the Schema for the clusterexternalsecrets API.

func (*ClusterExternalSecret) DeepCopy 

func (in *ClusterExternalSecret) DeepCopy() *ClusterExternalSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecret.

func (*ClusterExternalSecret) DeepCopyInto 

func (in *ClusterExternalSecret) DeepCopyInto(out *ClusterExternalSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterExternalSecret) DeepCopyObject 

func (in *ClusterExternalSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterExternalSecretConditionType 

type ClusterExternalSecretConditionType string
const (
	ClusterExternalSecretReady          ClusterExternalSecretConditionType = "Ready"
	ClusterExternalSecretPartiallyReady ClusterExternalSecretConditionType = "PartiallyReady"
	ClusterExternalSecretNotReady       ClusterExternalSecretConditionType = "NotReady"
)

type ClusterExternalSecretList 

type ClusterExternalSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterExternalSecret `json:"items"`
}

ClusterExternalSecretList contains a list of ClusterExternalSecret.

func (*ClusterExternalSecretList) DeepCopy 

func (in *ClusterExternalSecretList) DeepCopy() *ClusterExternalSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretList.

func (*ClusterExternalSecretList) DeepCopyInto 

func (in *ClusterExternalSecretList) DeepCopyInto(out *ClusterExternalSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterExternalSecretList) DeepCopyObject 

func (in *ClusterExternalSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterExternalSecretNamespaceFailure 

type ClusterExternalSecretNamespaceFailure struct {

	// Namespace is the namespace that failed when trying to apply an ExternalSecret
	Namespace string `json:"namespace"`

	// Reason is why the ExternalSecret failed to apply to the namespace
	// +optional
	Reason string `json:"reason,omitempty"`
}

ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it's reason.

func (*ClusterExternalSecretNamespaceFailure) DeepCopy 

func (in *ClusterExternalSecretNamespaceFailure) DeepCopy() *ClusterExternalSecretNamespaceFailure

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretNamespaceFailure.

func (*ClusterExternalSecretNamespaceFailure) DeepCopyInto 

func (in *ClusterExternalSecretNamespaceFailure) DeepCopyInto(out *ClusterExternalSecretNamespaceFailure)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterExternalSecretSpec 

type ClusterExternalSecretSpec struct {
	// The spec for the ExternalSecrets to be created
	ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"`

	// The name of the external secrets to be created defaults to the name of the ClusterExternalSecret
	// +optional
	ExternalSecretName string `json:"externalSecretName"`

	// The labels to select by to find the Namespaces to create the ExternalSecrets in.
	NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"`

	// The time in which the controller should reconcile it's objects and recheck namespaces for labels.
	RefreshInterval *metav1.Duration `json:"refreshTime,omitempty"`
}

ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.

func (*ClusterExternalSecretSpec) DeepCopy 

func (in *ClusterExternalSecretSpec) DeepCopy() *ClusterExternalSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretSpec.

func (*ClusterExternalSecretSpec) DeepCopyInto 

func (in *ClusterExternalSecretSpec) DeepCopyInto(out *ClusterExternalSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterExternalSecretStatus 

type ClusterExternalSecretStatus struct {
	// Failed namespaces are the namespaces that failed to apply an ExternalSecret
	// +optional
	FailedNamespaces []ClusterExternalSecretNamespaceFailure `json:"failedNamespaces,omitempty"`

	// ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets
	// +optional
	ProvisionedNamespaces []string `json:"provisionedNamespaces,omitempty"`

	// +optional
	Conditions []ClusterExternalSecretStatusCondition `json:"conditions,omitempty"`
}

ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.

func (*ClusterExternalSecretStatus) DeepCopy 

func (in *ClusterExternalSecretStatus) DeepCopy() *ClusterExternalSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatus.

func (*ClusterExternalSecretStatus) DeepCopyInto 

func (in *ClusterExternalSecretStatus) DeepCopyInto(out *ClusterExternalSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterExternalSecretStatusCondition 

type ClusterExternalSecretStatusCondition struct {
	Type   ClusterExternalSecretConditionType `json:"type"`
	Status corev1.ConditionStatus             `json:"status"`

	// +optional
	Message string `json:"message,omitempty"`
}

func (*ClusterExternalSecretStatusCondition) DeepCopy 

func (in *ClusterExternalSecretStatusCondition) DeepCopy() *ClusterExternalSecretStatusCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatusCondition.

func (*ClusterExternalSecretStatusCondition) DeepCopyInto 

func (in *ClusterExternalSecretStatusCondition) DeepCopyInto(out *ClusterExternalSecretStatusCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSecretStore 

type ClusterSecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css

func (*ClusterSecretStore) Copy 

func (c *ClusterSecretStore) Copy() GenericStore

func (*ClusterSecretStore) DeepCopy 

func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.

func (*ClusterSecretStore) DeepCopyInto 

func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStore) DeepCopyObject 

func (in *ClusterSecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterSecretStore) GetNamespacedName 

func (c *ClusterSecretStore) GetNamespacedName() string

func (*ClusterSecretStore) GetObjectMeta 

func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*ClusterSecretStore) GetSpec 

func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec

func (*ClusterSecretStore) GetStatus 

func (c *ClusterSecretStore) GetStatus() SecretStoreStatus

func (*ClusterSecretStore) GetTypeMeta 

func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta

func (*ClusterSecretStore) Hub 

func (*ClusterSecretStore) Hub()

func (*ClusterSecretStore) SetStatus 

func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)

func (*ClusterSecretStore) SetupWebhookWithManager 

func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error

type ClusterSecretStoreList 

type ClusterSecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterSecretStore `json:"items"`
}

ClusterSecretStoreList contains a list of ClusterSecretStore resources.

func (*ClusterSecretStoreList) DeepCopy 

func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.

func (*ClusterSecretStoreList) DeepCopyInto 

func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStoreList) DeepCopyObject 

func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecret 

type ExternalSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ExternalSecretSpec   `json:"spec,omitempty"`
	Status ExternalSecretStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:storageversion ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`

func (*ExternalSecret) DeepCopy 

func (in *ExternalSecret) DeepCopy() *ExternalSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.

func (*ExternalSecret) DeepCopyInto 

func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecret) DeepCopyObject 

func (in *ExternalSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ExternalSecret) Hub 

func (*ExternalSecret) Hub()

func (*ExternalSecret) SetupWebhookWithManager 

func (r *ExternalSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

type ExternalSecretConditionType 

type ExternalSecretConditionType string
const (
	ExternalSecretReady   ExternalSecretConditionType = "Ready"
	ExternalSecretDeleted ExternalSecretConditionType = "Deleted"
)

type ExternalSecretConversionStrategy 

type ExternalSecretConversionStrategy string
const (
	ExternalSecretConversionDefault ExternalSecretConversionStrategy = "Default"
	ExternalSecretConversionUnicode ExternalSecretConversionStrategy = "Unicode"
)

type ExternalSecretCreationPolicy 

type ExternalSecretCreationPolicy string

ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. +kubebuilder:validation:Enum=Owner;Orphan;Merge;None 

const (
	// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.
	CreatePolicyOwner ExternalSecretCreationPolicy = "Owner"

	// Orphan creates the Secret and does not set the ownerReference.
	// I.e. it will be orphaned after the deletion of the ExternalSecret.
	CreatePolicyOrphan ExternalSecretCreationPolicy = "Orphan"

	// Merge does not create the Secret, but merges the data fields to the Secret.
	CreatePolicyMerge ExternalSecretCreationPolicy = "Merge"

	// None does not create a Secret (future use with injector).
	CreatePolicyNone ExternalSecretCreationPolicy = "None"
)

type ExternalSecretData 

type ExternalSecretData struct {
	SecretKey string `json:"secretKey"`

	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
}

ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.

func (*ExternalSecretData) DeepCopy 

func (in *ExternalSecretData) DeepCopy() *ExternalSecretData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.

func (*ExternalSecretData) DeepCopyInto 

func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDataFromRemoteRef 

type ExternalSecretDataFromRemoteRef struct {
	// Used to extract multiple key/value pairs from one secret
	// +optional
	Extract *ExternalSecretDataRemoteRef `json:"extract,omitempty"`
	// Used to find secrets based on tags or regular expressions
	// +optional
	Find *ExternalSecretFind `json:"find,omitempty"`
}

+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*ExternalSecretDataFromRemoteRef) DeepCopy 

func (in *ExternalSecretDataFromRemoteRef) DeepCopy() *ExternalSecretDataFromRemoteRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataFromRemoteRef.

func (*ExternalSecretDataFromRemoteRef) DeepCopyInto 

func (in *ExternalSecretDataFromRemoteRef) DeepCopyInto(out *ExternalSecretDataFromRemoteRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDataRemoteRef 

type ExternalSecretDataRemoteRef struct {
	// Key is the key used in the Provider, mandatory
	Key string `json:"key"`

	// +optional
	// Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
	MetadataPolicy ExternalSecretMetadataPolicy `json:"metadataPolicy,omitempty"`

	// +optional
	// Used to select a specific property of the Provider value (if a map), if supported
	Property string `json:"property,omitempty"`

	// +optional
	// Used to select a specific version of the Provider value, if supported
	Version string `json:"version,omitempty"`

	// +optional
	// Used to define a conversion Strategy
	// +kubebuilder:default="Default"
	ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"`

	// +optional
	// Used to define a conversion Strategy
	// +kubebuilder:default="None"
	DecodingStrategy ExternalSecretDecodingStrategy `json:"decodingStrategy,omitempty"`
}

ExternalSecretDataRemoteRef defines Provider data location.

func (*ExternalSecretDataRemoteRef) DeepCopy 

func (in *ExternalSecretDataRemoteRef) DeepCopy() *ExternalSecretDataRemoteRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.

func (*ExternalSecretDataRemoteRef) DeepCopyInto 

func (in *ExternalSecretDataRemoteRef) DeepCopyInto(out *ExternalSecretDataRemoteRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDecodingStrategy added in v0.5.8 

type ExternalSecretDecodingStrategy string
const (
	ExternalSecretDecodeAuto      ExternalSecretDecodingStrategy = "Auto"
	ExternalSecretDecodeBase64    ExternalSecretDecodingStrategy = "Base64"
	ExternalSecretDecodeBase64URL ExternalSecretDecodingStrategy = "Base64URL"
	ExternalSecretDecodeNone      ExternalSecretDecodingStrategy = "None"
)

type ExternalSecretDeletionPolicy 

type ExternalSecretDeletionPolicy string

ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret. +kubebuilder:validation:Enum=Delete;Merge;Retain 

const (
	// Delete deletes the secret if all provider secrets are deleted.
	// If a secret gets deleted on the provider side and is not accessible
	// anymore this is not considered an error and the ExternalSecret
	// does not go into SecretSyncedError status.
	DeletionPolicyDelete ExternalSecretDeletionPolicy = "Delete"

	// Merge removes keys in the secret, but not the secret itself.
	// If a secret gets deleted on the provider side and is not accessible
	// anymore this is not considered an error and the ExternalSecret
	// does not go into SecretSyncedError status.
	DeletionPolicyMerge ExternalSecretDeletionPolicy = "Merge"

	// Retain will retain the secret if all provider secrets have been deleted.
	// If a provider secret does not exist the ExternalSecret gets into the
	// SecretSyncedError status.
	DeletionPolicyRetain ExternalSecretDeletionPolicy = "Retain"
)

type ExternalSecretFind 

type ExternalSecretFind struct {
	// A root path to start the find operations.
	// +optional
	Path *string `json:"path,omitempty"`
	// Finds secrets based on the name.
	// +optional
	Name *FindName `json:"name,omitempty"`

	// Find secrets based on tags.
	// +optional
	Tags map[string]string `json:"tags,omitempty"`

	// +optional
	// Used to define a conversion Strategy
	// +kubebuilder:default="Default"
	ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"`

	// +optional
	// Used to define a conversion Strategy
	// +kubebuilder:default="None"
	DecodingStrategy ExternalSecretDecodingStrategy `json:"decodingStrategy,omitempty"`
}

func (*ExternalSecretFind) DeepCopy 

func (in *ExternalSecretFind) DeepCopy() *ExternalSecretFind

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretFind.

func (*ExternalSecretFind) DeepCopyInto 

func (in *ExternalSecretFind) DeepCopyInto(out *ExternalSecretFind)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretList 

type ExternalSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ExternalSecret `json:"items"`
}

ExternalSecretList contains a list of ExternalSecret resources.

func (*ExternalSecretList) DeepCopy 

func (in *ExternalSecretList) DeepCopy() *ExternalSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.

func (*ExternalSecretList) DeepCopyInto 

func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecretList) DeepCopyObject 

func (in *ExternalSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecretMetadataPolicy added in v0.5.4 

type ExternalSecretMetadataPolicy string
const (
	ExternalSecretMetadataPolicyNone  ExternalSecretMetadataPolicy = "None"
	ExternalSecretMetadataPolicyFetch ExternalSecretMetadataPolicy = "Fetch"
)

type ExternalSecretSpec 

type ExternalSecretSpec struct {
	SecretStoreRef SecretStoreRef `json:"secretStoreRef"`
	// +optional
	Target ExternalSecretTarget `json:"target,omitempty"`

	// RefreshInterval is the amount of time before the values are read again from the SecretStore provider
	// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
	// May be set to zero to fetch and create it once. Defaults to 1h.
	// +kubebuilder:default="1h"
	RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"`

	// Data defines the connection between the Kubernetes Secret keys and the Provider data
	// +optional
	Data []ExternalSecretData `json:"data,omitempty"`

	// DataFrom is used to fetch all properties from a specific Provider data
	// If multiple entries are specified, the Secret keys are merged in the specified order
	// +optional
	DataFrom []ExternalSecretDataFromRemoteRef `json:"dataFrom,omitempty"`
}

ExternalSecretSpec defines the desired state of ExternalSecret.

func (*ExternalSecretSpec) DeepCopy 

func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.

func (*ExternalSecretSpec) DeepCopyInto 

func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatus 

type ExternalSecretStatus struct {
	// +nullable
	// refreshTime is the time and date the external secret was fetched and
	// the target secret updated
	RefreshTime metav1.Time `json:"refreshTime,omitempty"`

	// SyncedResourceVersion keeps track of the last synced version
	SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"`

	// +optional
	Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"`
}

func (*ExternalSecretStatus) DeepCopy 

func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.

func (*ExternalSecretStatus) DeepCopyInto 

func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatusCondition 

type ExternalSecretStatusCondition struct {
	Type   ExternalSecretConditionType `json:"type"`
	Status corev1.ConditionStatus      `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*ExternalSecretStatusCondition) DeepCopy 

func (in *ExternalSecretStatusCondition) DeepCopy() *ExternalSecretStatusCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.

func (*ExternalSecretStatusCondition) DeepCopyInto 

func (in *ExternalSecretStatusCondition) DeepCopyInto(out *ExternalSecretStatusCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTarget 

type ExternalSecretTarget struct {
	// Name defines the name of the Secret resource to be managed
	// This field is immutable
	// Defaults to the .metadata.name of the ExternalSecret resource
	// +optional
	Name string `json:"name,omitempty"`

	// CreationPolicy defines rules on how to create the resulting Secret
	// Defaults to 'Owner'
	// +optional
	// +kubebuilder:default="Owner"
	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
	// DeletionPolicy defines rules on how to delete the resulting Secret
	// Defaults to 'Retain'
	// +optional
	// +kubebuilder:default="Retain"
	DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"`
	// Template defines a blueprint for the created Secret resource.
	// +optional
	Template *ExternalSecretTemplate `json:"template,omitempty"`

	// Immutable defines if the final secret will be immutable
	// +optional
	Immutable bool `json:"immutable,omitempty"`
}

ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.

func (*ExternalSecretTarget) DeepCopy 

func (in *ExternalSecretTarget) DeepCopy() *ExternalSecretTarget

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.

func (*ExternalSecretTarget) DeepCopyInto 

func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplate 

type ExternalSecretTemplate struct {
	// +optional
	Type corev1.SecretType `json:"type,omitempty"`

	EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"`
	// +optional
	Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"`

	// +optional
	Data map[string]string `json:"data,omitempty"`

	// +optional
	TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"`
}

ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448

func (*ExternalSecretTemplate) DeepCopy 

func (in *ExternalSecretTemplate) DeepCopy() *ExternalSecretTemplate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.

func (*ExternalSecretTemplate) DeepCopyInto 

func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplateMetadata 

type ExternalSecretTemplateMetadata struct {
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// +optional
	Labels map[string]string `json:"labels,omitempty"`
}

ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.

func (*ExternalSecretTemplateMetadata) DeepCopy 

func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMetadata

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.

func (*ExternalSecretTemplateMetadata) DeepCopyInto 

func (in *ExternalSecretTemplateMetadata) DeepCopyInto(out *ExternalSecretTemplateMetadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretValidator 

type ExternalSecretValidator struct{}

func (*ExternalSecretValidator) DeepCopy 

func (in *ExternalSecretValidator) DeepCopy() *ExternalSecretValidator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretValidator.

func (*ExternalSecretValidator) DeepCopyInto 

func (in *ExternalSecretValidator) DeepCopyInto(out *ExternalSecretValidator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecretValidator) ValidateCreate 

func (esv *ExternalSecretValidator) ValidateCreate(ctx context.Context, obj runtime.Object) error

func (*ExternalSecretValidator) ValidateDelete 

func (esv *ExternalSecretValidator) ValidateDelete(ctx context.Context, obj runtime.Object) error

func (*ExternalSecretValidator) ValidateUpdate 

func (esv *ExternalSecretValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) error

type FakeProvider 

type FakeProvider struct {
	Data []FakeProviderData `json:"data"`
}

FakeProvider configures a fake provider that returns static values.

func (*FakeProvider) DeepCopy 

func (in *FakeProvider) DeepCopy() *FakeProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProvider.

func (*FakeProvider) DeepCopyInto 

func (in *FakeProvider) DeepCopyInto(out *FakeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FakeProviderData 

type FakeProviderData struct {
	Key      string            `json:"key"`
	Value    string            `json:"value,omitempty"`
	ValueMap map[string]string `json:"valueMap,omitempty"`
	Version  string            `json:"version,omitempty"`
}

func (*FakeProviderData) DeepCopy 

func (in *FakeProviderData) DeepCopy() *FakeProviderData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProviderData.

func (*FakeProviderData) DeepCopyInto 

func (in *FakeProviderData) DeepCopyInto(out *FakeProviderData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FindName 

type FindName struct {
	// Finds secrets base
	// +optional
	RegExp string `json:"regexp,omitempty"`
}

func (*FindName) DeepCopy 

func (in *FindName) DeepCopy() *FindName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FindName.

func (*FindName) DeepCopyInto 

func (in *FindName) DeepCopyInto(out *FindName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuth 

type GCPSMAuth struct {
	// +optional
	SecretRef *GCPSMAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	WorkloadIdentity *GCPWorkloadIdentity `json:"workloadIdentity,omitempty"`
}

func (*GCPSMAuth) DeepCopy 

func (in *GCPSMAuth) DeepCopy() *GCPSMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.

func (*GCPSMAuth) DeepCopyInto 

func (in *GCPSMAuth) DeepCopyInto(out *GCPSMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuthSecretRef 

type GCPSMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	// +optional
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

func (*GCPSMAuthSecretRef) DeepCopy 

func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.

func (*GCPSMAuthSecretRef) DeepCopyInto 

func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMProvider 

type GCPSMProvider struct {
	// Auth defines the information necessary to authenticate against GCP
	// +optional
	Auth GCPSMAuth `json:"auth,omitempty"`

	// ProjectID project where secret is located
	ProjectID string `json:"projectID,omitempty"`
}

GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.

func (*GCPSMProvider) DeepCopy 

func (in *GCPSMProvider) DeepCopy() *GCPSMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.

func (*GCPSMProvider) DeepCopyInto 

func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPWorkloadIdentity 

type GCPWorkloadIdentity struct {
	ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"`
	ClusterLocation   string                        `json:"clusterLocation"`
	ClusterName       string                        `json:"clusterName"`
	ClusterProjectID  string                        `json:"clusterProjectID,omitempty"`
}

func (*GCPWorkloadIdentity) DeepCopy 

func (in *GCPWorkloadIdentity) DeepCopy() *GCPWorkloadIdentity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPWorkloadIdentity.

func (*GCPWorkloadIdentity) DeepCopyInto 

func (in *GCPWorkloadIdentity) DeepCopyInto(out *GCPWorkloadIdentity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenericStore 

type GenericStore interface {
	runtime.Object
	metav1.Object

	GetObjectMeta() *metav1.ObjectMeta
	GetTypeMeta() *metav1.TypeMeta

	GetSpec() *SecretStoreSpec
	GetNamespacedName() string
	GetStatus() SecretStoreStatus
	SetStatus(status SecretStoreStatus)
	Copy() GenericStore
}

GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.

type GenericStoreValidator 

type GenericStoreValidator struct{}

func (*GenericStoreValidator) DeepCopy 

func (in *GenericStoreValidator) DeepCopy() *GenericStoreValidator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericStoreValidator.

func (*GenericStoreValidator) DeepCopyInto 

func (in *GenericStoreValidator) DeepCopyInto(out *GenericStoreValidator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GenericStoreValidator) ValidateCreate 

func (r *GenericStoreValidator) ValidateCreate(ctx context.Context, obj runtime.Object) error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*GenericStoreValidator) ValidateDelete 

func (r *GenericStoreValidator) ValidateDelete(ctx context.Context, obj runtime.Object) error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*GenericStoreValidator) ValidateUpdate 

func (r *GenericStoreValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type GitlabAuth 

type GitlabAuth struct {
	SecretRef GitlabSecretRef `json:"SecretRef"`
}

func (*GitlabAuth) DeepCopy 

func (in *GitlabAuth) DeepCopy() *GitlabAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabAuth.

func (*GitlabAuth) DeepCopyInto 

func (in *GitlabAuth) DeepCopyInto(out *GitlabAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitlabProvider 

type GitlabProvider struct {
	// URL configures the GitLab instance URL. Defaults to https://gitlab.com/.
	URL string `json:"url,omitempty"`

	// Auth configures how secret-manager authenticates with a GitLab instance.
	Auth GitlabAuth `json:"auth"`

	// ProjectID specifies a project where secrets are located.
	ProjectID string `json:"projectID,omitempty"`
}

Configures a store to sync secrets with a GitLab instance.

func (*GitlabProvider) DeepCopy 

func (in *GitlabProvider) DeepCopy() *GitlabProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabProvider.

func (*GitlabProvider) DeepCopyInto 

func (in *GitlabProvider) DeepCopyInto(out *GitlabProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitlabSecretRef 

type GitlabSecretRef struct {
	// AccessToken is used for authentication.
	AccessToken esmeta.SecretKeySelector `json:"accessToken,omitempty"`
}

func (*GitlabSecretRef) DeepCopy 

func (in *GitlabSecretRef) DeepCopy() *GitlabSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabSecretRef.

func (*GitlabSecretRef) DeepCopyInto 

func (in *GitlabSecretRef) DeepCopyInto(out *GitlabSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMAuth 

type IBMAuth struct {
	SecretRef IBMAuthSecretRef `json:"secretRef"`
}

func (*IBMAuth) DeepCopy 

func (in *IBMAuth) DeepCopy() *IBMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuth.

func (*IBMAuth) DeepCopyInto 

func (in *IBMAuth) DeepCopyInto(out *IBMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMAuthSecretRef 

type IBMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	// +optional
	SecretAPIKey esmeta.SecretKeySelector `json:"secretApiKeySecretRef,omitempty"`
}

func (*IBMAuthSecretRef) DeepCopy 

func (in *IBMAuthSecretRef) DeepCopy() *IBMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthSecretRef.

func (*IBMAuthSecretRef) DeepCopyInto 

func (in *IBMAuthSecretRef) DeepCopyInto(out *IBMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMProvider 

type IBMProvider struct {
	// Auth configures how secret-manager authenticates with the IBM secrets manager.
	Auth IBMAuth `json:"auth"`

	// ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance
	ServiceURL *string `json:"serviceUrl,omitempty"`
}

Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.

func (*IBMProvider) DeepCopy 

func (in *IBMProvider) DeepCopy() *IBMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMProvider.

func (*IBMProvider) DeepCopyInto 

func (in *IBMProvider) DeepCopyInto(out *IBMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuth 

type KubernetesAuth struct {
	// has both clientCert and clientKey as secretKeySelector
	// +optional
	Cert *CertAuth `json:"cert,omitempty"`

	// use static token to authenticate with
	// +optional
	Token *TokenAuth `json:"token,omitempty"`

	// points to a service account that should be used for authentication
	// +optional
	ServiceAccount *esmeta.ServiceAccountSelector `json:"serviceAccount,omitempty"`
}

+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*KubernetesAuth) DeepCopy 

func (in *KubernetesAuth) DeepCopy() *KubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuth.

func (*KubernetesAuth) DeepCopyInto 

func (in *KubernetesAuth) DeepCopyInto(out *KubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesProvider 

type KubernetesProvider struct {
	// configures the Kubernetes server Address.
	Server KubernetesServer `json:"server,omitempty"`

	// Auth configures how secret-manager authenticates with a Kubernetes instance.
	Auth KubernetesAuth `json:"auth"`

	// Remote namespace to fetch the secrets from
	// +kubebuilder:default= default
	// +optional
	RemoteNamespace string `json:"remoteNamespace"`
}

Configures a store to sync secrets with a Kubernetes instance.

func (*KubernetesProvider) DeepCopy 

func (in *KubernetesProvider) DeepCopy() *KubernetesProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesProvider.

func (*KubernetesProvider) DeepCopyInto 

func (in *KubernetesProvider) DeepCopyInto(out *KubernetesProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesServer 

type KubernetesServer struct {

	// configures the Kubernetes server Address.
	// +kubebuilder:default=kubernetes.default
	// +optional
	URL string `json:"url,omitempty"`

	// CABundle is a base64-encoded CA certificate
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`
}

func (*KubernetesServer) DeepCopy 

func (in *KubernetesServer) DeepCopy() *KubernetesServer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServer.

func (*KubernetesServer) DeepCopyInto 

func (in *KubernetesServer) DeepCopyInto(out *KubernetesServer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NoSecretError 

type NoSecretError struct{}

NoSecretError shall be returned when a GetSecret can not find the desired secret. This is used for deletionPolicy.

func (*NoSecretError) DeepCopy 

func (in *NoSecretError) DeepCopy() *NoSecretError

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoSecretError.

func (*NoSecretError) DeepCopyInto 

func (in *NoSecretError) DeepCopyInto(out *NoSecretError)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (NoSecretError) Error 

func (NoSecretError) Error() string

type OnePasswordAuth added in v0.5.3 

type OnePasswordAuth struct {
	SecretRef *OnePasswordAuthSecretRef `json:"secretRef"`
}

OnePasswordAuth contains a secretRef for credentials.

func (*OnePasswordAuth) DeepCopy added in v0.5.3 

func (in *OnePasswordAuth) DeepCopy() *OnePasswordAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordAuth.

func (*OnePasswordAuth) DeepCopyInto added in v0.5.3 

func (in *OnePasswordAuth) DeepCopyInto(out *OnePasswordAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OnePasswordAuthSecretRef added in v0.5.3 

type OnePasswordAuthSecretRef struct {
	// The ConnectToken is used for authentication to a 1Password Connect Server.
	ConnectToken esmeta.SecretKeySelector `json:"connectTokenSecretRef"`
}

OnePasswordAuthSecretRef holds secret references for 1Password credentials.

func (*OnePasswordAuthSecretRef) DeepCopy added in v0.5.3 

func (in *OnePasswordAuthSecretRef) DeepCopy() *OnePasswordAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordAuthSecretRef.

func (*OnePasswordAuthSecretRef) DeepCopyInto added in v0.5.3 

func (in *OnePasswordAuthSecretRef) DeepCopyInto(out *OnePasswordAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OnePasswordProvider added in v0.5.3 

type OnePasswordProvider struct {
	// Auth defines the information necessary to authenticate against OnePassword Connect Server
	Auth *OnePasswordAuth `json:"auth"`
	// ConnectHost defines the OnePassword Connect Server to connect to
	ConnectHost string `json:"connectHost"`
	// Vaults defines which OnePassword vaults to search in which order
	Vaults map[string]int `json:"vaults"`
}

OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.

func (*OnePasswordProvider) DeepCopy added in v0.5.3 

func (in *OnePasswordProvider) DeepCopy() *OnePasswordProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordProvider.

func (*OnePasswordProvider) DeepCopyInto added in v0.5.3 

func (in *OnePasswordProvider) DeepCopyInto(out *OnePasswordProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OracleAuth 

type OracleAuth struct {
	// Tenancy is the tenancy OCID where user is located.
	Tenancy string `json:"tenancy"`

	// User is an access OCID specific to the account.
	User string `json:"user"`

	// SecretRef to pass through sensitive information.
	SecretRef OracleSecretRef `json:"secretRef"`
}

func (*OracleAuth) DeepCopy 

func (in *OracleAuth) DeepCopy() *OracleAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleAuth.

func (*OracleAuth) DeepCopyInto 

func (in *OracleAuth) DeepCopyInto(out *OracleAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OracleProvider 

type OracleProvider struct {
	// Region is the region where vault is located.
	Region string `json:"region"`

	// Vault is the vault's OCID of the specific vault where secret is located.
	Vault string `json:"vault"`

	// Auth configures how secret-manager authenticates with the Oracle Vault.
	// If empty, use the instance principal, otherwise the user credentials specified in Auth.
	// +optional
	Auth *OracleAuth `json:"auth,omitempty"`
}

Configures an store to sync secrets using a Oracle Vault backend.

func (*OracleProvider) DeepCopy 

func (in *OracleProvider) DeepCopy() *OracleProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleProvider.

func (*OracleProvider) DeepCopyInto 

func (in *OracleProvider) DeepCopyInto(out *OracleProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OracleSecretRef 

type OracleSecretRef struct {
	// PrivateKey is the user's API Signing Key in PEM format, used for authentication.
	PrivateKey esmeta.SecretKeySelector `json:"privatekey"`

	// Fingerprint is the fingerprint of the API private key.
	Fingerprint esmeta.SecretKeySelector `json:"fingerprint"`
}

func (*OracleSecretRef) DeepCopy 

func (in *OracleSecretRef) DeepCopy() *OracleSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleSecretRef.

func (*OracleSecretRef) DeepCopyInto 

func (in *OracleSecretRef) DeepCopyInto(out *OracleSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Provider 

type Provider interface {
	// NewClient constructs a SecretsManager Provider
	NewClient(ctx context.Context, store GenericStore, kube client.Client, namespace string) (SecretsClient, error)

	// ValidateStore checks if the provided store is valid
	ValidateStore(store GenericStore) error
}

Provider is a common interface for interacting with secret backends.

func GetProvider 

func GetProvider(s GenericStore) (Provider, error)

GetProvider returns the provider from the generic store.

func GetProviderByName 

func GetProviderByName(name string) (Provider, bool)

GetProviderByName returns the provider implementation by name.

type SecretStore 

type SecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss

func (*SecretStore) Copy 

func (c *SecretStore) Copy() GenericStore

func (*SecretStore) DeepCopy 

func (in *SecretStore) DeepCopy() *SecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.

func (*SecretStore) DeepCopyInto 

func (in *SecretStore) DeepCopyInto(out *SecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStore) DeepCopyObject 

func (in *SecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretStore) GetNamespacedName 

func (c *SecretStore) GetNamespacedName() string

func (*SecretStore) GetObjectMeta 

func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*SecretStore) GetSpec 

func (c *SecretStore) GetSpec() *SecretStoreSpec

func (*SecretStore) GetStatus 

func (c *SecretStore) GetStatus() SecretStoreStatus

func (*SecretStore) GetTypeMeta 

func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta

func (*SecretStore) Hub 

func (*SecretStore) Hub()

func (*SecretStore) SetStatus 

func (c *SecretStore) SetStatus(status SecretStoreStatus)

func (*SecretStore) SetupWebhookWithManager 

func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error

type SecretStoreConditionType 

type SecretStoreConditionType string

type SecretStoreList 

type SecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretStore `json:"items"`
}

SecretStoreList contains a list of SecretStore resources.

func (*SecretStoreList) DeepCopy 

func (in *SecretStoreList) DeepCopy() *SecretStoreList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.

func (*SecretStoreList) DeepCopyInto 

func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStoreList) DeepCopyObject 

func (in *SecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecretStoreProvider 

type SecretStoreProvider struct {
	// AWS configures this store to sync secrets using AWS Secret Manager provider
	// +optional
	AWS *AWSProvider `json:"aws,omitempty"`

	// AzureKV configures this store to sync secrets using Azure Key Vault provider
	// +optional
	AzureKV *AzureKVProvider `json:"azurekv,omitempty"`

	// Akeyless configures this store to sync secrets using Akeyless Vault provider
	// +optional
	Akeyless *AkeylessProvider `json:"akeyless,omitempty"`

	// Vault configures this store to sync secrets using Hashi provider
	// +optional
	Vault *VaultProvider `json:"vault,omitempty"`

	// GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider
	// +optional
	GCPSM *GCPSMProvider `json:"gcpsm,omitempty"`

	// Oracle configures this store to sync secrets using Oracle Vault provider
	// +optional
	Oracle *OracleProvider `json:"oracle,omitempty"`

	// IBM configures this store to sync secrets using IBM Cloud provider
	// +optional
	IBM *IBMProvider `json:"ibm,omitempty"`

	// YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider
	// +optional
	YandexCertificateManager *YandexCertificateManagerProvider `json:"yandexcertificatemanager,omitempty"`

	// YandexLockbox configures this store to sync secrets using Yandex Lockbox provider
	// +optional
	YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"`

	// Gitlab configures this store to sync secrets using Gitlab Variables provider
	// +optional
	Gitlab *GitlabProvider `json:"gitlab,omitempty"`

	// Alibaba configures this store to sync secrets using Alibaba Cloud provider
	// +optional
	Alibaba *AlibabaProvider `json:"alibaba,omitempty"`

	// OnePassword configures this store to sync secrets using the 1Password Cloud provider
	// +optional
	OnePassword *OnePasswordProvider `json:"onepassword,omitempty"`

	// Webhook configures this store to sync secrets using a generic templated webhook
	// +optional
	Webhook *WebhookProvider `json:"webhook,omitempty"`

	// Kubernetes configures this store to sync secrets using a Kubernetes cluster provider
	// +optional
	Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"`

	// Fake configures a store with static key/value pairs
	// +optional
	Fake *FakeProvider `json:"fake,omitempty"`

	// Senhasegura configures this store to sync secrets using senhasegura provider
	// +optional
	Senhasegura *SenhaseguraProvider `json:"senhasegura,omitempty"`
}

SecretStoreProvider contains the provider-specific configration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*SecretStoreProvider) DeepCopy 

func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.

func (*SecretStoreProvider) DeepCopyInto 

func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreRef 

type SecretStoreRef struct {
	// Name of the SecretStore resource
	Name string `json:"name"`

	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
	// Defaults to `SecretStore`
	// +optional
	Kind string `json:"kind,omitempty"`
}

SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.

func (*SecretStoreRef) DeepCopy 

func (in *SecretStoreRef) DeepCopy() *SecretStoreRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.

func (*SecretStoreRef) DeepCopyInto 

func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreRetrySettings 

type SecretStoreRetrySettings struct {
	MaxRetries    *int32  `json:"maxRetries,omitempty"`
	RetryInterval *string `json:"retryInterval,omitempty"`
}

func (*SecretStoreRetrySettings) DeepCopy 

func (in *SecretStoreRetrySettings) DeepCopy() *SecretStoreRetrySettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRetrySettings.

func (*SecretStoreRetrySettings) DeepCopyInto 

func (in *SecretStoreRetrySettings) DeepCopyInto(out *SecretStoreRetrySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreSpec 

type SecretStoreSpec struct {
	// Used to select the correct KES controller (think: ingress.ingressClassName)
	// The KES controller is instantiated with a specific controller name and filters ES based on this property
	// +optional
	Controller string `json:"controller"`

	// Used to configure the provider. Only one provider may be set
	Provider *SecretStoreProvider `json:"provider"`

	// Used to configure http retries if failed
	// +optional
	RetrySettings *SecretStoreRetrySettings `json:"retrySettings,omitempty"`

	// Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.
	// +optional
	RefreshInterval int `json:"refreshInterval"`
}

SecretStoreSpec defines the desired state of SecretStore.

func (*SecretStoreSpec) DeepCopy 

func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.

func (*SecretStoreSpec) DeepCopyInto 

func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatus 

type SecretStoreStatus struct {
	// +optional
	Conditions []SecretStoreStatusCondition `json:"conditions"`
}

SecretStoreStatus defines the observed state of the SecretStore.

func (*SecretStoreStatus) DeepCopy 

func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.

func (*SecretStoreStatus) DeepCopyInto 

func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatusCondition 

type SecretStoreStatusCondition struct {
	Type   SecretStoreConditionType `json:"type"`
	Status corev1.ConditionStatus   `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*SecretStoreStatusCondition) DeepCopy 

func (in *SecretStoreStatusCondition) DeepCopy() *SecretStoreStatusCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.

func (*SecretStoreStatusCondition) DeepCopyInto 

func (in *SecretStoreStatusCondition) DeepCopyInto(out *SecretStoreStatusCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretsClient 

type SecretsClient interface {
	// GetSecret returns a single secret from the provider
	// if GetSecret returns an error with type NoSecretError
	// then the secret entry will be deleted depending on the deletionPolicy.
	GetSecret(ctx context.Context, ref ExternalSecretDataRemoteRef) ([]byte, error)

	// Validate checks if the client is configured correctly
	// and is able to retrieve secrets from the provider.
	// If the validation result is unknown it will be ignored.
	Validate() (ValidationResult, error)

	// GetSecretMap returns multiple k/v pairs from the provider
	GetSecretMap(ctx context.Context, ref ExternalSecretDataRemoteRef) (map[string][]byte, error)

	// GetAllSecrets returns multiple k/v pairs from the provider
	GetAllSecrets(ctx context.Context, ref ExternalSecretFind) (map[string][]byte, error)

	Close(ctx context.Context) error
}

SecretsClient provides access to secrets.

type SenhaseguraAuth added in v0.5.3 

type SenhaseguraAuth struct {
	ClientID     string                   `json:"clientId"`
	ClientSecret esmeta.SecretKeySelector `json:"clientSecretSecretRef"`
}

SenhaseguraAuth tells the controller how to do auth in senhasegura

func (*SenhaseguraAuth) DeepCopy added in v0.5.3 

func (in *SenhaseguraAuth) DeepCopy() *SenhaseguraAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SenhaseguraAuth.

func (*SenhaseguraAuth) DeepCopyInto added in v0.5.3 

func (in *SenhaseguraAuth) DeepCopyInto(out *SenhaseguraAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SenhaseguraModuleType added in v0.5.3 

type SenhaseguraModuleType string

SenhaseguraModuleType enum defines senhasegura target module to fetch secrets +kubebuilder:validation:Enum=DSM 

const (
	/*
		SenhaseguraModuleDSM is the senhasegura DevOps Secrets Management module
		see: https://senhasegura.com/devops
	*/
	SenhaseguraModuleDSM SenhaseguraModuleType = "DSM"
)

type SenhaseguraProvider added in v0.5.3 

type SenhaseguraProvider struct {
	/* URL of senhasegura */
	URL string `json:"url"`

	/* Module defines which senhasegura module should be used to get secrets */
	Module SenhaseguraModuleType `json:"module"`

	/* Auth defines parameters to authenticate in senhasegura */
	Auth SenhaseguraAuth `json:"auth"`

	// IgnoreSslCertificate defines if SSL certificate must be ignored
	// +kubebuilder:default=false
	IgnoreSslCertificate bool `json:"ignoreSslCertificate,omitempty"`
}

SenhaseguraProvider setup a store to sync secrets with senhasegura

func (*SenhaseguraProvider) DeepCopy added in v0.5.3 

func (in *SenhaseguraProvider) DeepCopy() *SenhaseguraProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SenhaseguraProvider.

func (*SenhaseguraProvider) DeepCopyInto added in v0.5.3 

func (in *SenhaseguraProvider) DeepCopyInto(out *SenhaseguraProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateEngineVersion 

type TemplateEngineVersion string
const (
	TemplateEngineV1 TemplateEngineVersion = "v1"
	TemplateEngineV2 TemplateEngineVersion = "v2"
)

type TemplateFrom 

type TemplateFrom struct {
	ConfigMap *TemplateRef `json:"configMap,omitempty"`
	Secret    *TemplateRef `json:"secret,omitempty"`
}

+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*TemplateFrom) DeepCopy 

func (in *TemplateFrom) DeepCopy() *TemplateFrom

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.

func (*TemplateFrom) DeepCopyInto 

func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateRef 

type TemplateRef struct {
	Name  string            `json:"name"`
	Items []TemplateRefItem `json:"items"`
}

func (*TemplateRef) DeepCopy 

func (in *TemplateRef) DeepCopy() *TemplateRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.

func (*TemplateRef) DeepCopyInto 

func (in *TemplateRef) DeepCopyInto(out *TemplateRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateRefItem 

type TemplateRefItem struct {
	Key string `json:"key"`
}

func (*TemplateRefItem) DeepCopy 

func (in *TemplateRefItem) DeepCopy() *TemplateRefItem

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.

func (*TemplateRefItem) DeepCopyInto 

func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TokenAuth 

type TokenAuth struct {
	BearerToken esmeta.SecretKeySelector `json:"bearerToken,omitempty"`
}

func (*TokenAuth) DeepCopy 

func (in *TokenAuth) DeepCopy() *TokenAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenAuth.

func (*TokenAuth) DeepCopyInto 

func (in *TokenAuth) DeepCopyInto(out *TokenAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValidationResult added in v0.5.2 

type ValidationResult uint8
const (
	// Ready indicates that the client is confgured correctly
	// and can be used.
	ValidationResultReady ValidationResult = iota

	// Unknown indicates that the client can be used
	// but information is missing and it can not be validated.
	ValidationResultUnknown

	// Error indicates that there is a misconfiguration.
	ValidationResultError
)

func (ValidationResult) String added in v0.5.2 

func (v ValidationResult) String() string

type VaultAppRole 

type VaultAppRole struct {
	// Path where the App Role authentication backend is mounted
	// in Vault, e.g: "approle"
	// +kubebuilder:default=approle
	Path string `json:"path"`

	// RoleID configured in the App Role authentication backend when setting
	// up the authentication backend in Vault.
	RoleID string `json:"roleId"`

	// Reference to a key in a Secret that contains the App Role secret used
	// to authenticate with Vault.
	// The `key` field must be specified and denotes which entry within the Secret
	// resource is used as the app role secret.
	SecretRef esmeta.SecretKeySelector `json:"secretRef"`
}

VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.

func (*VaultAppRole) DeepCopy 

func (in *VaultAppRole) DeepCopy() *VaultAppRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.

func (*VaultAppRole) DeepCopyInto 

func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAuth 

type VaultAuth struct {
	// TokenSecretRef authenticates with Vault by presenting a token.
	// +optional
	TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`

	// AppRole authenticates with Vault using the App Role auth mechanism,
	// with the role and secret stored in a Kubernetes Secret resource.
	// +optional
	AppRole *VaultAppRole `json:"appRole,omitempty"`

	// Kubernetes authenticates with Vault by passing the ServiceAccount
	// token stored in the named Secret resource to the Vault server.
	// +optional
	Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`

	// Ldap authenticates with Vault by passing username/password pair using
	// the LDAP authentication method
	// +optional
	Ldap *VaultLdapAuth `json:"ldap,omitempty"`

	// Jwt authenticates with Vault by passing role and JWT token using the
	// JWT/OIDC authentication method
	// +optional
	Jwt *VaultJwtAuth `json:"jwt,omitempty"`

	// Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
	// Cert authentication method
	// +optional
	Cert *VaultCertAuth `json:"cert,omitempty"`
}

VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `jwt` or `cert` can be specified.

func (*VaultAuth) DeepCopy 

func (in *VaultAuth) DeepCopy() *VaultAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.

func (*VaultAuth) DeepCopyInto 

func (in *VaultAuth) DeepCopyInto(out *VaultAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertAuth 

type VaultCertAuth struct {
	// ClientCert is a certificate to authenticate using the Cert Vault
	// authentication method
	// +optional
	ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"`

	// SecretRef to a key in a Secret resource containing client private key to
	// authenticate with Vault using the Cert authentication method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.

func (*VaultCertAuth) DeepCopy 

func (in *VaultCertAuth) DeepCopy() *VaultCertAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertAuth.

func (*VaultCertAuth) DeepCopyInto 

func (in *VaultCertAuth) DeepCopyInto(out *VaultCertAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultJwtAuth 

type VaultJwtAuth struct {
	// Path where the JWT authentication backend is mounted
	// in Vault, e.g: "jwt"
	// +kubebuilder:default=jwt
	Path string `json:"path"`

	// Role is a JWT role to authenticate using the JWT/OIDC Vault
	// authentication method
	// +optional
	Role string `json:"role"`

	// Optional SecretRef that refers to a key in a Secret resource containing JWT token to
	// authenticate with Vault using the JWT/OIDC authentication method.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// Optional ServiceAccountToken specifies the Kubernetes service account for which to request
	// a token for with the `TokenRequest` API.
	// +optional
	KubernetesServiceAccountToken *VaultKubernetesServiceAccountTokenAuth `json:"kubernetesServiceAccountToken,omitempty"`
}

VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.

func (*VaultJwtAuth) DeepCopy 

func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.

func (*VaultJwtAuth) DeepCopyInto 

func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVStoreVersion 

type VaultKVStoreVersion string
const (
	VaultKVStoreV1 VaultKVStoreVersion = "v1"
	VaultKVStoreV2 VaultKVStoreVersion = "v2"
)

type VaultKubernetesAuth 

type VaultKubernetesAuth struct {
	// Path where the Kubernetes authentication backend is mounted in Vault, e.g:
	// "kubernetes"
	// +kubebuilder:default=kubernetes
	Path string `json:"mountPath"`

	// Optional service account field containing the name of a kubernetes ServiceAccount.
	// If the service account is specified, the service account secret token JWT will be used
	// for authenticating with Vault. If the service account selector is not supplied,
	// the secretRef will be used instead.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// Optional secret field containing a Kubernetes ServiceAccount JWT used
	// for authenticating with Vault. If a name is specified without a key,
	// `token` is the default. If one is not specified, the one bound to
	// the controller will be used.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// A required field containing the Vault Role to assume. A Role binds a
	// Kubernetes ServiceAccount with a set of Vault policies.
	Role string `json:"role"`
}

Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.

func (*VaultKubernetesAuth) DeepCopy 

func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.

func (*VaultKubernetesAuth) DeepCopyInto 

func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKubernetesServiceAccountTokenAuth 

type VaultKubernetesServiceAccountTokenAuth struct {
	// Service account field containing the name of a kubernetes ServiceAccount.
	ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"`

	// Optional audiences field that will be used to request a temporary Kubernetes service
	// account token for the service account referenced by `serviceAccountRef`.
	// Defaults to a single audience `vault` it not specified.
	// +optional
	Audiences *[]string `json:"audiences,omitempty"`

	// Optional expiration time in seconds that will be used to request a temporary
	// Kubernetes service account token for the service account referenced by
	// `serviceAccountRef`.
	// Defaults to 10 minutes.
	// +optional
	ExpirationSeconds *int64 `json:"expirationSeconds,omitempty"`
}

VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.

func (*VaultKubernetesServiceAccountTokenAuth) DeepCopy 

func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopy() *VaultKubernetesServiceAccountTokenAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesServiceAccountTokenAuth.

func (*VaultKubernetesServiceAccountTokenAuth) DeepCopyInto 

func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopyInto(out *VaultKubernetesServiceAccountTokenAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultLdapAuth 

type VaultLdapAuth struct {
	// Path where the LDAP authentication backend is mounted
	// in Vault, e.g: "ldap"
	// +kubebuilder:default=ldap
	Path string `json:"path"`

	// Username is a LDAP user name used to authenticate using the LDAP Vault
	// authentication method
	Username string `json:"username"`

	// SecretRef to a key in a Secret resource containing password for the LDAP
	// user used to authenticate with Vault using the LDAP authentication
	// method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.

func (*VaultLdapAuth) DeepCopy 

func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.

func (*VaultLdapAuth) DeepCopyInto 

func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultProvider 

type VaultProvider struct {
	// Auth configures how secret-manager authenticates with the Vault server.
	Auth VaultAuth `json:"auth"`

	// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
	Server string `json:"server"`

	// Path is the mount path of the Vault KV backend endpoint, e.g:
	// "secret". The v2 KV secret engine version specific "/data" path suffix
	// for fetching secrets from Vault is optional and will be appended
	// if not present in specified path.
	// +optional
	Path *string `json:"path"`

	// Version is the Vault KV secret engine version. This can be either "v1" or
	// "v2". Version defaults to "v2".
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum="v1";"v2"
	// +kubebuilder:default:="v2"
	Version VaultKVStoreVersion `json:"version"`

	// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
	// Vault environments to support Secure Multi-tenancy. e.g: "ns1".
	// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
	// +optional
	Namespace *string `json:"namespace,omitempty"`

	// PEM encoded CA bundle used to validate Vault server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// The provider for the CA bundle to use to validate Vault server certificate.
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`

	// ReadYourWrites ensures isolated read-after-write semantics by
	// providing discovered cluster replication states in each request.
	// More information about eventual consistency in Vault can be found here
	// https://www.vaultproject.io/docs/enterprise/consistency
	// +optional
	ReadYourWrites bool `json:"readYourWrites,omitempty"`

	// ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
	// leader instead of simply retrying within a loop. This can increase performance if
	// the option is enabled serverside.
	// https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
	// +optional
	ForwardInconsistent bool `json:"forwardInconsistent,omitempty"`
}

Configures an store to sync secrets using a HashiCorp Vault KV backend.

func (*VaultProvider) DeepCopy 

func (in *VaultProvider) DeepCopy() *VaultProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.

func (*VaultProvider) DeepCopyInto 

func (in *VaultProvider) DeepCopyInto(out *VaultProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookCAProvider 

type WebhookCAProvider struct {
	// The type of provider to use such as "Secret", or "ConfigMap".
	// +kubebuilder:validation:Enum="Secret";"ConfigMap"
	Type WebhookCAProviderType `json:"type"`

	// The name of the object located at the provider type.
	Name string `json:"name"`

	// The key the value inside of the provider type to use, only used with "Secret" type
	// +kubebuilder:validation:Optional
	Key string `json:"key,omitempty"`

	// The namespace the Provider type is in.
	// +optional
	Namespace *string `json:"namespace,omitempty"`
}

Defines a location to fetch the cert for the webhook provider from.

func (*WebhookCAProvider) DeepCopy 

func (in *WebhookCAProvider) DeepCopy() *WebhookCAProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookCAProvider.

func (*WebhookCAProvider) DeepCopyInto 

func (in *WebhookCAProvider) DeepCopyInto(out *WebhookCAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookCAProviderType 

type WebhookCAProviderType string
const (
	WebhookCAProviderTypeSecret    WebhookCAProviderType = "Secret"
	WebhookCAProviderTypeConfigMap WebhookCAProviderType = "ConfigMap"
)

type WebhookProvider 

type WebhookProvider struct {
	// Webhook Method
	// +optional, default GET
	Method string `json:"method,omitempty"`

	// Webhook url to call
	URL string `json:"url"`

	// Headers
	// +optional
	Headers map[string]string `json:"headers,omitempty"`

	// Body
	// +optional
	Body string `json:"body,omitempty"`

	// Timeout
	// +optional
	Timeout *metav1.Duration `json:"timeout,omitempty"`

	// Result formatting
	Result WebhookResult `json:"result"`

	// Secrets to fill in templates
	// These secrets will be passed to the templating function as key value pairs under the given name
	// +optional
	Secrets []WebhookSecret `json:"secrets,omitempty"`

	// PEM encoded CA bundle used to validate webhook server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// The provider for the CA bundle to use to validate webhook server certificate.
	// +optional
	CAProvider *WebhookCAProvider `json:"caProvider,omitempty"`
}

AkeylessProvider Configures an store to sync secrets using Akeyless KV.

func (*WebhookProvider) DeepCopy 

func (in *WebhookProvider) DeepCopy() *WebhookProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookProvider.

func (*WebhookProvider) DeepCopyInto 

func (in *WebhookProvider) DeepCopyInto(out *WebhookProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookResult 

type WebhookResult struct {
	// Json path of return value
	// +optional
	JSONPath string `json:"jsonPath,omitempty"`
}

func (*WebhookResult) DeepCopy 

func (in *WebhookResult) DeepCopy() *WebhookResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookResult.

func (*WebhookResult) DeepCopyInto 

func (in *WebhookResult) DeepCopyInto(out *WebhookResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookSecret 

type WebhookSecret struct {
	// Name of this secret in templates
	Name string `json:"name"`

	// Secret ref to fill in credentials
	SecretRef esmeta.SecretKeySelector `json:"secretRef"`
}

func (*WebhookSecret) DeepCopy 

func (in *WebhookSecret) DeepCopy() *WebhookSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSecret.

func (*WebhookSecret) DeepCopyInto 

func (in *WebhookSecret) DeepCopyInto(out *WebhookSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexCertificateManagerAuth added in v0.5.4 

type YandexCertificateManagerAuth struct {
	// The authorized key used for authentication
	// +optional
	AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"`
}

func (*YandexCertificateManagerAuth) DeepCopy added in v0.5.4 

func (in *YandexCertificateManagerAuth) DeepCopy() *YandexCertificateManagerAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerAuth.

func (*YandexCertificateManagerAuth) DeepCopyInto added in v0.5.4 

func (in *YandexCertificateManagerAuth) DeepCopyInto(out *YandexCertificateManagerAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexCertificateManagerCAProvider added in v0.5.4 

type YandexCertificateManagerCAProvider struct {
	Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}

func (*YandexCertificateManagerCAProvider) DeepCopy added in v0.5.4 

func (in *YandexCertificateManagerCAProvider) DeepCopy() *YandexCertificateManagerCAProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerCAProvider.

func (*YandexCertificateManagerCAProvider) DeepCopyInto added in v0.5.4 

func (in *YandexCertificateManagerCAProvider) DeepCopyInto(out *YandexCertificateManagerCAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexCertificateManagerProvider added in v0.5.4 

type YandexCertificateManagerProvider struct {
	// Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
	// +optional
	APIEndpoint string `json:"apiEndpoint,omitempty"`

	// Auth defines the information necessary to authenticate against Yandex Certificate Manager
	Auth YandexCertificateManagerAuth `json:"auth"`

	// The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
	// +optional
	CAProvider *YandexCertificateManagerCAProvider `json:"caProvider,omitempty"`
}

YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.

func (*YandexCertificateManagerProvider) DeepCopy added in v0.5.4 

func (in *YandexCertificateManagerProvider) DeepCopy() *YandexCertificateManagerProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerProvider.

func (*YandexCertificateManagerProvider) DeepCopyInto added in v0.5.4 

func (in *YandexCertificateManagerProvider) DeepCopyInto(out *YandexCertificateManagerProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxAuth 

type YandexLockboxAuth struct {
	// The authorized key used for authentication
	// +optional
	AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"`
}

func (*YandexLockboxAuth) DeepCopy 

func (in *YandexLockboxAuth) DeepCopy() *YandexLockboxAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxAuth.

func (*YandexLockboxAuth) DeepCopyInto 

func (in *YandexLockboxAuth) DeepCopyInto(out *YandexLockboxAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxCAProvider 

type YandexLockboxCAProvider struct {
	Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}

func (*YandexLockboxCAProvider) DeepCopy 

func (in *YandexLockboxCAProvider) DeepCopy() *YandexLockboxCAProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxCAProvider.

func (*YandexLockboxCAProvider) DeepCopyInto 

func (in *YandexLockboxCAProvider) DeepCopyInto(out *YandexLockboxCAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxProvider 

type YandexLockboxProvider struct {
	// Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
	// +optional
	APIEndpoint string `json:"apiEndpoint,omitempty"`

	// Auth defines the information necessary to authenticate against Yandex Lockbox
	Auth YandexLockboxAuth `json:"auth"`

	// The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
	// +optional
	CAProvider *YandexLockboxCAProvider `json:"caProvider,omitempty"`
}

YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.

func (*YandexLockboxProvider) DeepCopy 

func (in *YandexLockboxProvider) DeepCopy() *YandexLockboxProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxProvider.

func (*YandexLockboxProvider) DeepCopyInto 

func (in *YandexLockboxProvider) DeepCopyInto(out *YandexLockboxProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.