Documentation ¶
Overview ¶
Package v1beta1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1beta1
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func ForceRegister(s Provider, storeSpec *SecretStoreProvider)
- func Register(s Provider, storeSpec *SecretStoreProvider)
- type AWSAuth
- type AWSAuthSecretRef
- type AWSJWTAuth
- type AWSProvider
- type AWSServiceType
- type AkeylessAuth
- type AkeylessAuthSecretRef
- type AkeylessKubernetesAuth
- type AkeylessProvider
- type AlibabaAuth
- type AlibabaAuthSecretRef
- type AlibabaProvider
- type AlibabaRRSAAuth
- type AzureAuthType
- type AzureEnvironmentType
- type AzureKVAuth
- type AzureKVProvider
- type BitwardenSecretsManagerAuth
- type BitwardenSecretsManagerProvider
- type BitwardenSecretsManagerSecretRef
- type CAProvider
- type CAProviderType
- type CertAuth
- type ChefAuth
- type ChefAuthSecretRef
- type ChefProvider
- type ClusterExternalSecret
- type ClusterExternalSecretConditionType
- type ClusterExternalSecretList
- type ClusterExternalSecretNamespaceFailure
- type ClusterExternalSecretSpec
- type ClusterExternalSecretStatus
- type ClusterExternalSecretStatusCondition
- type ClusterSecretStore
- func (c *ClusterSecretStore) Copy() GenericStore
- func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
- func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
- func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
- func (c *ClusterSecretStore) GetKind() string
- func (c *ClusterSecretStore) GetNamespacedName() string
- func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
- func (c *ClusterSecretStore) GetStatus() SecretStoreStatus
- func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
- func (*ClusterSecretStore) Hub()
- func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)
- func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
- type ClusterSecretStoreCondition
- type ClusterSecretStoreList
- type ConjurAPIKey
- type ConjurAuth
- type ConjurJWT
- type ConjurProvider
- type DelineaProvider
- type DelineaProviderSecretRef
- type Device42Auth
- type Device42Provider
- type Device42SecretRef
- type DopplerAuth
- type DopplerAuthSecretRef
- type DopplerProvider
- type ExternalSecret
- type ExternalSecretConditionType
- type ExternalSecretConversionStrategy
- type ExternalSecretCreationPolicy
- type ExternalSecretData
- type ExternalSecretDataFromRemoteRef
- type ExternalSecretDataRemoteRef
- type ExternalSecretDecodingStrategy
- type ExternalSecretDeletionPolicy
- type ExternalSecretFind
- type ExternalSecretList
- type ExternalSecretMetadata
- type ExternalSecretMetadataPolicy
- type ExternalSecretRewrite
- type ExternalSecretRewriteRegexp
- type ExternalSecretRewriteTransform
- type ExternalSecretSpec
- type ExternalSecretStatus
- type ExternalSecretStatusCondition
- type ExternalSecretTarget
- type ExternalSecretTemplate
- type ExternalSecretTemplateMetadata
- type ExternalSecretValidator
- func (in *ExternalSecretValidator) DeepCopy() *ExternalSecretValidator
- func (in *ExternalSecretValidator) DeepCopyInto(out *ExternalSecretValidator)
- func (esv *ExternalSecretValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error)
- func (esv *ExternalSecretValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error)
- func (esv *ExternalSecretValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)
- type FakeProvider
- type FakeProviderData
- type FindName
- type FortanixProvider
- type FortanixProviderSecretRef
- type GCPSMAuth
- type GCPSMAuthSecretRef
- type GCPSMProvider
- type GCPWorkloadIdentity
- type GeneratorRef
- type GenericStore
- type GenericStoreValidator
- func (in *GenericStoreValidator) DeepCopy() *GenericStoreValidator
- func (in *GenericStoreValidator) DeepCopyInto(out *GenericStoreValidator)
- func (r *GenericStoreValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error)
- func (r *GenericStoreValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error)
- func (r *GenericStoreValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)
- type GitlabAuth
- type GitlabProvider
- type GitlabSecretRef
- type IBMAuth
- type IBMAuthContainerAuth
- type IBMAuthSecretRef
- type IBMProvider
- type InfisicalAuth
- type InfisicalProvider
- type KeeperSecurityProvider
- type KubernetesAuth
- type KubernetesProvider
- type KubernetesServer
- type MachineIdentityScopeInWorkspace
- type NoSecretError
- type OnboardbaseAuthSecretRef
- type OnboardbaseProvider
- type OnePasswordAuth
- type OnePasswordAuthSecretRef
- type OnePasswordProvider
- type OracleAuth
- type OraclePrincipalType
- type OracleProvider
- type OracleSecretRef
- type PassboltAuth
- type PassboltProvider
- type PasswordDepotAuth
- type PasswordDepotProvider
- type PasswordDepotSecretRef
- type Provider
- type PulumiProvider
- type PulumiProviderSecretRef
- type PushSecretData
- type PushSecretRemoteRef
- type ScalewayProvider
- type ScalewayProviderSecretRef
- type SecretStore
- func (c *SecretStore) Copy() GenericStore
- func (in *SecretStore) DeepCopy() *SecretStore
- func (in *SecretStore) DeepCopyInto(out *SecretStore)
- func (in *SecretStore) DeepCopyObject() runtime.Object
- func (c *SecretStore) GetKind() string
- func (c *SecretStore) GetNamespacedName() string
- func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
- func (c *SecretStore) GetSpec() *SecretStoreSpec
- func (c *SecretStore) GetStatus() SecretStoreStatus
- func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
- func (*SecretStore) Hub()
- func (c *SecretStore) SetStatus(status SecretStoreStatus)
- func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
- type SecretStoreCapabilities
- type SecretStoreConditionType
- type SecretStoreList
- type SecretStoreProvider
- type SecretStoreRef
- type SecretStoreRetrySettings
- type SecretStoreSpec
- type SecretStoreStatus
- type SecretStoreStatusCondition
- type SecretsClient
- type SecretsManager
- type SenhaseguraAuth
- type SenhaseguraModuleType
- type SenhaseguraProvider
- type StoreGeneratorSourceRef
- type StoreSourceRef
- type Tag
- type TemplateEngineVersion
- type TemplateFrom
- type TemplateMergePolicy
- type TemplateRef
- type TemplateRefItem
- type TemplateScope
- type TemplateTarget
- type TokenAuth
- type UniversalAuthCredentials
- type ValidationResult
- type VaultAppRole
- type VaultAuth
- type VaultAwsAuth
- type VaultAwsAuthSecretRef
- type VaultAwsJWTAuth
- type VaultCertAuth
- type VaultClientTLS
- type VaultIamAuth
- type VaultJwtAuth
- type VaultKVStoreVersion
- type VaultKubernetesAuth
- type VaultKubernetesServiceAccountTokenAuth
- type VaultLdapAuth
- type VaultProvider
- type VaultUserPassAuth
- type WebhookCAProvider
- type WebhookCAProviderType
- type WebhookProvider
- type WebhookResult
- type WebhookSecret
- type YandexCertificateManagerAuth
- type YandexCertificateManagerCAProvider
- type YandexCertificateManagerProvider
- type YandexLockboxAuth
- type YandexLockboxCAProvider
- type YandexLockboxProvider
Constants ¶
const ( // ConditionReasonSecretSynced indicates that the secrets was synced. ConditionReasonSecretSynced = "SecretSynced" // ConditionReasonSecretSyncedError indicates that there was an error syncing the secret. ConditionReasonSecretSyncedError = "SecretSyncedError" // ConditionReasonSecretDeleted indicates that the secret has been deleted. ConditionReasonSecretDeleted = "SecretDeleted" ReasonUpdateFailed = "UpdateFailed" ReasonDeprecated = "ParameterDeprecated" ReasonCreated = "Created" ReasonUpdated = "Updated" ReasonDeleted = "Deleted" )
const ( // AnnotationDataHash is used to ensure consistency. AnnotationDataHash = "reconcile.external-secrets.io/data-hash" // LabelOwner points to the owning ExternalSecret resource // and is used to manage the lifecycle of a Secret LabelOwner = "reconcile.external-secrets.io/created-by" )
const ( Group = "external-secrets.io" Version = "v1beta1" )
Package type metadata.
const ( SecretStoreReady SecretStoreConditionType = "Ready" ReasonInvalidStore = "InvalidStoreConfiguration" ReasonInvalidProviderConfig = "InvalidProviderConfig" ReasonValidationFailed = "ValidationFailed" ReasonStoreValid = "Valid" )
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects. SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} AddToScheme = SchemeBuilder.AddToScheme )
var ( ExtSecretKind = reflect.TypeOf(ExternalSecret{}).Name() ExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String() ExtSecretKindAPIVersion = ExtSecretKind + "." + SchemeGroupVersion.String() ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind) )
ExternalSecret type metadata.
var ( ClusterExtSecretKind = reflect.TypeOf(ClusterExternalSecret{}).Name() ClusterExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ClusterExtSecretKind}.String() ClusterExtSecretKindAPIVersion = ClusterExtSecretKind + "." + SchemeGroupVersion.String() ClusterExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ClusterExtSecretKind) )
ClusterExternalSecret type metadata.
var ( SecretStoreKind = reflect.TypeOf(SecretStore{}).Name() SecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String() SecretStoreKindAPIVersion = SecretStoreKind + "." + SchemeGroupVersion.String() SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind) )
SecretStore type metadata.
var ( ClusterSecretStoreKind = reflect.TypeOf(ClusterSecretStore{}).Name() ClusterSecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String() ClusterSecretStoreKindAPIVersion = ClusterSecretStoreKind + "." + SchemeGroupVersion.String() ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind) )
ClusterSecretStore type metadata.
var NoSecretErr = NoSecretError{}
Functions ¶
func ForceRegister ¶
func ForceRegister(s Provider, storeSpec *SecretStoreProvider)
ForceRegister adds to store schema, overwriting a store if already registered. Should only be used for testing.
func Register ¶
func Register(s Provider, storeSpec *SecretStoreProvider)
Register a store backend type. Register panics if a backend with the same store is already registered.
Types ¶
type AWSAuth ¶
type AWSAuth struct { // +optional SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"` // +optional JWTAuth *AWSJWTAuth `json:"jwt,omitempty"` }
AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.
func (*AWSAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.
func (*AWSAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSAuthSecretRef ¶
type AWSAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` // The SecretAccessKey is used for authentication SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` // The SessionToken used for authentication // This must be defined if AccessKeyID and SecretAccessKey are temporary credentials // see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html // +Optional SessionToken *esmeta.SecretKeySelector `json:"sessionTokenSecretRef,omitempty"` }
AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
func (*AWSAuthSecretRef) DeepCopy ¶
func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.
func (*AWSAuthSecretRef) DeepCopyInto ¶
func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSJWTAuth ¶
type AWSJWTAuth struct {
ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}
Authenticate against AWS using service account tokens.
func (*AWSJWTAuth) DeepCopy ¶
func (in *AWSJWTAuth) DeepCopy() *AWSJWTAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSJWTAuth.
func (*AWSJWTAuth) DeepCopyInto ¶
func (in *AWSJWTAuth) DeepCopyInto(out *AWSJWTAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSProvider ¶
type AWSProvider struct { // Service defines which service should be used to fetch the secrets Service AWSServiceType `json:"service"` // Auth defines the information necessary to authenticate against AWS // if not set aws sdk will infer credentials from your environment // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional Auth AWSAuth `json:"auth,omitempty"` // Role is a Role ARN which the provider will assume // +optional Role string `json:"role,omitempty"` // AWS Region to be used for the provider Region string `json:"region"` // AdditionalRoles is a chained list of Role ARNs which the provider will sequentially assume before assuming the Role // +optional AdditionalRoles []string `json:"additionalRoles,omitempty"` // AWS External ID set on assumed IAM roles ExternalID string `json:"externalID,omitempty"` // AWS STS assume role session tags // +optional SessionTags []*Tag `json:"sessionTags,omitempty"` // SecretsManager defines how the provider behaves when interacting with AWS SecretsManager // +optional SecretsManager *SecretsManager `json:"secretsManager,omitempty"` // AWS STS assume role transitive session tags. Required when multiple rules are used with the provider // +optional TransitiveTagKeys []*string `json:"transitiveTagKeys,omitempty"` }
AWSProvider configures a store to sync secrets with AWS.
func (*AWSProvider) DeepCopy ¶
func (in *AWSProvider) DeepCopy() *AWSProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.
func (*AWSProvider) DeepCopyInto ¶
func (in *AWSProvider) DeepCopyInto(out *AWSProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSServiceType ¶
type AWSServiceType string
AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore
const ( // AWSServiceSecretsManager is the AWS SecretsManager service. // see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html AWSServiceSecretsManager AWSServiceType = "SecretsManager" // AWSServiceParameterStore is the AWS SystemsManager ParameterStore service. // see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html AWSServiceParameterStore AWSServiceType = "ParameterStore" )
type AkeylessAuth ¶
type AkeylessAuth struct { // Reference to a Secret that contains the details // to authenticate with Akeyless. // +optional SecretRef AkeylessAuthSecretRef `json:"secretRef,omitempty"` // Kubernetes authenticates with Akeyless by passing the ServiceAccount // token stored in the named Secret resource. // +optional KubernetesAuth *AkeylessKubernetesAuth `json:"kubernetesAuth,omitempty"` }
func (*AkeylessAuth) DeepCopy ¶
func (in *AkeylessAuth) DeepCopy() *AkeylessAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuth.
func (*AkeylessAuth) DeepCopyInto ¶
func (in *AkeylessAuth) DeepCopyInto(out *AkeylessAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessAuthSecretRef ¶
type AkeylessAuthSecretRef struct { // The SecretAccessID is used for authentication AccessID esmeta.SecretKeySelector `json:"accessID,omitempty"` AccessType esmeta.SecretKeySelector `json:"accessType,omitempty"` AccessTypeParam esmeta.SecretKeySelector `json:"accessTypeParam,omitempty"` }
AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.
func (*AkeylessAuthSecretRef) DeepCopy ¶
func (in *AkeylessAuthSecretRef) DeepCopy() *AkeylessAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuthSecretRef.
func (*AkeylessAuthSecretRef) DeepCopyInto ¶
func (in *AkeylessAuthSecretRef) DeepCopyInto(out *AkeylessAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessKubernetesAuth ¶ added in v0.6.0
type AkeylessKubernetesAuth struct { // the Akeyless Kubernetes auth-method access-id AccessID string `json:"accessID"` // Kubernetes-auth configuration name in Akeyless-Gateway K8sConfName string `json:"k8sConfName"` // Optional service account field containing the name of a kubernetes ServiceAccount. // If the service account is specified, the service account secret token JWT will be used // for authenticating with Akeyless. If the service account selector is not supplied, // the secretRef will be used instead. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // Optional secret field containing a Kubernetes ServiceAccount JWT used // for authenticating with Akeyless. If a name is specified without a key, // `token` is the default. If one is not specified, the one bound to // the controller will be used. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
Authenticate with Kubernetes ServiceAccount token stored.
func (*AkeylessKubernetesAuth) DeepCopy ¶ added in v0.6.0
func (in *AkeylessKubernetesAuth) DeepCopy() *AkeylessKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessKubernetesAuth.
func (*AkeylessKubernetesAuth) DeepCopyInto ¶ added in v0.6.0
func (in *AkeylessKubernetesAuth) DeepCopyInto(out *AkeylessKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AkeylessProvider ¶
type AkeylessProvider struct { // Akeyless GW API Url from which the secrets to be fetched from. AkeylessGWApiURL *string `json:"akeylessGWApiURL"` // Auth configures how the operator authenticates with Akeyless. Auth *AkeylessAuth `json:"authSecretRef"` // PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used // if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate Akeyless Gateway certificate. // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` }
AkeylessProvider Configures an store to sync secrets using Akeyless KV.
func (*AkeylessProvider) DeepCopy ¶
func (in *AkeylessProvider) DeepCopy() *AkeylessProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessProvider.
func (*AkeylessProvider) DeepCopyInto ¶
func (in *AkeylessProvider) DeepCopyInto(out *AkeylessProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaAuth ¶
type AlibabaAuth struct { // +optional SecretRef *AlibabaAuthSecretRef `json:"secretRef,omitempty"` // +optional RRSAAuth *AlibabaRRSAAuth `json:"rrsa,omitempty"` }
AlibabaAuth contains a secretRef for credentials.
func (*AlibabaAuth) DeepCopy ¶
func (in *AlibabaAuth) DeepCopy() *AlibabaAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuth.
func (*AlibabaAuth) DeepCopyInto ¶
func (in *AlibabaAuth) DeepCopyInto(out *AlibabaAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaAuthSecretRef ¶
type AlibabaAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef"` // The AccessKeySecret is used for authentication AccessKeySecret esmeta.SecretKeySelector `json:"accessKeySecretSecretRef"` }
AlibabaAuthSecretRef holds secret references for Alibaba credentials.
func (*AlibabaAuthSecretRef) DeepCopy ¶
func (in *AlibabaAuthSecretRef) DeepCopy() *AlibabaAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuthSecretRef.
func (*AlibabaAuthSecretRef) DeepCopyInto ¶
func (in *AlibabaAuthSecretRef) DeepCopyInto(out *AlibabaAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaProvider ¶
type AlibabaProvider struct { Auth AlibabaAuth `json:"auth"` // Alibaba Region to be used for the provider RegionID string `json:"regionID"` }
AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.
func (*AlibabaProvider) DeepCopy ¶
func (in *AlibabaProvider) DeepCopy() *AlibabaProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaProvider.
func (*AlibabaProvider) DeepCopyInto ¶
func (in *AlibabaProvider) DeepCopyInto(out *AlibabaProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AlibabaRRSAAuth ¶ added in v0.7.3
type AlibabaRRSAAuth struct { OIDCProviderARN string `json:"oidcProviderArn"` OIDCTokenFilePath string `json:"oidcTokenFilePath"` RoleARN string `json:"roleArn"` SessionName string `json:"sessionName"` }
Authenticate against Alibaba using RRSA.
func (*AlibabaRRSAAuth) DeepCopy ¶ added in v0.7.3
func (in *AlibabaRRSAAuth) DeepCopy() *AlibabaRRSAAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaRRSAAuth.
func (*AlibabaRRSAAuth) DeepCopyInto ¶ added in v0.7.3
func (in *AlibabaRRSAAuth) DeepCopyInto(out *AlibabaRRSAAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureAuthType ¶
type AzureAuthType string
AuthType describes how to authenticate to the Azure Keyvault Only one of the following auth types may be specified. If none of the following auth type is specified, the default one is ServicePrincipal. +kubebuilder:validation:Enum=ServicePrincipal;ManagedIdentity;WorkloadIdentity
const ( // Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret. AzureServicePrincipal AzureAuthType = "ServicePrincipal" // Using Managed Identity to authenticate. Used with aad-pod-identity installed in the cluster. AzureManagedIdentity AzureAuthType = "ManagedIdentity" // Using Workload Identity service accounts to authenticate. AzureWorkloadIdentity AzureAuthType = "WorkloadIdentity" )
type AzureEnvironmentType ¶ added in v0.6.0
type AzureEnvironmentType string
AzureEnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud +kubebuilder:validation:Enum=PublicCloud;USGovernmentCloud;ChinaCloud;GermanCloud
const ( AzureEnvironmentPublicCloud AzureEnvironmentType = "PublicCloud" AzureEnvironmentUSGovernmentCloud AzureEnvironmentType = "USGovernmentCloud" AzureEnvironmentChinaCloud AzureEnvironmentType = "ChinaCloud" AzureEnvironmentGermanCloud AzureEnvironmentType = "GermanCloud" )
type AzureKVAuth ¶
type AzureKVAuth struct { // The Azure clientId of the service principle or managed identity used for authentication. // +optional ClientID *smmeta.SecretKeySelector `json:"clientId,omitempty"` // The Azure tenantId of the managed identity used for authentication. // +optional TenantID *smmeta.SecretKeySelector `json:"tenantId,omitempty"` // The Azure ClientSecret of the service principle used for authentication. // +optional ClientSecret *smmeta.SecretKeySelector `json:"clientSecret,omitempty"` // The Azure ClientCertificate of the service principle used for authentication. // +optional ClientCertificate *smmeta.SecretKeySelector `json:"clientCertificate,omitempty"` }
Configuration used to authenticate with Azure.
func (*AzureKVAuth) DeepCopy ¶
func (in *AzureKVAuth) DeepCopy() *AzureKVAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.
func (*AzureKVAuth) DeepCopyInto ¶
func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AzureKVProvider ¶
type AzureKVProvider struct { // Auth type defines how to authenticate to the keyvault service. // Valid values are: // - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) // - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity) // +optional // +kubebuilder:default=ServicePrincipal AuthType *AzureAuthType `json:"authType,omitempty"` // Vault Url from which the secrets to be fetched from. VaultURL *string `json:"vaultUrl"` // TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. // +optional TenantID *string `json:"tenantId,omitempty"` // EnvironmentType specifies the Azure cloud environment endpoints to use for // connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. // The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 // PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud // +kubebuilder:default=PublicCloud EnvironmentType AzureEnvironmentType `json:"environmentType,omitempty"` // Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. // +optional AuthSecretRef *AzureKVAuth `json:"authSecretRef,omitempty"` // ServiceAccountRef specified the service account // that should be used when authenticating with WorkloadIdentity. // +optional ServiceAccountRef *smmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // If multiple Managed Identity is assigned to the pod, you can select the one to be used // +optional IdentityID *string `json:"identityId,omitempty"` }
Configures an store to sync secrets using Azure KV.
func (*AzureKVProvider) DeepCopy ¶
func (in *AzureKVProvider) DeepCopy() *AzureKVProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.
func (*AzureKVProvider) DeepCopyInto ¶
func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BitwardenSecretsManagerAuth ¶ added in v0.9.20
type BitwardenSecretsManagerAuth struct {
SecretRef BitwardenSecretsManagerSecretRef `json:"secretRef"`
}
BitwardenSecretsManagerAuth contains the ref to the secret that contains the machine account token.
func (*BitwardenSecretsManagerAuth) DeepCopy ¶ added in v0.9.20
func (in *BitwardenSecretsManagerAuth) DeepCopy() *BitwardenSecretsManagerAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerAuth.
func (*BitwardenSecretsManagerAuth) DeepCopyInto ¶ added in v0.9.20
func (in *BitwardenSecretsManagerAuth) DeepCopyInto(out *BitwardenSecretsManagerAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BitwardenSecretsManagerProvider ¶ added in v0.9.20
type BitwardenSecretsManagerProvider struct { APIURL string `json:"apiURL,omitempty"` IdentityURL string `json:"identityURL,omitempty"` BitwardenServerSDKURL string `json:"bitwardenServerSDKURL,omitempty"` // Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack // can be performed. // +required CABundle string `json:"caBundle"` // OrganizationID determines which organization this secret store manages. OrganizationID string `json:"organizationID"` // ProjectID determines which project this secret store manages. ProjectID string `json:"projectID"` // Auth configures how secret-manager authenticates with a bitwarden machine account instance. // Make sure that the token being used has permissions on the given secret. Auth BitwardenSecretsManagerAuth `json:"auth"` }
BitwardenSecretsManagerProvider configures a store to sync secrets with a Bitwarden Secrets Manager instance.
func (*BitwardenSecretsManagerProvider) DeepCopy ¶ added in v0.9.20
func (in *BitwardenSecretsManagerProvider) DeepCopy() *BitwardenSecretsManagerProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerProvider.
func (*BitwardenSecretsManagerProvider) DeepCopyInto ¶ added in v0.9.20
func (in *BitwardenSecretsManagerProvider) DeepCopyInto(out *BitwardenSecretsManagerProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BitwardenSecretsManagerSecretRef ¶ added in v0.9.20
type BitwardenSecretsManagerSecretRef struct { // AccessToken used for the bitwarden instance. // +required Credentials esmeta.SecretKeySelector `json:"credentials"` }
BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance.
func (*BitwardenSecretsManagerSecretRef) DeepCopy ¶ added in v0.9.20
func (in *BitwardenSecretsManagerSecretRef) DeepCopy() *BitwardenSecretsManagerSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerSecretRef.
func (*BitwardenSecretsManagerSecretRef) DeepCopyInto ¶ added in v0.9.20
func (in *BitwardenSecretsManagerSecretRef) DeepCopyInto(out *BitwardenSecretsManagerSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CAProvider ¶
type CAProvider struct { // The type of provider to use such as "Secret", or "ConfigMap". // +kubebuilder:validation:Enum="Secret";"ConfigMap" Type CAProviderType `json:"type"` // The name of the object located at the provider type. Name string `json:"name"` // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional Key string `json:"key,omitempty"` // The namespace the Provider type is in. // Can only be defined when used in a ClusterSecretStore. // +optional Namespace *string `json:"namespace,omitempty"` }
Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate.
func (*CAProvider) DeepCopy ¶
func (in *CAProvider) DeepCopy() *CAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAProvider.
func (*CAProvider) DeepCopyInto ¶
func (in *CAProvider) DeepCopyInto(out *CAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CAProviderType ¶
type CAProviderType string
const ( CAProviderTypeSecret CAProviderType = "Secret" CAProviderTypeConfigMap CAProviderType = "ConfigMap" )
type CertAuth ¶
type CertAuth struct { ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"` ClientKey esmeta.SecretKeySelector `json:"clientKey,omitempty"` }
func (*CertAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertAuth.
func (*CertAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ChefAuth ¶ added in v0.9.13
type ChefAuth struct {
SecretRef ChefAuthSecretRef `json:"secretRef"`
}
ChefAuth contains a secretRef for credentials.
func (*ChefAuth) DeepCopy ¶ added in v0.9.13
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChefAuth.
func (*ChefAuth) DeepCopyInto ¶ added in v0.9.13
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ChefAuthSecretRef ¶ added in v0.9.13
type ChefAuthSecretRef struct { // SecretKey is the Signing Key in PEM format, used for authentication. SecretKey esmeta.SecretKeySelector `json:"privateKeySecretRef"` }
ChefAuthSecretRef holds secret references for chef server login credentials.
func (*ChefAuthSecretRef) DeepCopy ¶ added in v0.9.13
func (in *ChefAuthSecretRef) DeepCopy() *ChefAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChefAuthSecretRef.
func (*ChefAuthSecretRef) DeepCopyInto ¶ added in v0.9.13
func (in *ChefAuthSecretRef) DeepCopyInto(out *ChefAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ChefProvider ¶ added in v0.9.13
type ChefProvider struct { // Auth defines the information necessary to authenticate against chef Server Auth *ChefAuth `json:"auth"` // UserName should be the user ID on the chef server UserName string `json:"username"` // ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/" ServerURL string `json:"serverUrl"` }
ChefProvider configures a store to sync secrets using basic chef server connection credentials.
func (*ChefProvider) DeepCopy ¶ added in v0.9.13
func (in *ChefProvider) DeepCopy() *ChefProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChefProvider.
func (*ChefProvider) DeepCopyInto ¶ added in v0.9.13
func (in *ChefProvider) DeepCopyInto(out *ChefProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecret ¶
type ClusterExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ClusterExternalSecretSpec `json:"spec,omitempty"` Status ClusterExternalSecretStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:storageversion +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=ces +kubebuilder:subresource:status +kubebuilder:metadata:labels="external-secrets.io/component=controller" +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.externalSecretSpec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshTime` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` ClusterExternalSecret is the Schema for the clusterexternalsecrets API.
func (*ClusterExternalSecret) DeepCopy ¶
func (in *ClusterExternalSecret) DeepCopy() *ClusterExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecret.
func (*ClusterExternalSecret) DeepCopyInto ¶
func (in *ClusterExternalSecret) DeepCopyInto(out *ClusterExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterExternalSecret) DeepCopyObject ¶
func (in *ClusterExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterExternalSecretConditionType ¶
type ClusterExternalSecretConditionType string
const ClusterExternalSecretReady ClusterExternalSecretConditionType = "Ready"
type ClusterExternalSecretList ¶
type ClusterExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterExternalSecret `json:"items"` }
ClusterExternalSecretList contains a list of ClusterExternalSecret.
func (*ClusterExternalSecretList) DeepCopy ¶
func (in *ClusterExternalSecretList) DeepCopy() *ClusterExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretList.
func (*ClusterExternalSecretList) DeepCopyInto ¶
func (in *ClusterExternalSecretList) DeepCopyInto(out *ClusterExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterExternalSecretList) DeepCopyObject ¶
func (in *ClusterExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterExternalSecretNamespaceFailure ¶
type ClusterExternalSecretNamespaceFailure struct { // Namespace is the namespace that failed when trying to apply an ExternalSecret Namespace string `json:"namespace"` // Reason is why the ExternalSecret failed to apply to the namespace // +optional Reason string `json:"reason,omitempty"` }
ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it's reason.
func (*ClusterExternalSecretNamespaceFailure) DeepCopy ¶
func (in *ClusterExternalSecretNamespaceFailure) DeepCopy() *ClusterExternalSecretNamespaceFailure
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretNamespaceFailure.
func (*ClusterExternalSecretNamespaceFailure) DeepCopyInto ¶
func (in *ClusterExternalSecretNamespaceFailure) DeepCopyInto(out *ClusterExternalSecretNamespaceFailure)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretSpec ¶
type ClusterExternalSecretSpec struct { // The spec for the ExternalSecrets to be created ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"` // The name of the external secrets to be created defaults to the name of the ClusterExternalSecret // +optional ExternalSecretName string `json:"externalSecretName,omitempty"` // The metadata of the external secrets to be created // +optional ExternalSecretMetadata ExternalSecretMetadata `json:"externalSecretMetadata,omitempty"` // The labels to select by to find the Namespaces to create the ExternalSecrets in. // Deprecated: Use NamespaceSelectors instead. // +optional NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` // A list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed. // +optional NamespaceSelectors []*metav1.LabelSelector `json:"namespaceSelectors,omitempty"` // Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. // +optional Namespaces []string `json:"namespaces,omitempty"` // The time in which the controller should reconcile its objects and recheck namespaces for labels. RefreshInterval *metav1.Duration `json:"refreshTime,omitempty"` }
ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.
func (*ClusterExternalSecretSpec) DeepCopy ¶
func (in *ClusterExternalSecretSpec) DeepCopy() *ClusterExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretSpec.
func (*ClusterExternalSecretSpec) DeepCopyInto ¶
func (in *ClusterExternalSecretSpec) DeepCopyInto(out *ClusterExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretStatus ¶
type ClusterExternalSecretStatus struct { // ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret ExternalSecretName string `json:"externalSecretName,omitempty"` // Failed namespaces are the namespaces that failed to apply an ExternalSecret // +optional FailedNamespaces []ClusterExternalSecretNamespaceFailure `json:"failedNamespaces,omitempty"` // ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets // +optional ProvisionedNamespaces []string `json:"provisionedNamespaces,omitempty"` // +optional Conditions []ClusterExternalSecretStatusCondition `json:"conditions,omitempty"` }
ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.
func (*ClusterExternalSecretStatus) DeepCopy ¶
func (in *ClusterExternalSecretStatus) DeepCopy() *ClusterExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatus.
func (*ClusterExternalSecretStatus) DeepCopyInto ¶
func (in *ClusterExternalSecretStatus) DeepCopyInto(out *ClusterExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterExternalSecretStatusCondition ¶
type ClusterExternalSecretStatusCondition struct { Type ClusterExternalSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Message string `json:"message,omitempty"` }
func (*ClusterExternalSecretStatusCondition) DeepCopy ¶
func (in *ClusterExternalSecretStatusCondition) DeepCopy() *ClusterExternalSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterExternalSecretStatusCondition.
func (*ClusterExternalSecretStatusCondition) DeepCopyInto ¶
func (in *ClusterExternalSecretStatusCondition) DeepCopyInto(out *ClusterExternalSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSecretStore ¶
type ClusterSecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec SecretStoreSpec `json:"spec,omitempty"` Status SecretStoreStatus `json:"status,omitempty"` }
ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Capabilities",type=string,JSONPath=`.status.capabilities` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +kubebuilder:subresource:status +kubebuilder:metadata:labels="external-secrets.io/component=controller" +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css
func (*ClusterSecretStore) Copy ¶
func (c *ClusterSecretStore) Copy() GenericStore
func (*ClusterSecretStore) DeepCopy ¶
func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.
func (*ClusterSecretStore) DeepCopyInto ¶
func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStore) DeepCopyObject ¶
func (in *ClusterSecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ClusterSecretStore) GetKind ¶ added in v0.6.1
func (c *ClusterSecretStore) GetKind() string
func (*ClusterSecretStore) GetNamespacedName ¶
func (c *ClusterSecretStore) GetNamespacedName() string
func (*ClusterSecretStore) GetObjectMeta ¶
func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*ClusterSecretStore) GetSpec ¶
func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec
func (*ClusterSecretStore) GetStatus ¶
func (c *ClusterSecretStore) GetStatus() SecretStoreStatus
func (*ClusterSecretStore) GetTypeMeta ¶
func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta
func (*ClusterSecretStore) Hub ¶
func (*ClusterSecretStore) Hub()
func (*ClusterSecretStore) SetStatus ¶
func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)
func (*ClusterSecretStore) SetupWebhookWithManager ¶
func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
type ClusterSecretStoreCondition ¶ added in v0.6.1
type ClusterSecretStoreCondition struct { // Choose namespace using a labelSelector // +optional NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` // Choose namespaces by name // +optional Namespaces []string `json:"namespaces,omitempty"` // Choose namespaces by using regex matching // +optional NamespaceRegexes []string `json:"namespaceRegexes,omitempty"` }
ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
func (*ClusterSecretStoreCondition) DeepCopy ¶ added in v0.6.1
func (in *ClusterSecretStoreCondition) DeepCopy() *ClusterSecretStoreCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreCondition.
func (*ClusterSecretStoreCondition) DeepCopyInto ¶ added in v0.6.1
func (in *ClusterSecretStoreCondition) DeepCopyInto(out *ClusterSecretStoreCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSecretStoreList ¶
type ClusterSecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterSecretStore `json:"items"` }
ClusterSecretStoreList contains a list of ClusterSecretStore resources.
func (*ClusterSecretStoreList) DeepCopy ¶
func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.
func (*ClusterSecretStoreList) DeepCopyInto ¶
func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterSecretStoreList) DeepCopyObject ¶
func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ConjurAPIKey ¶ added in v0.9.12
type ConjurAPIKey struct { Account string `json:"account"` UserRef *esmeta.SecretKeySelector `json:"userRef"` APIKeyRef *esmeta.SecretKeySelector `json:"apiKeyRef"` }
func (*ConjurAPIKey) DeepCopy ¶ added in v0.9.12
func (in *ConjurAPIKey) DeepCopy() *ConjurAPIKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConjurAPIKey.
func (*ConjurAPIKey) DeepCopyInto ¶ added in v0.9.12
func (in *ConjurAPIKey) DeepCopyInto(out *ConjurAPIKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConjurAuth ¶ added in v0.8.4
type ConjurAuth struct { // +optional APIKey *ConjurAPIKey `json:"apikey,omitempty"` // +optional Jwt *ConjurJWT `json:"jwt,omitempty"` }
func (*ConjurAuth) DeepCopy ¶ added in v0.8.4
func (in *ConjurAuth) DeepCopy() *ConjurAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConjurAuth.
func (*ConjurAuth) DeepCopyInto ¶ added in v0.8.4
func (in *ConjurAuth) DeepCopyInto(out *ConjurAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConjurJWT ¶ added in v0.9.6
type ConjurJWT struct { Account string `json:"account"` // The conjur authn jwt webservice id ServiceID string `json:"serviceID"` // Optional HostID for JWT authentication. This may be used depending // on how the Conjur JWT authenticator policy is configured. // +optional HostID string `json:"hostId"` // Optional SecretRef that refers to a key in a Secret resource containing JWT token to // authenticate with Conjur using the JWT authentication method. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // Optional ServiceAccountRef specifies the Kubernetes service account for which to request // a token for with the `TokenRequest` API. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` }
func (*ConjurJWT) DeepCopy ¶ added in v0.9.6
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConjurJWT.
func (*ConjurJWT) DeepCopyInto ¶ added in v0.9.6
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConjurProvider ¶ added in v0.8.4
type ConjurProvider struct { URL string `json:"url"` // +optional CABundle string `json:"caBundle,omitempty"` // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` Auth ConjurAuth `json:"auth"` }
func (*ConjurProvider) DeepCopy ¶ added in v0.8.4
func (in *ConjurProvider) DeepCopy() *ConjurProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConjurProvider.
func (*ConjurProvider) DeepCopyInto ¶ added in v0.8.4
func (in *ConjurProvider) DeepCopyInto(out *ConjurProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DelineaProvider ¶ added in v0.9.1
type DelineaProvider struct { // ClientID is the non-secret part of the credential. ClientID *DelineaProviderSecretRef `json:"clientId"` // ClientSecret is the secret part of the credential. ClientSecret *DelineaProviderSecretRef `json:"clientSecret"` // Tenant is the chosen hostname / site name. Tenant string `json:"tenant"` // URLTemplate // If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". // +optional URLTemplate string `json:"urlTemplate,omitempty"` // TLD is based on the server location that was chosen during provisioning. // If unset, defaults to "com". // +optional TLD string `json:"tld,omitempty"` }
See https://github.com/DelineaXPM/dsv-sdk-go/blob/main/vault/vault.go.
func (*DelineaProvider) DeepCopy ¶ added in v0.9.1
func (in *DelineaProvider) DeepCopy() *DelineaProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DelineaProvider.
func (*DelineaProvider) DeepCopyInto ¶ added in v0.9.1
func (in *DelineaProvider) DeepCopyInto(out *DelineaProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DelineaProviderSecretRef ¶ added in v0.9.1
type DelineaProviderSecretRef struct { // Value can be specified directly to set a value without using a secret. // +optional Value string `json:"value,omitempty"` // SecretRef references a key in a secret that will be used as value. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
func (*DelineaProviderSecretRef) DeepCopy ¶ added in v0.9.1
func (in *DelineaProviderSecretRef) DeepCopy() *DelineaProviderSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DelineaProviderSecretRef.
func (*DelineaProviderSecretRef) DeepCopyInto ¶ added in v0.9.1
func (in *DelineaProviderSecretRef) DeepCopyInto(out *DelineaProviderSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Device42Auth ¶ added in v0.9.20
type Device42Auth struct {
SecretRef Device42SecretRef `json:"secretRef"`
}
func (*Device42Auth) DeepCopy ¶ added in v0.9.20
func (in *Device42Auth) DeepCopy() *Device42Auth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42Auth.
func (*Device42Auth) DeepCopyInto ¶ added in v0.9.20
func (in *Device42Auth) DeepCopyInto(out *Device42Auth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Device42Provider ¶ added in v0.9.20
type Device42Provider struct { // URL configures the Device42 instance URL. Host string `json:"host"` // Auth configures how secret-manager authenticates with a Device42 instance. Auth Device42Auth `json:"auth"` }
Device42Provider configures a store to sync secrets with a Device42 instance.
func (*Device42Provider) DeepCopy ¶ added in v0.9.20
func (in *Device42Provider) DeepCopy() *Device42Provider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42Provider.
func (*Device42Provider) DeepCopyInto ¶ added in v0.9.20
func (in *Device42Provider) DeepCopyInto(out *Device42Provider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Device42SecretRef ¶ added in v0.9.20
type Device42SecretRef struct { // Username / Password is used for authentication. // +optional Credentials esmeta.SecretKeySelector `json:"credentials,omitempty"` }
func (*Device42SecretRef) DeepCopy ¶ added in v0.9.20
func (in *Device42SecretRef) DeepCopy() *Device42SecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42SecretRef.
func (*Device42SecretRef) DeepCopyInto ¶ added in v0.9.20
func (in *Device42SecretRef) DeepCopyInto(out *Device42SecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DopplerAuth ¶ added in v0.6.0
type DopplerAuth struct {
SecretRef DopplerAuthSecretRef `json:"secretRef"`
}
func (*DopplerAuth) DeepCopy ¶ added in v0.6.0
func (in *DopplerAuth) DeepCopy() *DopplerAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerAuth.
func (*DopplerAuth) DeepCopyInto ¶ added in v0.6.0
func (in *DopplerAuth) DeepCopyInto(out *DopplerAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DopplerAuthSecretRef ¶ added in v0.6.0
type DopplerAuthSecretRef struct { // The DopplerToken is used for authentication. // See https://docs.doppler.com/reference/api#authentication for auth token types. // The Key attribute defaults to dopplerToken if not specified. DopplerToken esmeta.SecretKeySelector `json:"dopplerToken"` }
func (*DopplerAuthSecretRef) DeepCopy ¶ added in v0.6.0
func (in *DopplerAuthSecretRef) DeepCopy() *DopplerAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerAuthSecretRef.
func (*DopplerAuthSecretRef) DeepCopyInto ¶ added in v0.6.0
func (in *DopplerAuthSecretRef) DeepCopyInto(out *DopplerAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DopplerProvider ¶ added in v0.6.0
type DopplerProvider struct { // Auth configures how the Operator authenticates with the Doppler API Auth *DopplerAuth `json:"auth"` // Doppler project (required if not using a Service Token) // +optional Project string `json:"project,omitempty"` // Doppler config (required if not using a Service Token) // +optional Config string `json:"config,omitempty"` // Environment variable compatible name transforms that change secret names to a different format // +kubebuilder:validation:Enum=upper-camel;camel;lower-snake;tf-var;dotnet-env;lower-kebab // +optional NameTransformer string `json:"nameTransformer,omitempty"` // Format enables the downloading of secrets as a file (string) // +kubebuilder:validation:Enum=json;dotnet-json;env;yaml;docker // +optional Format string `json:"format,omitempty"` }
DopplerProvider configures a store to sync secrets using the Doppler provider. Project and Config are required if not using a Service Token.
func (*DopplerProvider) DeepCopy ¶ added in v0.6.0
func (in *DopplerProvider) DeepCopy() *DopplerProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DopplerProvider.
func (*DopplerProvider) DeepCopyInto ¶ added in v0.6.0
func (in *DopplerProvider) DeepCopyInto(out *DopplerProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecret ¶
type ExternalSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ExternalSecretSpec `json:"spec,omitempty"` Status ExternalSecretStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:storageversion ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:metadata:labels="external-secrets.io/component=controller" +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`
func (*ExternalSecret) DeepCopy ¶
func (in *ExternalSecret) DeepCopy() *ExternalSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.
func (*ExternalSecret) DeepCopyInto ¶
func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecret) DeepCopyObject ¶
func (in *ExternalSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ExternalSecret) Hub ¶
func (*ExternalSecret) Hub()
func (*ExternalSecret) SetupWebhookWithManager ¶
func (r *ExternalSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
type ExternalSecretConditionType ¶
type ExternalSecretConditionType string
const ( ExternalSecretReady ExternalSecretConditionType = "Ready" ExternalSecretDeleted ExternalSecretConditionType = "Deleted" )
type ExternalSecretConversionStrategy ¶
type ExternalSecretConversionStrategy string
+kubebuilder:validation:Enum=Default;Unicode
const ( ExternalSecretConversionDefault ExternalSecretConversionStrategy = "Default" ExternalSecretConversionUnicode ExternalSecretConversionStrategy = "Unicode" )
type ExternalSecretCreationPolicy ¶
type ExternalSecretCreationPolicy string
ExternalSecretCreationPolicy defines rules on how to create the resulting Secret. +kubebuilder:validation:Enum=Owner;Orphan;Merge;None
const ( // Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource. CreatePolicyOwner ExternalSecretCreationPolicy = "Owner" // Orphan creates the Secret and does not set the ownerReference. // I.e. it will be orphaned after the deletion of the ExternalSecret. CreatePolicyOrphan ExternalSecretCreationPolicy = "Orphan" // Merge does not create the Secret, but merges the data fields to the Secret. CreatePolicyMerge ExternalSecretCreationPolicy = "Merge" // None does not create a Secret (future use with injector). CreatePolicyNone ExternalSecretCreationPolicy = "None" )
type ExternalSecretData ¶
type ExternalSecretData struct { // SecretKey defines the key in which the controller stores // the value. This is the key in the Kind=Secret SecretKey string `json:"secretKey"` // RemoteRef points to the remote secret and defines // which secret (version/property/..) to fetch. RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` // SourceRef allows you to override the source // from which the value will pulled from. SourceRef *StoreSourceRef `json:"sourceRef,omitempty"` }
ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
func (*ExternalSecretData) DeepCopy ¶
func (in *ExternalSecretData) DeepCopy() *ExternalSecretData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.
func (*ExternalSecretData) DeepCopyInto ¶
func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataFromRemoteRef ¶
type ExternalSecretDataFromRemoteRef struct { // Used to extract multiple key/value pairs from one secret // Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef. // +optional Extract *ExternalSecretDataRemoteRef `json:"extract,omitempty"` // Used to find secrets based on tags or regular expressions // Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef. // +optional Find *ExternalSecretFind `json:"find,omitempty"` // Used to rewrite secret Keys after getting them from the secret Provider // Multiple Rewrite operations can be provided. They are applied in a layered order (first to last) // +optional Rewrite []ExternalSecretRewrite `json:"rewrite,omitempty"` // SourceRef points to a store or generator // which contains secret values ready to use. // Use this in combination with Extract or Find pull values out of // a specific SecretStore. // When sourceRef points to a generator Extract or Find is not supported. // The generator returns a static map of values SourceRef *StoreGeneratorSourceRef `json:"sourceRef,omitempty"` }
func (*ExternalSecretDataFromRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataFromRemoteRef) DeepCopy() *ExternalSecretDataFromRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataFromRemoteRef.
func (*ExternalSecretDataFromRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataFromRemoteRef) DeepCopyInto(out *ExternalSecretDataFromRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDataRemoteRef ¶
type ExternalSecretDataRemoteRef struct { // Key is the key used in the Provider, mandatory Key string `json:"key"` // +optional // Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None // +kubebuilder:default="None" MetadataPolicy ExternalSecretMetadataPolicy `json:"metadataPolicy,omitempty"` // +optional // Used to select a specific property of the Provider value (if a map), if supported Property string `json:"property,omitempty"` // +optional // Used to select a specific version of the Provider value, if supported Version string `json:"version,omitempty"` // +optional // Used to define a conversion Strategy // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` // +optional // Used to define a decoding Strategy // +kubebuilder:default="None" DecodingStrategy ExternalSecretDecodingStrategy `json:"decodingStrategy,omitempty"` }
ExternalSecretDataRemoteRef defines Provider data location.
func (*ExternalSecretDataRemoteRef) DeepCopy ¶
func (in *ExternalSecretDataRemoteRef) DeepCopy() *ExternalSecretDataRemoteRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.
func (*ExternalSecretDataRemoteRef) DeepCopyInto ¶
func (in *ExternalSecretDataRemoteRef) DeepCopyInto(out *ExternalSecretDataRemoteRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretDecodingStrategy ¶ added in v0.5.8
type ExternalSecretDecodingStrategy string
+kubebuilder:validation:Enum=Auto;Base64;Base64URL;None
const ( ExternalSecretDecodeAuto ExternalSecretDecodingStrategy = "Auto" ExternalSecretDecodeBase64 ExternalSecretDecodingStrategy = "Base64" ExternalSecretDecodeBase64URL ExternalSecretDecodingStrategy = "Base64URL" ExternalSecretDecodeNone ExternalSecretDecodingStrategy = "None" )
type ExternalSecretDeletionPolicy ¶
type ExternalSecretDeletionPolicy string
ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret. +kubebuilder:validation:Enum=Delete;Merge;Retain
const ( // Delete deletes the secret if all provider secrets are deleted. // If a secret gets deleted on the provider side and is not accessible // anymore this is not considered an error and the ExternalSecret // does not go into SecretSyncedError status. DeletionPolicyDelete ExternalSecretDeletionPolicy = "Delete" // Merge removes keys in the secret, but not the secret itself. // If a secret gets deleted on the provider side and is not accessible // anymore this is not considered an error and the ExternalSecret // does not go into SecretSyncedError status. DeletionPolicyMerge ExternalSecretDeletionPolicy = "Merge" // Retain will retain the secret if all provider secrets have been deleted. // If a provider secret does not exist the ExternalSecret gets into the // SecretSyncedError status. DeletionPolicyRetain ExternalSecretDeletionPolicy = "Retain" )
type ExternalSecretFind ¶
type ExternalSecretFind struct { // A root path to start the find operations. // +optional Path *string `json:"path,omitempty"` // Finds secrets based on the name. // +optional Name *FindName `json:"name,omitempty"` // Find secrets based on tags. // +optional Tags map[string]string `json:"tags,omitempty"` // +optional // Used to define a conversion Strategy // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` // +optional // Used to define a decoding Strategy // +kubebuilder:default="None" DecodingStrategy ExternalSecretDecodingStrategy `json:"decodingStrategy,omitempty"` }
func (*ExternalSecretFind) DeepCopy ¶
func (in *ExternalSecretFind) DeepCopy() *ExternalSecretFind
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretFind.
func (*ExternalSecretFind) DeepCopyInto ¶
func (in *ExternalSecretFind) DeepCopyInto(out *ExternalSecretFind)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretList ¶
type ExternalSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ExternalSecret `json:"items"` }
ExternalSecretList contains a list of ExternalSecret resources.
func (*ExternalSecretList) DeepCopy ¶
func (in *ExternalSecretList) DeepCopy() *ExternalSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.
func (*ExternalSecretList) DeepCopyInto ¶
func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretList) DeepCopyObject ¶
func (in *ExternalSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExternalSecretMetadata ¶ added in v0.8.4
type ExternalSecretMetadata struct { // +optional Annotations map[string]string `json:"annotations,omitempty"` // +optional Labels map[string]string `json:"labels,omitempty"` }
ExternalSecretMetadata defines metadata fields for the ExternalSecret generated by the ClusterExternalSecret.
func (*ExternalSecretMetadata) DeepCopy ¶ added in v0.8.4
func (in *ExternalSecretMetadata) DeepCopy() *ExternalSecretMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretMetadata.
func (*ExternalSecretMetadata) DeepCopyInto ¶ added in v0.8.4
func (in *ExternalSecretMetadata) DeepCopyInto(out *ExternalSecretMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretMetadataPolicy ¶ added in v0.5.4
type ExternalSecretMetadataPolicy string
+kubebuilder:validation:Enum=None;Fetch
const ( ExternalSecretMetadataPolicyNone ExternalSecretMetadataPolicy = "None" ExternalSecretMetadataPolicyFetch ExternalSecretMetadataPolicy = "Fetch" )
type ExternalSecretRewrite ¶ added in v0.5.9
type ExternalSecretRewrite struct { // Used to rewrite with regular expressions. // The resulting key will be the output of a regexp.ReplaceAll operation. // +optional Regexp *ExternalSecretRewriteRegexp `json:"regexp,omitempty"` // Used to apply string transformation on the secrets. // The resulting key will be the output of the template applied by the operation. // +optional Transform *ExternalSecretRewriteTransform `json:"transform,omitempty"` }
func (*ExternalSecretRewrite) DeepCopy ¶ added in v0.5.9
func (in *ExternalSecretRewrite) DeepCopy() *ExternalSecretRewrite
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretRewrite.
func (*ExternalSecretRewrite) DeepCopyInto ¶ added in v0.5.9
func (in *ExternalSecretRewrite) DeepCopyInto(out *ExternalSecretRewrite)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretRewriteRegexp ¶ added in v0.5.9
type ExternalSecretRewriteRegexp struct { // Used to define the regular expression of a re.Compiler. Source string `json:"source"` // Used to define the target pattern of a ReplaceAll operation. Target string `json:"target"` }
func (*ExternalSecretRewriteRegexp) DeepCopy ¶ added in v0.5.9
func (in *ExternalSecretRewriteRegexp) DeepCopy() *ExternalSecretRewriteRegexp
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretRewriteRegexp.
func (*ExternalSecretRewriteRegexp) DeepCopyInto ¶ added in v0.5.9
func (in *ExternalSecretRewriteRegexp) DeepCopyInto(out *ExternalSecretRewriteRegexp)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretRewriteTransform ¶ added in v0.9.10
type ExternalSecretRewriteTransform struct { // Used to define the template to apply on the secret name. // `.value ` will specify the secret name in the template. Template string `json:"template"` }
func (*ExternalSecretRewriteTransform) DeepCopy ¶ added in v0.9.10
func (in *ExternalSecretRewriteTransform) DeepCopy() *ExternalSecretRewriteTransform
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretRewriteTransform.
func (*ExternalSecretRewriteTransform) DeepCopyInto ¶ added in v0.9.10
func (in *ExternalSecretRewriteTransform) DeepCopyInto(out *ExternalSecretRewriteTransform)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretSpec ¶
type ExternalSecretSpec struct { // +optional SecretStoreRef SecretStoreRef `json:"secretStoreRef,omitempty"` // +kubebuilder:default={creationPolicy:Owner,deletionPolicy:Retain} // +optional Target ExternalSecretTarget `json:"target,omitempty"` // RefreshInterval is the amount of time before the values are read again from the SecretStore provider // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" // May be set to zero to fetch and create it once. Defaults to 1h. // +kubebuilder:default="1h" RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` // Data defines the connection between the Kubernetes Secret keys and the Provider data // +optional Data []ExternalSecretData `json:"data,omitempty"` // DataFrom is used to fetch all properties from a specific Provider data // If multiple entries are specified, the Secret keys are merged in the specified order // +optional DataFrom []ExternalSecretDataFromRemoteRef `json:"dataFrom,omitempty"` }
ExternalSecretSpec defines the desired state of ExternalSecret.
func (*ExternalSecretSpec) DeepCopy ¶
func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.
func (*ExternalSecretSpec) DeepCopyInto ¶
func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatus ¶
type ExternalSecretStatus struct { // +nullable // refreshTime is the time and date the external secret was fetched and // the target secret updated RefreshTime metav1.Time `json:"refreshTime,omitempty"` // SyncedResourceVersion keeps track of the last synced version SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"` // +optional Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"` // Binding represents a servicebinding.io Provisioned Service reference to the secret Binding corev1.LocalObjectReference `json:"binding,omitempty"` }
func (*ExternalSecretStatus) DeepCopy ¶
func (in *ExternalSecretStatus) DeepCopy() *ExternalSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.
func (*ExternalSecretStatus) DeepCopyInto ¶
func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretStatusCondition ¶
type ExternalSecretStatusCondition struct { Type ExternalSecretConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*ExternalSecretStatusCondition) DeepCopy ¶
func (in *ExternalSecretStatusCondition) DeepCopy() *ExternalSecretStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.
func (*ExternalSecretStatusCondition) DeepCopyInto ¶
func (in *ExternalSecretStatusCondition) DeepCopyInto(out *ExternalSecretStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTarget ¶
type ExternalSecretTarget struct { // Name defines the name of the Secret resource to be managed // This field is immutable // Defaults to the .metadata.name of the ExternalSecret resource // +optional Name string `json:"name,omitempty"` // CreationPolicy defines rules on how to create the resulting Secret // Defaults to 'Owner' // +optional // +kubebuilder:default="Owner" CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` // DeletionPolicy defines rules on how to delete the resulting Secret // Defaults to 'Retain' // +optional // +kubebuilder:default="Retain" DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"` // Template defines a blueprint for the created Secret resource. // +optional Template *ExternalSecretTemplate `json:"template,omitempty"` // Immutable defines if the final secret will be immutable // +optional Immutable bool `json:"immutable,omitempty"` }
ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.
func (*ExternalSecretTarget) DeepCopy ¶
func (in *ExternalSecretTarget) DeepCopy() *ExternalSecretTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.
func (*ExternalSecretTarget) DeepCopyInto ¶
func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplate ¶
type ExternalSecretTemplate struct { // +optional Type corev1.SecretType `json:"type,omitempty"` // EngineVersion specifies the template engine version // that should be used to compile/execute the // template specified in .data and .templateFrom[]. // +kubebuilder:default="v2" EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"` // +optional Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"` // +kubebuilder:default="Replace" MergePolicy TemplateMergePolicy `json:"mergePolicy,omitempty"` // +optional Data map[string]string `json:"data,omitempty"` // +optional TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"` }
ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448
func (*ExternalSecretTemplate) DeepCopy ¶
func (in *ExternalSecretTemplate) DeepCopy() *ExternalSecretTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.
func (*ExternalSecretTemplate) DeepCopyInto ¶
func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretTemplateMetadata ¶
type ExternalSecretTemplateMetadata struct { // +optional Annotations map[string]string `json:"annotations,omitempty"` // +optional Labels map[string]string `json:"labels,omitempty"` }
ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
func (*ExternalSecretTemplateMetadata) DeepCopy ¶
func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.
func (*ExternalSecretTemplateMetadata) DeepCopyInto ¶
func (in *ExternalSecretTemplateMetadata) DeepCopyInto(out *ExternalSecretTemplateMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalSecretValidator ¶
type ExternalSecretValidator struct{}
func (*ExternalSecretValidator) DeepCopy ¶
func (in *ExternalSecretValidator) DeepCopy() *ExternalSecretValidator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretValidator.
func (*ExternalSecretValidator) DeepCopyInto ¶
func (in *ExternalSecretValidator) DeepCopyInto(out *ExternalSecretValidator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExternalSecretValidator) ValidateCreate ¶
func (*ExternalSecretValidator) ValidateDelete ¶
func (*ExternalSecretValidator) ValidateUpdate ¶
type FakeProvider ¶
type FakeProvider struct {
Data []FakeProviderData `json:"data"`
}
FakeProvider configures a fake provider that returns static values.
func (*FakeProvider) DeepCopy ¶
func (in *FakeProvider) DeepCopy() *FakeProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProvider.
func (*FakeProvider) DeepCopyInto ¶
func (in *FakeProvider) DeepCopyInto(out *FakeProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FakeProviderData ¶
type FakeProviderData struct { Key string `json:"key"` Value string `json:"value,omitempty"` // Deprecated: ValueMap is deprecated and is intended to be removed in the future, use the `value` field instead. ValueMap map[string]string `json:"valueMap,omitempty"` Version string `json:"version,omitempty"` }
func (*FakeProviderData) DeepCopy ¶
func (in *FakeProviderData) DeepCopy() *FakeProviderData
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProviderData.
func (*FakeProviderData) DeepCopyInto ¶
func (in *FakeProviderData) DeepCopyInto(out *FakeProviderData)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FindName ¶
type FindName struct { // Finds secrets base // +optional RegExp string `json:"regexp,omitempty"` }
func (*FindName) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FindName.
func (*FindName) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FortanixProvider ¶ added in v0.9.14
type FortanixProvider struct { // APIURL is the URL of SDKMS API. Defaults to `sdkms.fortanix.com`. APIURL string `json:"apiUrl,omitempty"` // APIKey is the API token to access SDKMS Applications. APIKey *FortanixProviderSecretRef `json:"apiKey,omitempty"` }
func (*FortanixProvider) DeepCopy ¶ added in v0.9.14
func (in *FortanixProvider) DeepCopy() *FortanixProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FortanixProvider.
func (*FortanixProvider) DeepCopyInto ¶ added in v0.9.14
func (in *FortanixProvider) DeepCopyInto(out *FortanixProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FortanixProviderSecretRef ¶ added in v0.9.14
type FortanixProviderSecretRef struct { // SecretRef is a reference to a secret containing the SDKMS API Key. SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
func (*FortanixProviderSecretRef) DeepCopy ¶ added in v0.9.14
func (in *FortanixProviderSecretRef) DeepCopy() *FortanixProviderSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FortanixProviderSecretRef.
func (*FortanixProviderSecretRef) DeepCopyInto ¶ added in v0.9.14
func (in *FortanixProviderSecretRef) DeepCopyInto(out *FortanixProviderSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMAuth ¶
type GCPSMAuth struct { // +optional SecretRef *GCPSMAuthSecretRef `json:"secretRef,omitempty"` // +optional WorkloadIdentity *GCPWorkloadIdentity `json:"workloadIdentity,omitempty"` }
func (*GCPSMAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.
func (*GCPSMAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMAuthSecretRef ¶
type GCPSMAuthSecretRef struct { // The SecretAccessKey is used for authentication // +optional SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` }
func (*GCPSMAuthSecretRef) DeepCopy ¶
func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.
func (*GCPSMAuthSecretRef) DeepCopyInto ¶
func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPSMProvider ¶
type GCPSMProvider struct { // Auth defines the information necessary to authenticate against GCP // +optional Auth GCPSMAuth `json:"auth,omitempty"` // ProjectID project where secret is located ProjectID string `json:"projectID,omitempty"` // Location optionally defines a location for a secret Location string `json:"location,omitempty"` }
GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.
func (*GCPSMProvider) DeepCopy ¶
func (in *GCPSMProvider) DeepCopy() *GCPSMProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.
func (*GCPSMProvider) DeepCopyInto ¶
func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPWorkloadIdentity ¶
type GCPWorkloadIdentity struct { ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` ClusterLocation string `json:"clusterLocation"` ClusterName string `json:"clusterName"` ClusterProjectID string `json:"clusterProjectID,omitempty"` }
func (*GCPWorkloadIdentity) DeepCopy ¶
func (in *GCPWorkloadIdentity) DeepCopy() *GCPWorkloadIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPWorkloadIdentity.
func (*GCPWorkloadIdentity) DeepCopyInto ¶
func (in *GCPWorkloadIdentity) DeepCopyInto(out *GCPWorkloadIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GeneratorRef ¶ added in v0.7.0
type GeneratorRef struct { // Specify the apiVersion of the generator resource // +kubebuilder:default="generators.external-secrets.io/v1alpha1" APIVersion string `json:"apiVersion,omitempty"` // Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. Kind string `json:"kind"` // Specify the name of the generator resource Name string `json:"name"` }
GeneratorRef points to a generator custom resource.
func (*GeneratorRef) DeepCopy ¶ added in v0.7.0
func (in *GeneratorRef) DeepCopy() *GeneratorRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GeneratorRef.
func (*GeneratorRef) DeepCopyInto ¶ added in v0.7.0
func (in *GeneratorRef) DeepCopyInto(out *GeneratorRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GenericStore ¶
type GenericStore interface { runtime.Object metav1.Object GetObjectMeta() *metav1.ObjectMeta GetTypeMeta() *metav1.TypeMeta GetKind() string GetSpec() *SecretStoreSpec GetNamespacedName() string GetStatus() SecretStoreStatus SetStatus(status SecretStoreStatus) Copy() GenericStore }
GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.
type GenericStoreValidator ¶
type GenericStoreValidator struct{}
func (*GenericStoreValidator) DeepCopy ¶
func (in *GenericStoreValidator) DeepCopy() *GenericStoreValidator
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericStoreValidator.
func (*GenericStoreValidator) DeepCopyInto ¶
func (in *GenericStoreValidator) DeepCopyInto(out *GenericStoreValidator)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GenericStoreValidator) ValidateCreate ¶
func (r *GenericStoreValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error)
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*GenericStoreValidator) ValidateDelete ¶
func (r *GenericStoreValidator) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error)
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*GenericStoreValidator) ValidateUpdate ¶
func (r *GenericStoreValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error)
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type GitlabAuth ¶
type GitlabAuth struct {
SecretRef GitlabSecretRef `json:"SecretRef"`
}
func (*GitlabAuth) DeepCopy ¶
func (in *GitlabAuth) DeepCopy() *GitlabAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabAuth.
func (*GitlabAuth) DeepCopyInto ¶
func (in *GitlabAuth) DeepCopyInto(out *GitlabAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitlabProvider ¶
type GitlabProvider struct { // URL configures the GitLab instance URL. Defaults to https://gitlab.com/. URL string `json:"url,omitempty"` // Auth configures how secret-manager authenticates with a GitLab instance. Auth GitlabAuth `json:"auth"` // ProjectID specifies a project where secrets are located. ProjectID string `json:"projectID,omitempty"` // InheritFromGroups specifies whether parent groups should be discovered and checked for secrets. InheritFromGroups bool `json:"inheritFromGroups,omitempty"` // GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables. GroupIDs []string `json:"groupIDs,omitempty"` // Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments) Environment string `json:"environment,omitempty"` }
Configures a store to sync secrets with a GitLab instance.
func (*GitlabProvider) DeepCopy ¶
func (in *GitlabProvider) DeepCopy() *GitlabProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabProvider.
func (*GitlabProvider) DeepCopyInto ¶
func (in *GitlabProvider) DeepCopyInto(out *GitlabProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GitlabSecretRef ¶
type GitlabSecretRef struct { // AccessToken is used for authentication. AccessToken esmeta.SecretKeySelector `json:"accessToken,omitempty"` }
func (*GitlabSecretRef) DeepCopy ¶
func (in *GitlabSecretRef) DeepCopy() *GitlabSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabSecretRef.
func (*GitlabSecretRef) DeepCopyInto ¶
func (in *GitlabSecretRef) DeepCopyInto(out *GitlabSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuth ¶
type IBMAuth struct { SecretRef *IBMAuthSecretRef `json:"secretRef,omitempty"` ContainerAuth *IBMAuthContainerAuth `json:"containerAuth,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*IBMAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuth.
func (*IBMAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuthContainerAuth ¶ added in v0.5.9
type IBMAuthContainerAuth struct { // the IBM Trusted Profile Profile string `json:"profile"` // Location the token is mounted on the pod TokenLocation string `json:"tokenLocation,omitempty"` IAMEndpoint string `json:"iamEndpoint,omitempty"` }
IBM Container-based auth with IAM Trusted Profile.
func (*IBMAuthContainerAuth) DeepCopy ¶ added in v0.5.9
func (in *IBMAuthContainerAuth) DeepCopy() *IBMAuthContainerAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthContainerAuth.
func (*IBMAuthContainerAuth) DeepCopyInto ¶ added in v0.5.9
func (in *IBMAuthContainerAuth) DeepCopyInto(out *IBMAuthContainerAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMAuthSecretRef ¶
type IBMAuthSecretRef struct { // The SecretAccessKey is used for authentication SecretAPIKey esmeta.SecretKeySelector `json:"secretApiKeySecretRef,omitempty"` }
func (*IBMAuthSecretRef) DeepCopy ¶
func (in *IBMAuthSecretRef) DeepCopy() *IBMAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthSecretRef.
func (*IBMAuthSecretRef) DeepCopyInto ¶
func (in *IBMAuthSecretRef) DeepCopyInto(out *IBMAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IBMProvider ¶
type IBMProvider struct { // Auth configures how secret-manager authenticates with the IBM secrets manager. Auth IBMAuth `json:"auth"` // ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance ServiceURL *string `json:"serviceUrl,omitempty"` }
Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.
func (*IBMProvider) DeepCopy ¶
func (in *IBMProvider) DeepCopy() *IBMProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMProvider.
func (*IBMProvider) DeepCopyInto ¶
func (in *IBMProvider) DeepCopyInto(out *IBMProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InfisicalAuth ¶ added in v0.9.20
type InfisicalAuth struct { // +optional UniversalAuthCredentials *UniversalAuthCredentials `json:"universalAuthCredentials,omitempty"` }
func (*InfisicalAuth) DeepCopy ¶ added in v0.9.20
func (in *InfisicalAuth) DeepCopy() *InfisicalAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfisicalAuth.
func (*InfisicalAuth) DeepCopyInto ¶ added in v0.9.20
func (in *InfisicalAuth) DeepCopyInto(out *InfisicalAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InfisicalProvider ¶ added in v0.9.20
type InfisicalProvider struct { // Auth configures how the Operator authenticates with the Infisical API // +kubebuilder:validation:Required Auth InfisicalAuth `json:"auth"` // +kubebuilder:validation:Required SecretsScope MachineIdentityScopeInWorkspace `json:"secretsScope"` // +kubebuilder:default="https://app.infisical.com/api" // +optional HostAPI string `json:"hostAPI,omitempty"` }
InfisicalProvider configures a store to sync secrets using the Infisical provider.
func (*InfisicalProvider) DeepCopy ¶ added in v0.9.20
func (in *InfisicalProvider) DeepCopy() *InfisicalProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfisicalProvider.
func (*InfisicalProvider) DeepCopyInto ¶ added in v0.9.20
func (in *InfisicalProvider) DeepCopyInto(out *InfisicalProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeeperSecurityProvider ¶ added in v0.7.3
type KeeperSecurityProvider struct { Auth smmeta.SecretKeySelector `json:"authRef"` FolderID string `json:"folderID"` }
KeeperSecurityProvider Configures a store to sync secrets using Keeper Security.
func (*KeeperSecurityProvider) DeepCopy ¶ added in v0.7.3
func (in *KeeperSecurityProvider) DeepCopy() *KeeperSecurityProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeeperSecurityProvider.
func (*KeeperSecurityProvider) DeepCopyInto ¶ added in v0.7.3
func (in *KeeperSecurityProvider) DeepCopyInto(out *KeeperSecurityProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesAuth ¶
type KubernetesAuth struct { // has both clientCert and clientKey as secretKeySelector // +optional Cert *CertAuth `json:"cert,omitempty"` // use static token to authenticate with // +optional Token *TokenAuth `json:"token,omitempty"` // points to a service account that should be used for authentication // +optional ServiceAccount *esmeta.ServiceAccountSelector `json:"serviceAccount,omitempty"` }
+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*KubernetesAuth) DeepCopy ¶
func (in *KubernetesAuth) DeepCopy() *KubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuth.
func (*KubernetesAuth) DeepCopyInto ¶
func (in *KubernetesAuth) DeepCopyInto(out *KubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesProvider ¶
type KubernetesProvider struct { // configures the Kubernetes server Address. // +optional Server KubernetesServer `json:"server,omitempty"` // Auth configures how secret-manager authenticates with a Kubernetes instance. // +optional Auth KubernetesAuth `json:"auth"` // A reference to a secret that contains the auth information. // +optional AuthRef *esmeta.SecretKeySelector `json:"authRef,omitempty"` // Remote namespace to fetch the secrets from // +kubebuilder:default= default // +optional RemoteNamespace string `json:"remoteNamespace,omitempty"` }
Configures a store to sync secrets with a Kubernetes instance.
func (*KubernetesProvider) DeepCopy ¶
func (in *KubernetesProvider) DeepCopy() *KubernetesProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesProvider.
func (*KubernetesProvider) DeepCopyInto ¶
func (in *KubernetesProvider) DeepCopyInto(out *KubernetesProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesServer ¶
type KubernetesServer struct { // configures the Kubernetes server Address. // +kubebuilder:default=kubernetes.default // +optional URL string `json:"url,omitempty"` // CABundle is a base64-encoded CA certificate // +optional CABundle []byte `json:"caBundle,omitempty"` // see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` }
func (*KubernetesServer) DeepCopy ¶
func (in *KubernetesServer) DeepCopy() *KubernetesServer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServer.
func (*KubernetesServer) DeepCopyInto ¶
func (in *KubernetesServer) DeepCopyInto(out *KubernetesServer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MachineIdentityScopeInWorkspace ¶ added in v0.9.20
type MachineIdentityScopeInWorkspace struct { // +kubebuilder:default="/" // +optional SecretsPath string `json:"secretsPath,omitempty"` // +kubebuilder:validation:Required EnvironmentSlug string `json:"environmentSlug"` // +kubebuilder:validation:Required ProjectSlug string `json:"projectSlug"` }
func (*MachineIdentityScopeInWorkspace) DeepCopy ¶ added in v0.9.20
func (in *MachineIdentityScopeInWorkspace) DeepCopy() *MachineIdentityScopeInWorkspace
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineIdentityScopeInWorkspace.
func (*MachineIdentityScopeInWorkspace) DeepCopyInto ¶ added in v0.9.20
func (in *MachineIdentityScopeInWorkspace) DeepCopyInto(out *MachineIdentityScopeInWorkspace)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NoSecretError ¶
type NoSecretError struct{}
NoSecretError shall be returned when a GetSecret can not find the desired secret. This is used for deletionPolicy.
func (*NoSecretError) DeepCopy ¶
func (in *NoSecretError) DeepCopy() *NoSecretError
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoSecretError.
func (*NoSecretError) DeepCopyInto ¶
func (in *NoSecretError) DeepCopyInto(out *NoSecretError)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (NoSecretError) Error ¶
func (NoSecretError) Error() string
type OnboardbaseAuthSecretRef ¶ added in v0.9.14
type OnboardbaseAuthSecretRef struct { // OnboardbaseAPIKey is the APIKey generated by an admin account. // It is used to recognize and authorize access to a project and environment within onboardbase // +kubebuilder:validation:Required OnboardbaseAPIKeyRef esmeta.SecretKeySelector `json:"apiKeyRef"` // OnboardbasePasscode is the passcode attached to the API Key // +kubebuilder:validation:Required OnboardbasePasscodeRef esmeta.SecretKeySelector `json:"passcodeRef"` }
OnboardbaseAuthSecretRef holds secret references for onboardbase API Key credentials.
func (*OnboardbaseAuthSecretRef) DeepCopy ¶ added in v0.9.14
func (in *OnboardbaseAuthSecretRef) DeepCopy() *OnboardbaseAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnboardbaseAuthSecretRef.
func (*OnboardbaseAuthSecretRef) DeepCopyInto ¶ added in v0.9.14
func (in *OnboardbaseAuthSecretRef) DeepCopyInto(out *OnboardbaseAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OnboardbaseProvider ¶ added in v0.9.14
type OnboardbaseProvider struct { // Auth configures how the Operator authenticates with the Onboardbase API Auth *OnboardbaseAuthSecretRef `json:"auth"` // APIHost use this to configure the host url for the API for selfhosted installation, default is https://public.onboardbase.com/api/v1/ // +kubebuilder:default:="https://public.onboardbase.com/api/v1/" APIHost string `json:"apiHost"` // Project is an onboardbase project that the secrets should be pulled from // +kubebuilder:validation:Required // +kubebuilder:default:="development" Project string `json:"project"` // Environment is the name of an environmnent within a project to pull the secrets from // +kubebuilder:validation:Required // +kubebuilder:default:="development" Environment string `json:"environment"` }
OnboardbaseProvider configures a store to sync secrets using the Onboardbase provider. Project and Config are required if not using a Service Token.
func (*OnboardbaseProvider) DeepCopy ¶ added in v0.9.14
func (in *OnboardbaseProvider) DeepCopy() *OnboardbaseProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnboardbaseProvider.
func (*OnboardbaseProvider) DeepCopyInto ¶ added in v0.9.14
func (in *OnboardbaseProvider) DeepCopyInto(out *OnboardbaseProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OnePasswordAuth ¶ added in v0.5.3
type OnePasswordAuth struct {
SecretRef *OnePasswordAuthSecretRef `json:"secretRef"`
}
OnePasswordAuth contains a secretRef for credentials.
func (*OnePasswordAuth) DeepCopy ¶ added in v0.5.3
func (in *OnePasswordAuth) DeepCopy() *OnePasswordAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordAuth.
func (*OnePasswordAuth) DeepCopyInto ¶ added in v0.5.3
func (in *OnePasswordAuth) DeepCopyInto(out *OnePasswordAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OnePasswordAuthSecretRef ¶ added in v0.5.3
type OnePasswordAuthSecretRef struct { // The ConnectToken is used for authentication to a 1Password Connect Server. ConnectToken esmeta.SecretKeySelector `json:"connectTokenSecretRef"` }
OnePasswordAuthSecretRef holds secret references for 1Password credentials.
func (*OnePasswordAuthSecretRef) DeepCopy ¶ added in v0.5.3
func (in *OnePasswordAuthSecretRef) DeepCopy() *OnePasswordAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordAuthSecretRef.
func (*OnePasswordAuthSecretRef) DeepCopyInto ¶ added in v0.5.3
func (in *OnePasswordAuthSecretRef) DeepCopyInto(out *OnePasswordAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OnePasswordProvider ¶ added in v0.5.3
type OnePasswordProvider struct { // Auth defines the information necessary to authenticate against OnePassword Connect Server Auth *OnePasswordAuth `json:"auth"` // ConnectHost defines the OnePassword Connect Server to connect to ConnectHost string `json:"connectHost"` // Vaults defines which OnePassword vaults to search in which order Vaults map[string]int `json:"vaults"` }
OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.
func (*OnePasswordProvider) DeepCopy ¶ added in v0.5.3
func (in *OnePasswordProvider) DeepCopy() *OnePasswordProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OnePasswordProvider.
func (*OnePasswordProvider) DeepCopyInto ¶ added in v0.5.3
func (in *OnePasswordProvider) DeepCopyInto(out *OnePasswordProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleAuth ¶
type OracleAuth struct { // Tenancy is the tenancy OCID where user is located. Tenancy string `json:"tenancy"` // User is an access OCID specific to the account. User string `json:"user"` // SecretRef to pass through sensitive information. SecretRef OracleSecretRef `json:"secretRef"` }
func (*OracleAuth) DeepCopy ¶
func (in *OracleAuth) DeepCopy() *OracleAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleAuth.
func (*OracleAuth) DeepCopyInto ¶
func (in *OracleAuth) DeepCopyInto(out *OracleAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OraclePrincipalType ¶ added in v0.9.8
type OraclePrincipalType string
+kubebuilder:validation:Enum="";UserPrincipal;InstancePrincipal;Workload
const ( // UserPrincipal represents a user principal. UserPrincipal OraclePrincipalType = "UserPrincipal" // InstancePrincipal represents a instance principal. InstancePrincipal OraclePrincipalType = "InstancePrincipal" // WorkloadPrincipal represents a workload principal. WorkloadPrincipal OraclePrincipalType = "Workload" )
type OracleProvider ¶
type OracleProvider struct { // Region is the region where vault is located. Region string `json:"region"` // Vault is the vault's OCID of the specific vault where secret is located. Vault string `json:"vault"` // Compartment is the vault compartment OCID. // Required for PushSecret // +optional Compartment string `json:"compartment,omitempty"` // EncryptionKey is the OCID of the encryption key within the vault. // Required for PushSecret // +optional EncryptionKey string `json:"encryptionKey,omitempty"` // The type of principal to use for authentication. If left blank, the Auth struct will // determine the principal type. This optional field must be specified if using // workload identity. // +optional PrincipalType OraclePrincipalType `json:"principalType,omitempty"` // Auth configures how secret-manager authenticates with the Oracle Vault. // If empty, use the instance principal, otherwise the user credentials specified in Auth. // +optional Auth *OracleAuth `json:"auth,omitempty"` // ServiceAccountRef specified the service account // that should be used when authenticating with WorkloadIdentity. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` }
Configures an store to sync secrets using a Oracle Vault backend.
func (*OracleProvider) DeepCopy ¶
func (in *OracleProvider) DeepCopy() *OracleProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleProvider.
func (*OracleProvider) DeepCopyInto ¶
func (in *OracleProvider) DeepCopyInto(out *OracleProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OracleSecretRef ¶
type OracleSecretRef struct { // PrivateKey is the user's API Signing Key in PEM format, used for authentication. PrivateKey esmeta.SecretKeySelector `json:"privatekey"` // Fingerprint is the fingerprint of the API private key. Fingerprint esmeta.SecretKeySelector `json:"fingerprint"` }
func (*OracleSecretRef) DeepCopy ¶
func (in *OracleSecretRef) DeepCopy() *OracleSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleSecretRef.
func (*OracleSecretRef) DeepCopyInto ¶
func (in *OracleSecretRef) DeepCopyInto(out *OracleSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PassboltAuth ¶ added in v0.9.16
type PassboltAuth struct { PasswordSecretRef *esmeta.SecretKeySelector `json:"passwordSecretRef"` PrivateKeySecretRef *esmeta.SecretKeySelector `json:"privateKeySecretRef"` }
Passbolt contains a secretRef for the passbolt credentials.
func (*PassboltAuth) DeepCopy ¶ added in v0.9.16
func (in *PassboltAuth) DeepCopy() *PassboltAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassboltAuth.
func (*PassboltAuth) DeepCopyInto ¶ added in v0.9.16
func (in *PassboltAuth) DeepCopyInto(out *PassboltAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PassboltProvider ¶ added in v0.9.16
type PassboltProvider struct { // Auth defines the information necessary to authenticate against Passbolt Server Auth *PassboltAuth `json:"auth"` // Host defines the Passbolt Server to connect to Host string `json:"host"` }
func (*PassboltProvider) DeepCopy ¶ added in v0.9.16
func (in *PassboltProvider) DeepCopy() *PassboltProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassboltProvider.
func (*PassboltProvider) DeepCopyInto ¶ added in v0.9.16
func (in *PassboltProvider) DeepCopyInto(out *PassboltProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PasswordDepotAuth ¶ added in v0.9.14
type PasswordDepotAuth struct {
SecretRef PasswordDepotSecretRef `json:"secretRef"`
}
func (*PasswordDepotAuth) DeepCopy ¶ added in v0.9.14
func (in *PasswordDepotAuth) DeepCopy() *PasswordDepotAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotAuth.
func (*PasswordDepotAuth) DeepCopyInto ¶ added in v0.9.14
func (in *PasswordDepotAuth) DeepCopyInto(out *PasswordDepotAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PasswordDepotProvider ¶ added in v0.9.14
type PasswordDepotProvider struct { // URL configures the Password Depot instance URL. Host string `json:"host"` // Database to use as source Database string `json:"database"` // Auth configures how secret-manager authenticates with a Password Depot instance. Auth PasswordDepotAuth `json:"auth"` }
Configures a store to sync secrets with a Password Depot instance.
func (*PasswordDepotProvider) DeepCopy ¶ added in v0.9.14
func (in *PasswordDepotProvider) DeepCopy() *PasswordDepotProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotProvider.
func (*PasswordDepotProvider) DeepCopyInto ¶ added in v0.9.14
func (in *PasswordDepotProvider) DeepCopyInto(out *PasswordDepotProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PasswordDepotSecretRef ¶ added in v0.9.14
type PasswordDepotSecretRef struct { // Username / Password is used for authentication. // +optional Credentials esmeta.SecretKeySelector `json:"credentials,omitempty"` }
func (*PasswordDepotSecretRef) DeepCopy ¶ added in v0.9.14
func (in *PasswordDepotSecretRef) DeepCopy() *PasswordDepotSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordDepotSecretRef.
func (*PasswordDepotSecretRef) DeepCopyInto ¶ added in v0.9.14
func (in *PasswordDepotSecretRef) DeepCopyInto(out *PasswordDepotSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Provider ¶
type Provider interface { // NewClient constructs a SecretsManager Provider NewClient(ctx context.Context, store GenericStore, kube client.Client, namespace string) (SecretsClient, error) // ValidateStore checks if the provided store is valid // The provider may return a warning and an error. // The intended use of the warning to indicate a deprecation of behavior // or other type of message that is NOT a validation failure but should be noticed by the user. ValidateStore(store GenericStore) (admission.Warnings, error) // Capabilities returns the provider Capabilities (Read, Write, ReadWrite) Capabilities() SecretStoreCapabilities }
Provider is a common interface for interacting with secret backends.
func GetProvider ¶
func GetProvider(s GenericStore) (Provider, error)
GetProvider returns the provider from the generic store.
func GetProviderByName ¶
GetProviderByName returns the provider implementation by name.
type PulumiProvider ¶ added in v0.9.13
type PulumiProvider struct { // APIURL is the URL of the Pulumi API. // +kubebuilder:default="https://api.pulumi.com" APIURL string `json:"apiUrl,omitempty"` // AccessToken is the access tokens to sign in to the Pulumi Cloud Console. AccessToken *PulumiProviderSecretRef `json:"accessToken"` // Organization are a space to collaborate on shared projects and stacks. // To create a new organization, visit https://app.pulumi.com/ and click "New Organization". Organization string `json:"organization"` // Environment are YAML documents composed of static key-value pairs, programmatic expressions, // dynamically retrieved values from supported providers including all major clouds, // and other Pulumi ESC environments. // To create a new environment, visit https://www.pulumi.com/docs/esc/environments/ for more information. Environment string `json:"environment"` }
func (*PulumiProvider) DeepCopy ¶ added in v0.9.13
func (in *PulumiProvider) DeepCopy() *PulumiProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PulumiProvider.
func (*PulumiProvider) DeepCopyInto ¶ added in v0.9.13
func (in *PulumiProvider) DeepCopyInto(out *PulumiProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PulumiProviderSecretRef ¶ added in v0.9.13
type PulumiProviderSecretRef struct { // SecretRef is a reference to a secret containing the Pulumi API token. SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
func (*PulumiProviderSecretRef) DeepCopy ¶ added in v0.9.13
func (in *PulumiProviderSecretRef) DeepCopy() *PulumiProviderSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PulumiProviderSecretRef.
func (*PulumiProviderSecretRef) DeepCopyInto ¶ added in v0.9.13
func (in *PulumiProviderSecretRef) DeepCopyInto(out *PulumiProviderSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PushSecretData ¶ added in v0.9.9
type PushSecretData interface { GetMetadata() *apiextensionsv1.JSON GetSecretKey() string GetRemoteKey() string GetProperty() string }
PushSecretData is an interface to allow using v1alpha1.PushSecretData content in Provider registered in v1beta1.
type PushSecretRemoteRef ¶ added in v0.9.9
PushSecretRemoteRef is an interface to allow using v1alpha1.PushSecretRemoteRef in Provider registered in v1beta1.
type ScalewayProvider ¶ added in v0.7.3
type ScalewayProvider struct { // APIURL is the url of the api to use. Defaults to https://api.scaleway.com // +optional APIURL string `json:"apiUrl,omitempty"` // Region where your secrets are located: https://developers.scaleway.com/en/quickstart/#region-and-zone Region string `json:"region"` // ProjectID is the id of your project, which you can find in the console: https://console.scaleway.com/project/settings ProjectID string `json:"projectId"` // AccessKey is the non-secret part of the api key. AccessKey *ScalewayProviderSecretRef `json:"accessKey"` // SecretKey is the non-secret part of the api key. SecretKey *ScalewayProviderSecretRef `json:"secretKey"` }
func (*ScalewayProvider) DeepCopy ¶ added in v0.7.3
func (in *ScalewayProvider) DeepCopy() *ScalewayProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalewayProvider.
func (*ScalewayProvider) DeepCopyInto ¶ added in v0.7.3
func (in *ScalewayProvider) DeepCopyInto(out *ScalewayProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ScalewayProviderSecretRef ¶ added in v0.7.3
type ScalewayProviderSecretRef struct { // Value can be specified directly to set a value without using a secret. // +optional Value string `json:"value,omitempty"` // SecretRef references a key in a secret that will be used as value. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
func (*ScalewayProviderSecretRef) DeepCopy ¶ added in v0.7.3
func (in *ScalewayProviderSecretRef) DeepCopy() *ScalewayProviderSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScalewayProviderSecretRef.
func (*ScalewayProviderSecretRef) DeepCopyInto ¶ added in v0.7.3
func (in *ScalewayProviderSecretRef) DeepCopyInto(out *ScalewayProviderSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStore ¶
type SecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec SecretStoreSpec `json:"spec,omitempty"` Status SecretStoreStatus `json:"status,omitempty"` }
SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:printcolumn:name="Capabilities",type=string,JSONPath=`.status.capabilities` +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +kubebuilder:subresource:status +kubebuilder:metadata:labels="external-secrets.io/component=controller" +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss
func (*SecretStore) Copy ¶
func (c *SecretStore) Copy() GenericStore
func (*SecretStore) DeepCopy ¶
func (in *SecretStore) DeepCopy() *SecretStore
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.
func (*SecretStore) DeepCopyInto ¶
func (in *SecretStore) DeepCopyInto(out *SecretStore)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStore) DeepCopyObject ¶
func (in *SecretStore) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretStore) GetKind ¶ added in v0.6.1
func (c *SecretStore) GetKind() string
func (*SecretStore) GetNamespacedName ¶
func (c *SecretStore) GetNamespacedName() string
func (*SecretStore) GetObjectMeta ¶
func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta
func (*SecretStore) GetSpec ¶
func (c *SecretStore) GetSpec() *SecretStoreSpec
func (*SecretStore) GetStatus ¶
func (c *SecretStore) GetStatus() SecretStoreStatus
func (*SecretStore) GetTypeMeta ¶
func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta
func (*SecretStore) Hub ¶
func (*SecretStore) Hub()
func (*SecretStore) SetStatus ¶
func (c *SecretStore) SetStatus(status SecretStoreStatus)
func (*SecretStore) SetupWebhookWithManager ¶
func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error
type SecretStoreCapabilities ¶ added in v0.7.0
type SecretStoreCapabilities string
SecretStoreCapabilities defines the possible operations a SecretStore can do.
const ( SecretStoreReadOnly SecretStoreCapabilities = "ReadOnly" SecretStoreWriteOnly SecretStoreCapabilities = "WriteOnly" SecretStoreReadWrite SecretStoreCapabilities = "ReadWrite" )
type SecretStoreConditionType ¶
type SecretStoreConditionType string
type SecretStoreList ¶
type SecretStoreList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []SecretStore `json:"items"` }
SecretStoreList contains a list of SecretStore resources.
func (*SecretStoreList) DeepCopy ¶
func (in *SecretStoreList) DeepCopy() *SecretStoreList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.
func (*SecretStoreList) DeepCopyInto ¶
func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretStoreList) DeepCopyObject ¶
func (in *SecretStoreList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecretStoreProvider ¶
type SecretStoreProvider struct { // AWS configures this store to sync secrets using AWS Secret Manager provider // +optional AWS *AWSProvider `json:"aws,omitempty"` // AzureKV configures this store to sync secrets using Azure Key Vault provider // +optional AzureKV *AzureKVProvider `json:"azurekv,omitempty"` // Akeyless configures this store to sync secrets using Akeyless Vault provider // +optional Akeyless *AkeylessProvider `json:"akeyless,omitempty"` // BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider // +optional BitwardenSecretsManager *BitwardenSecretsManagerProvider `json:"bitwardensecretsmanager,omitempty"` // Vault configures this store to sync secrets using Hashi provider // +optional Vault *VaultProvider `json:"vault,omitempty"` // GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider // +optional GCPSM *GCPSMProvider `json:"gcpsm,omitempty"` // Oracle configures this store to sync secrets using Oracle Vault provider // +optional Oracle *OracleProvider `json:"oracle,omitempty"` // IBM configures this store to sync secrets using IBM Cloud provider // +optional IBM *IBMProvider `json:"ibm,omitempty"` // YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider // +optional YandexCertificateManager *YandexCertificateManagerProvider `json:"yandexcertificatemanager,omitempty"` // YandexLockbox configures this store to sync secrets using Yandex Lockbox provider // +optional YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"` // GitLab configures this store to sync secrets using GitLab Variables provider // +optional Gitlab *GitlabProvider `json:"gitlab,omitempty"` // Alibaba configures this store to sync secrets using Alibaba Cloud provider // +optional Alibaba *AlibabaProvider `json:"alibaba,omitempty"` // OnePassword configures this store to sync secrets using the 1Password Cloud provider // +optional OnePassword *OnePasswordProvider `json:"onepassword,omitempty"` // Webhook configures this store to sync secrets using a generic templated webhook // +optional Webhook *WebhookProvider `json:"webhook,omitempty"` // Kubernetes configures this store to sync secrets using a Kubernetes cluster provider // +optional Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"` // Fake configures a store with static key/value pairs // +optional Fake *FakeProvider `json:"fake,omitempty"` // Senhasegura configures this store to sync secrets using senhasegura provider // +optional Senhasegura *SenhaseguraProvider `json:"senhasegura,omitempty"` // Scaleway // +optional Scaleway *ScalewayProvider `json:"scaleway,omitempty"` // Doppler configures this store to sync secrets using the Doppler provider // +optional Doppler *DopplerProvider `json:"doppler,omitempty"` // Onboardbase configures this store to sync secrets using the Onboardbase provider // +optional Onboardbase *OnboardbaseProvider `json:"onboardbase,omitempty"` // KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider // +optional KeeperSecurity *KeeperSecurityProvider `json:"keepersecurity,omitempty"` // Conjur configures this store to sync secrets using conjur provider // +optional Conjur *ConjurProvider `json:"conjur,omitempty"` // Delinea DevOps Secrets Vault // https://docs.delinea.com/online-help/products/devops-secrets-vault/current // +optional Delinea *DelineaProvider `json:"delinea,omitempty"` // Chef configures this store to sync secrets with chef server // +optional Chef *ChefProvider `json:"chef,omitempty"` // Pulumi configures this store to sync secrets using the Pulumi provider // +optional Pulumi *PulumiProvider `json:"pulumi,omitempty"` // Fortanix configures this store to sync secrets using the Fortanix provider // +optional Fortanix *FortanixProvider `json:"fortanix,omitempty"` // +optional PasswordDepot *PasswordDepotProvider `json:"passworddepot,omitempty"` // +optional Passbolt *PassboltProvider `json:"passbolt,omitempty"` // Device42 configures this store to sync secrets using the Device42 provider // +optional Device42 *Device42Provider `json:"device42,omitempty"` // Infisical configures this store to sync secrets using the Infisical provider // +optional Infisical *InfisicalProvider `json:"infisical,omitempty"` }
SecretStoreProvider contains the provider-specific configuration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1
func (*SecretStoreProvider) DeepCopy ¶
func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.
func (*SecretStoreProvider) DeepCopyInto ¶
func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRef ¶
type SecretStoreRef struct { // Name of the SecretStore resource Name string `json:"name"` // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) // Defaults to `SecretStore` // +optional Kind string `json:"kind,omitempty"` }
SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
func (*SecretStoreRef) DeepCopy ¶
func (in *SecretStoreRef) DeepCopy() *SecretStoreRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.
func (*SecretStoreRef) DeepCopyInto ¶
func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreRetrySettings ¶
type SecretStoreRetrySettings struct { MaxRetries *int32 `json:"maxRetries,omitempty"` RetryInterval *string `json:"retryInterval,omitempty"` }
func (*SecretStoreRetrySettings) DeepCopy ¶
func (in *SecretStoreRetrySettings) DeepCopy() *SecretStoreRetrySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRetrySettings.
func (*SecretStoreRetrySettings) DeepCopyInto ¶
func (in *SecretStoreRetrySettings) DeepCopyInto(out *SecretStoreRetrySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreSpec ¶
type SecretStoreSpec struct { // Used to select the correct ESO controller (think: ingress.ingressClassName) // The ESO controller is instantiated with a specific controller name and filters ES based on this property // +optional Controller string `json:"controller,omitempty"` // Used to configure the provider. Only one provider may be set Provider *SecretStoreProvider `json:"provider"` // Used to configure http retries if failed // +optional RetrySettings *SecretStoreRetrySettings `json:"retrySettings,omitempty"` // Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config. // +optional RefreshInterval int `json:"refreshInterval,omitempty"` // Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore // +optional Conditions []ClusterSecretStoreCondition `json:"conditions,omitempty"` }
SecretStoreSpec defines the desired state of SecretStore.
func (*SecretStoreSpec) DeepCopy ¶
func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.
func (*SecretStoreSpec) DeepCopyInto ¶
func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatus ¶
type SecretStoreStatus struct { // +optional Conditions []SecretStoreStatusCondition `json:"conditions,omitempty"` // +optional Capabilities SecretStoreCapabilities `json:"capabilities,omitempty"` }
SecretStoreStatus defines the observed state of the SecretStore.
func (*SecretStoreStatus) DeepCopy ¶
func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.
func (*SecretStoreStatus) DeepCopyInto ¶
func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretStoreStatusCondition ¶
type SecretStoreStatusCondition struct { Type SecretStoreConditionType `json:"type"` Status corev1.ConditionStatus `json:"status"` // +optional Reason string `json:"reason,omitempty"` // +optional Message string `json:"message,omitempty"` // +optional LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` }
func (*SecretStoreStatusCondition) DeepCopy ¶
func (in *SecretStoreStatusCondition) DeepCopy() *SecretStoreStatusCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.
func (*SecretStoreStatusCondition) DeepCopyInto ¶
func (in *SecretStoreStatusCondition) DeepCopyInto(out *SecretStoreStatusCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretsClient ¶
type SecretsClient interface { // GetSecret returns a single secret from the provider // if GetSecret returns an error with type NoSecretError // then the secret entry will be deleted depending on the deletionPolicy. GetSecret(ctx context.Context, ref ExternalSecretDataRemoteRef) ([]byte, error) // PushSecret will write a single secret into the provider PushSecret(ctx context.Context, secret *corev1.Secret, data PushSecretData) error // DeleteSecret will delete the secret from a provider DeleteSecret(ctx context.Context, remoteRef PushSecretRemoteRef) error // SecretExists checks if a secret is already present in the provider at the given location. SecretExists(ctx context.Context, remoteRef PushSecretRemoteRef) (bool, error) // Validate checks if the client is configured correctly // and is able to retrieve secrets from the provider. // If the validation result is unknown it will be ignored. Validate() (ValidationResult, error) // GetSecretMap returns multiple k/v pairs from the provider GetSecretMap(ctx context.Context, ref ExternalSecretDataRemoteRef) (map[string][]byte, error) // GetAllSecrets returns multiple k/v pairs from the provider GetAllSecrets(ctx context.Context, ref ExternalSecretFind) (map[string][]byte, error) Close(ctx context.Context) error }
SecretsClient provides access to secrets.
type SecretsManager ¶ added in v0.9.10
type SecretsManager struct { // Specifies whether to delete the secret without any recovery window. You // can't use both this parameter and RecoveryWindowInDays in the same call. // If you don't use either, then by default Secrets Manager uses a 30 day // recovery window. // see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery // +optional ForceDeleteWithoutRecovery bool `json:"forceDeleteWithoutRecovery,omitempty"` // The number of days from 7 to 30 that Secrets Manager waits before // permanently deleting the secret. You can't use both this parameter and // ForceDeleteWithoutRecovery in the same call. If you don't use either, // then by default Secrets Manager uses a 30 day recovery window. // see: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays // +optional RecoveryWindowInDays int64 `json:"recoveryWindowInDays,omitempty"` }
SecretsManager defines how the provider behaves when interacting with AWS SecretsManager. Some of these settings are only applicable to controlling how secrets are deleted, and hence only apply to PushSecret (and only when deletionPolicy is set to Delete).
func (*SecretsManager) DeepCopy ¶ added in v0.9.10
func (in *SecretsManager) DeepCopy() *SecretsManager
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsManager.
func (*SecretsManager) DeepCopyInto ¶ added in v0.9.10
func (in *SecretsManager) DeepCopyInto(out *SecretsManager)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SenhaseguraAuth ¶ added in v0.5.3
type SenhaseguraAuth struct { ClientID string `json:"clientId"` ClientSecret esmeta.SecretKeySelector `json:"clientSecretSecretRef"` }
SenhaseguraAuth tells the controller how to do auth in senhasegura.
func (*SenhaseguraAuth) DeepCopy ¶ added in v0.5.3
func (in *SenhaseguraAuth) DeepCopy() *SenhaseguraAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SenhaseguraAuth.
func (*SenhaseguraAuth) DeepCopyInto ¶ added in v0.5.3
func (in *SenhaseguraAuth) DeepCopyInto(out *SenhaseguraAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SenhaseguraModuleType ¶ added in v0.5.3
type SenhaseguraModuleType string
SenhaseguraModuleType enum defines senhasegura target module to fetch secrets +kubebuilder:validation:Enum=DSM
const ( /* SenhaseguraModuleDSM is the senhasegura DevOps Secrets Management module see: https://senhasegura.com/devops */ SenhaseguraModuleDSM SenhaseguraModuleType = "DSM" )
type SenhaseguraProvider ¶ added in v0.5.3
type SenhaseguraProvider struct { /* URL of senhasegura */ URL string `json:"url"` /* Module defines which senhasegura module should be used to get secrets */ Module SenhaseguraModuleType `json:"module"` /* Auth defines parameters to authenticate in senhasegura */ Auth SenhaseguraAuth `json:"auth"` // IgnoreSslCertificate defines if SSL certificate must be ignored // +kubebuilder:default=false IgnoreSslCertificate bool `json:"ignoreSslCertificate,omitempty"` }
SenhaseguraProvider setup a store to sync secrets with senhasegura.
func (*SenhaseguraProvider) DeepCopy ¶ added in v0.5.3
func (in *SenhaseguraProvider) DeepCopy() *SenhaseguraProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SenhaseguraProvider.
func (*SenhaseguraProvider) DeepCopyInto ¶ added in v0.5.3
func (in *SenhaseguraProvider) DeepCopyInto(out *SenhaseguraProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StoreGeneratorSourceRef ¶ added in v0.9.9
type StoreGeneratorSourceRef struct { // +optional SecretStoreRef *SecretStoreRef `json:"storeRef,omitempty"` // GeneratorRef points to a generator custom resource. // +optional GeneratorRef *GeneratorRef `json:"generatorRef,omitempty"` }
StoreGeneratorSourceRef allows you to override the source from which the secret will be pulled from. You can define at maximum one property. +kubebuilder:validation:MaxProperties=1
func (*StoreGeneratorSourceRef) DeepCopy ¶ added in v0.9.9
func (in *StoreGeneratorSourceRef) DeepCopy() *StoreGeneratorSourceRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StoreGeneratorSourceRef.
func (*StoreGeneratorSourceRef) DeepCopyInto ¶ added in v0.9.9
func (in *StoreGeneratorSourceRef) DeepCopyInto(out *StoreGeneratorSourceRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StoreSourceRef ¶ added in v0.9.9
type StoreSourceRef struct { // +optional SecretStoreRef SecretStoreRef `json:"storeRef,omitempty"` // GeneratorRef points to a generator custom resource. // // Deprecated: The generatorRef is not implemented in .data[]. // this will be removed with v1. GeneratorRef *GeneratorRef `json:"generatorRef,omitempty"` }
StoreSourceRef allows you to override the SecretStore source from which the secret will be pulled from. You can define at maximum one property. +kubebuilder:validation:MaxProperties=1
func (*StoreSourceRef) DeepCopy ¶ added in v0.9.9
func (in *StoreSourceRef) DeepCopy() *StoreSourceRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StoreSourceRef.
func (*StoreSourceRef) DeepCopyInto ¶ added in v0.9.9
func (in *StoreSourceRef) DeepCopyInto(out *StoreSourceRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Tag ¶ added in v0.8.4
func (*Tag) DeepCopy ¶ added in v0.8.4
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tag.
func (*Tag) DeepCopyInto ¶ added in v0.8.4
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateEngineVersion ¶
type TemplateEngineVersion string
+kubebuilder:validation:Enum=v1;v2
const ( TemplateEngineV1 TemplateEngineVersion = "v1" TemplateEngineV2 TemplateEngineVersion = "v2" )
type TemplateFrom ¶
type TemplateFrom struct { ConfigMap *TemplateRef `json:"configMap,omitempty"` Secret *TemplateRef `json:"secret,omitempty"` // +optional // +optional // +kubebuilder:default="Data" Target TemplateTarget `json:"target,omitempty"` // +optional Literal *string `json:"literal,omitempty"` }
func (*TemplateFrom) DeepCopy ¶
func (in *TemplateFrom) DeepCopy() *TemplateFrom
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.
func (*TemplateFrom) DeepCopyInto ¶
func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateMergePolicy ¶ added in v0.7.3
type TemplateMergePolicy string
+kubebuilder:validation:Enum=Replace;Merge
const ( MergePolicyReplace TemplateMergePolicy = "Replace" MergePolicyMerge TemplateMergePolicy = "Merge" )
type TemplateRef ¶
type TemplateRef struct { Name string `json:"name"` Items []TemplateRefItem `json:"items"` }
func (*TemplateRef) DeepCopy ¶
func (in *TemplateRef) DeepCopy() *TemplateRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.
func (*TemplateRef) DeepCopyInto ¶
func (in *TemplateRef) DeepCopyInto(out *TemplateRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateRefItem ¶
type TemplateRefItem struct { Key string `json:"key"` // +kubebuilder:default="Values" TemplateAs TemplateScope `json:"templateAs,omitempty"` }
func (*TemplateRefItem) DeepCopy ¶
func (in *TemplateRefItem) DeepCopy() *TemplateRefItem
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.
func (*TemplateRefItem) DeepCopyInto ¶
func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TemplateScope ¶ added in v0.7.1
type TemplateScope string
+kubebuilder:validation:Enum=Values;KeysAndValues
const ( TemplateScopeValues TemplateScope = "Values" TemplateScopeKeysAndValues TemplateScope = "KeysAndValues" )
type TemplateTarget ¶ added in v0.7.1
type TemplateTarget string
+kubebuilder:validation:Enum=Data;Annotations;Labels
const ( TemplateTargetData TemplateTarget = "Data" TemplateTargetAnnotations TemplateTarget = "Annotations" TemplateTargetLabels TemplateTarget = "Labels" )
type TokenAuth ¶
type TokenAuth struct {
BearerToken esmeta.SecretKeySelector `json:"bearerToken,omitempty"`
}
func (*TokenAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenAuth.
func (*TokenAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UniversalAuthCredentials ¶ added in v0.9.20
type UniversalAuthCredentials struct { // +kubebuilder:validation:Required ClientID esmeta.SecretKeySelector `json:"clientId"` // +kubebuilder:validation:Required ClientSecret esmeta.SecretKeySelector `json:"clientSecret"` }
func (*UniversalAuthCredentials) DeepCopy ¶ added in v0.9.20
func (in *UniversalAuthCredentials) DeepCopy() *UniversalAuthCredentials
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UniversalAuthCredentials.
func (*UniversalAuthCredentials) DeepCopyInto ¶ added in v0.9.20
func (in *UniversalAuthCredentials) DeepCopyInto(out *UniversalAuthCredentials)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ValidationResult ¶ added in v0.5.2
type ValidationResult uint8
const ( // Ready indicates that the client is configured correctly // and can be used. ValidationResultReady ValidationResult = iota // Unknown indicates that the client can be used // but information is missing and it can not be validated. ValidationResultUnknown // Error indicates that there is a misconfiguration. ValidationResultError )
func (ValidationResult) String ¶ added in v0.5.2
func (v ValidationResult) String() string
type VaultAppRole ¶
type VaultAppRole struct { // Path where the App Role authentication backend is mounted // in Vault, e.g: "approle" // +kubebuilder:default=approle Path string `json:"path"` // RoleID configured in the App Role authentication backend when setting // up the authentication backend in Vault. //+optional RoleID string `json:"roleId,omitempty"` // Reference to a key in a Secret that contains the App Role ID used // to authenticate with Vault. // The `key` field must be specified and denotes which entry within the Secret // resource is used as the app role id. //+optional RoleRef *esmeta.SecretKeySelector `json:"roleRef,omitempty"` // Reference to a key in a Secret that contains the App Role secret used // to authenticate with Vault. // The `key` field must be specified and denotes which entry within the Secret // resource is used as the app role secret. SecretRef esmeta.SecretKeySelector `json:"secretRef"` }
VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
func (*VaultAppRole) DeepCopy ¶
func (in *VaultAppRole) DeepCopy() *VaultAppRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.
func (*VaultAppRole) DeepCopyInto ¶
func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAuth ¶
type VaultAuth struct { // Name of the vault namespace to authenticate to. This can be different than the namespace your secret is in. // Namespaces is a set of features within Vault Enterprise that allows // Vault environments to support Secure Multi-tenancy. e.g: "ns1". // More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces // This will default to Vault.Namespace field if set, or empty otherwise // +optional Namespace *string `json:"namespace,omitempty"` // TokenSecretRef authenticates with Vault by presenting a token. // +optional TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"` // AppRole authenticates with Vault using the App Role auth mechanism, // with the role and secret stored in a Kubernetes Secret resource. // +optional AppRole *VaultAppRole `json:"appRole,omitempty"` // Kubernetes authenticates with Vault by passing the ServiceAccount // token stored in the named Secret resource to the Vault server. // +optional Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"` // Ldap authenticates with Vault by passing username/password pair using // the LDAP authentication method // +optional Ldap *VaultLdapAuth `json:"ldap,omitempty"` // Jwt authenticates with Vault by passing role and JWT token using the // JWT/OIDC authentication method // +optional Jwt *VaultJwtAuth `json:"jwt,omitempty"` // Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate // Cert authentication method // +optional Cert *VaultCertAuth `json:"cert,omitempty"` // Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials // AWS IAM authentication method // +optional Iam *VaultIamAuth `json:"iam,omitempty"` // UserPass authenticates with Vault by passing username/password pair // +optional UserPass *VaultUserPassAuth `json:"userPass,omitempty"` }
VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `userPass`, `jwt` or `cert` can be specified. A namespace to authenticate against can optionally be specified.
func (*VaultAuth) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
func (*VaultAuth) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAwsAuth ¶ added in v0.7.3
type VaultAwsAuth struct { // +optional SecretRef *VaultAwsAuthSecretRef `json:"secretRef,omitempty"` // +optional JWTAuth *VaultAwsJWTAuth `json:"jwt,omitempty"` }
VaultAwsAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will try to load credentials from its own service account assuming it is IRSA enabled.
func (*VaultAwsAuth) DeepCopy ¶ added in v0.7.3
func (in *VaultAwsAuth) DeepCopy() *VaultAwsAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsAuth.
func (*VaultAwsAuth) DeepCopyInto ¶ added in v0.7.3
func (in *VaultAwsAuth) DeepCopyInto(out *VaultAwsAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAwsAuthSecretRef ¶ added in v0.7.3
type VaultAwsAuthSecretRef struct { // The AccessKeyID is used for authentication AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"` // The SecretAccessKey is used for authentication SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` // The SessionToken used for authentication // This must be defined if AccessKeyID and SecretAccessKey are temporary credentials // see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html // +Optional SessionToken *esmeta.SecretKeySelector `json:"sessionTokenSecretRef,omitempty"` }
VaultAWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
func (*VaultAwsAuthSecretRef) DeepCopy ¶ added in v0.7.3
func (in *VaultAwsAuthSecretRef) DeepCopy() *VaultAwsAuthSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsAuthSecretRef.
func (*VaultAwsAuthSecretRef) DeepCopyInto ¶ added in v0.7.3
func (in *VaultAwsAuthSecretRef) DeepCopyInto(out *VaultAwsAuthSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultAwsJWTAuth ¶ added in v0.7.3
type VaultAwsJWTAuth struct {
ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}
Authenticate against AWS using service account tokens.
func (*VaultAwsJWTAuth) DeepCopy ¶ added in v0.7.3
func (in *VaultAwsJWTAuth) DeepCopy() *VaultAwsJWTAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAwsJWTAuth.
func (*VaultAwsJWTAuth) DeepCopyInto ¶ added in v0.7.3
func (in *VaultAwsJWTAuth) DeepCopyInto(out *VaultAwsJWTAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertAuth ¶
type VaultCertAuth struct { // ClientCert is a certificate to authenticate using the Cert Vault // authentication method // +optional ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"` // SecretRef to a key in a Secret resource containing client private key to // authenticate with Vault using the Cert authentication method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.
func (*VaultCertAuth) DeepCopy ¶
func (in *VaultCertAuth) DeepCopy() *VaultCertAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertAuth.
func (*VaultCertAuth) DeepCopyInto ¶
func (in *VaultCertAuth) DeepCopyInto(out *VaultCertAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultClientTLS ¶ added in v0.9.12
type VaultClientTLS struct { // CertSecretRef is a certificate added to the transport layer // when communicating with the Vault server. // If no key for the Secret is specified, external-secret will default to 'tls.crt'. CertSecretRef *esmeta.SecretKeySelector `json:"certSecretRef,omitempty"` // KeySecretRef to a key in a Secret resource containing client private key // added to the transport layer when communicating with the Vault server. // If no key for the Secret is specified, external-secret will default to 'tls.key'. KeySecretRef *esmeta.SecretKeySelector `json:"keySecretRef,omitempty"` }
VaultClientTLS is the configuration used for client side related TLS communication, when the Vault server requires mutual authentication.
func (*VaultClientTLS) DeepCopy ¶ added in v0.9.12
func (in *VaultClientTLS) DeepCopy() *VaultClientTLS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientTLS.
func (*VaultClientTLS) DeepCopyInto ¶ added in v0.9.12
func (in *VaultClientTLS) DeepCopyInto(out *VaultClientTLS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultIamAuth ¶ added in v0.7.3
type VaultIamAuth struct { // Path where the AWS auth method is enabled in Vault, e.g: "aws" Path string `json:"path,omitempty"` // AWS region Region string `json:"region,omitempty"` // This is the AWS role to be assumed before talking to vault AWSIAMRole string `json:"role,omitempty"` // Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine Role string `json:"vaultRole"` // AWS External ID set on assumed IAM roles ExternalID string `json:"externalID,omitempty"` // X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws VaultAWSIAMServerID string `json:"vaultAwsIamServerID,omitempty"` // Specify credentials in a Secret object // +optional SecretRef *VaultAwsAuthSecretRef `json:"secretRef,omitempty"` // Specify a service account with IRSA enabled // +optional JWTAuth *VaultAwsJWTAuth `json:"jwt,omitempty"` }
VaultIamAuth authenticates with Vault using the Vault's AWS IAM authentication method. Refer: https://developer.hashicorp.com/vault/docs/auth/aws
func (*VaultIamAuth) DeepCopy ¶ added in v0.7.3
func (in *VaultIamAuth) DeepCopy() *VaultIamAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultIamAuth.
func (*VaultIamAuth) DeepCopyInto ¶ added in v0.7.3
func (in *VaultIamAuth) DeepCopyInto(out *VaultIamAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultJwtAuth ¶
type VaultJwtAuth struct { // Path where the JWT authentication backend is mounted // in Vault, e.g: "jwt" // +kubebuilder:default=jwt Path string `json:"path"` // Role is a JWT role to authenticate using the JWT/OIDC Vault // authentication method // +optional Role string `json:"role,omitempty"` // Optional SecretRef that refers to a key in a Secret resource containing JWT token to // authenticate with Vault using the JWT/OIDC authentication method. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // Optional ServiceAccountToken specifies the Kubernetes service account for which to request // a token for with the `TokenRequest` API. // +optional KubernetesServiceAccountToken *VaultKubernetesServiceAccountTokenAuth `json:"kubernetesServiceAccountToken,omitempty"` }
VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.
func (*VaultJwtAuth) DeepCopy ¶
func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.
func (*VaultJwtAuth) DeepCopyInto ¶
func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVStoreVersion ¶
type VaultKVStoreVersion string
const ( VaultKVStoreV1 VaultKVStoreVersion = "v1" VaultKVStoreV2 VaultKVStoreVersion = "v2" )
type VaultKubernetesAuth ¶
type VaultKubernetesAuth struct { // Path where the Kubernetes authentication backend is mounted in Vault, e.g: // "kubernetes" // +kubebuilder:default=kubernetes Path string `json:"mountPath"` // Optional service account field containing the name of a kubernetes ServiceAccount. // If the service account is specified, the service account secret token JWT will be used // for authenticating with Vault. If the service account selector is not supplied, // the secretRef will be used instead. // +optional ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"` // Optional secret field containing a Kubernetes ServiceAccount JWT used // for authenticating with Vault. If a name is specified without a key, // `token` is the default. If one is not specified, the one bound to // the controller will be used. // +optional SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` // A required field containing the Vault Role to assume. A Role binds a // Kubernetes ServiceAccount with a set of Vault policies. Role string `json:"role"` }
Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.
func (*VaultKubernetesAuth) DeepCopy ¶
func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.
func (*VaultKubernetesAuth) DeepCopyInto ¶
func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKubernetesServiceAccountTokenAuth ¶
type VaultKubernetesServiceAccountTokenAuth struct { // Service account field containing the name of a kubernetes ServiceAccount. ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` // Optional audiences field that will be used to request a temporary Kubernetes service // account token for the service account referenced by `serviceAccountRef`. // Defaults to a single audience `vault` it not specified. // Deprecated: use serviceAccountRef.Audiences instead // +optional Audiences *[]string `json:"audiences,omitempty"` // Optional expiration time in seconds that will be used to request a temporary // Kubernetes service account token for the service account referenced by // `serviceAccountRef`. // Deprecated: this will be removed in the future. // Defaults to 10 minutes. // +optional ExpirationSeconds *int64 `json:"expirationSeconds,omitempty"` }
VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.
func (*VaultKubernetesServiceAccountTokenAuth) DeepCopy ¶
func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopy() *VaultKubernetesServiceAccountTokenAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesServiceAccountTokenAuth.
func (*VaultKubernetesServiceAccountTokenAuth) DeepCopyInto ¶
func (in *VaultKubernetesServiceAccountTokenAuth) DeepCopyInto(out *VaultKubernetesServiceAccountTokenAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultLdapAuth ¶
type VaultLdapAuth struct { // Path where the LDAP authentication backend is mounted // in Vault, e.g: "ldap" // +kubebuilder:default=ldap Path string `json:"path"` // Username is a LDAP user name used to authenticate using the LDAP Vault // authentication method Username string `json:"username"` // SecretRef to a key in a Secret resource containing password for the LDAP // user used to authenticate with Vault using the LDAP authentication // method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.
func (*VaultLdapAuth) DeepCopy ¶
func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.
func (*VaultLdapAuth) DeepCopyInto ¶
func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultProvider ¶
type VaultProvider struct { // Auth configures how secret-manager authenticates with the Vault server. Auth VaultAuth `json:"auth"` // Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200". Server string `json:"server"` // Path is the mount path of the Vault KV backend endpoint, e.g: // "secret". The v2 KV secret engine version specific "/data" path suffix // for fetching secrets from Vault is optional and will be appended // if not present in specified path. // +optional Path *string `json:"path,omitempty"` // Version is the Vault KV secret engine version. This can be either "v1" or // "v2". Version defaults to "v2". // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum="v1";"v2" // +kubebuilder:default:="v2" Version VaultKVStoreVersion `json:"version"` // Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows // Vault environments to support Secure Multi-tenancy. e.g: "ns1". // More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces // +optional Namespace *string `json:"namespace,omitempty"` // PEM encoded CA bundle used to validate Vault server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The configuration used for client side related TLS communication, when the Vault server // requires mutual authentication. Only used if the Server URL is using HTTPS protocol. // This parameter is ignored for plain HTTP protocol connection. // It's worth noting this configuration is different from the "TLS certificates auth method", // which is available under the `auth.cert` section. // +optional ClientTLS VaultClientTLS `json:"tls,omitempty"` // The provider for the CA bundle to use to validate Vault server certificate. // +optional CAProvider *CAProvider `json:"caProvider,omitempty"` // ReadYourWrites ensures isolated read-after-write semantics by // providing discovered cluster replication states in each request. // More information about eventual consistency in Vault can be found here // https://www.vaultproject.io/docs/enterprise/consistency // +optional ReadYourWrites bool `json:"readYourWrites,omitempty"` // ForwardInconsistent tells Vault to forward read-after-write requests to the Vault // leader instead of simply retrying within a loop. This can increase performance if // the option is enabled serverside. // https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header // +optional ForwardInconsistent bool `json:"forwardInconsistent,omitempty"` }
Configures an store to sync secrets using a HashiCorp Vault KV backend.
func (*VaultProvider) DeepCopy ¶
func (in *VaultProvider) DeepCopy() *VaultProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.
func (*VaultProvider) DeepCopyInto ¶
func (in *VaultProvider) DeepCopyInto(out *VaultProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultUserPassAuth ¶ added in v0.9.2
type VaultUserPassAuth struct { // Path where the UserPassword authentication backend is mounted // in Vault, e.g: "user" // +kubebuilder:default=user Path string `json:"path"` // Username is a user name used to authenticate using the UserPass Vault // authentication method Username string `json:"username"` // SecretRef to a key in a Secret resource containing password for the // user used to authenticate with Vault using the UserPass authentication // method SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"` }
VaultUserPassAuth authenticates with Vault using UserPass authentication method, with the username and password stored in a Kubernetes Secret resource.
func (*VaultUserPassAuth) DeepCopy ¶ added in v0.9.2
func (in *VaultUserPassAuth) DeepCopy() *VaultUserPassAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultUserPassAuth.
func (*VaultUserPassAuth) DeepCopyInto ¶ added in v0.9.2
func (in *VaultUserPassAuth) DeepCopyInto(out *VaultUserPassAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookCAProvider ¶
type WebhookCAProvider struct { // The type of provider to use such as "Secret", or "ConfigMap". // +kubebuilder:validation:Enum="Secret";"ConfigMap" Type WebhookCAProviderType `json:"type"` // The name of the object located at the provider type. Name string `json:"name"` // The key the value inside of the provider type to use, only used with "Secret" type // +kubebuilder:validation:Optional Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional Namespace *string `json:"namespace,omitempty"` }
Defines a location to fetch the cert for the webhook provider from.
func (*WebhookCAProvider) DeepCopy ¶
func (in *WebhookCAProvider) DeepCopy() *WebhookCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookCAProvider.
func (*WebhookCAProvider) DeepCopyInto ¶
func (in *WebhookCAProvider) DeepCopyInto(out *WebhookCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookCAProviderType ¶
type WebhookCAProviderType string
const ( WebhookCAProviderTypeSecret WebhookCAProviderType = "Secret" WebhookCAProviderTypeConfigMap WebhookCAProviderType = "ConfigMap" )
type WebhookProvider ¶
type WebhookProvider struct { // Webhook Method // +optional, default GET Method string `json:"method,omitempty"` // Webhook url to call URL string `json:"url"` // Headers // +optional Headers map[string]string `json:"headers,omitempty"` // Body // +optional Body string `json:"body,omitempty"` // Timeout // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` // Result formatting Result WebhookResult `json:"result"` // Secrets to fill in templates // These secrets will be passed to the templating function as key value pairs under the given name // +optional Secrets []WebhookSecret `json:"secrets,omitempty"` // PEM encoded CA bundle used to validate webhook server certificate. Only used // if the Server URL is using HTTPS protocol. This parameter is ignored for // plain HTTP protocol connection. If not set the system root certificates // are used to validate the TLS connection. // +optional CABundle []byte `json:"caBundle,omitempty"` // The provider for the CA bundle to use to validate webhook server certificate. // +optional CAProvider *WebhookCAProvider `json:"caProvider,omitempty"` }
AkeylessProvider Configures an store to sync secrets using Akeyless KV.
func (*WebhookProvider) DeepCopy ¶
func (in *WebhookProvider) DeepCopy() *WebhookProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookProvider.
func (*WebhookProvider) DeepCopyInto ¶
func (in *WebhookProvider) DeepCopyInto(out *WebhookProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookResult ¶
type WebhookResult struct { // Json path of return value // +optional JSONPath string `json:"jsonPath,omitempty"` }
func (*WebhookResult) DeepCopy ¶
func (in *WebhookResult) DeepCopy() *WebhookResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookResult.
func (*WebhookResult) DeepCopyInto ¶
func (in *WebhookResult) DeepCopyInto(out *WebhookResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WebhookSecret ¶
type WebhookSecret struct { // Name of this secret in templates Name string `json:"name"` // Secret ref to fill in credentials SecretRef esmeta.SecretKeySelector `json:"secretRef"` }
func (*WebhookSecret) DeepCopy ¶
func (in *WebhookSecret) DeepCopy() *WebhookSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSecret.
func (*WebhookSecret) DeepCopyInto ¶
func (in *WebhookSecret) DeepCopyInto(out *WebhookSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexCertificateManagerAuth ¶ added in v0.5.4
type YandexCertificateManagerAuth struct { // The authorized key used for authentication // +optional AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"` }
func (*YandexCertificateManagerAuth) DeepCopy ¶ added in v0.5.4
func (in *YandexCertificateManagerAuth) DeepCopy() *YandexCertificateManagerAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerAuth.
func (*YandexCertificateManagerAuth) DeepCopyInto ¶ added in v0.5.4
func (in *YandexCertificateManagerAuth) DeepCopyInto(out *YandexCertificateManagerAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexCertificateManagerCAProvider ¶ added in v0.5.4
type YandexCertificateManagerCAProvider struct {
Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}
func (*YandexCertificateManagerCAProvider) DeepCopy ¶ added in v0.5.4
func (in *YandexCertificateManagerCAProvider) DeepCopy() *YandexCertificateManagerCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerCAProvider.
func (*YandexCertificateManagerCAProvider) DeepCopyInto ¶ added in v0.5.4
func (in *YandexCertificateManagerCAProvider) DeepCopyInto(out *YandexCertificateManagerCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexCertificateManagerProvider ¶ added in v0.5.4
type YandexCertificateManagerProvider struct { // Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') // +optional APIEndpoint string `json:"apiEndpoint,omitempty"` // Auth defines the information necessary to authenticate against Yandex Certificate Manager Auth YandexCertificateManagerAuth `json:"auth"` // The provider for the CA bundle to use to validate Yandex.Cloud server certificate. // +optional CAProvider *YandexCertificateManagerCAProvider `json:"caProvider,omitempty"` }
YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.
func (*YandexCertificateManagerProvider) DeepCopy ¶ added in v0.5.4
func (in *YandexCertificateManagerProvider) DeepCopy() *YandexCertificateManagerProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexCertificateManagerProvider.
func (*YandexCertificateManagerProvider) DeepCopyInto ¶ added in v0.5.4
func (in *YandexCertificateManagerProvider) DeepCopyInto(out *YandexCertificateManagerProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxAuth ¶
type YandexLockboxAuth struct { // The authorized key used for authentication // +optional AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"` }
func (*YandexLockboxAuth) DeepCopy ¶
func (in *YandexLockboxAuth) DeepCopy() *YandexLockboxAuth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxAuth.
func (*YandexLockboxAuth) DeepCopyInto ¶
func (in *YandexLockboxAuth) DeepCopyInto(out *YandexLockboxAuth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxCAProvider ¶
type YandexLockboxCAProvider struct {
Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}
func (*YandexLockboxCAProvider) DeepCopy ¶
func (in *YandexLockboxCAProvider) DeepCopy() *YandexLockboxCAProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxCAProvider.
func (*YandexLockboxCAProvider) DeepCopyInto ¶
func (in *YandexLockboxCAProvider) DeepCopyInto(out *YandexLockboxCAProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type YandexLockboxProvider ¶
type YandexLockboxProvider struct { // Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443') // +optional APIEndpoint string `json:"apiEndpoint,omitempty"` // Auth defines the information necessary to authenticate against Yandex Lockbox Auth YandexLockboxAuth `json:"auth"` // The provider for the CA bundle to use to validate Yandex.Cloud server certificate. // +optional CAProvider *YandexLockboxCAProvider `json:"caProvider,omitempty"` }
YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.
func (*YandexLockboxProvider) DeepCopy ¶
func (in *YandexLockboxProvider) DeepCopy() *YandexLockboxProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxProvider.
func (*YandexLockboxProvider) DeepCopyInto ¶
func (in *YandexLockboxProvider) DeepCopyInto(out *YandexLockboxProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- clusterexternalsecret_types.go
- doc.go
- externalsecret_conversion.go
- externalsecret_types.go
- externalsecret_validator.go
- externalsecret_webhook.go
- generic_store.go
- provider.go
- provider_schema.go
- pushsecret_interfaces.go
- register.go
- secretsstore_bitwarden_types.go
- secretsstore_delinea_types.go
- secretsstore_infisical_types.go
- secretsstore_passbolt_types.go
- secretstore_akeyless_types.go
- secretstore_alibaba_types.go
- secretstore_aws_types.go
- secretstore_azurekv_types.go
- secretstore_chef_types.go
- secretstore_conjur_types.go
- secretstore_conversion.go
- secretstore_device42_types.go
- secretstore_doppler_types.go
- secretstore_fake_types.go
- secretstore_fortanix_types.go
- secretstore_gcpsm_types.go
- secretstore_gitlab_types.go
- secretstore_ibm_types.go
- secretstore_keepersecurity_types.go
- secretstore_kubernetes_types.go
- secretstore_onboardbase_types.go
- secretstore_onepassword_types.go
- secretstore_oracle_types.go
- secretstore_passworddeport_types.go
- secretstore_pulumi_types.go
- secretstore_scaleway_types.go
- secretstore_senhasegura_types.go
- secretstore_types.go
- secretstore_validator.go
- secretstore_vault_types.go
- secretstore_webhook.go
- secretstore_webhook_types.go
- secretstore_yandexcertificatemanager_types.go
- secretstore_yandexlockbox_types.go
- zz_generated.deepcopy.go