Documentation ¶
Overview ¶
Package v1beta1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1beta1
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func ForceRegister(s Provider, storeSpec *SecretStoreProvider)
- func Register(s Provider, storeSpec *SecretStoreProvider)
- type AWSAuth
- type AWSAuthSecretRef
- type AWSJWTAuth
- type AWSProvider
- type AWSServiceType
- type AkeylessAuth
- type AkeylessAuthSecretRef
- type AkeylessKubernetesAuth
- type AkeylessProvider
- type AlibabaAuth
- type AlibabaAuthSecretRef
- type AlibabaProvider
- type AlibabaRRSAAuth
- type AzureAuthType
- type AzureEnvironmentType
- type AzureKVAuth
- type AzureKVProvider
- type CAProvider
- type CAProviderType
- type CertAuth
- type ClusterExternalSecret
- type ClusterExternalSecretConditionType
- type ClusterExternalSecretList
- type ClusterExternalSecretNamespaceFailure
- type ClusterExternalSecretSpec
- type ClusterExternalSecretStatus
- type ClusterExternalSecretStatusCondition
- type ClusterSecretStore
- func (c *ClusterSecretStore) Copy() GenericStore
- func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
- func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
- func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
- func (c *ClusterSecretStore) GetKind() string
- func (c *ClusterSecretStore) GetNamespacedName() string
- func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
- func (c *ClusterSecretStore) GetStatus() SecretStoreStatus
- func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
- func (*ClusterSecretStore) Hub()
- func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)
- func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
- type ClusterSecretStoreCondition
- type ClusterSecretStoreList
- type DopplerAuth
- type DopplerAuthSecretRef
- type DopplerProvider
- type ExternalSecret
- type ExternalSecretConditionType
- type ExternalSecretConversionStrategy
- type ExternalSecretCreationPolicy
- type ExternalSecretData
- type ExternalSecretDataFromRemoteRef
- type ExternalSecretDataRemoteRef
- type ExternalSecretDecodingStrategy
- type ExternalSecretDeletionPolicy
- type ExternalSecretFind
- type ExternalSecretList
- type ExternalSecretMetadataPolicy
- type ExternalSecretRewrite
- type ExternalSecretRewriteRegexp
- type ExternalSecretSpec
- type ExternalSecretStatus
- type ExternalSecretStatusCondition
- type ExternalSecretTarget
- type ExternalSecretTemplate
- type ExternalSecretTemplateMetadata
- type ExternalSecretValidator
- func (in *ExternalSecretValidator) DeepCopy() *ExternalSecretValidator
- func (in *ExternalSecretValidator) DeepCopyInto(out *ExternalSecretValidator)
- func (esv *ExternalSecretValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error)
- func (esv *ExternalSecretValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error)
- func (esv *ExternalSecretValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)
- type FakeProvider
- type FakeProviderData
- type FindName
- type GCPSMAuth
- type GCPSMAuthSecretRef
- type GCPSMProvider
- type GCPWorkloadIdentity
- type GeneratorRef
- type GenericStore
- type GenericStoreValidator
- func (in *GenericStoreValidator) DeepCopy() *GenericStoreValidator
- func (in *GenericStoreValidator) DeepCopyInto(out *GenericStoreValidator)
- func (r *GenericStoreValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error)
- func (r *GenericStoreValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error)
- func (r *GenericStoreValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)
- type GitlabAuth
- type GitlabProvider
- type GitlabSecretRef
- type IBMAuth
- type IBMAuthContainerAuth
- type IBMAuthSecretRef
- type IBMProvider
- type KeeperSecurityProvider
- type KubernetesAuth
- type KubernetesProvider
- type KubernetesServer
- type NoSecretError
- type OnePasswordAuth
- type OnePasswordAuthSecretRef
- type OnePasswordProvider
- type OracleAuth
- type OracleProvider
- type OracleSecretRef
- type Provider
- type PushRemoteRef
- type ScalewayProvider
- type ScalewayProviderSecretRef
- type SecretStore
- func (c *SecretStore) Copy() GenericStore
- func (in *SecretStore) DeepCopy() *SecretStore
- func (in *SecretStore) DeepCopyInto(out *SecretStore)
- func (in *SecretStore) DeepCopyObject() runtime.Object
- func (c *SecretStore) GetKind() string
- func (c *SecretStore) GetNamespacedName() string
- func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *SecretStore) GetSpec() *SecretStoreSpec
- func (c *SecretStore) GetStatus() SecretStoreStatus
- func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
- func (*SecretStore) Hub()
- func (c *SecretStore) SetStatus(status SecretStoreStatus)
- func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
- type SecretStoreCapabilities
- type SecretStoreConditionType
- type SecretStoreList
- type SecretStoreProvider
- type SecretStoreRef
- type SecretStoreRetrySettings
- type SecretStoreSpec
- type SecretStoreStatus
- type SecretStoreStatusCondition
- type SecretsClient
- type SenhaseguraAuth
- type SenhaseguraModuleType
- type SenhaseguraProvider
- type SourceRef
- type TemplateEngineVersion
- type TemplateFrom
- type TemplateMergePolicy
- type TemplateRef
- type TemplateRefItem
- type TemplateScope
- type TemplateTarget
- type TokenAuth
- type ValidationResult
- type VaultAppRole
- type VaultAuth
- type VaultAwsAuth
- type VaultAwsAuthSecretRef
- type VaultAwsJWTAuth
- type VaultCertAuth
- type VaultIamAuth
- type VaultJwtAuth
- type VaultKVStoreVersion
- type VaultKubernetesAuth
- type VaultKubernetesServiceAccountTokenAuth
- type VaultLdapAuth
- type VaultProvider
- type WebhookCAProvider
- type WebhookCAProviderType
- type WebhookProvider
- type WebhookResult
- type WebhookSecret
- type YandexCertificateManagerAuth
- type YandexCertificateManagerCAProvider
- type YandexCertificateManagerProvider
- type YandexLockboxAuth
- type YandexLockboxCAProvider
- type YandexLockboxProvider
Constants ¶
const ( // ConditionReasonSecretSynced indicates that the secrets was synced. ConditionReasonSecretSynced = "SecretSynced" // ConditionReasonSecretSyncedError indicates that there was an error syncing the secret. ConditionReasonSecretSyncedError = "SecretSyncedError" // ConditionReasonSecretDeleted indicates that the secret has been deleted. ConditionReasonSecretDeleted = "SecretDeleted" ReasonInvalidStoreRef = "InvalidStoreRef" ReasonProviderClientConfig = "InvalidProviderClientConfig" ReasonUpdateFailed = "UpdateFailed" ReasonDeprecated = "ParameterDeprecated" ReasonUpdated = "Updated" ReasonDeleted = "Deleted" )
const ( Group = "external-secrets.io" Version = "v1beta1" )
Package type metadata.
const ( SecretStoreReady SecretStoreConditionType = "Ready" ReasonInvalidStore = "InvalidStoreConfiguration" ReasonInvalidProviderConfig = "InvalidProviderConfig" ReasonValidationFailed = "ValidationFailed" ReasonStoreValid = "Valid" )
const (
// AnnotationDataHash is used to ensure consistency.
AnnotationDataHash = "reconcile.external-secrets.io/data-hash"
)
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects. SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} AddToScheme = SchemeBuilder.AddToScheme )
var ( ExtSecretKind = reflect.TypeOf(ExternalSecret{}).Name() ExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String() ExtSecretKindAPIVersion = ExtSecretKind + "." + SchemeGroupVersion.String() ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind) )
ExternalSecret type metadata.
var ( ClusterExtSecretKind = reflect.TypeOf(ClusterExternalSecret{}).Name() ClusterExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ClusterExtSecretKind}.String() ClusterExtSecretKindAPIVersion = ClusterExtSecretKind + "." + SchemeGroupVersion.String() ClusterExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ClusterExtSecretKind) )
ClusterExternalSecret type metadata.
var ( SecretStoreKind = reflect.TypeOf(SecretStore{}).Name() SecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String() SecretStoreKindAPIVersion = SecretStoreKind + "." + SchemeGroupVersion.String() SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind) )
SecretStore type metadata.
var ( ClusterSecretStoreKind = reflect.TypeOf(ClusterSecretStore{}).Name() ClusterSecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String() ClusterSecretStoreKindAPIVersion = ClusterSecretStoreKind + "." + SchemeGroupVersion.String() ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind) )
ClusterSecretStore type metadata.
var NoSecretErr = NoSecretError{}
Functions ¶
func ForceRegister ¶
func ForceRegister(s Provider, storeSpec *SecretStoreProvider)
ForceRegister adds to store schema, overwriting a store if already registered. Should only be used for testing.
func Register ¶
func Register(s Provider, storeSpec *SecretStoreProvider)
Register a store backend type. Register panics if a backend with the same store is already registered.
Types ¶
type AWSAuth ¶
type AWSAuth struct { // +optional SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"` // +optional JWTAuth *AWSJWTAuth `json:"jwt,omitempty"` }
AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.
func (*AWSAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.
func (*AWSAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSAuthSecretRef ¶
type AWSAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` // The SecretAccessKey is used for authentication SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` // The SessionToken used for authentication // This must be defined if AccessKeyID and SecretAccessKey are temporary credentials // see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html // +Optional SessionToken *esmeta.SecretKeySelector `json:"sessionTokenSecretRef,omitempty"` }
AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
func (*AWSAuthSecretRef) DeepCopy ¶
func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.
func (*AWSAuthSecretRef) DeepCopyInto ¶
func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSJWTAuth ¶
type AWSJWTAuth struct {
ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}
Authenticate against AWS using service account tokens.
func (*AWSJWTAuth) DeepCopy ¶
func (in *AWSJWTAuth) DeepCopy() *AWSJWTAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSJWTAuth.
func (*AWSJWTAuth) DeepCopyInto ¶
func (in *AWSJWTAuth) DeepCopyInto(out *AWSJWTAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSProvider ¶
type AWSProvider struct { // Service defines which service should be used to fetch the secrets Service AWSServiceType `json:"service"` // Auth defines the information necessary to authenticate against AWS // if not set aws sdk will infer credentials from your environment // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional Auth AWSAuth `json:"auth"` // Role is a Role ARN which the SecretManager provider will assume // +optional Role string `json:"role,omitempty"` // AWS Region to be used for the provider Region string `json:"region"` // AdditionalRoles is a chained list of Role ARNs which the SecretManager provider will sequentially assume before assuming Role // +optional AdditionalRoles []string `json:"additionalRoles,omitempty"` // AWS External ID set on assumed IAM roles ExternalID string `json:"externalID,omitempty"` }
AWSProvider configures a store to sync secrets with AWS.
func (*AWSProvider) DeepCopy ¶
func (in *AWSProvider) DeepCopy() *AWSProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.
func (*AWSProvider) DeepCopyInto ¶
func (in *AWSProvider) DeepCopyInto(out *AWSProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSServiceType ¶
type AWSServiceType string
AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore
const ( // AWSServiceSecretsManager is the AWS SecretsManager. // see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html AWSServiceSecretsManager AWSServiceType = "SecretsManager" // AWSServiceParameterStore is the AWS SystemsManager ParameterStore. // see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html AWSServiceParameterStore AWSServiceType = "ParameterStore" )
type AkeylessAuth ¶
type AkeylessAuth struct { // Reference to a Secret that contains the details // to authenticate with Akeyless. // +optional SecretRef AkeylessAuthSecretRef `json:"secretRef"` // Kubernetes authenticates with Akeyless by passing the ServiceAccount // token stored in the named Secret resource. // +optional KubernetesAuth *AkeylessKubernetesAuth `json:"kubernetesAuth,omitempty"` }
func (*AkeylessAuth) DeepCopy ¶
func (in *AkeylessAuth) DeepCopy() *AkeylessAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuth.
func (*AkeylessAuth) DeepCopyInto ¶
func (in *AkeylessAuth) DeepCopyInto(out *AkeylessAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessAuthSecretRef ¶
type AkeylessAuthSecretRef struct { // The SecretAccessID is used for authentication AccessID esmeta.SecretKeySelector `json:"accessID,omitempty"` AccessType esmeta.SecretKeySelector `json:"accessType,omitempty"` AccessTypeParam esmeta.SecretKeySelector `json:"accessTypeParam,omitempty"` }
AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.
func (*AkeylessAuthSecretRef) DeepCopy ¶
func (in *AkeylessAuthSecretRef) DeepCopy() *AkeylessAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuthSecretRef.
func (*AkeylessAuthSecretRef) DeepCopyInto ¶
func (in *AkeylessAuthSecretRef) DeepCopyInto(out *AkeylessAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessKubernetesAuth ¶ added in v0.6.0
type AkeylessKubernetesAuth struct { // the Akeyless Kubernetes auth-method access-id AccessID string `json:"accessID"` // Kubernetes-auth configuration name in Akeyless-Gateway K8sConfName string `json:"k8sConfName"` // Optional service account field containing the name of a kubernetes ServiceAccount. // If the service account is specified, the service account secret token JWT will be used // for authenticating with Akeyless. If the service account selector is not supplied, // the secretRef will be used instead. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // Optional secret field containing a Kubernetes ServiceAccount JWT used // for authenticating with Akeyless. If a name is specified without a key, // `token` is the default. If one is not specified, the one bound to // the controller will be used. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
Authenticate with Kubernetes ServiceAccount token stored.
func (*AkeylessKubernetesAuth) DeepCopy ¶ added in v0.6.0
func (in *AkeylessKubernetesAuth) DeepCopy() *AkeylessKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessKubernetesAuth.
func (*AkeylessKubernetesAuth) DeepCopyInto ¶ added in v0.6.0
func (in *AkeylessKubernetesAuth) DeepCopyInto(out *AkeylessKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessProvider ¶
type AkeylessProvider struct { // Akeyless GW API Url from which the secrets to be fetched from. AkeylessGWApiURL *string `json:"akeylessGWApiURL"` // Auth configures how the operator authenticates with Akeyless. Auth *AkeylessAuth `json:"authSecretRef"` // PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used // if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate Akeyless Gateway certificate. // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` }
AkeylessProvider Configures an store to sync secrets using Akeyless KV.
func (*AkeylessProvider) DeepCopy ¶
func (in *AkeylessProvider) DeepCopy() *AkeylessProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessProvider.
func (*AkeylessProvider) DeepCopyInto ¶
func (in *AkeylessProvider) DeepCopyInto(out *AkeylessProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaAuth ¶
type AlibabaAuth struct { // +optional SecretRef *AlibabaAuthSecretRef `json:"secretRef,omitempty"` // +optional RRSAAuth *AlibabaRRSAAuth `json:"rrsa,omitempty"` }
AlibabaAuth contains a secretRef for credentials.
func (*AlibabaAuth) DeepCopy ¶
func (in *AlibabaAuth) DeepCopy() *AlibabaAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuth.
func (*AlibabaAuth) DeepCopyInto ¶
func (in *AlibabaAuth) DeepCopyInto(out *AlibabaAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaAuthSecretRef ¶
type AlibabaAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef"` // The AccessKeySecret is used for authentication AccessKeySecret esmeta.SecretKeySelector `json:"accessKeySecretSecretRef"` }
AlibabaAuthSecretRef holds secret references for Alibaba credentials.
func (*AlibabaAuthSecretRef) DeepCopy ¶
func (in *AlibabaAuthSecretRef) DeepCopy() *AlibabaAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuthSecretRef.
func (*AlibabaAuthSecretRef) DeepCopyInto ¶
func (in *AlibabaAuthSecretRef) DeepCopyInto(out *AlibabaAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaProvider ¶
type AlibabaProvider struct { Auth AlibabaAuth `json:"auth"` // Alibaba Region to be used for the provider RegionID string `json:"regionID"` }
AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.
func (*AlibabaProvider) DeepCopy ¶
func (in *AlibabaProvider) DeepCopy() *AlibabaProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaProvider.
func (*AlibabaProvider) DeepCopyInto ¶
func (in *AlibabaProvider) DeepCopyInto(out *AlibabaProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaRRSAAuth ¶ added in v0.7.3
type AlibabaRRSAAuth struct { OIDCProviderARN string `json:"oidcProviderArn"` OIDCTokenFilePath string `json:"oidcTokenFilePath"` RoleARN string `json:"roleArn"` SessionName string `json:"sessionName"` }
Authenticate against Alibaba using RRSA.
func (*AlibabaRRSAAuth) DeepCopy ¶ added in v0.7.3
func (in *AlibabaRRSAAuth) DeepCopy() *AlibabaRRSAAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaRRSAAuth.
func (*AlibabaRRSAAuth) DeepCopyInto ¶ added in v0.7.3
func (in *AlibabaRRSAAuth) DeepCopyInto(out *AlibabaRRSAAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAuthType ¶
type AzureAuthType string
AuthType describes how to authenticate to the Azure Keyvault Only one of the following auth types may be specified. If none of the following auth type is specified, the default one is ServicePrincipal. +kubebuilder:validation:Enum=ServicePrincipal;ManagedIdentity;WorkloadIdentity
const ( // Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret. AzureServicePrincipal AzureAuthType = "ServicePrincipal" // Using Managed Identity to authenticate. Used with aad-pod-identity installed in the cluster. AzureManagedIdentity AzureAuthType = "ManagedIdentity" // Using Workload Identity service accounts to authenticate. AzureWorkloadIdentity AzureAuthType = "WorkloadIdentity" )
type AzureEnvironmentType ¶ added in v0.6.0
type AzureEnvironmentType string
AzureEnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud +kubebuilder:validation:Enum=PublicCloud;USGovernmentCloud;ChinaCloud;GermanCloud
const ( AzureEnvironmentPublicCloud AzureEnvironmentType = "PublicCloud" AzureEnvironmentUSGovernmentCloud AzureEnvironmentType = "USGovernmentCloud" AzureEnvironmentChinaCloud AzureEnvironmentType = "ChinaCloud" AzureEnvironmentGermanCloud AzureEnvironmentType = "GermanCloud" )
type AzureKVAuth ¶
type AzureKVAuth struct { // The Azure clientId of the service principle used for authentication. // +optional ClientID *smmeta.SecretKeySelector `json:"clientId,omitempty"` // The Azure ClientSecret of the service principle used for authentication. // +optional ClientSecret *smmeta.SecretKeySelector `json:"clientSecret,omitempty"` }
Configuration used to authenticate with Azure.
func (*AzureKVAuth) DeepCopy ¶
func (in *AzureKVAuth) DeepCopy() *AzureKVAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.
func (*AzureKVAuth) DeepCopyInto ¶
func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureKVProvider ¶
type AzureKVProvider struct { // Auth type defines how to authenticate to the keyvault service. // Valid values are: // - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) // - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) // +optional // +kubebuilder:default=ServicePrincipal AuthType *AzureAuthType `json:"authType,omitempty"` // Vault Url from which the secrets to be fetched from. VaultURL *string `json:"vaultUrl"` // TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. // +optional TenantID *string `json:"tenantId,omitempty"` // EnvironmentType specifies the Azure cloud environment endpoints to use for // connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. // The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 // PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud // +kubebuilder:default=PublicCloud EnvironmentType AzureEnvironmentType `json:"environmentType,omitempty"` // Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. // +optional AuthSecretRef *AzureKVAuth `json:"authSecretRef,omitempty"` // ServiceAccountRef specified the service account // that should be used when authenticating with WorkloadIdentity. // +optional ServiceAccountRef *smmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // If multiple Managed Identity is assigned to the pod, you can select the one to be used // +optional IdentityID *string `json:"identityId,omitempty"` }
Configures an store to sync secrets using Azure KV.
func (*AzureKVProvider) DeepCopy ¶
func (in *AzureKVProvider) DeepCopy() *AzureKVProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.
func (*AzureKVProvider) DeepCopyInto ¶
func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CAProvider ¶
type CAProvider struct { // The type of provider to use such as "Secret", or "ConfigMap". // +kubebuilder:validation:Enum="Secret";"ConfigMap" Type CAProviderType `json:"type"` // The name of the object located at the provider type. Name string `json:"name"` // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional Key string `json:"key,omitempty"` // The namespace the Provider type is in. // Can only be defined when used in a ClusterSecretStore. // +optional Namespace *string `json:"namespace,omitempty"` }
Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
func (*CAProvider) DeepCopy ¶
func (in *CAProvider) DeepCopy() *CAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAProvider.
func (*CAProvider) DeepCopyInto ¶
func (in *CAProvider) DeepCopyInto(out *CAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CAProviderType ¶
type CAProviderType string
const ( CAProviderTypeSecret CAProviderType = "Secret" CAProviderTypeConfigMap CAProviderType = "ConfigMap" )
type CertAuth ¶
type CertAuth struct { ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"` ClientKey esmeta.SecretKeySelector `json:"clientKey,omitempty"` }
func (*CertAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertAuth.
func (*CertAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecret ¶
type ClusterExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ClusterExternalSecretSpec `json:"spec,omitempty"` Status ClusterExternalSecretStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:storageversion +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=ces +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
func (*ClusterExternalSecret) DeepCopy ¶
func (in *ClusterExternalSecret) DeepCopy() *ClusterExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecret.
func (*ClusterExternalSecret) DeepCopyInto ¶
func (in *ClusterExternalSecret) DeepCopyInto(out *ClusterExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterExternalSecret) DeepCopyObject ¶
func (in *ClusterExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterExternalSecretConditionType ¶
type ClusterExternalSecretConditionType string
const ( ClusterExternalSecretReady ClusterExternalSecretConditionType = "Ready" ClusterExternalSecretPartiallyReady ClusterExternalSecretConditionType = "PartiallyReady" ClusterExternalSecretNotReady ClusterExternalSecretConditionType = "NotReady" )
type ClusterExternalSecretList ¶
type ClusterExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterExternalSecret `json:"items"` }
ClusterExternalSecretList contains a list of ClusterExternalSecret.
func (*ClusterExternalSecretList) DeepCopy ¶
func (in *ClusterExternalSecretList) DeepCopy() *ClusterExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretList.
func (*ClusterExternalSecretList) DeepCopyInto ¶
func (in *ClusterExternalSecretList) DeepCopyInto(out *ClusterExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterExternalSecretList) DeepCopyObject ¶
func (in *ClusterExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterExternalSecretNamespaceFailure ¶
type ClusterExternalSecretNamespaceFailure struct { // Namespace is the namespace that failed when trying to apply an ExternalSecret Namespace string `json:"namespace"` // Reason is why the ExternalSecret failed to apply to the namespace // +optional Reason string `json:"reason,omitempty"` }
ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it's reason.
func (*ClusterExternalSecretNamespaceFailure) DeepCopy ¶
func (in *ClusterExternalSecretNamespaceFailure) DeepCopy() *ClusterExternalSecretNamespaceFailure
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretNamespaceFailure.
func (*ClusterExternalSecretNamespaceFailure) DeepCopyInto ¶
func (in *ClusterExternalSecretNamespaceFailure) DeepCopyInto(out *ClusterExternalSecretNamespaceFailure)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretSpec ¶
type ClusterExternalSecretSpec struct { // The spec for the ExternalSecrets to be created ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"` // The name of the external secrets to be created defaults to the name of the ClusterExternalSecret // +optional ExternalSecretName string `json:"externalSecretName"` // The labels to select by to find the Namespaces to create the ExternalSecrets in. NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"` // The time in which the controller should reconcile it's objects and recheck namespaces for labels. RefreshInterval *metav1.Duration `json:"refreshTime,omitempty"` }
ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.
func (*ClusterExternalSecretSpec) DeepCopy ¶
func (in *ClusterExternalSecretSpec) DeepCopy() *ClusterExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretSpec.
func (*ClusterExternalSecretSpec) DeepCopyInto ¶
func (in *ClusterExternalSecretSpec) DeepCopyInto(out *ClusterExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretStatus ¶
type ClusterExternalSecretStatus struct { // Failed namespaces are the namespaces that failed to apply an ExternalSecret // +optional FailedNamespaces []ClusterExternalSecretNamespaceFailure `json:"failedNamespaces,omitempty"` // ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets // +optional ProvisionedNamespaces []string `json:"provisionedNamespaces,omitempty"` // +optional Conditions []ClusterExternalSecretStatusCondition `json:"conditions,omitempty"` }
ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.
func (*ClusterExternalSecretStatus) DeepCopy ¶
func (in *ClusterExternalSecretStatus) DeepCopy() *ClusterExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatus.
func (*ClusterExternalSecretStatus) DeepCopyInto ¶
func (in *ClusterExternalSecretStatus) DeepCopyInto(out *ClusterExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretStatusCondition ¶
type ClusterExternalSecretStatusCondition struct { Type ClusterExternalSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Message string `json:"message,omitempty"` }
func (*ClusterExternalSecretStatusCondition) DeepCopy ¶
func (in *ClusterExternalSecretStatusCondition) DeepCopy() *ClusterExternalSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatusCondition.
func (*ClusterExternalSecretStatusCondition) DeepCopyInto ¶
func (in *ClusterExternalSecretStatusCondition) DeepCopyInto(out *ClusterExternalSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSecretStore ¶
type ClusterSecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec SecretStoreSpec `json:"spec,omitempty"` Status SecretStoreStatus `json:"status,omitempty"` }
ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Capabilities",type=string,JSONPath=`.status.capabilities` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css
func (*ClusterSecretStore) Copy ¶
func (c *ClusterSecretStore) Copy() GenericStore
func (*ClusterSecretStore) DeepCopy ¶
func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.
func (*ClusterSecretStore) DeepCopyInto ¶
func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStore) DeepCopyObject ¶
func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterSecretStore) GetKind ¶ added in v0.6.1
func (c *ClusterSecretStore) GetKind() string
func (*ClusterSecretStore) GetNamespacedName ¶
func (c *ClusterSecretStore) GetNamespacedName() string
func (*ClusterSecretStore) GetObjectMeta ¶
func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*ClusterSecretStore) GetSpec ¶
func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
func (*ClusterSecretStore) GetStatus ¶
func (c *ClusterSecretStore) GetStatus() SecretStoreStatus
func (*ClusterSecretStore) GetTypeMeta ¶
func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
func (*ClusterSecretStore) Hub ¶
func (*ClusterSecretStore) Hub()
func (*ClusterSecretStore) SetStatus ¶
func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)
func (*ClusterSecretStore) SetupWebhookWithManager ¶
func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
type ClusterSecretStoreCondition ¶ added in v0.6.1
type ClusterSecretStoreCondition struct { // Choose namespace using a labelSelector // +optional NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` // Choose namespaces by name Namespaces []string `json:"namespaces,omitempty"` }
ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
func (*ClusterSecretStoreCondition) DeepCopy ¶ added in v0.6.1
func (in *ClusterSecretStoreCondition) DeepCopy() *ClusterSecretStoreCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreCondition.
func (*ClusterSecretStoreCondition) DeepCopyInto ¶ added in v0.6.1
func (in *ClusterSecretStoreCondition) DeepCopyInto(out *ClusterSecretStoreCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSecretStoreList ¶
type ClusterSecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterSecretStore `json:"items"` }
ClusterSecretStoreList contains a list of ClusterSecretStore resources.
func (*ClusterSecretStoreList) DeepCopy ¶
func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.
func (*ClusterSecretStoreList) DeepCopyInto ¶
func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStoreList) DeepCopyObject ¶
func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type DopplerAuth ¶ added in v0.6.0
type DopplerAuth struct {
SecretRef DopplerAuthSecretRef `json:"secretRef"`
}
func (*DopplerAuth) DeepCopy ¶ added in v0.6.0
func (in *DopplerAuth) DeepCopy() *DopplerAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerAuth.
func (*DopplerAuth) DeepCopyInto ¶ added in v0.6.0
func (in *DopplerAuth) DeepCopyInto(out *DopplerAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DopplerAuthSecretRef ¶ added in v0.6.0
type DopplerAuthSecretRef struct { // The DopplerToken is used for authentication. // See https://docs.doppler.com/reference/api#authentication for auth token types. // The Key attribute defaults to dopplerToken if not specified. DopplerToken esmeta.SecretKeySelector `json:"dopplerToken"` }
func (*DopplerAuthSecretRef) DeepCopy ¶ added in v0.6.0
func (in *DopplerAuthSecretRef) DeepCopy() *DopplerAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerAuthSecretRef.
func (*DopplerAuthSecretRef) DeepCopyInto ¶ added in v0.6.0
func (in *DopplerAuthSecretRef) DeepCopyInto(out *DopplerAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DopplerProvider ¶ added in v0.6.0
type DopplerProvider struct { // Auth configures how the Operator authenticates with the Doppler API Auth *DopplerAuth `json:"auth"` // Doppler project (required if not using a Service Token) // +optional Project string `json:"project,omitempty"` // Doppler config (required if not using a Service Token) // +optional Config string `json:"config,omitempty"` // Environment variable compatible name transforms that change secret names to a different format // +kubebuilder:validation:Enum=upper-camel;camel;lower-snake;tf-var;dotnet-env // +optional NameTransformer string `json:"nameTransformer,omitempty"` // Format enables the downloading of secrets as a file (string) // +kubebuilder:validation:Enum=json;dotnet-json;env;yaml;docker // +optional Format string `json:"format,omitempty"` }
DopplerProvider configures a store to sync secrets using the Doppler provider. Project and Config are required if not using a Service Token.
func (*DopplerProvider) DeepCopy ¶ added in v0.6.0
func (in *DopplerProvider) DeepCopy() *DopplerProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerProvider.
func (*DopplerProvider) DeepCopyInto ¶ added in v0.6.0
func (in *DopplerProvider) DeepCopyInto(out *DopplerProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecret ¶
type ExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ExternalSecretSpec `json:"spec,omitempty"` Status ExternalSecretStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:storageversion ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`
func (*ExternalSecret) DeepCopy ¶
func (in *ExternalSecret) DeepCopy() *ExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.
func (*ExternalSecret) DeepCopyInto ¶
func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecret) DeepCopyObject ¶
func (in *ExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ExternalSecret) Hub ¶
func (*ExternalSecret) Hub()
func (*ExternalSecret) SetupWebhookWithManager ¶
func (r *ExternalSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
type ExternalSecretConditionType ¶
type ExternalSecretConditionType string
const ( ExternalSecretReady ExternalSecretConditionType = "Ready" ExternalSecretDeleted ExternalSecretConditionType = "Deleted" )
type ExternalSecretConversionStrategy ¶
type ExternalSecretConversionStrategy string
const ( ExternalSecretConversionDefault ExternalSecretConversionStrategy = "Default" ExternalSecretConversionUnicode ExternalSecretConversionStrategy = "Unicode" )
type ExternalSecretCreationPolicy ¶
type ExternalSecretCreationPolicy string
ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. +kubebuilder:validation:Enum=Owner;Orphan;Merge;None
const ( // Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource. CreatePolicyOwner ExternalSecretCreationPolicy = "Owner" // Orphan creates the Secret and does not set the ownerReference. // I.e. it will be orphaned after the deletion of the ExternalSecret. CreatePolicyOrphan ExternalSecretCreationPolicy = "Orphan" // Merge does not create the Secret, but merges the data fields to the Secret. CreatePolicyMerge ExternalSecretCreationPolicy = "Merge" // None does not create a Secret (future use with injector). CreatePolicyNone ExternalSecretCreationPolicy = "None" )
type ExternalSecretData ¶
type ExternalSecretData struct { // SecretKey defines the key in which the controller stores // the value. This is the key in the Kind=Secret SecretKey string `json:"secretKey"` // RemoteRef points to the remote secret and defines // which secret (version/property/..) to fetch. RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` // SourceRef allows you to override the source // from which the value will pulled from. SourceRef *SourceRef `json:"sourceRef,omitempty"` }
ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
func (*ExternalSecretData) DeepCopy ¶
func (in *ExternalSecretData) DeepCopy() *ExternalSecretData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.
func (*ExternalSecretData) DeepCopyInto ¶
func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataFromRemoteRef ¶
type ExternalSecretDataFromRemoteRef struct { // Used to extract multiple key/value pairs from one secret // Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef. // +optional Extract *ExternalSecretDataRemoteRef `json:"extract,omitempty"` // Used to find secrets based on tags or regular expressions // Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef. // +optional Find *ExternalSecretFind `json:"find,omitempty"` // Used to rewrite secret Keys after getting them from the secret Provider // Multiple Rewrite operations can be provided. They are applied in a layered order (first to last) // +optional Rewrite []ExternalSecretRewrite `json:"rewrite,omitempty"` // SourceRef points to a store or generator // which contains secret values ready to use. // Use this in combination with Extract or Find pull values out of // a specific SecretStore. // When sourceRef points to a generator Extract or Find is not supported. // The generator returns a static map of values SourceRef *SourceRef `json:"sourceRef,omitempty"` }
func (*ExternalSecretDataFromRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataFromRemoteRef) DeepCopy() *ExternalSecretDataFromRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataFromRemoteRef.
func (*ExternalSecretDataFromRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataFromRemoteRef) DeepCopyInto(out *ExternalSecretDataFromRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataRemoteRef ¶
type ExternalSecretDataRemoteRef struct { // Key is the key used in the Provider, mandatory Key string `json:"key"` // +optional // Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None MetadataPolicy ExternalSecretMetadataPolicy `json:"metadataPolicy,omitempty"` // +optional // Used to select a specific property of the Provider value (if a map), if supported Property string `json:"property,omitempty"` // +optional // Used to select a specific version of the Provider value, if supported Version string `json:"version,omitempty"` // +optional // Used to define a conversion Strategy // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` // +optional // Used to define a decoding Strategy // +kubebuilder:default="None" DecodingStrategy ExternalSecretDecodingStrategy `json:"decodingStrategy,omitempty"` }
ExternalSecretDataRemoteRef defines Provider data location.
func (*ExternalSecretDataRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataRemoteRef) DeepCopy() *ExternalSecretDataRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.
func (*ExternalSecretDataRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataRemoteRef) DeepCopyInto(out *ExternalSecretDataRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDecodingStrategy ¶ added in v0.5.8
type ExternalSecretDecodingStrategy string
const ( ExternalSecretDecodeAuto ExternalSecretDecodingStrategy = "Auto" ExternalSecretDecodeBase64 ExternalSecretDecodingStrategy = "Base64" ExternalSecretDecodeBase64URL ExternalSecretDecodingStrategy = "Base64URL" ExternalSecretDecodeNone ExternalSecretDecodingStrategy = "None" )
type ExternalSecretDeletionPolicy ¶
type ExternalSecretDeletionPolicy string
ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret. +kubebuilder:validation:Enum=Delete;Merge;Retain
const ( // Delete deletes the secret if all provider secrets are deleted. // If a secret gets deleted on the provider side and is not accessible // anymore this is not considered an error and the ExternalSecret // does not go into SecretSyncedError status. DeletionPolicyDelete ExternalSecretDeletionPolicy = "Delete" // Merge removes keys in the secret, but not the secret itself. // If a secret gets deleted on the provider side and is not accessible // anymore this is not considered an error and the ExternalSecret // does not go into SecretSyncedError status. DeletionPolicyMerge ExternalSecretDeletionPolicy = "Merge" // Retain will retain the secret if all provider secrets have been deleted. // If a provider secret does not exist the ExternalSecret gets into the // SecretSyncedError status. DeletionPolicyRetain ExternalSecretDeletionPolicy = "Retain" )
type ExternalSecretFind ¶
type ExternalSecretFind struct { // A root path to start the find operations. // +optional Path *string `json:"path,omitempty"` // Finds secrets based on the name. // +optional Name *FindName `json:"name,omitempty"` // Find secrets based on tags. // +optional Tags map[string]string `json:"tags,omitempty"` // +optional // Used to define a conversion Strategy // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` // +optional // Used to define a decoding Strategy // +kubebuilder:default="None" DecodingStrategy ExternalSecretDecodingStrategy `json:"decodingStrategy,omitempty"` }
func (*ExternalSecretFind) DeepCopy ¶
func (in *ExternalSecretFind) DeepCopy() *ExternalSecretFind
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretFind.
func (*ExternalSecretFind) DeepCopyInto ¶
func (in *ExternalSecretFind) DeepCopyInto(out *ExternalSecretFind)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretList ¶
type ExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ExternalSecret `json:"items"` }
ExternalSecretList contains a list of ExternalSecret resources.
func (*ExternalSecretList) DeepCopy ¶
func (in *ExternalSecretList) DeepCopy() *ExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.
func (*ExternalSecretList) DeepCopyInto ¶
func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretList) DeepCopyObject ¶
func (in *ExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecretMetadataPolicy ¶ added in v0.5.4
type ExternalSecretMetadataPolicy string
const ( ExternalSecretMetadataPolicyNone ExternalSecretMetadataPolicy = "None" ExternalSecretMetadataPolicyFetch ExternalSecretMetadataPolicy = "Fetch" )
type ExternalSecretRewrite ¶ added in v0.5.9
type ExternalSecretRewrite struct { // Used to rewrite with regular expressions. // The resulting key will be the output of a regexp.ReplaceAll operation. // +optional Regexp *ExternalSecretRewriteRegexp `json:"regexp,omitempty"` }
func (*ExternalSecretRewrite) DeepCopy ¶ added in v0.5.9
func (in *ExternalSecretRewrite) DeepCopy() *ExternalSecretRewrite
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretRewrite.
func (*ExternalSecretRewrite) DeepCopyInto ¶ added in v0.5.9
func (in *ExternalSecretRewrite) DeepCopyInto(out *ExternalSecretRewrite)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretRewriteRegexp ¶ added in v0.5.9
type ExternalSecretRewriteRegexp struct { // Used to define the regular expression of a re.Compiler. Source string `json:"source"` // Used to define the target pattern of a ReplaceAll operation. Target string `json:"target"` }
func (*ExternalSecretRewriteRegexp) DeepCopy ¶ added in v0.5.9
func (in *ExternalSecretRewriteRegexp) DeepCopy() *ExternalSecretRewriteRegexp
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretRewriteRegexp.
func (*ExternalSecretRewriteRegexp) DeepCopyInto ¶ added in v0.5.9
func (in *ExternalSecretRewriteRegexp) DeepCopyInto(out *ExternalSecretRewriteRegexp)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretSpec ¶
type ExternalSecretSpec struct { // +optional SecretStoreRef SecretStoreRef `json:"secretStoreRef"` // +kubebuilder:default={creationPolicy:Owner,deletionPolicy:Retain} // +optional Target ExternalSecretTarget `json:"target,omitempty"` // RefreshInterval is the amount of time before the values are read again from the SecretStore provider // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" // May be set to zero to fetch and create it once. Defaults to 1h. // +kubebuilder:default="1h" RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` // Data defines the connection between the Kubernetes Secret keys and the Provider data // +optional Data []ExternalSecretData `json:"data,omitempty"` // DataFrom is used to fetch all properties from a specific Provider data // If multiple entries are specified, the Secret keys are merged in the specified order // +optional DataFrom []ExternalSecretDataFromRemoteRef `json:"dataFrom,omitempty"` }
ExternalSecretSpec defines the desired state of ExternalSecret.
func (*ExternalSecretSpec) DeepCopy ¶
func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.
func (*ExternalSecretSpec) DeepCopyInto ¶
func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatus ¶
type ExternalSecretStatus struct { // +nullable // refreshTime is the time and date the external secret was fetched and // the target secret updated RefreshTime metav1.Time `json:"refreshTime,omitempty"` // SyncedResourceVersion keeps track of the last synced version SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"` // +optional Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"` // Binding represents a servicebinding.io Provisioned Service reference to the secret Binding corev1.LocalObjectReference `json:"binding,omitempty"` }
func (*ExternalSecretStatus) DeepCopy ¶
func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.
func (*ExternalSecretStatus) DeepCopyInto ¶
func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatusCondition ¶
type ExternalSecretStatusCondition struct { Type ExternalSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*ExternalSecretStatusCondition) DeepCopy ¶
func (in *ExternalSecretStatusCondition) DeepCopy() *ExternalSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.
func (*ExternalSecretStatusCondition) DeepCopyInto ¶
func (in *ExternalSecretStatusCondition) DeepCopyInto(out *ExternalSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTarget ¶
type ExternalSecretTarget struct { // Name defines the name of the Secret resource to be managed // This field is immutable // Defaults to the .metadata.name of the ExternalSecret resource // +optional Name string `json:"name,omitempty"` // CreationPolicy defines rules on how to create the resulting Secret // Defaults to 'Owner' // +optional // +kubebuilder:default="Owner" CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` // DeletionPolicy defines rules on how to delete the resulting Secret // Defaults to 'Retain' // +optional // +kubebuilder:default="Retain" DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"` // Template defines a blueprint for the created Secret resource. // +optional Template *ExternalSecretTemplate `json:"template,omitempty"` // Immutable defines if the final secret will be immutable // +optional Immutable bool `json:"immutable,omitempty"` }
ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
func (*ExternalSecretTarget) DeepCopy ¶
func (in *ExternalSecretTarget) DeepCopy() *ExternalSecretTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.
func (*ExternalSecretTarget) DeepCopyInto ¶
func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplate ¶
type ExternalSecretTemplate struct { // +optional Type corev1.SecretType `json:"type,omitempty"` EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"` // +optional Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"` // +kubebuilder:default="Replace" MergePolicy TemplateMergePolicy `json:"mergePolicy,omitempty"` // +optional Data map[string]string `json:"data,omitempty"` // +optional TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"` }
ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448
func (*ExternalSecretTemplate) DeepCopy ¶
func (in *ExternalSecretTemplate) DeepCopy() *ExternalSecretTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.
func (*ExternalSecretTemplate) DeepCopyInto ¶
func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplateMetadata ¶
type ExternalSecretTemplateMetadata struct { // +optional Annotations map[string]string `json:"annotations,omitempty"` // +optional Labels map[string]string `json:"labels,omitempty"` }
ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
func (*ExternalSecretTemplateMetadata) DeepCopy ¶
func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.
func (*ExternalSecretTemplateMetadata) DeepCopyInto ¶
func (in *ExternalSecretTemplateMetadata) DeepCopyInto(out *ExternalSecretTemplateMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretValidator ¶
type ExternalSecretValidator struct{}
func (*ExternalSecretValidator) DeepCopy ¶
func (in *ExternalSecretValidator) DeepCopy() *ExternalSecretValidator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretValidator.
func (*ExternalSecretValidator) DeepCopyInto ¶
func (in *ExternalSecretValidator) DeepCopyInto(out *ExternalSecretValidator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretValidator) ValidateCreate ¶
func (*ExternalSecretValidator) ValidateDelete ¶
func (*ExternalSecretValidator) ValidateUpdate ¶
type FakeProvider ¶
type FakeProvider struct {
Data []FakeProviderData `json:"data"`
}
FakeProvider configures a fake provider that returns static values.
func (*FakeProvider) DeepCopy ¶
func (in *FakeProvider) DeepCopy() *FakeProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProvider.
func (*FakeProvider) DeepCopyInto ¶
func (in *FakeProvider) DeepCopyInto(out *FakeProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FakeProviderData ¶
type FakeProviderData struct { Key string `json:"key"` Value string `json:"value,omitempty"` ValueMap map[string]string `json:"valueMap,omitempty"` Version string `json:"version,omitempty"` }
func (*FakeProviderData) DeepCopy ¶
func (in *FakeProviderData) DeepCopy() *FakeProviderData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProviderData.
func (*FakeProviderData) DeepCopyInto ¶
func (in *FakeProviderData) DeepCopyInto(out *FakeProviderData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FindName ¶
type FindName struct { // Finds secrets base // +optional RegExp string `json:"regexp,omitempty"` }
func (*FindName) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FindName.
func (*FindName) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMAuth ¶
type GCPSMAuth struct { // +optional SecretRef *GCPSMAuthSecretRef `json:"secretRef,omitempty"` // +optional WorkloadIdentity *GCPWorkloadIdentity `json:"workloadIdentity,omitempty"` }
func (*GCPSMAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.
func (*GCPSMAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMAuthSecretRef ¶
type GCPSMAuthSecretRef struct { // The SecretAccessKey is used for authentication // +optional SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` }
func (*GCPSMAuthSecretRef) DeepCopy ¶
func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.
func (*GCPSMAuthSecretRef) DeepCopyInto ¶
func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMProvider ¶
type GCPSMProvider struct { // Auth defines the information necessary to authenticate against GCP // +optional Auth GCPSMAuth `json:"auth,omitempty"` // ProjectID project where secret is located ProjectID string `json:"projectID,omitempty"` }
GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.
func (*GCPSMProvider) DeepCopy ¶
func (in *GCPSMProvider) DeepCopy() *GCPSMProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.
func (*GCPSMProvider) DeepCopyInto ¶
func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPWorkloadIdentity ¶
type GCPWorkloadIdentity struct { ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` ClusterLocation string `json:"clusterLocation"` ClusterName string `json:"clusterName"` ClusterProjectID string `json:"clusterProjectID,omitempty"` }
func (*GCPWorkloadIdentity) DeepCopy ¶
func (in *GCPWorkloadIdentity) DeepCopy() *GCPWorkloadIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPWorkloadIdentity.
func (*GCPWorkloadIdentity) DeepCopyInto ¶
func (in *GCPWorkloadIdentity) DeepCopyInto(out *GCPWorkloadIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GeneratorRef ¶ added in v0.7.0
type GeneratorRef struct { // Specify the apiVersion of the generator resource // +kubebuilder:default="generators.external-secrets.io/v1alpha1" APIVersion string `json:"apiVersion,omitempty"` // Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. Kind string `json:"kind"` // Specify the name of the generator resource Name string `json:"name"` }
GeneratorRef points to a generator custom resource.
func (*GeneratorRef) DeepCopy ¶ added in v0.7.0
func (in *GeneratorRef) DeepCopy() *GeneratorRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GeneratorRef.
func (*GeneratorRef) DeepCopyInto ¶ added in v0.7.0
func (in *GeneratorRef) DeepCopyInto(out *GeneratorRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GenericStore ¶
type GenericStore interface { runtime.Object metav1.Object GetObjectMeta() *metav1.ObjectMeta GetTypeMeta() *metav1.TypeMeta GetKind() string GetSpec() *SecretStoreSpec GetNamespacedName() string GetStatus() SecretStoreStatus SetStatus(status SecretStoreStatus) Copy() GenericStore }
GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.
type GenericStoreValidator ¶
type GenericStoreValidator struct{}
func (*GenericStoreValidator) DeepCopy ¶
func (in *GenericStoreValidator) DeepCopy() *GenericStoreValidator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericStoreValidator.
func (*GenericStoreValidator) DeepCopyInto ¶
func (in *GenericStoreValidator) DeepCopyInto(out *GenericStoreValidator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GenericStoreValidator) ValidateCreate ¶
func (r *GenericStoreValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error)
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*GenericStoreValidator) ValidateDelete ¶
func (r *GenericStoreValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error)
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*GenericStoreValidator) ValidateUpdate ¶
func (r *GenericStoreValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type GitlabAuth ¶
type GitlabAuth struct {
SecretRef GitlabSecretRef `json:"SecretRef"`
}
func (*GitlabAuth) DeepCopy ¶
func (in *GitlabAuth) DeepCopy() *GitlabAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabAuth.
func (*GitlabAuth) DeepCopyInto ¶
func (in *GitlabAuth) DeepCopyInto(out *GitlabAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitlabProvider ¶
type GitlabProvider struct { // URL configures the GitLab instance URL. Defaults to https://gitlab.com/. URL string `json:"url,omitempty"` // Auth configures how secret-manager authenticates with a GitLab instance. Auth GitlabAuth `json:"auth"` // ProjectID specifies a project where secrets are located. ProjectID string `json:"projectID,omitempty"` // InheritFromGroups specifies whether parent groups should be discovered and checked for secrets. InheritFromGroups bool `json:"inheritFromGroups,omitempty"` // GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables. GroupIDs []string `json:"groupIDs,omitempty"` // Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments) Environment string `json:"environment,omitempty"` }
Configures a store to sync secrets with a GitLab instance.
func (*GitlabProvider) DeepCopy ¶
func (in *GitlabProvider) DeepCopy() *GitlabProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabProvider.
func (*GitlabProvider) DeepCopyInto ¶
func (in *GitlabProvider) DeepCopyInto(out *GitlabProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitlabSecretRef ¶
type GitlabSecretRef struct { // AccessToken is used for authentication. AccessToken esmeta.SecretKeySelector `json:"accessToken,omitempty"` }
func (*GitlabSecretRef) DeepCopy ¶
func (in *GitlabSecretRef) DeepCopy() *GitlabSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabSecretRef.
func (*GitlabSecretRef) DeepCopyInto ¶
func (in *GitlabSecretRef) DeepCopyInto(out *GitlabSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuth ¶
type IBMAuth struct { SecretRef IBMAuthSecretRef `json:"secretRef,omitempty"` ContainerAuth IBMAuthContainerAuth `json:"containerAuth,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*IBMAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuth.
func (*IBMAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuthContainerAuth ¶ added in v0.5.9
type IBMAuthContainerAuth struct { // the IBM Trusted Profile Profile string `json:"profile"` // Location the token is mounted on the pod TokenLocation string `json:"tokenLocation,omitempty"` IAMEndpoint string `json:"iamEndpoint,omitempty"` }
IBM Container-based auth with IAM Trusted Profile.
func (*IBMAuthContainerAuth) DeepCopy ¶ added in v0.5.9
func (in *IBMAuthContainerAuth) DeepCopy() *IBMAuthContainerAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthContainerAuth.
func (*IBMAuthContainerAuth) DeepCopyInto ¶ added in v0.5.9
func (in *IBMAuthContainerAuth) DeepCopyInto(out *IBMAuthContainerAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuthSecretRef ¶
type IBMAuthSecretRef struct { // The SecretAccessKey is used for authentication SecretAPIKey esmeta.SecretKeySelector `json:"secretApiKeySecretRef,omitempty"` }
func (*IBMAuthSecretRef) DeepCopy ¶
func (in *IBMAuthSecretRef) DeepCopy() *IBMAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthSecretRef.
func (*IBMAuthSecretRef) DeepCopyInto ¶
func (in *IBMAuthSecretRef) DeepCopyInto(out *IBMAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMProvider ¶
type IBMProvider struct { // Auth configures how secret-manager authenticates with the IBM secrets manager. Auth IBMAuth `json:"auth"` // ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance ServiceURL *string `json:"serviceUrl,omitempty"` }
Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.
func (*IBMProvider) DeepCopy ¶
func (in *IBMProvider) DeepCopy() *IBMProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMProvider.
func (*IBMProvider) DeepCopyInto ¶
func (in *IBMProvider) DeepCopyInto(out *IBMProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeeperSecurityProvider ¶ added in v0.7.3
type KeeperSecurityProvider struct { Auth smmeta.SecretKeySelector `json:"authRef"` FolderID string `json:"folderID"` }
KeeperSecurityProvider Configures a store to sync secrets using Keeper Security.
func (*KeeperSecurityProvider) DeepCopy ¶ added in v0.7.3
func (in *KeeperSecurityProvider) DeepCopy() *KeeperSecurityProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeeperSecurityProvider.
func (*KeeperSecurityProvider) DeepCopyInto ¶ added in v0.7.3
func (in *KeeperSecurityProvider) DeepCopyInto(out *KeeperSecurityProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesAuth ¶
type KubernetesAuth struct { // has both clientCert and clientKey as secretKeySelector // +optional Cert *CertAuth `json:"cert,omitempty"` // use static token to authenticate with // +optional Token *TokenAuth `json:"token,omitempty"` // points to a service account that should be used for authentication // +optional ServiceAccount *esmeta.ServiceAccountSelector `json:"serviceAccount,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*KubernetesAuth) DeepCopy ¶
func (in *KubernetesAuth) DeepCopy() *KubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuth.
func (*KubernetesAuth) DeepCopyInto ¶
func (in *KubernetesAuth) DeepCopyInto(out *KubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesProvider ¶
type KubernetesProvider struct { // configures the Kubernetes server Address. Server KubernetesServer `json:"server,omitempty"` // Auth configures how secret-manager authenticates with a Kubernetes instance. Auth KubernetesAuth `json:"auth"` // Remote namespace to fetch the secrets from // +kubebuilder:default= default // +optional RemoteNamespace string `json:"remoteNamespace"` }
Configures a store to sync secrets with a Kubernetes instance.
func (*KubernetesProvider) DeepCopy ¶
func (in *KubernetesProvider) DeepCopy() *KubernetesProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesProvider.
func (*KubernetesProvider) DeepCopyInto ¶
func (in *KubernetesProvider) DeepCopyInto(out *KubernetesProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesServer ¶
type KubernetesServer struct { // configures the Kubernetes server Address. // +kubebuilder:default=kubernetes.default // +optional URL string `json:"url,omitempty"` // CABundle is a base64-encoded CA certificate // +optional CABundle []byte `json:"caBundle,omitempty"` // see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` }
func (*KubernetesServer) DeepCopy ¶
func (in *KubernetesServer) DeepCopy() *KubernetesServer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServer.
func (*KubernetesServer) DeepCopyInto ¶
func (in *KubernetesServer) DeepCopyInto(out *KubernetesServer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NoSecretError ¶
type NoSecretError struct{}
NoSecretError shall be returned when a GetSecret can not find the desired secret. This is used for deletionPolicy.
func (*NoSecretError) DeepCopy ¶
func (in *NoSecretError) DeepCopy() *NoSecretError
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoSecretError.
func (*NoSecretError) DeepCopyInto ¶
func (in *NoSecretError) DeepCopyInto(out *NoSecretError)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (NoSecretError) Error ¶
func (NoSecretError) Error() string
type OnePasswordAuth ¶ added in v0.5.3
type OnePasswordAuth struct {
SecretRef *OnePasswordAuthSecretRef `json:"secretRef"`
}
OnePasswordAuth contains a secretRef for credentials.
func (*OnePasswordAuth) DeepCopy ¶ added in v0.5.3
func (in *OnePasswordAuth) DeepCopy() *OnePasswordAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordAuth.
func (*OnePasswordAuth) DeepCopyInto ¶ added in v0.5.3
func (in *OnePasswordAuth) DeepCopyInto(out *OnePasswordAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OnePasswordAuthSecretRef ¶ added in v0.5.3
type OnePasswordAuthSecretRef struct { // The ConnectToken is used for authentication to a 1Password Connect Server. ConnectToken esmeta.SecretKeySelector `json:"connectTokenSecretRef"` }
OnePasswordAuthSecretRef holds secret references for 1Password credentials.
func (*OnePasswordAuthSecretRef) DeepCopy ¶ added in v0.5.3
func (in *OnePasswordAuthSecretRef) DeepCopy() *OnePasswordAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordAuthSecretRef.
func (*OnePasswordAuthSecretRef) DeepCopyInto ¶ added in v0.5.3
func (in *OnePasswordAuthSecretRef) DeepCopyInto(out *OnePasswordAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OnePasswordProvider ¶ added in v0.5.3
type OnePasswordProvider struct { // Auth defines the information necessary to authenticate against OnePassword Connect Server Auth *OnePasswordAuth `json:"auth"` // ConnectHost defines the OnePassword Connect Server to connect to ConnectHost string `json:"connectHost"` // Vaults defines which OnePassword vaults to search in which order Vaults map[string]int `json:"vaults"` }
OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.
func (*OnePasswordProvider) DeepCopy ¶ added in v0.5.3
func (in *OnePasswordProvider) DeepCopy() *OnePasswordProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordProvider.
func (*OnePasswordProvider) DeepCopyInto ¶ added in v0.5.3
func (in *OnePasswordProvider) DeepCopyInto(out *OnePasswordProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleAuth ¶
type OracleAuth struct { // Tenancy is the tenancy OCID where user is located. Tenancy string `json:"tenancy"` // User is an access OCID specific to the account. User string `json:"user"` // SecretRef to pass through sensitive information. SecretRef OracleSecretRef `json:"secretRef"` }
func (*OracleAuth) DeepCopy ¶
func (in *OracleAuth) DeepCopy() *OracleAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleAuth.
func (*OracleAuth) DeepCopyInto ¶
func (in *OracleAuth) DeepCopyInto(out *OracleAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleProvider ¶
type OracleProvider struct { // Region is the region where vault is located. Region string `json:"region"` // Vault is the vault's OCID of the specific vault where secret is located. Vault string `json:"vault"` // Auth configures how secret-manager authenticates with the Oracle Vault. // If empty, use the instance principal, otherwise the user credentials specified in Auth. // +optional Auth *OracleAuth `json:"auth,omitempty"` }
Configures an store to sync secrets using a Oracle Vault backend.
func (*OracleProvider) DeepCopy ¶
func (in *OracleProvider) DeepCopy() *OracleProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleProvider.
func (*OracleProvider) DeepCopyInto ¶
func (in *OracleProvider) DeepCopyInto(out *OracleProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleSecretRef ¶
type OracleSecretRef struct { // PrivateKey is the user's API Signing Key in PEM format, used for authentication. PrivateKey esmeta.SecretKeySelector `json:"privatekey"` // Fingerprint is the fingerprint of the API private key. Fingerprint esmeta.SecretKeySelector `json:"fingerprint"` }
func (*OracleSecretRef) DeepCopy ¶
func (in *OracleSecretRef) DeepCopy() *OracleSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleSecretRef.
func (*OracleSecretRef) DeepCopyInto ¶
func (in *OracleSecretRef) DeepCopyInto(out *OracleSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Provider ¶
type Provider interface { // NewClient constructs a SecretsManager Provider NewClient(ctx context.Context, store GenericStore, kube client.Client, namespace string) (SecretsClient, error) // ValidateStore checks if the provided store is valid ValidateStore(store GenericStore) error // Capabilities returns the provider Capabilities (Read, Write, ReadWrite) Capabilities() SecretStoreCapabilities }
Provider is a common interface for interacting with secret backends.
func GetProvider ¶
func GetProvider(s GenericStore) (Provider, error)
GetProvider returns the provider from the generic store.
func GetProviderByName ¶
GetProviderByName returns the provider implementation by name.
type PushRemoteRef ¶ added in v0.7.0
This interface is to allow using v1alpha1 content in Provider registered in v1beta1.
type ScalewayProvider ¶ added in v0.7.3
type ScalewayProvider struct { // APIURL is the url of the api to use. Defaults to https://api.scaleway.com // +optional APIURL string `json:"apiUrl,omitempty"` // Region where your secrets are located: https://developers.scaleway.com/en/quickstart/#region-and-zone Region string `json:"region"` // ProjectID is the id of your project, which you can find in the console: https://console.scaleway.com/project/settings ProjectID string `json:"projectId"` // AccessKey is the non-secret part of the api key. AccessKey *ScalewayProviderSecretRef `json:"accessKey"` // SecretKey is the non-secret part of the api key. SecretKey *ScalewayProviderSecretRef `json:"secretKey"` }
func (*ScalewayProvider) DeepCopy ¶ added in v0.7.3
func (in *ScalewayProvider) DeepCopy() *ScalewayProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalewayProvider.
func (*ScalewayProvider) DeepCopyInto ¶ added in v0.7.3
func (in *ScalewayProvider) DeepCopyInto(out *ScalewayProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ScalewayProviderSecretRef ¶ added in v0.7.3
type ScalewayProviderSecretRef struct { // Value can be specified directly to set a value without using a secret. // +optional Value string `json:"value,omitempty"` // SecretRef references a key in a secret that will be used as value. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
func (*ScalewayProviderSecretRef) DeepCopy ¶ added in v0.7.3
func (in *ScalewayProviderSecretRef) DeepCopy() *ScalewayProviderSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalewayProviderSecretRef.
func (*ScalewayProviderSecretRef) DeepCopyInto ¶ added in v0.7.3
func (in *ScalewayProviderSecretRef) DeepCopyInto(out *ScalewayProviderSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStore ¶
type SecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec SecretStoreSpec `json:"spec,omitempty"` Status SecretStoreStatus `json:"status,omitempty"` }
SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Capabilities",type=string,JSONPath=`.status.capabilities` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +kubebuilder:subresource:status +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss
func (*SecretStore) Copy ¶
func (c *SecretStore) Copy() GenericStore
func (*SecretStore) DeepCopy ¶
func (in *SecretStore) DeepCopy() *SecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.
func (*SecretStore) DeepCopyInto ¶
func (in *SecretStore) DeepCopyInto(out *SecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStore) DeepCopyObject ¶
func (in *SecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretStore) GetKind ¶ added in v0.6.1
func (c *SecretStore) GetKind() string
func (*SecretStore) GetNamespacedName ¶
func (c *SecretStore) GetNamespacedName() string
func (*SecretStore) GetObjectMeta ¶
func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*SecretStore) GetSpec ¶
func (c *SecretStore) GetSpec() *SecretStoreSpec
func (*SecretStore) GetStatus ¶
func (c *SecretStore) GetStatus() SecretStoreStatus
func (*SecretStore) GetTypeMeta ¶
func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
func (*SecretStore) Hub ¶
func (*SecretStore) Hub()
func (*SecretStore) SetStatus ¶
func (c *SecretStore) SetStatus(status SecretStoreStatus)
func (*SecretStore) SetupWebhookWithManager ¶
func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
type SecretStoreCapabilities ¶ added in v0.7.0
type SecretStoreCapabilities string
SecretStoreCapabilities defines the possible operations a SecretStore can do.
const ( SecretStoreReadOnly SecretStoreCapabilities = "ReadOnly" SecretStoreWriteOnly SecretStoreCapabilities = "WriteOnly" SecretStoreReadWrite SecretStoreCapabilities = "ReadWrite" )
type SecretStoreConditionType ¶
type SecretStoreConditionType string
type SecretStoreList ¶
type SecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []SecretStore `json:"items"` }
SecretStoreList contains a list of SecretStore resources.
func (*SecretStoreList) DeepCopy ¶
func (in *SecretStoreList) DeepCopy() *SecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.
func (*SecretStoreList) DeepCopyInto ¶
func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStoreList) DeepCopyObject ¶
func (in *SecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecretStoreProvider ¶
type SecretStoreProvider struct { // AWS configures this store to sync secrets using AWS Secret Manager provider // +optional AWS *AWSProvider `json:"aws,omitempty"` // AzureKV configures this store to sync secrets using Azure Key Vault provider // +optional AzureKV *AzureKVProvider `json:"azurekv,omitempty"` // Akeyless configures this store to sync secrets using Akeyless Vault provider // +optional Akeyless *AkeylessProvider `json:"akeyless,omitempty"` // Vault configures this store to sync secrets using Hashi provider // +optional Vault *VaultProvider `json:"vault,omitempty"` // GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider // +optional GCPSM *GCPSMProvider `json:"gcpsm,omitempty"` // Oracle configures this store to sync secrets using Oracle Vault provider // +optional Oracle *OracleProvider `json:"oracle,omitempty"` // IBM configures this store to sync secrets using IBM Cloud provider // +optional IBM *IBMProvider `json:"ibm,omitempty"` // YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider // +optional YandexCertificateManager *YandexCertificateManagerProvider `json:"yandexcertificatemanager,omitempty"` // YandexLockbox configures this store to sync secrets using Yandex Lockbox provider // +optional YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"` // GitLab configures this store to sync secrets using GitLab Variables provider // +optional Gitlab *GitlabProvider `json:"gitlab,omitempty"` // Alibaba configures this store to sync secrets using Alibaba Cloud provider // +optional Alibaba *AlibabaProvider `json:"alibaba,omitempty"` // OnePassword configures this store to sync secrets using the 1Password Cloud provider // +optional OnePassword *OnePasswordProvider `json:"onepassword,omitempty"` // Webhook configures this store to sync secrets using a generic templated webhook // +optional Webhook *WebhookProvider `json:"webhook,omitempty"` // Kubernetes configures this store to sync secrets using a Kubernetes cluster provider // +optional Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"` // Fake configures a store with static key/value pairs // +optional Fake *FakeProvider `json:"fake,omitempty"` // Senhasegura configures this store to sync secrets using senhasegura provider // +optional Senhasegura *SenhaseguraProvider `json:"senhasegura,omitempty"` // Scaleway // +optional Scaleway *ScalewayProvider `json:"scaleway,omitempty"` // Doppler configures this store to sync secrets using the Doppler provider // +optional Doppler *DopplerProvider `json:"doppler,omitempty"` // KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider // +optional KeeperSecurity *KeeperSecurityProvider `json:"keepersecurity,omitempty"` }
SecretStoreProvider contains the provider-specific configuration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*SecretStoreProvider) DeepCopy ¶
func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.
func (*SecretStoreProvider) DeepCopyInto ¶
func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRef ¶
type SecretStoreRef struct { // Name of the SecretStore resource Name string `json:"name"` // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) // Defaults to `SecretStore` // +optional Kind string `json:"kind,omitempty"` }
SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
func (*SecretStoreRef) DeepCopy ¶
func (in *SecretStoreRef) DeepCopy() *SecretStoreRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.
func (*SecretStoreRef) DeepCopyInto ¶
func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRetrySettings ¶
type SecretStoreRetrySettings struct { MaxRetries *int32 `json:"maxRetries,omitempty"` RetryInterval *string `json:"retryInterval,omitempty"` }
func (*SecretStoreRetrySettings) DeepCopy ¶
func (in *SecretStoreRetrySettings) DeepCopy() *SecretStoreRetrySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRetrySettings.
func (*SecretStoreRetrySettings) DeepCopyInto ¶
func (in *SecretStoreRetrySettings) DeepCopyInto(out *SecretStoreRetrySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreSpec ¶
type SecretStoreSpec struct { // Used to select the correct ESO controller (think: ingress.ingressClassName) // The ESO controller is instantiated with a specific controller name and filters ES based on this property // +optional Controller string `json:"controller"` // Used to configure the provider. Only one provider may be set Provider *SecretStoreProvider `json:"provider"` // Used to configure http retries if failed // +optional RetrySettings *SecretStoreRetrySettings `json:"retrySettings,omitempty"` // Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config. // +optional RefreshInterval int `json:"refreshInterval"` // Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore // +optional Conditions []ClusterSecretStoreCondition `json:"conditions,omitempty"` }
SecretStoreSpec defines the desired state of SecretStore.
func (*SecretStoreSpec) DeepCopy ¶
func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.
func (*SecretStoreSpec) DeepCopyInto ¶
func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatus ¶
type SecretStoreStatus struct { // +optional Conditions []SecretStoreStatusCondition `json:"conditions"` // +optional Capabilities SecretStoreCapabilities `json:"capabilities"` }
SecretStoreStatus defines the observed state of the SecretStore.
func (*SecretStoreStatus) DeepCopy ¶
func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.
func (*SecretStoreStatus) DeepCopyInto ¶
func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatusCondition ¶
type SecretStoreStatusCondition struct { Type SecretStoreConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*SecretStoreStatusCondition) DeepCopy ¶
func (in *SecretStoreStatusCondition) DeepCopy() *SecretStoreStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.
func (*SecretStoreStatusCondition) DeepCopyInto ¶
func (in *SecretStoreStatusCondition) DeepCopyInto(out *SecretStoreStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretsClient ¶
type SecretsClient interface { // GetSecret returns a single secret from the provider // if GetSecret returns an error with type NoSecretError // then the secret entry will be deleted depending on the deletionPolicy. GetSecret(ctx context.Context, ref ExternalSecretDataRemoteRef) ([]byte, error) // PushSecret will write a single secret into the provider PushSecret(ctx context.Context, value []byte, remoteRef PushRemoteRef) error // DeleteSecret will delete the secret from a provider DeleteSecret(ctx context.Context, remoteRef PushRemoteRef) error // Validate checks if the client is configured correctly // and is able to retrieve secrets from the provider. // If the validation result is unknown it will be ignored. Validate() (ValidationResult, error) // GetSecretMap returns multiple k/v pairs from the provider GetSecretMap(ctx context.Context, ref ExternalSecretDataRemoteRef) (map[string][]byte, error) // GetAllSecrets returns multiple k/v pairs from the provider GetAllSecrets(ctx context.Context, ref ExternalSecretFind) (map[string][]byte, error) Close(ctx context.Context) error }
SecretsClient provides access to secrets.
type SenhaseguraAuth ¶ added in v0.5.3
type SenhaseguraAuth struct { ClientID string `json:"clientId"` ClientSecret esmeta.SecretKeySelector `json:"clientSecretSecretRef"` }
SenhaseguraAuth tells the controller how to do auth in senhasegura.
func (*SenhaseguraAuth) DeepCopy ¶ added in v0.5.3
func (in *SenhaseguraAuth) DeepCopy() *SenhaseguraAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SenhaseguraAuth.
func (*SenhaseguraAuth) DeepCopyInto ¶ added in v0.5.3
func (in *SenhaseguraAuth) DeepCopyInto(out *SenhaseguraAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SenhaseguraModuleType ¶ added in v0.5.3
type SenhaseguraModuleType string
SenhaseguraModuleType enum defines senhasegura target module to fetch secrets +kubebuilder:validation:Enum=DSM
const ( /* SenhaseguraModuleDSM is the senhasegura DevOps Secrets Management module see: https://senhasegura.com/devops */ SenhaseguraModuleDSM SenhaseguraModuleType = "DSM" )
type SenhaseguraProvider ¶ added in v0.5.3
type SenhaseguraProvider struct { /* URL of senhasegura */ URL string `json:"url"` /* Module defines which senhasegura module should be used to get secrets */ Module SenhaseguraModuleType `json:"module"` /* Auth defines parameters to authenticate in senhasegura */ Auth SenhaseguraAuth `json:"auth"` // IgnoreSslCertificate defines if SSL certificate must be ignored // +kubebuilder:default=false IgnoreSslCertificate bool `json:"ignoreSslCertificate,omitempty"` }
SenhaseguraProvider setup a store to sync secrets with senhasegura.
func (*SenhaseguraProvider) DeepCopy ¶ added in v0.5.3
func (in *SenhaseguraProvider) DeepCopy() *SenhaseguraProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SenhaseguraProvider.
func (*SenhaseguraProvider) DeepCopyInto ¶ added in v0.5.3
func (in *SenhaseguraProvider) DeepCopyInto(out *SenhaseguraProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SourceRef ¶ added in v0.7.0
type SourceRef struct { // +optional SecretStoreRef *SecretStoreRef `json:"storeRef,omitempty"` // GeneratorRef points to a generator custom resource in // +optional GeneratorRef *GeneratorRef `json:"generatorRef,omitempty"` }
SourceRef allows you to override the source from which the secret will be pulled from. You can define at maximum one property. +kubebuilder:validation:MaxProperties=1
func (*SourceRef) DeepCopy ¶ added in v0.7.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceRef.
func (*SourceRef) DeepCopyInto ¶ added in v0.7.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateEngineVersion ¶
type TemplateEngineVersion string
const ( TemplateEngineV1 TemplateEngineVersion = "v1" TemplateEngineV2 TemplateEngineVersion = "v2" )
type TemplateFrom ¶
type TemplateFrom struct { ConfigMap *TemplateRef `json:"configMap,omitempty"` Secret *TemplateRef `json:"secret,omitempty"` // +optional // +optional // +kubebuilder:default="Data" Target TemplateTarget `json:"target,omitempty"` // +optional Literal *string `json:"literal,omitempty"` }
func (*TemplateFrom) DeepCopy ¶
func (in *TemplateFrom) DeepCopy() *TemplateFrom
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.
func (*TemplateFrom) DeepCopyInto ¶
func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateMergePolicy ¶ added in v0.7.3
type TemplateMergePolicy string
const ( MergePolicyReplace TemplateMergePolicy = "Replace" MergePolicyMerge TemplateMergePolicy = "Merge" )
type TemplateRef ¶
type TemplateRef struct { Name string `json:"name"` Items []TemplateRefItem `json:"items"` }
func (*TemplateRef) DeepCopy ¶
func (in *TemplateRef) DeepCopy() *TemplateRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.
func (*TemplateRef) DeepCopyInto ¶
func (in *TemplateRef) DeepCopyInto(out *TemplateRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateRefItem ¶
type TemplateRefItem struct { Key string `json:"key"` // +kubebuilder:default="Values" TemplateAs TemplateScope `json:"templateAs,omitempty"` }
func (*TemplateRefItem) DeepCopy ¶
func (in *TemplateRefItem) DeepCopy() *TemplateRefItem
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.
func (*TemplateRefItem) DeepCopyInto ¶
func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateScope ¶ added in v0.7.1
type TemplateScope string
const ( TemplateScopeValues TemplateScope = "Values" TemplateScopeKeysAndValues TemplateScope = "KeysAndValues" )
type TemplateTarget ¶ added in v0.7.1
type TemplateTarget string
const ( TemplateTargetData TemplateTarget = "Data" TemplateTargetAnnotations TemplateTarget = "Annotations" TemplateTargetLabels TemplateTarget = "Labels" )
type TokenAuth ¶
type TokenAuth struct {
BearerToken esmeta.SecretKeySelector `json:"bearerToken,omitempty"`
}
func (*TokenAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenAuth.
func (*TokenAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ValidationResult ¶ added in v0.5.2
type ValidationResult uint8
const ( // Ready indicates that the client is configured correctly // and can be used. ValidationResultReady ValidationResult = iota // Unknown indicates that the client can be used // but information is missing and it can not be validated. ValidationResultUnknown // Error indicates that there is a misconfiguration. ValidationResultError )
func (ValidationResult) String ¶ added in v0.5.2
func (v ValidationResult) String() string
type VaultAppRole ¶
type VaultAppRole struct { // Path where the App Role authentication backend is mounted // in Vault, e.g: "approle" // +kubebuilder:default=approle Path string `json:"path"` // RoleID configured in the App Role authentication backend when setting // up the authentication backend in Vault. //+optional RoleID string `json:"roleId,omitempty"` // Reference to a key in a Secret that contains the App Role ID used // to authenticate with Vault. // The `key` field must be specified and denotes which entry within the Secret // resource is used as the app role id. //+optional RoleRef *esmeta.SecretKeySelector `json:"roleRef,omitempty"` // Reference to a key in a Secret that contains the App Role secret used // to authenticate with Vault. // The `key` field must be specified and denotes which entry within the Secret // resource is used as the app role secret. SecretRef esmeta.SecretKeySelector `json:"secretRef"` }
VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
func (*VaultAppRole) DeepCopy ¶
func (in *VaultAppRole) DeepCopy() *VaultAppRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (*VaultAppRole) DeepCopyInto ¶
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAuth ¶
type VaultAuth struct { // TokenSecretRef authenticates with Vault by presenting a token. // +optional TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"` // AppRole authenticates with Vault using the App Role auth mechanism, // with the role and secret stored in a Kubernetes Secret resource. // +optional AppRole *VaultAppRole `json:"appRole,omitempty"` // Kubernetes authenticates with Vault by passing the ServiceAccount // token stored in the named Secret resource to the Vault server. // +optional Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"` // Ldap authenticates with Vault by passing username/password pair using // the LDAP authentication method // +optional Ldap *VaultLdapAuth `json:"ldap,omitempty"` // Jwt authenticates with Vault by passing role and JWT token using the // JWT/OIDC authentication method // +optional Jwt *VaultJwtAuth `json:"jwt,omitempty"` // Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate // Cert authentication method // +optional Cert *VaultCertAuth `json:"cert,omitempty"` // Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials // AWS IAM authentication method // +optional Iam *VaultIamAuth `json:"iam,omitempty"` }
VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `jwt` or `cert` can be specified.
func (*VaultAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (*VaultAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAwsAuth ¶ added in v0.7.3
type VaultAwsAuth struct { // +optional SecretRef *VaultAwsAuthSecretRef `json:"secretRef,omitempty"` // +optional JWTAuth *VaultAwsJWTAuth `json:"jwt,omitempty"` }
VaultAwsAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will try to load credentials from its own service account assuming it is IRSA enabled.
func (*VaultAwsAuth) DeepCopy ¶ added in v0.7.3
func (in *VaultAwsAuth) DeepCopy() *VaultAwsAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsAuth.
func (*VaultAwsAuth) DeepCopyInto ¶ added in v0.7.3
func (in *VaultAwsAuth) DeepCopyInto(out *VaultAwsAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAwsAuthSecretRef ¶ added in v0.7.3
type VaultAwsAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` // The SecretAccessKey is used for authentication SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` // The SessionToken used for authentication // This must be defined if AccessKeyID and SecretAccessKey are temporary credentials // see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html // +Optional SessionToken *esmeta.SecretKeySelector `json:"sessionTokenSecretRef,omitempty"` }
VaultAWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
func (*VaultAwsAuthSecretRef) DeepCopy ¶ added in v0.7.3
func (in *VaultAwsAuthSecretRef) DeepCopy() *VaultAwsAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsAuthSecretRef.
func (*VaultAwsAuthSecretRef) DeepCopyInto ¶ added in v0.7.3
func (in *VaultAwsAuthSecretRef) DeepCopyInto(out *VaultAwsAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAwsJWTAuth ¶ added in v0.7.3
type VaultAwsJWTAuth struct {
ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}
Authenticate against AWS using service account tokens.
func (*VaultAwsJWTAuth) DeepCopy ¶ added in v0.7.3
func (in *VaultAwsJWTAuth) DeepCopy() *VaultAwsJWTAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsJWTAuth.
func (*VaultAwsJWTAuth) DeepCopyInto ¶ added in v0.7.3
func (in *VaultAwsJWTAuth) DeepCopyInto(out *VaultAwsJWTAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertAuth ¶
type VaultCertAuth struct { // ClientCert is a certificate to authenticate using the Cert Vault // authentication method // +optional ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"` // SecretRef to a key in a Secret resource containing client private key to // authenticate with Vault using the Cert authentication method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.
func (*VaultCertAuth) DeepCopy ¶
func (in *VaultCertAuth) DeepCopy() *VaultCertAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertAuth.
func (*VaultCertAuth) DeepCopyInto ¶
func (in *VaultCertAuth) DeepCopyInto(out *VaultCertAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultIamAuth ¶ added in v0.7.3
type VaultIamAuth struct { // Path where the AWS auth method is enabled in Vault, e.g: "aws" Path string `json:"path,omitempty"` // AWS region Region string `json:"region,omitempty"` // This is the AWS role to be assumed before talking to vault AWSIAMRole string `json:"role,omitempty"` // Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine Role string `json:"vaultRole"` // AWS External ID set on assumed IAM roles ExternalID string `json:"externalID,omitempty"` // X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws VaultAWSIAMServerID string `json:"vaultAwsIamServerID,omitempty"` // Specify credentials in a Secret object // +optional SecretRef *VaultAwsAuthSecretRef `json:"secretRef,omitempty"` // Specify a service account with IRSA enabled // +optional JWTAuth *VaultAwsJWTAuth `json:"jwt,omitempty"` }
VaultIamAuth authenticates with Vault using the Vault's AWS IAM authentication method. Refer: https://developer.hashicorp.com/vault/docs/auth/aws
func (*VaultIamAuth) DeepCopy ¶ added in v0.7.3
func (in *VaultIamAuth) DeepCopy() *VaultIamAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIamAuth.
func (*VaultIamAuth) DeepCopyInto ¶ added in v0.7.3
func (in *VaultIamAuth) DeepCopyInto(out *VaultIamAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultJwtAuth ¶
type VaultJwtAuth struct { // Path where the JWT authentication backend is mounted // in Vault, e.g: "jwt" // +kubebuilder:default=jwt Path string `json:"path"` // Role is a JWT role to authenticate using the JWT/OIDC Vault // authentication method // +optional Role string `json:"role"` // Optional SecretRef that refers to a key in a Secret resource containing JWT token to // authenticate with Vault using the JWT/OIDC authentication method. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // Optional ServiceAccountToken specifies the Kubernetes service account for which to request // a token for with the `TokenRequest` API. // +optional KubernetesServiceAccountToken *VaultKubernetesServiceAccountTokenAuth `json:"kubernetesServiceAccountToken,omitempty"` }
VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.
func (*VaultJwtAuth) DeepCopy ¶
func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.
func (*VaultJwtAuth) DeepCopyInto ¶
func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVStoreVersion ¶
type VaultKVStoreVersion string
const ( VaultKVStoreV1 VaultKVStoreVersion = "v1" VaultKVStoreV2 VaultKVStoreVersion = "v2" )
type VaultKubernetesAuth ¶
type VaultKubernetesAuth struct { // Path where the Kubernetes authentication backend is mounted in Vault, e.g: // "kubernetes" // +kubebuilder:default=kubernetes Path string `json:"mountPath"` // Optional service account field containing the name of a kubernetes ServiceAccount. // If the service account is specified, the service account secret token JWT will be used // for authenticating with Vault. If the service account selector is not supplied, // the secretRef will be used instead. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // Optional secret field containing a Kubernetes ServiceAccount JWT used // for authenticating with Vault. If a name is specified without a key, // `token` is the default. If one is not specified, the one bound to // the controller will be used. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // A required field containing the Vault Role to assume. A Role binds a // Kubernetes ServiceAccount with a set of Vault policies. Role string `json:"role"` }
Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.
func (*VaultKubernetesAuth) DeepCopy ¶
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (*VaultKubernetesAuth) DeepCopyInto ¶
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKubernetesServiceAccountTokenAuth ¶
type VaultKubernetesServiceAccountTokenAuth struct { // Service account field containing the name of a kubernetes ServiceAccount. ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` // Optional audiences field that will be used to request a temporary Kubernetes service // account token for the service account referenced by `serviceAccountRef`. // Defaults to a single audience `vault` it not specified. // Deprecated: use serviceAccountRef.Audiences instead // +optional Audiences *[]string `json:"audiences,omitempty"` // Optional expiration time in seconds that will be used to request a temporary // Kubernetes service account token for the service account referenced by // `serviceAccountRef`. // Deprecated: this will be removed in the future. // Defaults to 10 minutes. // +optional ExpirationSeconds *int64 `json:"expirationSeconds,omitempty"` }
VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.
func (*VaultKubernetesServiceAccountTokenAuth) DeepCopy ¶
func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopy() *VaultKubernetesServiceAccountTokenAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesServiceAccountTokenAuth.
func (*VaultKubernetesServiceAccountTokenAuth) DeepCopyInto ¶
func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopyInto(out *VaultKubernetesServiceAccountTokenAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultLdapAuth ¶
type VaultLdapAuth struct { // Path where the LDAP authentication backend is mounted // in Vault, e.g: "ldap" // +kubebuilder:default=ldap Path string `json:"path"` // Username is a LDAP user name used to authenticate using the LDAP Vault // authentication method Username string `json:"username"` // SecretRef to a key in a Secret resource containing password for the LDAP // user used to authenticate with Vault using the LDAP authentication // method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.
func (*VaultLdapAuth) DeepCopy ¶
func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.
func (*VaultLdapAuth) DeepCopyInto ¶
func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultProvider ¶
type VaultProvider struct { // Auth configures how secret-manager authenticates with the Vault server. Auth VaultAuth `json:"auth"` // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". Server string `json:"server"` // Path is the mount path of the Vault KV backend endpoint, e.g: // "secret". The v2 KV secret engine version specific "/data" path suffix // for fetching secrets from Vault is optional and will be appended // if not present in specified path. // +optional Path *string `json:"path"` // Version is the Vault KV secret engine version. This can be either "v1" or // "v2". Version defaults to "v2". // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum="v1";"v2" // +kubebuilder:default:="v2" Version VaultKVStoreVersion `json:"version"` // Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows // Vault environments to support Secure Multi-tenancy. e.g: "ns1". // More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces // +optional Namespace *string `json:"namespace,omitempty"` // PEM encoded CA bundle used to validate Vault server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate Vault server certificate. // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` // ReadYourWrites ensures isolated read-after-write semantics by // providing discovered cluster replication states in each request. // More information about eventual consistency in Vault can be found here // https://www.vaultproject.io/docs/enterprise/consistency // +optional ReadYourWrites bool `json:"readYourWrites,omitempty"` // ForwardInconsistent tells Vault to forward read-after-write requests to the Vault // leader instead of simply retrying within a loop. This can increase performance if // the option is enabled serverside. // https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header // +optional ForwardInconsistent bool `json:"forwardInconsistent,omitempty"` }
Configures an store to sync secrets using a HashiCorp Vault KV backend.
func (*VaultProvider) DeepCopy ¶
func (in *VaultProvider) DeepCopy() *VaultProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.
func (*VaultProvider) DeepCopyInto ¶
func (in *VaultProvider) DeepCopyInto(out *VaultProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookCAProvider ¶
type WebhookCAProvider struct { // The type of provider to use such as "Secret", or "ConfigMap". // +kubebuilder:validation:Enum="Secret";"ConfigMap" Type WebhookCAProviderType `json:"type"` // The name of the object located at the provider type. Name string `json:"name"` // The key the value inside of the provider type to use, only used with "Secret" type // +kubebuilder:validation:Optional Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional Namespace *string `json:"namespace,omitempty"` }
Defines a location to fetch the cert for the webhook provider from.
func (*WebhookCAProvider) DeepCopy ¶
func (in *WebhookCAProvider) DeepCopy() *WebhookCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookCAProvider.
func (*WebhookCAProvider) DeepCopyInto ¶
func (in *WebhookCAProvider) DeepCopyInto(out *WebhookCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookCAProviderType ¶
type WebhookCAProviderType string
const ( WebhookCAProviderTypeSecret WebhookCAProviderType = "Secret" WebhookCAProviderTypeConfigMap WebhookCAProviderType = "ConfigMap" )
type WebhookProvider ¶
type WebhookProvider struct { // Webhook Method // +optional, default GET Method string `json:"method,omitempty"` // Webhook url to call URL string `json:"url"` // Headers // +optional Headers map[string]string `json:"headers,omitempty"` // Body // +optional Body string `json:"body,omitempty"` // Timeout // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` // Result formatting Result WebhookResult `json:"result"` // Secrets to fill in templates // These secrets will be passed to the templating function as key value pairs under the given name // +optional Secrets []WebhookSecret `json:"secrets,omitempty"` // PEM encoded CA bundle used to validate webhook server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate webhook server certificate. // +optional CAProvider *WebhookCAProvider `json:"caProvider,omitempty"` }
AkeylessProvider Configures an store to sync secrets using Akeyless KV.
func (*WebhookProvider) DeepCopy ¶
func (in *WebhookProvider) DeepCopy() *WebhookProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookProvider.
func (*WebhookProvider) DeepCopyInto ¶
func (in *WebhookProvider) DeepCopyInto(out *WebhookProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookResult ¶
type WebhookResult struct { // Json path of return value // +optional JSONPath string `json:"jsonPath,omitempty"` }
func (*WebhookResult) DeepCopy ¶
func (in *WebhookResult) DeepCopy() *WebhookResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookResult.
func (*WebhookResult) DeepCopyInto ¶
func (in *WebhookResult) DeepCopyInto(out *WebhookResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookSecret ¶
type WebhookSecret struct { // Name of this secret in templates Name string `json:"name"` // Secret ref to fill in credentials SecretRef esmeta.SecretKeySelector `json:"secretRef"` }
func (*WebhookSecret) DeepCopy ¶
func (in *WebhookSecret) DeepCopy() *WebhookSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSecret.
func (*WebhookSecret) DeepCopyInto ¶
func (in *WebhookSecret) DeepCopyInto(out *WebhookSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexCertificateManagerAuth ¶ added in v0.5.4
type YandexCertificateManagerAuth struct { // The authorized key used for authentication // +optional AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"` }
func (*YandexCertificateManagerAuth) DeepCopy ¶ added in v0.5.4
func (in *YandexCertificateManagerAuth) DeepCopy() *YandexCertificateManagerAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerAuth.
func (*YandexCertificateManagerAuth) DeepCopyInto ¶ added in v0.5.4
func (in *YandexCertificateManagerAuth) DeepCopyInto(out *YandexCertificateManagerAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexCertificateManagerCAProvider ¶ added in v0.5.4
type YandexCertificateManagerCAProvider struct {
Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}
func (*YandexCertificateManagerCAProvider) DeepCopy ¶ added in v0.5.4
func (in *YandexCertificateManagerCAProvider) DeepCopy() *YandexCertificateManagerCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerCAProvider.
func (*YandexCertificateManagerCAProvider) DeepCopyInto ¶ added in v0.5.4
func (in *YandexCertificateManagerCAProvider) DeepCopyInto(out *YandexCertificateManagerCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexCertificateManagerProvider ¶ added in v0.5.4
type YandexCertificateManagerProvider struct { // Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') // +optional APIEndpoint string `json:"apiEndpoint,omitempty"` // Auth defines the information necessary to authenticate against Yandex Certificate Manager Auth YandexCertificateManagerAuth `json:"auth"` // The provider for the CA bundle to use to validate Yandex.Cloud server certificate. // +optional CAProvider *YandexCertificateManagerCAProvider `json:"caProvider,omitempty"` }
YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.
func (*YandexCertificateManagerProvider) DeepCopy ¶ added in v0.5.4
func (in *YandexCertificateManagerProvider) DeepCopy() *YandexCertificateManagerProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerProvider.
func (*YandexCertificateManagerProvider) DeepCopyInto ¶ added in v0.5.4
func (in *YandexCertificateManagerProvider) DeepCopyInto(out *YandexCertificateManagerProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxAuth ¶
type YandexLockboxAuth struct { // The authorized key used for authentication // +optional AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"` }
func (*YandexLockboxAuth) DeepCopy ¶
func (in *YandexLockboxAuth) DeepCopy() *YandexLockboxAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxAuth.
func (*YandexLockboxAuth) DeepCopyInto ¶
func (in *YandexLockboxAuth) DeepCopyInto(out *YandexLockboxAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxCAProvider ¶
type YandexLockboxCAProvider struct {
Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}
func (*YandexLockboxCAProvider) DeepCopy ¶
func (in *YandexLockboxCAProvider) DeepCopy() *YandexLockboxCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxCAProvider.
func (*YandexLockboxCAProvider) DeepCopyInto ¶
func (in *YandexLockboxCAProvider) DeepCopyInto(out *YandexLockboxCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxProvider ¶
type YandexLockboxProvider struct { // Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') // +optional APIEndpoint string `json:"apiEndpoint,omitempty"` // Auth defines the information necessary to authenticate against Yandex Lockbox Auth YandexLockboxAuth `json:"auth"` // The provider for the CA bundle to use to validate Yandex.Cloud server certificate. // +optional CAProvider *YandexLockboxCAProvider `json:"caProvider,omitempty"` }
YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.
func (*YandexLockboxProvider) DeepCopy ¶
func (in *YandexLockboxProvider) DeepCopy() *YandexLockboxProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxProvider.
func (*YandexLockboxProvider) DeepCopyInto ¶
func (in *YandexLockboxProvider) DeepCopyInto(out *YandexLockboxProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- clusterexternalsecret_types.go
- doc.go
- externalsecret_conversion.go
- externalsecret_types.go
- externalsecret_validator.go
- externalsecret_webhook.go
- generic_store.go
- provider.go
- provider_schema.go
- pushsecret_interfaces.go
- register.go
- secretstore_akeyless_types.go
- secretstore_alibaba_types.go
- secretstore_aws_types.go
- secretstore_azurekv_types.go
- secretstore_conversion.go
- secretstore_doppler_types.go
- secretstore_fake_types.go
- secretstore_gcpsm_types.go
- secretstore_gitlab_types.go
- secretstore_ibm_types.go
- secretstore_keepersecurity_types.go
- secretstore_kubernetes_types.go
- secretstore_onepassword_types.go
- secretstore_oracle_types.go
- secretstore_scaleway_types.go
- secretstore_senhasegura_types.go
- secretstore_types.go
- secretstore_validator.go
- secretstore_vault_types.go
- secretstore_webhook.go
- secretstore_webhook_types.go
- secretstore_yandexcertificatemanager_types.go
- secretstore_yandexlockbox_types.go
- zz_generated.deepcopy.go