v1alpha1

package
v0.9.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 23, 2023 License: Apache-2.0 Imports: 12 Imported by: 2

Documentation

Overview

Package v1alpha1 contains resources for external-secrets +kubebuilder:object:generate=true +groupName=external-secrets.io +versionName=v1alpha1

Index

Constants

View Source
const (
	// ConditionReasonSecretSynced indicates that the secrets was synced.
	ConditionReasonSecretSynced = "SecretSynced"
	// ConditionReasonSecretSyncedError indicates that there was an error syncing the secret.
	ConditionReasonSecretSyncedError = "SecretSyncedError"
	// ConditionReasonSecretDeleted indicates that the secret has been deleted.
	ConditionReasonSecretDeleted = "SecretDeleted"

	ReasonInvalidStoreRef      = "InvalidStoreRef"
	ReasonProviderClientConfig = "InvalidProviderClientConfig"
	ReasonUpdateFailed         = "UpdateFailed"
	ReasonUpdated              = "Updated"
)
View Source
const (
	ReasonSynced  = "Synced"
	ReasonErrored = "Errored"
)
View Source
const (
	Group   = "external-secrets.io"
	Version = "v1alpha1"
)

Package type metadata.

View Source
const (
	SecretStoreReady SecretStoreConditionType = "Ready"

	ReasonInvalidStore          = "InvalidStoreConfiguration"
	ReasonInvalidProviderConfig = "InvalidProviderConfig"
	ReasonValidationFailed      = "ValidationFailed"
	ReasonStoreValid            = "Valid"
)
View Source
const (
	// AnnotationDataHash is used to ensure consistency.
	AnnotationDataHash = "reconcile.external-secrets.io/data-hash"
)

Variables

View Source
var (
	// SchemeGroupVersion is group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source
var (
	ExtSecretKind             = reflect.TypeOf(ExternalSecret{}).Name()
	ExtSecretGroupKind        = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String()
	ExtSecretKindAPIVersion   = ExtSecretKind + "." + SchemeGroupVersion.String()
	ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind)
)

ExternalSecret type metadata.

View Source
var (
	SecretStoreKind             = reflect.TypeOf(SecretStore{}).Name()
	SecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String()
	SecretStoreKindAPIVersion   = SecretStoreKind + "." + SchemeGroupVersion.String()
	SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind)
)

SecretStore type metadata.

View Source
var (
	ClusterSecretStoreKind             = reflect.TypeOf(ClusterSecretStore{}).Name()
	ClusterSecretStoreGroupKind        = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String()
	ClusterSecretStoreKindAPIVersion   = ClusterSecretStoreKind + "." + SchemeGroupVersion.String()
	ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind)
)

ClusterSecretStore type metadata.

View Source
var (
	PushSecretKind             = reflect.TypeOf(PushSecret{}).Name()
	PushSecretGroupKind        = schema.GroupKind{Group: Group, Kind: PushSecretKind}.String()
	PushSecretKindAPIVersion   = PushSecretKind + "." + SchemeGroupVersion.String()
	PushSecretGroupVersionKind = SchemeGroupVersion.WithKind(PushSecretKind)
)

Functions

This section is empty.

Types

type AWSAuth

type AWSAuth struct {
	// +optional
	SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	JWTAuth *AWSJWTAuth `json:"jwt,omitempty"`
}

AWSAuth tells the controller how to do authentication with aws. Only one of secretRef or jwt can be specified. if none is specified the controller will load credentials using the aws sdk defaults.

func (*AWSAuth) DeepCopy

func (in *AWSAuth) DeepCopy() *AWSAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuth.

func (*AWSAuth) DeepCopyInto

func (in *AWSAuth) DeepCopyInto(out *AWSAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSAuthSecretRef

type AWSAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`

	// The SecretAccessKey is used for authentication
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.

func (*AWSAuthSecretRef) DeepCopy

func (in *AWSAuthSecretRef) DeepCopy() *AWSAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSAuthSecretRef.

func (*AWSAuthSecretRef) DeepCopyInto

func (in *AWSAuthSecretRef) DeepCopyInto(out *AWSAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSJWTAuth added in v0.3.0

type AWSJWTAuth struct {
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}

Authenticate against AWS using service account tokens.

func (*AWSJWTAuth) DeepCopy added in v0.3.0

func (in *AWSJWTAuth) DeepCopy() *AWSJWTAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSJWTAuth.

func (*AWSJWTAuth) DeepCopyInto added in v0.3.0

func (in *AWSJWTAuth) DeepCopyInto(out *AWSJWTAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSProvider

type AWSProvider struct {
	// Service defines which service should be used to fetch the secrets
	Service AWSServiceType `json:"service"`

	// Auth defines the information necessary to authenticate against AWS
	// if not set aws sdk will infer credentials from your environment
	// see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
	// +optional
	Auth AWSAuth `json:"auth"`

	// Role is a Role ARN which the SecretManager provider will assume
	// +optional
	Role string `json:"role,omitempty"`

	// AWS Region to be used for the provider
	Region string `json:"region"`
}

AWSProvider configures a store to sync secrets with AWS.

func (*AWSProvider) DeepCopy

func (in *AWSProvider) DeepCopy() *AWSProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSProvider.

func (*AWSProvider) DeepCopyInto

func (in *AWSProvider) DeepCopyInto(out *AWSProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSServiceType

type AWSServiceType string

AWSServiceType is a enum that defines the service/API that is used to fetch the secrets. +kubebuilder:validation:Enum=SecretsManager;ParameterStore

const (
	// AWSServiceSecretsManager is the AWS SecretsManager.
	// see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
	AWSServiceSecretsManager AWSServiceType = "SecretsManager"
	// AWSServiceParameterStore is the AWS SystemsManager ParameterStore.
	// see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
	AWSServiceParameterStore AWSServiceType = "ParameterStore"
)

type AkeylessAuth added in v0.3.9

type AkeylessAuth struct {

	// Reference to a Secret that contains the details
	// to authenticate with Akeyless.
	// +optional
	SecretRef AkeylessAuthSecretRef `json:"secretRef"`

	// Kubernetes authenticates with Akeyless by passing the ServiceAccount
	// token stored in the named Secret resource.
	// +optional
	KubernetesAuth *AkeylessKubernetesAuth `json:"kubernetesAuth,omitempty"`
}

func (*AkeylessAuth) DeepCopy added in v0.3.9

func (in *AkeylessAuth) DeepCopy() *AkeylessAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuth.

func (*AkeylessAuth) DeepCopyInto added in v0.3.9

func (in *AkeylessAuth) DeepCopyInto(out *AkeylessAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AkeylessAuthSecretRef added in v0.3.9

type AkeylessAuthSecretRef struct {
	// The SecretAccessID is used for authentication
	AccessID        esmeta.SecretKeySelector `json:"accessID,omitempty"`
	AccessType      esmeta.SecretKeySelector `json:"accessType,omitempty"`
	AccessTypeParam esmeta.SecretKeySelector `json:"accessTypeParam,omitempty"`
}

AkeylessAuthSecretRef AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.

func (*AkeylessAuthSecretRef) DeepCopy added in v0.3.9

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessAuthSecretRef.

func (*AkeylessAuthSecretRef) DeepCopyInto added in v0.3.9

func (in *AkeylessAuthSecretRef) DeepCopyInto(out *AkeylessAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AkeylessKubernetesAuth added in v0.6.0

type AkeylessKubernetesAuth struct {

	// the Akeyless Kubernetes auth-method access-id
	AccessID string `json:"accessID"`

	// Kubernetes-auth configuration name in Akeyless-Gateway
	K8sConfName string `json:"k8sConfName"`

	// Optional service account field containing the name of a kubernetes ServiceAccount.
	// If the service account is specified, the service account secret token JWT will be used
	// for authenticating with Akeyless. If the service account selector is not supplied,
	// the secretRef will be used instead.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// Optional secret field containing a Kubernetes ServiceAccount JWT used
	// for authenticating with Akeyless. If a name is specified without a key,
	// `token` is the default. If one is not specified, the one bound to
	// the controller will be used.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

Authenticate with Kubernetes ServiceAccount token stored.

func (*AkeylessKubernetesAuth) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessKubernetesAuth.

func (*AkeylessKubernetesAuth) DeepCopyInto added in v0.6.0

func (in *AkeylessKubernetesAuth) DeepCopyInto(out *AkeylessKubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AkeylessProvider added in v0.3.9

type AkeylessProvider struct {

	// Akeyless GW API Url from which the secrets to be fetched from.
	AkeylessGWApiURL *string `json:"akeylessGWApiURL"`

	// Auth configures how the operator authenticates with Akeyless.
	Auth *AkeylessAuth `json:"authSecretRef"`

	// PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used
	// if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// The provider for the CA bundle to use to validate Akeyless Gateway certificate.
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`
}

AkeylessProvider Configures an store to sync secrets using Akeyless KV.

func (*AkeylessProvider) DeepCopy added in v0.3.9

func (in *AkeylessProvider) DeepCopy() *AkeylessProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AkeylessProvider.

func (*AkeylessProvider) DeepCopyInto added in v0.3.9

func (in *AkeylessProvider) DeepCopyInto(out *AkeylessProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaAuth added in v0.3.6

type AlibabaAuth struct {
	// +optional
	SecretRef *AlibabaAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	RRSAAuth *AlibabaRRSAAuth `json:"rrsa,omitempty"`
}

AlibabaAuth contains a secretRef for credentials.

func (*AlibabaAuth) DeepCopy added in v0.3.6

func (in *AlibabaAuth) DeepCopy() *AlibabaAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuth.

func (*AlibabaAuth) DeepCopyInto added in v0.3.6

func (in *AlibabaAuth) DeepCopyInto(out *AlibabaAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaAuthSecretRef added in v0.3.6

type AlibabaAuthSecretRef struct {
	// The AccessKeyID is used for authentication
	AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef"`
	// The AccessKeySecret is used for authentication
	AccessKeySecret esmeta.SecretKeySelector `json:"accessKeySecretSecretRef"`
}

AlibabaAuthSecretRef holds secret references for Alibaba credentials.

func (*AlibabaAuthSecretRef) DeepCopy added in v0.3.6

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaAuthSecretRef.

func (*AlibabaAuthSecretRef) DeepCopyInto added in v0.3.6

func (in *AlibabaAuthSecretRef) DeepCopyInto(out *AlibabaAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaProvider added in v0.3.6

type AlibabaProvider struct {
	Auth AlibabaAuth `json:"auth"`
	// Alibaba Region to be used for the provider
	RegionID string `json:"regionID"`
}

AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.

func (*AlibabaProvider) DeepCopy added in v0.3.6

func (in *AlibabaProvider) DeepCopy() *AlibabaProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaProvider.

func (*AlibabaProvider) DeepCopyInto added in v0.3.6

func (in *AlibabaProvider) DeepCopyInto(out *AlibabaProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AlibabaRRSAAuth added in v0.7.3

type AlibabaRRSAAuth struct {
	OIDCProviderARN   string `json:"oidcProviderArn"`
	OIDCTokenFilePath string `json:"oidcTokenFilePath"`
	RoleARN           string `json:"roleArn"`
	SessionName       string `json:"sessionName"`
}

Authenticate against Alibaba using RRSA.

func (*AlibabaRRSAAuth) DeepCopy added in v0.7.3

func (in *AlibabaRRSAAuth) DeepCopy() *AlibabaRRSAAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaRRSAAuth.

func (*AlibabaRRSAAuth) DeepCopyInto added in v0.7.3

func (in *AlibabaRRSAAuth) DeepCopyInto(out *AlibabaRRSAAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureAuthType added in v0.5.0

type AzureAuthType string

AuthType describes how to authenticate to the Azure Keyvault Only one of the following auth types may be specified. If none of the following auth type is specified, the default one is ServicePrincipal. +kubebuilder:validation:Enum=ServicePrincipal;ManagedIdentity;WorkloadIdentity

const (
	// Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret.
	AzureServicePrincipal AzureAuthType = "ServicePrincipal"

	// Using Managed Identity to authenticate. Used with aad-pod-identity installed in the cluster.
	AzureManagedIdentity AzureAuthType = "ManagedIdentity"

	// Using Workload Identity service accounts to authenticate.
	AzureWorkloadIdentity AzureAuthType = "WorkloadIdentity"
)

type AzureKVAuth added in v0.2.0

type AzureKVAuth struct {
	// The Azure clientId of the service principle used for authentication.
	// +optional
	ClientID *smmeta.SecretKeySelector `json:"clientId,omitempty"`

	// The Azure ClientSecret of the service principle used for authentication.
	// +optional
	ClientSecret *smmeta.SecretKeySelector `json:"clientSecret,omitempty"`
}

Configuration used to authenticate with Azure.

func (*AzureKVAuth) DeepCopy added in v0.2.0

func (in *AzureKVAuth) DeepCopy() *AzureKVAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth.

func (*AzureKVAuth) DeepCopyInto added in v0.2.0

func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureKVProvider added in v0.2.0

type AzureKVProvider struct {
	// Auth type defines how to authenticate to the keyvault service.
	// Valid values are:
	// - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret)
	// - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)
	// +optional
	// +kubebuilder:default=ServicePrincipal
	AuthType *AzureAuthType `json:"authType,omitempty"`

	// Vault Url from which the secrets to be fetched from.
	VaultURL *string `json:"vaultUrl"`

	// TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
	// +optional
	TenantID *string `json:"tenantId,omitempty"`

	// Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type.
	// +optional
	AuthSecretRef *AzureKVAuth `json:"authSecretRef,omitempty"`

	// ServiceAccountRef specified the service account
	// that should be used when authenticating with WorkloadIdentity.
	// +optional
	ServiceAccountRef *smmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// If multiple Managed Identity is assigned to the pod, you can select the one to be used
	// +optional
	IdentityID *string `json:"identityId,omitempty"`
}

Configures an store to sync secrets using Azure KV.

func (*AzureKVProvider) DeepCopy added in v0.2.0

func (in *AzureKVProvider) DeepCopy() *AzureKVProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVProvider.

func (*AzureKVProvider) DeepCopyInto added in v0.2.0

func (in *AzureKVProvider) DeepCopyInto(out *AzureKVProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CAProvider added in v0.3.7

type CAProvider struct {
	// The type of provider to use such as "Secret", or "ConfigMap".
	// +kubebuilder:validation:Enum="Secret";"ConfigMap"
	Type CAProviderType `json:"type"`

	// The name of the object located at the provider type.
	Name string `json:"name"`

	// The key the value inside of the provider type to use, only used with "Secret" type
	// +kubebuilder:validation:Optional
	Key string `json:"key,omitempty"`

	// The namespace the Provider type is in.
	// +optional
	Namespace *string `json:"namespace,omitempty"`
}

Defines a location to fetch the cert for the vault provider from.

func (*CAProvider) DeepCopy added in v0.3.7

func (in *CAProvider) DeepCopy() *CAProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CAProvider.

func (*CAProvider) DeepCopyInto added in v0.3.7

func (in *CAProvider) DeepCopyInto(out *CAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CAProviderType added in v0.3.7

type CAProviderType string
const (
	CAProviderTypeSecret    CAProviderType = "Secret"
	CAProviderTypeConfigMap CAProviderType = "ConfigMap"
)

type CertAuth added in v0.5.0

type CertAuth struct {
	ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"`
	ClientKey  esmeta.SecretKeySelector `json:"clientKey,omitempty"`
}

func (*CertAuth) DeepCopy added in v0.5.0

func (in *CertAuth) DeepCopy() *CertAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertAuth.

func (*CertAuth) DeepCopyInto added in v0.5.0

func (in *CertAuth) DeepCopyInto(out *CertAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSecretStore

type ClusterSecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:deprecatedversion +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css

func (*ClusterSecretStore) ConvertFrom added in v0.5.0

func (c *ClusterSecretStore) ConvertFrom(betaRaw conversion.Hub) error

func (*ClusterSecretStore) ConvertTo added in v0.5.0

func (c *ClusterSecretStore) ConvertTo(betaRaw conversion.Hub) error

func (*ClusterSecretStore) Copy

func (c *ClusterSecretStore) Copy() GenericStore

func (*ClusterSecretStore) DeepCopy

func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.

func (*ClusterSecretStore) DeepCopyInto

func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStore) DeepCopyObject

func (in *ClusterSecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ClusterSecretStore) GetNamespacedName

func (c *ClusterSecretStore) GetNamespacedName() string

func (*ClusterSecretStore) GetObjectMeta

func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*ClusterSecretStore) GetSpec

func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec

func (*ClusterSecretStore) GetStatus added in v0.4.2

func (c *ClusterSecretStore) GetStatus() SecretStoreStatus

func (*ClusterSecretStore) GetTypeMeta added in v0.4.2

func (c *ClusterSecretStore) GetTypeMeta() *metav1.TypeMeta

func (*ClusterSecretStore) SetStatus added in v0.4.2

func (c *ClusterSecretStore) SetStatus(status SecretStoreStatus)

func (*ClusterSecretStore) SetupWebhookWithManager added in v0.5.0

func (c *ClusterSecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error

type ClusterSecretStoreList

type ClusterSecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterSecretStore `json:"items"`
}

ClusterSecretStoreList contains a list of ClusterSecretStore resources.

func (*ClusterSecretStoreList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.

func (*ClusterSecretStoreList) DeepCopyInto

func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterSecretStoreList) DeepCopyObject

func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecret

type ExternalSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ExternalSecretSpec   `json:"spec,omitempty"`
	Status ExternalSecretStatus `json:"status,omitempty"`
}

ExternalSecret is the Schema for the external-secrets API. +kubebuilder:subresource:status +kubebuilder:deprecatedversion +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`

func (*ExternalSecret) ConvertFrom added in v0.5.0

func (alpha *ExternalSecret) ConvertFrom(betaRaw conversion.Hub) error

func (*ExternalSecret) ConvertTo added in v0.5.0

func (alpha *ExternalSecret) ConvertTo(betaRaw conversion.Hub) error

func (*ExternalSecret) DeepCopy

func (in *ExternalSecret) DeepCopy() *ExternalSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecret.

func (*ExternalSecret) DeepCopyInto

func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecret) DeepCopyObject

func (in *ExternalSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ExternalSecret) SetupWebhookWithManager added in v0.5.0

func (alpha *ExternalSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

type ExternalSecretConditionType

type ExternalSecretConditionType string
const (
	ExternalSecretReady   ExternalSecretConditionType = "Ready"
	ExternalSecretDeleted ExternalSecretConditionType = "Deleted"
)

type ExternalSecretConversionStrategy added in v0.5.0

type ExternalSecretConversionStrategy string
const (
	ExternalSecretConversionDefault ExternalSecretConversionStrategy = "Default"
	ExternalSecretConversionUnicode ExternalSecretConversionStrategy = "Unicode"
)

type ExternalSecretCreationPolicy

type ExternalSecretCreationPolicy string

ExternalSecretCreationPolicy defines rules on how to create the resulting Secret.

const (
	// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.
	Owner ExternalSecretCreationPolicy = "Owner"

	// Merge does not create the Secret, but merges the data fields to the Secret.
	Merge ExternalSecretCreationPolicy = "Merge"

	// None does not create a Secret (future use with injector).
	None ExternalSecretCreationPolicy = "None"
)

type ExternalSecretData

type ExternalSecretData struct {
	SecretKey string `json:"secretKey"`

	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
}

ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.

func (*ExternalSecretData) DeepCopy

func (in *ExternalSecretData) DeepCopy() *ExternalSecretData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretData.

func (*ExternalSecretData) DeepCopyInto

func (in *ExternalSecretData) DeepCopyInto(out *ExternalSecretData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretDataRemoteRef

type ExternalSecretDataRemoteRef struct {
	// Key is the key used in the Provider, mandatory
	Key string `json:"key"`

	// Used to select a specific version of the Provider value, if supported
	// +optional
	Version string `json:"version,omitempty"`

	// +optional
	// Used to select a specific property of the Provider value (if a map), if supported
	Property string `json:"property,omitempty"`
	// +optional
	// Used to define a conversion Strategy
	// +kubebuilder:default="Default"
	ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"`
}

ExternalSecretDataRemoteRef defines Provider data location.

func (*ExternalSecretDataRemoteRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretDataRemoteRef.

func (*ExternalSecretDataRemoteRef) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretList

type ExternalSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ExternalSecret `json:"items"`
}

ExternalSecretList contains a list of ExternalSecret resources.

func (*ExternalSecretList) DeepCopy

func (in *ExternalSecretList) DeepCopy() *ExternalSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretList.

func (*ExternalSecretList) DeepCopyInto

func (in *ExternalSecretList) DeepCopyInto(out *ExternalSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ExternalSecretList) DeepCopyObject

func (in *ExternalSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ExternalSecretSpec

type ExternalSecretSpec struct {
	SecretStoreRef SecretStoreRef `json:"secretStoreRef"`

	Target ExternalSecretTarget `json:"target"`

	// RefreshInterval is the amount of time before the values are read again from the SecretStore provider
	// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
	// May be set to zero to fetch and create it once. Defaults to 1h.
	// +kubebuilder:default="1h"
	RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"`

	// Data defines the connection between the Kubernetes Secret keys and the Provider data
	// +optional
	Data []ExternalSecretData `json:"data,omitempty"`

	// DataFrom is used to fetch all properties from a specific Provider data
	// If multiple entries are specified, the Secret keys are merged in the specified order
	// +optional
	DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"`
}

ExternalSecretSpec defines the desired state of ExternalSecret.

func (*ExternalSecretSpec) DeepCopy

func (in *ExternalSecretSpec) DeepCopy() *ExternalSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretSpec.

func (*ExternalSecretSpec) DeepCopyInto

func (in *ExternalSecretSpec) DeepCopyInto(out *ExternalSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatus

type ExternalSecretStatus struct {
	// +nullable
	// refreshTime is the time and date the external secret was fetched and
	// the target secret updated
	RefreshTime metav1.Time `json:"refreshTime,omitempty"`

	// SyncedResourceVersion keeps track of the last synced version
	SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"`

	// +optional
	Conditions []ExternalSecretStatusCondition `json:"conditions,omitempty"`

	// Binding represents a servicebinding.io Provisioned Service reference to the secret
	Binding corev1.LocalObjectReference `json:"binding,omitempty"`
}

func (*ExternalSecretStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatus.

func (*ExternalSecretStatus) DeepCopyInto

func (in *ExternalSecretStatus) DeepCopyInto(out *ExternalSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretStatusCondition

type ExternalSecretStatusCondition struct {
	Type   ExternalSecretConditionType `json:"type"`
	Status corev1.ConditionStatus      `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*ExternalSecretStatusCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretStatusCondition.

func (*ExternalSecretStatusCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTarget

type ExternalSecretTarget struct {
	// Name defines the name of the Secret resource to be managed
	// This field is immutable
	// Defaults to the .metadata.name of the ExternalSecret resource
	// +optional
	Name string `json:"name,omitempty"`

	// CreationPolicy defines rules on how to create the resulting Secret
	// Defaults to 'Owner'
	// +optional
	// +kubebuilder:default="Owner"
	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`

	// Template defines a blueprint for the created Secret resource.
	// +optional
	Template *ExternalSecretTemplate `json:"template,omitempty"`

	// Immutable defines if the final secret will be immutable
	// +optional
	Immutable bool `json:"immutable,omitempty"`
}

ExternalSecretTarget defines the Kubernetes Secret to be created There can be only one target per ExternalSecret.

func (*ExternalSecretTarget) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTarget.

func (*ExternalSecretTarget) DeepCopyInto

func (in *ExternalSecretTarget) DeepCopyInto(out *ExternalSecretTarget)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplate

type ExternalSecretTemplate struct {
	// +optional
	Type corev1.SecretType `json:"type,omitempty"`

	// EngineVersion specifies the template engine version
	// that should be used to compile/execute the
	// template specified in .data and .templateFrom[].
	// +kubebuilder:default="v1"
	EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"`

	// +optional
	Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"`

	// +optional
	Data map[string]string `json:"data,omitempty"`

	// +optional
	TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"`
}

ExternalSecretTemplate defines a blueprint for the created Secret resource. we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448

func (*ExternalSecretTemplate) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplate.

func (*ExternalSecretTemplate) DeepCopyInto

func (in *ExternalSecretTemplate) DeepCopyInto(out *ExternalSecretTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalSecretTemplateMetadata

type ExternalSecretTemplateMetadata struct {
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// +optional
	Labels map[string]string `json:"labels,omitempty"`
}

ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.

func (*ExternalSecretTemplateMetadata) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalSecretTemplateMetadata.

func (*ExternalSecretTemplateMetadata) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FakeProvider added in v0.4.0

type FakeProvider struct {
	Data []FakeProviderData `json:"data"`
}

FakeProvider configures a fake provider that returns static values.

func (*FakeProvider) DeepCopy added in v0.4.0

func (in *FakeProvider) DeepCopy() *FakeProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProvider.

func (*FakeProvider) DeepCopyInto added in v0.4.0

func (in *FakeProvider) DeepCopyInto(out *FakeProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FakeProviderData added in v0.4.0

type FakeProviderData struct {
	Key      string            `json:"key"`
	Value    string            `json:"value,omitempty"`
	ValueMap map[string]string `json:"valueMap,omitempty"`
	Version  string            `json:"version,omitempty"`
}

func (*FakeProviderData) DeepCopy added in v0.4.0

func (in *FakeProviderData) DeepCopy() *FakeProviderData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FakeProviderData.

func (*FakeProviderData) DeepCopyInto added in v0.4.0

func (in *FakeProviderData) DeepCopyInto(out *FakeProviderData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuth added in v0.2.0

type GCPSMAuth struct {
	// +optional
	SecretRef *GCPSMAuthSecretRef `json:"secretRef,omitempty"`
	// +optional
	WorkloadIdentity *GCPWorkloadIdentity `json:"workloadIdentity,omitempty"`
}

func (*GCPSMAuth) DeepCopy added in v0.2.0

func (in *GCPSMAuth) DeepCopy() *GCPSMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuth.

func (*GCPSMAuth) DeepCopyInto added in v0.2.0

func (in *GCPSMAuth) DeepCopyInto(out *GCPSMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMAuthSecretRef added in v0.2.0

type GCPSMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	// +optional
	SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}

func (*GCPSMAuthSecretRef) DeepCopy added in v0.2.0

func (in *GCPSMAuthSecretRef) DeepCopy() *GCPSMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMAuthSecretRef.

func (*GCPSMAuthSecretRef) DeepCopyInto added in v0.2.0

func (in *GCPSMAuthSecretRef) DeepCopyInto(out *GCPSMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPSMProvider added in v0.2.0

type GCPSMProvider struct {
	// Auth defines the information necessary to authenticate against GCP
	// +optional
	Auth GCPSMAuth `json:"auth,omitempty"`

	// ProjectID project where secret is located
	ProjectID string `json:"projectID,omitempty"`
}

GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.

func (*GCPSMProvider) DeepCopy added in v0.2.0

func (in *GCPSMProvider) DeepCopy() *GCPSMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPSMProvider.

func (*GCPSMProvider) DeepCopyInto added in v0.2.0

func (in *GCPSMProvider) DeepCopyInto(out *GCPSMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPWorkloadIdentity added in v0.3.11

type GCPWorkloadIdentity struct {
	ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"`
	ClusterLocation   string                        `json:"clusterLocation"`
	ClusterName       string                        `json:"clusterName"`
	ClusterProjectID  string                        `json:"clusterProjectID,omitempty"`
}

func (*GCPWorkloadIdentity) DeepCopy added in v0.3.11

func (in *GCPWorkloadIdentity) DeepCopy() *GCPWorkloadIdentity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPWorkloadIdentity.

func (*GCPWorkloadIdentity) DeepCopyInto added in v0.3.11

func (in *GCPWorkloadIdentity) DeepCopyInto(out *GCPWorkloadIdentity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenericStore

type GenericStore interface {
	runtime.Object
	metav1.Object

	GetObjectMeta() *metav1.ObjectMeta
	GetTypeMeta() *metav1.TypeMeta

	GetSpec() *SecretStoreSpec
	GetNamespacedName() string
	GetStatus() SecretStoreStatus
	SetStatus(status SecretStoreStatus)
	Copy() GenericStore
}

GenericStore is a common interface for interacting with ClusterSecretStore or a namespaced SecretStore.

type GitlabAuth added in v0.3.5

type GitlabAuth struct {
	SecretRef GitlabSecretRef `json:"SecretRef"`
}

func (*GitlabAuth) DeepCopy added in v0.3.5

func (in *GitlabAuth) DeepCopy() *GitlabAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabAuth.

func (*GitlabAuth) DeepCopyInto added in v0.3.5

func (in *GitlabAuth) DeepCopyInto(out *GitlabAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitlabProvider added in v0.3.5

type GitlabProvider struct {
	// URL configures the GitLab instance URL. Defaults to https://gitlab.com/.
	URL string `json:"url,omitempty"`

	// Auth configures how secret-manager authenticates with a GitLab instance.
	Auth GitlabAuth `json:"auth"`

	// ProjectID specifies a project where secrets are located.
	ProjectID string `json:"projectID,omitempty"`
}

Configures a store to sync secrets with a GitLab instance.

func (*GitlabProvider) DeepCopy added in v0.3.5

func (in *GitlabProvider) DeepCopy() *GitlabProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabProvider.

func (*GitlabProvider) DeepCopyInto added in v0.3.5

func (in *GitlabProvider) DeepCopyInto(out *GitlabProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitlabSecretRef added in v0.3.5

type GitlabSecretRef struct {
	// AccessToken is used for authentication.
	AccessToken esmeta.SecretKeySelector `json:"accessToken,omitempty"`
}

func (*GitlabSecretRef) DeepCopy added in v0.3.5

func (in *GitlabSecretRef) DeepCopy() *GitlabSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitlabSecretRef.

func (*GitlabSecretRef) DeepCopyInto added in v0.3.5

func (in *GitlabSecretRef) DeepCopyInto(out *GitlabSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMAuth added in v0.2.2

type IBMAuth struct {
	SecretRef IBMAuthSecretRef `json:"secretRef"`
}

func (*IBMAuth) DeepCopy added in v0.2.2

func (in *IBMAuth) DeepCopy() *IBMAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuth.

func (*IBMAuth) DeepCopyInto added in v0.2.2

func (in *IBMAuth) DeepCopyInto(out *IBMAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMAuthSecretRef added in v0.2.2

type IBMAuthSecretRef struct {
	// The SecretAccessKey is used for authentication
	// +optional
	SecretAPIKey esmeta.SecretKeySelector `json:"secretApiKeySecretRef,omitempty"`
}

func (*IBMAuthSecretRef) DeepCopy added in v0.2.2

func (in *IBMAuthSecretRef) DeepCopy() *IBMAuthSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMAuthSecretRef.

func (*IBMAuthSecretRef) DeepCopyInto added in v0.2.2

func (in *IBMAuthSecretRef) DeepCopyInto(out *IBMAuthSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IBMProvider added in v0.2.2

type IBMProvider struct {
	// Auth configures how secret-manager authenticates with the IBM secrets manager.
	Auth IBMAuth `json:"auth"`

	// ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance
	ServiceURL *string `json:"serviceUrl,omitempty"`
}

Configures an store to sync secrets using a IBM Cloud Secrets Manager backend.

func (*IBMProvider) DeepCopy added in v0.2.2

func (in *IBMProvider) DeepCopy() *IBMProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMProvider.

func (*IBMProvider) DeepCopyInto added in v0.2.2

func (in *IBMProvider) DeepCopyInto(out *IBMProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuth added in v0.5.0

type KubernetesAuth struct {
	// has both clientCert and clientKey as secretKeySelector
	// +optional
	Cert *CertAuth `json:"cert,omitempty"`

	// use static token to authenticate with
	// +optional
	Token *TokenAuth `json:"token,omitempty"`

	// points to a service account that should be used for authentication
	// +optional
	ServiceAccount *ServiceAccountAuth `json:"serviceAccount,omitempty"`
}

+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*KubernetesAuth) DeepCopy added in v0.5.0

func (in *KubernetesAuth) DeepCopy() *KubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuth.

func (*KubernetesAuth) DeepCopyInto added in v0.5.0

func (in *KubernetesAuth) DeepCopyInto(out *KubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesProvider added in v0.5.0

type KubernetesProvider struct {
	// configures the Kubernetes server Address.
	Server KubernetesServer `json:"server,omitempty"`

	// Auth configures how secret-manager authenticates with a Kubernetes instance.
	Auth KubernetesAuth `json:"auth"`

	// Remote namespace to fetch the secrets from
	// +kubebuilder:default= default
	// +optional
	RemoteNamespace string `json:"remoteNamespace"`
}

Configures a store to sync secrets with a Kubernetes instance.

func (*KubernetesProvider) DeepCopy added in v0.5.0

func (in *KubernetesProvider) DeepCopy() *KubernetesProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesProvider.

func (*KubernetesProvider) DeepCopyInto added in v0.5.0

func (in *KubernetesProvider) DeepCopyInto(out *KubernetesProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesServer added in v0.5.0

type KubernetesServer struct {

	// configures the Kubernetes server Address.
	// +kubebuilder:default=kubernetes.default
	// +optional
	URL string `json:"url,omitempty"`

	// CABundle is a base64-encoded CA certificate
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`
}

func (*KubernetesServer) DeepCopy added in v0.5.0

func (in *KubernetesServer) DeepCopy() *KubernetesServer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServer.

func (*KubernetesServer) DeepCopyInto added in v0.5.0

func (in *KubernetesServer) DeepCopyInto(out *KubernetesServer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OracleAuth added in v0.3.6

type OracleAuth struct {
	// Tenancy is the tenancy OCID where user is located.
	Tenancy string `json:"tenancy"`

	// User is an access OCID specific to the account.
	User string `json:"user"`

	// SecretRef to pass through sensitive information.
	SecretRef OracleSecretRef `json:"secretRef"`
}

func (*OracleAuth) DeepCopy added in v0.3.6

func (in *OracleAuth) DeepCopy() *OracleAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleAuth.

func (*OracleAuth) DeepCopyInto added in v0.3.6

func (in *OracleAuth) DeepCopyInto(out *OracleAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OracleProvider added in v0.3.6

type OracleProvider struct {
	// Region is the region where vault is located.
	Region string `json:"region"`

	// Vault is the vault's OCID of the specific vault where secret is located.
	Vault string `json:"vault"`

	// Auth configures how secret-manager authenticates with the Oracle Vault.
	// If empty, use the instance principal, otherwise the user credentials specified in Auth.
	// +optional
	Auth *OracleAuth `json:"auth,omitempty"`
}

Configures an store to sync secrets using a Oracle Vault backend.

func (*OracleProvider) DeepCopy added in v0.3.6

func (in *OracleProvider) DeepCopy() *OracleProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleProvider.

func (*OracleProvider) DeepCopyInto added in v0.3.6

func (in *OracleProvider) DeepCopyInto(out *OracleProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OracleSecretRef added in v0.3.6

type OracleSecretRef struct {
	// PrivateKey is the user's API Signing Key in PEM format, used for authentication.
	PrivateKey esmeta.SecretKeySelector `json:"privatekey"`

	// Fingerprint is the fingerprint of the API private key.
	Fingerprint esmeta.SecretKeySelector `json:"fingerprint"`
}

func (*OracleSecretRef) DeepCopy added in v0.3.6

func (in *OracleSecretRef) DeepCopy() *OracleSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OracleSecretRef.

func (*OracleSecretRef) DeepCopyInto added in v0.3.6

func (in *OracleSecretRef) DeepCopyInto(out *OracleSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecret added in v0.7.0

type PushSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PushSecretSpec   `json:"spec,omitempty"`
	Status PushSecretStatus `json:"status,omitempty"`
}

func (*PushSecret) DeepCopy added in v0.7.0

func (in *PushSecret) DeepCopy() *PushSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecret.

func (*PushSecret) DeepCopyInto added in v0.7.0

func (in *PushSecret) DeepCopyInto(out *PushSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PushSecret) DeepCopyObject added in v0.7.0

func (in *PushSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PushSecretConditionType added in v0.7.0

type PushSecretConditionType string

PushSecretConditionType indicates the condition of the PushSecret.

const (
	PushSecretReady PushSecretConditionType = "Ready"
)

type PushSecretData added in v0.7.0

type PushSecretData struct {
	// Match a given Secret Key to be pushed to the provider.
	Match PushSecretMatch `json:"match"`
}

func (*PushSecretData) DeepCopy added in v0.7.0

func (in *PushSecretData) DeepCopy() *PushSecretData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretData.

func (*PushSecretData) DeepCopyInto added in v0.7.0

func (in *PushSecretData) DeepCopyInto(out *PushSecretData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecretDeletionPolicy added in v0.7.0

type PushSecretDeletionPolicy string
const (
	PushSecretDeletionPolicyDelete PushSecretDeletionPolicy = "Delete"
	PushSecretDeletionPolicyNone   PushSecretDeletionPolicy = "None"
)

type PushSecretList added in v0.7.0

type PushSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PushSecret `json:"items"`
}

+kubebuilder:object:root=true +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` PushSecretList contains a list of PushSecret resources.

func (*PushSecretList) DeepCopy added in v0.7.0

func (in *PushSecretList) DeepCopy() *PushSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretList.

func (*PushSecretList) DeepCopyInto added in v0.7.0

func (in *PushSecretList) DeepCopyInto(out *PushSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PushSecretList) DeepCopyObject added in v0.7.0

func (in *PushSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PushSecretMatch added in v0.7.0

type PushSecretMatch struct {
	// Secret Key to be pushed
	SecretKey string `json:"secretKey"`
	// Remote Refs to push to providers.
	RemoteRef PushSecretRemoteRef `json:"remoteRef"`
}

func (*PushSecretMatch) DeepCopy added in v0.7.0

func (in *PushSecretMatch) DeepCopy() *PushSecretMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretMatch.

func (*PushSecretMatch) DeepCopyInto added in v0.7.0

func (in *PushSecretMatch) DeepCopyInto(out *PushSecretMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecretRemoteRef added in v0.7.0

type PushSecretRemoteRef struct {
	// Name of the resulting provider secret.
	RemoteKey string `json:"remoteKey"`

	// Name of the property in the resulting secret
	// +optional
	Property string `json:"property,omitempty"`
}

func (*PushSecretRemoteRef) DeepCopy added in v0.7.0

func (in *PushSecretRemoteRef) DeepCopy() *PushSecretRemoteRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretRemoteRef.

func (*PushSecretRemoteRef) DeepCopyInto added in v0.7.0

func (in *PushSecretRemoteRef) DeepCopyInto(out *PushSecretRemoteRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (PushSecretRemoteRef) GetProperty added in v0.7.3

func (r PushSecretRemoteRef) GetProperty() string

func (PushSecretRemoteRef) GetRemoteKey added in v0.7.0

func (r PushSecretRemoteRef) GetRemoteKey() string

type PushSecretSecret added in v0.7.0

type PushSecretSecret struct {
	// Name of the Secret. The Secret must exist in the same namespace as the PushSecret manifest.
	Name string `json:"name"`
}

func (*PushSecretSecret) DeepCopy added in v0.7.0

func (in *PushSecretSecret) DeepCopy() *PushSecretSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretSecret.

func (*PushSecretSecret) DeepCopyInto added in v0.7.0

func (in *PushSecretSecret) DeepCopyInto(out *PushSecretSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecretSelector added in v0.7.0

type PushSecretSelector struct {
	// Select a Secret to Push.
	Secret PushSecretSecret `json:"secret"`
}

func (*PushSecretSelector) DeepCopy added in v0.7.0

func (in *PushSecretSelector) DeepCopy() *PushSecretSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretSelector.

func (*PushSecretSelector) DeepCopyInto added in v0.7.0

func (in *PushSecretSelector) DeepCopyInto(out *PushSecretSelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecretSpec added in v0.7.0

type PushSecretSpec struct {
	// The Interval to which External Secrets will try to push a secret definition
	RefreshInterval *metav1.Duration     `json:"refreshInterval,omitempty"`
	SecretStoreRefs []PushSecretStoreRef `json:"secretStoreRefs"`
	// Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".
	// +kubebuilder:default="None"
	// +optional
	DeletionPolicy PushSecretDeletionPolicy `json:"deletionPolicy,omitempty"`
	// The Secret Selector (k8s source) for the Push Secret
	Selector PushSecretSelector `json:"selector"`
	// Secret Data that should be pushed to providers
	Data []PushSecretData `json:"data,omitempty"`
}

PushSecretSpec configures the behavior of the PushSecret.

func (*PushSecretSpec) DeepCopy added in v0.7.0

func (in *PushSecretSpec) DeepCopy() *PushSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretSpec.

func (*PushSecretSpec) DeepCopyInto added in v0.7.0

func (in *PushSecretSpec) DeepCopyInto(out *PushSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecretStatus added in v0.7.0

type PushSecretStatus struct {
	// +nullable
	// refreshTime is the time and date the external secret was fetched and
	// the target secret updated
	RefreshTime metav1.Time `json:"refreshTime,omitempty"`

	// SyncedResourceVersion keeps track of the last synced version.
	SyncedResourceVersion string `json:"syncedResourceVersion,omitempty"`
	// Synced Push Secrets for later deletion. Matches Secret Stores to PushSecretData that was stored to that secretStore.
	// +optional
	SyncedPushSecrets SyncedPushSecretsMap `json:"syncedPushSecrets,omitempty"`
	// +optional
	Conditions []PushSecretStatusCondition `json:"conditions,omitempty"`
}

PushSecretStatus indicates the history of the status of PushSecret.

func (*PushSecretStatus) DeepCopy added in v0.7.0

func (in *PushSecretStatus) DeepCopy() *PushSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretStatus.

func (*PushSecretStatus) DeepCopyInto added in v0.7.0

func (in *PushSecretStatus) DeepCopyInto(out *PushSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecretStatusCondition added in v0.7.0

type PushSecretStatusCondition struct {
	Type   PushSecretConditionType `json:"type"`
	Status corev1.ConditionStatus  `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

PushSecretStatusCondition indicates the status of the PushSecret.

func (*PushSecretStatusCondition) DeepCopy added in v0.7.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretStatusCondition.

func (*PushSecretStatusCondition) DeepCopyInto added in v0.7.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PushSecretStoreRef added in v0.7.0

type PushSecretStoreRef struct {
	// Optionally, sync to the SecretStore of the given name
	// +optional
	Name string `json:"name"`
	// Optionally, sync to secret stores with label selector
	// +optional
	LabelSelector *metav1.LabelSelector `json:"labelSelector"`
	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
	// Defaults to `SecretStore`
	// +kubebuilder:default="SecretStore"
	// +optional
	Kind string `json:"kind,omitempty"`
}

func (*PushSecretStoreRef) DeepCopy added in v0.7.0

func (in *PushSecretStoreRef) DeepCopy() *PushSecretStoreRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretStoreRef.

func (*PushSecretStoreRef) DeepCopyInto added in v0.7.0

func (in *PushSecretStoreRef) DeepCopyInto(out *PushSecretStoreRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStore

type SecretStore struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretStoreSpec   `json:"spec,omitempty"`
	Status SecretStoreStatus `json:"status,omitempty"`
}

SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields. +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` +kubebuilder:subresource:status +kubebuilder:deprecatedversion +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss

func (*SecretStore) ConvertFrom added in v0.5.0

func (c *SecretStore) ConvertFrom(betaRaw conversion.Hub) error

func (*SecretStore) ConvertTo added in v0.5.0

func (c *SecretStore) ConvertTo(betaRaw conversion.Hub) error

func (*SecretStore) Copy

func (c *SecretStore) Copy() GenericStore

func (*SecretStore) DeepCopy

func (in *SecretStore) DeepCopy() *SecretStore

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStore.

func (*SecretStore) DeepCopyInto

func (in *SecretStore) DeepCopyInto(out *SecretStore)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStore) DeepCopyObject

func (in *SecretStore) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretStore) GetNamespacedName

func (c *SecretStore) GetNamespacedName() string

func (*SecretStore) GetObjectMeta

func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta

func (*SecretStore) GetSpec

func (c *SecretStore) GetSpec() *SecretStoreSpec

func (*SecretStore) GetStatus added in v0.4.2

func (c *SecretStore) GetStatus() SecretStoreStatus

func (*SecretStore) GetTypeMeta added in v0.4.2

func (c *SecretStore) GetTypeMeta() *metav1.TypeMeta

func (*SecretStore) SetStatus added in v0.4.2

func (c *SecretStore) SetStatus(status SecretStoreStatus)

func (*SecretStore) SetupWebhookWithManager added in v0.5.0

func (c *SecretStore) SetupWebhookWithManager(mgr ctrl.Manager) error

type SecretStoreConditionType

type SecretStoreConditionType string

type SecretStoreList

type SecretStoreList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretStore `json:"items"`
}

SecretStoreList contains a list of SecretStore resources.

func (*SecretStoreList) DeepCopy

func (in *SecretStoreList) DeepCopy() *SecretStoreList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreList.

func (*SecretStoreList) DeepCopyInto

func (in *SecretStoreList) DeepCopyInto(out *SecretStoreList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretStoreList) DeepCopyObject

func (in *SecretStoreList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecretStoreProvider

type SecretStoreProvider struct {
	// AWS configures this store to sync secrets using AWS Secret Manager provider
	// +optional
	AWS *AWSProvider `json:"aws,omitempty"`

	// AzureKV configures this store to sync secrets using Azure Key Vault provider
	// +optional
	AzureKV *AzureKVProvider `json:"azurekv,omitempty"`

	// Akeyless configures this store to sync secrets using Akeyless Vault provider
	// +optional
	Akeyless *AkeylessProvider `json:"akeyless,omitempty"`

	// Vault configures this store to sync secrets using Hashi provider
	// +optional
	Vault *VaultProvider `json:"vault,omitempty"`

	// GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider
	// +optional
	GCPSM *GCPSMProvider `json:"gcpsm,omitempty"`

	// Oracle configures this store to sync secrets using Oracle Vault provider
	// +optional
	Oracle *OracleProvider `json:"oracle,omitempty"`

	// IBM configures this store to sync secrets using IBM Cloud provider
	// +optional
	IBM *IBMProvider `json:"ibm,omitempty"`

	// YandexLockbox configures this store to sync secrets using Yandex Lockbox provider
	// +optional
	YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"`

	// GitLab configures this store to sync secrets using GitLab Variables provider
	// +optional
	Gitlab *GitlabProvider `json:"gitlab,omitempty"`

	// Alibaba configures this store to sync secrets using Alibaba Cloud provider
	// +optional
	Alibaba *AlibabaProvider `json:"alibaba,omitempty"`

	// Webhook configures this store to sync secrets using a generic templated webhook
	// +optional
	Webhook *WebhookProvider `json:"webhook,omitempty"`

	// Kubernetes configures this store to sync secrets using a Kubernetes cluster provider
	// +optional
	Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"`

	// Fake configures a store with static key/value pairs
	// +optional
	Fake *FakeProvider `json:"fake,omitempty"`
}

SecretStoreProvider contains the provider-specific configration. +kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*SecretStoreProvider) DeepCopy

func (in *SecretStoreProvider) DeepCopy() *SecretStoreProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider.

func (*SecretStoreProvider) DeepCopyInto

func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreRef

type SecretStoreRef struct {
	// Name of the SecretStore resource
	Name string `json:"name"`

	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
	// Defaults to `SecretStore`
	// +optional
	Kind string `json:"kind,omitempty"`
}

SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.

func (*SecretStoreRef) DeepCopy

func (in *SecretStoreRef) DeepCopy() *SecretStoreRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRef.

func (*SecretStoreRef) DeepCopyInto

func (in *SecretStoreRef) DeepCopyInto(out *SecretStoreRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreRetrySettings added in v0.3.10

type SecretStoreRetrySettings struct {
	MaxRetries    *int32  `json:"maxRetries,omitempty"`
	RetryInterval *string `json:"retryInterval,omitempty"`
}

func (*SecretStoreRetrySettings) DeepCopy added in v0.3.10

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreRetrySettings.

func (*SecretStoreRetrySettings) DeepCopyInto added in v0.3.10

func (in *SecretStoreRetrySettings) DeepCopyInto(out *SecretStoreRetrySettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreSpec

type SecretStoreSpec struct {
	// Used to select the correct ESO controller (think: ingress.ingressClassName)
	// The ESO controller is instantiated with a specific controller name and filters ES based on this property
	// +optional
	Controller string `json:"controller"`

	// Used to configure the provider. Only one provider may be set
	Provider *SecretStoreProvider `json:"provider"`

	// Used to configure http retries if failed
	// +optional
	RetrySettings *SecretStoreRetrySettings `json:"retrySettings,omitempty"`
}

SecretStoreSpec defines the desired state of SecretStore.

func (*SecretStoreSpec) DeepCopy

func (in *SecretStoreSpec) DeepCopy() *SecretStoreSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreSpec.

func (*SecretStoreSpec) DeepCopyInto

func (in *SecretStoreSpec) DeepCopyInto(out *SecretStoreSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatus

type SecretStoreStatus struct {
	// +optional
	Conditions []SecretStoreStatusCondition `json:"conditions"`
}

SecretStoreStatus defines the observed state of the SecretStore.

func (*SecretStoreStatus) DeepCopy

func (in *SecretStoreStatus) DeepCopy() *SecretStoreStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatus.

func (*SecretStoreStatus) DeepCopyInto

func (in *SecretStoreStatus) DeepCopyInto(out *SecretStoreStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretStoreStatusCondition

type SecretStoreStatusCondition struct {
	Type   SecretStoreConditionType `json:"type"`
	Status corev1.ConditionStatus   `json:"status"`

	// +optional
	Reason string `json:"reason,omitempty"`

	// +optional
	Message string `json:"message,omitempty"`

	// +optional
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}

func (*SecretStoreStatusCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreStatusCondition.

func (*SecretStoreStatusCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountAuth added in v0.5.0

type ServiceAccountAuth struct {
	ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccount,omitempty"`
}

func (*ServiceAccountAuth) DeepCopy added in v0.5.0

func (in *ServiceAccountAuth) DeepCopy() *ServiceAccountAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountAuth.

func (*ServiceAccountAuth) DeepCopyInto added in v0.5.0

func (in *ServiceAccountAuth) DeepCopyInto(out *ServiceAccountAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SyncedPushSecretsMap added in v0.7.0

type SyncedPushSecretsMap map[string]map[string]PushSecretData

func (SyncedPushSecretsMap) DeepCopy added in v0.7.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncedPushSecretsMap.

func (SyncedPushSecretsMap) DeepCopyInto added in v0.7.0

func (in SyncedPushSecretsMap) DeepCopyInto(out *SyncedPushSecretsMap)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateEngineVersion added in v0.4.3

type TemplateEngineVersion string
const (
	TemplateEngineV1 TemplateEngineVersion = "v1"
	TemplateEngineV2 TemplateEngineVersion = "v2"
)

type TemplateFrom added in v0.2.2

type TemplateFrom struct {
	ConfigMap *TemplateRef `json:"configMap,omitempty"`
	Secret    *TemplateRef `json:"secret,omitempty"`
}

+kubebuilder:validation:MinProperties=1 +kubebuilder:validation:MaxProperties=1

func (*TemplateFrom) DeepCopy added in v0.2.2

func (in *TemplateFrom) DeepCopy() *TemplateFrom

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateFrom.

func (*TemplateFrom) DeepCopyInto added in v0.2.2

func (in *TemplateFrom) DeepCopyInto(out *TemplateFrom)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateRef added in v0.2.2

type TemplateRef struct {
	Name  string            `json:"name"`
	Items []TemplateRefItem `json:"items"`
}

func (*TemplateRef) DeepCopy added in v0.2.2

func (in *TemplateRef) DeepCopy() *TemplateRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRef.

func (*TemplateRef) DeepCopyInto added in v0.2.2

func (in *TemplateRef) DeepCopyInto(out *TemplateRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TemplateRefItem added in v0.2.2

type TemplateRefItem struct {
	Key string `json:"key"`
}

func (*TemplateRefItem) DeepCopy added in v0.2.2

func (in *TemplateRefItem) DeepCopy() *TemplateRefItem

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateRefItem.

func (*TemplateRefItem) DeepCopyInto added in v0.2.2

func (in *TemplateRefItem) DeepCopyInto(out *TemplateRefItem)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TokenAuth added in v0.5.0

type TokenAuth struct {
	BearerToken esmeta.SecretKeySelector `json:"bearerToken,omitempty"`
}

func (*TokenAuth) DeepCopy added in v0.5.0

func (in *TokenAuth) DeepCopy() *TokenAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenAuth.

func (*TokenAuth) DeepCopyInto added in v0.5.0

func (in *TokenAuth) DeepCopyInto(out *TokenAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAppRole

type VaultAppRole struct {
	// Path where the App Role authentication backend is mounted
	// in Vault, e.g: "approle"
	// +kubebuilder:default=approle
	Path string `json:"path"`

	// RoleID configured in the App Role authentication backend when setting
	// up the authentication backend in Vault.
	RoleID string `json:"roleId"`

	// Reference to a key in a Secret that contains the App Role secret used
	// to authenticate with Vault.
	// The `key` field must be specified and denotes which entry within the Secret
	// resource is used as the app role secret.
	SecretRef esmeta.SecretKeySelector `json:"secretRef"`
}

VaultAppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.

func (*VaultAppRole) DeepCopy

func (in *VaultAppRole) DeepCopy() *VaultAppRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAppRole.

func (*VaultAppRole) DeepCopyInto

func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultAuth

type VaultAuth struct {
	// TokenSecretRef authenticates with Vault by presenting a token.
	// +optional
	TokenSecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`

	// AppRole authenticates with Vault using the App Role auth mechanism,
	// with the role and secret stored in a Kubernetes Secret resource.
	// +optional
	AppRole *VaultAppRole `json:"appRole,omitempty"`

	// Kubernetes authenticates with Vault by passing the ServiceAccount
	// token stored in the named Secret resource to the Vault server.
	// +optional
	Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`

	// Ldap authenticates with Vault by passing username/password pair using
	// the LDAP authentication method
	// +optional
	Ldap *VaultLdapAuth `json:"ldap,omitempty"`

	// Jwt authenticates with Vault by passing role and JWT token using the
	// JWT/OIDC authentication method
	// +optional
	Jwt *VaultJwtAuth `json:"jwt,omitempty"`

	// Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate
	// Cert authentication method
	// +optional
	Cert *VaultCertAuth `json:"cert,omitempty"`
}

VaultAuth is the configuration used to authenticate with a Vault server. Only one of `tokenSecretRef`, `appRole`, `kubernetes`, `ldap`, `jwt` or `cert` can be specified.

func (*VaultAuth) DeepCopy

func (in *VaultAuth) DeepCopy() *VaultAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.

func (*VaultAuth) DeepCopyInto

func (in *VaultAuth) DeepCopyInto(out *VaultAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertAuth added in v0.3.3

type VaultCertAuth struct {
	// ClientCert is a certificate to authenticate using the Cert Vault
	// authentication method
	// +optional
	ClientCert esmeta.SecretKeySelector `json:"clientCert,omitempty"`

	// SecretRef to a key in a Secret resource containing client private key to
	// authenticate with Vault using the Cert authentication method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and token stored in a Kubernetes Secret resource.

func (*VaultCertAuth) DeepCopy added in v0.3.3

func (in *VaultCertAuth) DeepCopy() *VaultCertAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertAuth.

func (*VaultCertAuth) DeepCopyInto added in v0.3.3

func (in *VaultCertAuth) DeepCopyInto(out *VaultCertAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultJwtAuth added in v0.1.3

type VaultJwtAuth struct {
	// Path where the JWT authentication backend is mounted
	// in Vault, e.g: "jwt"
	// +kubebuilder:default=jwt
	Path string `json:"path"`

	// Role is a JWT role to authenticate using the JWT/OIDC Vault
	// authentication method
	// +optional
	Role string `json:"role"`

	// Optional SecretRef that refers to a key in a Secret resource containing JWT token to
	// authenticate with Vault using the JWT/OIDC authentication method.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// Optional ServiceAccountToken specifies the Kubernetes service account for which to request
	// a token for with the `TokenRequest` API.
	// +optional
	KubernetesServiceAccountToken *VaultKubernetesServiceAccountTokenAuth `json:"kubernetesServiceAccountToken,omitempty"`
}

VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication method, with the role name and a token stored in a Kubernetes Secret resource or a Kubernetes service account token retrieved via `TokenRequest`.

func (*VaultJwtAuth) DeepCopy added in v0.1.3

func (in *VaultJwtAuth) DeepCopy() *VaultJwtAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultJwtAuth.

func (*VaultJwtAuth) DeepCopyInto added in v0.1.3

func (in *VaultJwtAuth) DeepCopyInto(out *VaultJwtAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVStoreVersion

type VaultKVStoreVersion string
const (
	VaultKVStoreV1 VaultKVStoreVersion = "v1"
	VaultKVStoreV2 VaultKVStoreVersion = "v2"
)

type VaultKubernetesAuth

type VaultKubernetesAuth struct {
	// Path where the Kubernetes authentication backend is mounted in Vault, e.g:
	// "kubernetes"
	// +kubebuilder:default=kubernetes
	Path string `json:"mountPath"`

	// Optional service account field containing the name of a kubernetes ServiceAccount.
	// If the service account is specified, the service account secret token JWT will be used
	// for authenticating with Vault. If the service account selector is not supplied,
	// the secretRef will be used instead.
	// +optional
	ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`

	// Optional secret field containing a Kubernetes ServiceAccount JWT used
	// for authenticating with Vault. If a name is specified without a key,
	// `token` is the default. If one is not specified, the one bound to
	// the controller will be used.
	// +optional
	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`

	// A required field containing the Vault Role to assume. A Role binds a
	// Kubernetes ServiceAccount with a set of Vault policies.
	Role string `json:"role"`
}

Authenticate against Vault using a Kubernetes ServiceAccount token stored in a Secret.

func (*VaultKubernetesAuth) DeepCopy

func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesAuth.

func (*VaultKubernetesAuth) DeepCopyInto

func (in *VaultKubernetesAuth) DeepCopyInto(out *VaultKubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKubernetesServiceAccountTokenAuth added in v0.5.0

type VaultKubernetesServiceAccountTokenAuth struct {
	// Service account field containing the name of a kubernetes ServiceAccount.
	ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"`

	// Optional audiences field that will be used to request a temporary Kubernetes service
	// account token for the service account referenced by `serviceAccountRef`.
	// Defaults to a single audience `vault` it not specified.
	// +optional
	Audiences *[]string `json:"audiences,omitempty"`

	// Optional expiration time in seconds that will be used to request a temporary
	// Kubernetes service account token for the service account referenced by
	// `serviceAccountRef`.
	// Defaults to 10 minutes.
	// +optional
	ExpirationSeconds *int64 `json:"expirationSeconds,omitempty"`
}

VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary Kubernetes service account token retrieved by the `TokenRequest` API.

func (*VaultKubernetesServiceAccountTokenAuth) DeepCopy added in v0.5.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKubernetesServiceAccountTokenAuth.

func (*VaultKubernetesServiceAccountTokenAuth) DeepCopyInto added in v0.5.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultLdapAuth added in v0.1.3

type VaultLdapAuth struct {
	// Path where the LDAP authentication backend is mounted
	// in Vault, e.g: "ldap"
	// +kubebuilder:default=ldap
	Path string `json:"path"`

	// Username is a LDAP user name used to authenticate using the LDAP Vault
	// authentication method
	Username string `json:"username"`

	// SecretRef to a key in a Secret resource containing password for the LDAP
	// user used to authenticate with Vault using the LDAP authentication
	// method
	SecretRef esmeta.SecretKeySelector `json:"secretRef,omitempty"`
}

VaultLdapAuth authenticates with Vault using the LDAP authentication method, with the username and password stored in a Kubernetes Secret resource.

func (*VaultLdapAuth) DeepCopy added in v0.1.3

func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.

func (*VaultLdapAuth) DeepCopyInto added in v0.1.3

func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultProvider

type VaultProvider struct {
	// Auth configures how secret-manager authenticates with the Vault server.
	Auth VaultAuth `json:"auth"`

	// Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".
	Server string `json:"server"`

	// Path is the mount path of the Vault KV backend endpoint, e.g:
	// "secret". The v2 KV secret engine version specific "/data" path suffix
	// for fetching secrets from Vault is optional and will be appended
	// if not present in specified path.
	// +optional
	Path *string `json:"path"`

	// Version is the Vault KV secret engine version. This can be either "v1" or
	// "v2". Version defaults to "v2".
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum="v1";"v2"
	// +kubebuilder:default:="v2"
	Version VaultKVStoreVersion `json:"version"`

	// Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows
	// Vault environments to support Secure Multi-tenancy. e.g: "ns1".
	// More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces
	// +optional
	Namespace *string `json:"namespace,omitempty"`

	// PEM encoded CA bundle used to validate Vault server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// The provider for the CA bundle to use to validate Vault server certificate.
	// +optional
	CAProvider *CAProvider `json:"caProvider,omitempty"`

	// ReadYourWrites ensures isolated read-after-write semantics by
	// providing discovered cluster replication states in each request.
	// More information about eventual consistency in Vault can be found here
	// https://www.vaultproject.io/docs/enterprise/consistency
	// +optional
	ReadYourWrites bool `json:"readYourWrites,omitempty"`

	// ForwardInconsistent tells Vault to forward read-after-write requests to the Vault
	// leader instead of simply retrying within a loop. This can increase performance if
	// the option is enabled serverside.
	// https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
	// +optional
	ForwardInconsistent bool `json:"forwardInconsistent,omitempty"`
}

Configures an store to sync secrets using a HashiCorp Vault KV backend.

func (*VaultProvider) DeepCopy

func (in *VaultProvider) DeepCopy() *VaultProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider.

func (*VaultProvider) DeepCopyInto

func (in *VaultProvider) DeepCopyInto(out *VaultProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookCAProvider added in v0.4.0

type WebhookCAProvider struct {
	// The type of provider to use such as "Secret", or "ConfigMap".
	// +kubebuilder:validation:Enum="Secret";"ConfigMap"
	Type WebhookCAProviderType `json:"type"`

	// The name of the object located at the provider type.
	Name string `json:"name"`

	// The key the value inside of the provider type to use, only used with "Secret" type
	// +kubebuilder:validation:Optional
	Key string `json:"key,omitempty"`

	// The namespace the Provider type is in.
	// +optional
	Namespace *string `json:"namespace,omitempty"`
}

Defines a location to fetch the cert for the webhook provider from.

func (*WebhookCAProvider) DeepCopy added in v0.4.0

func (in *WebhookCAProvider) DeepCopy() *WebhookCAProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookCAProvider.

func (*WebhookCAProvider) DeepCopyInto added in v0.4.0

func (in *WebhookCAProvider) DeepCopyInto(out *WebhookCAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookCAProviderType added in v0.4.0

type WebhookCAProviderType string
const (
	WebhookCAProviderTypeSecret    WebhookCAProviderType = "Secret"
	WebhookCAProviderTypeConfigMap WebhookCAProviderType = "ConfigMap"
)

type WebhookProvider added in v0.4.0

type WebhookProvider struct {
	// Webhook Method
	// +optional, default GET
	Method string `json:"method,omitempty"`

	// Webhook url to call
	URL string `json:"url"`

	// Headers
	// +optional
	Headers map[string]string `json:"headers,omitempty"`

	// Body
	// +optional
	Body string `json:"body,omitempty"`

	// Timeout
	// +optional
	Timeout *metav1.Duration `json:"timeout,omitempty"`

	// Result formatting
	Result WebhookResult `json:"result"`

	// Secrets to fill in templates
	// These secrets will be passed to the templating function as key value pairs under the given name
	// +optional
	Secrets []WebhookSecret `json:"secrets,omitempty"`

	// PEM encoded CA bundle used to validate webhook server certificate. Only used
	// if the Server URL is using HTTPS protocol. This parameter is ignored for
	// plain HTTP protocol connection. If not set the system root certificates
	// are used to validate the TLS connection.
	// +optional
	CABundle []byte `json:"caBundle,omitempty"`

	// The provider for the CA bundle to use to validate webhook server certificate.
	// +optional
	CAProvider *WebhookCAProvider `json:"caProvider,omitempty"`
}

AkeylessProvider Configures an store to sync secrets using Akeyless KV.

func (*WebhookProvider) DeepCopy added in v0.4.0

func (in *WebhookProvider) DeepCopy() *WebhookProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookProvider.

func (*WebhookProvider) DeepCopyInto added in v0.4.0

func (in *WebhookProvider) DeepCopyInto(out *WebhookProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookResult added in v0.4.0

type WebhookResult struct {
	// Json path of return value
	// +optional
	JSONPath string `json:"jsonPath,omitempty"`
}

func (*WebhookResult) DeepCopy added in v0.4.0

func (in *WebhookResult) DeepCopy() *WebhookResult

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookResult.

func (*WebhookResult) DeepCopyInto added in v0.4.0

func (in *WebhookResult) DeepCopyInto(out *WebhookResult)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookSecret added in v0.4.0

type WebhookSecret struct {
	// Name of this secret in templates
	Name string `json:"name"`

	// Secret ref to fill in credentials
	SecretRef esmeta.SecretKeySelector `json:"secretRef"`
}

func (*WebhookSecret) DeepCopy added in v0.4.0

func (in *WebhookSecret) DeepCopy() *WebhookSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSecret.

func (*WebhookSecret) DeepCopyInto added in v0.4.0

func (in *WebhookSecret) DeepCopyInto(out *WebhookSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxAuth added in v0.3.5

type YandexLockboxAuth struct {
	// The authorized key used for authentication
	// +optional
	AuthorizedKey esmeta.SecretKeySelector `json:"authorizedKeySecretRef,omitempty"`
}

func (*YandexLockboxAuth) DeepCopy added in v0.3.5

func (in *YandexLockboxAuth) DeepCopy() *YandexLockboxAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxAuth.

func (*YandexLockboxAuth) DeepCopyInto added in v0.3.5

func (in *YandexLockboxAuth) DeepCopyInto(out *YandexLockboxAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxCAProvider added in v0.3.11

type YandexLockboxCAProvider struct {
	Certificate esmeta.SecretKeySelector `json:"certSecretRef,omitempty"`
}

func (*YandexLockboxCAProvider) DeepCopy added in v0.3.11

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxCAProvider.

func (*YandexLockboxCAProvider) DeepCopyInto added in v0.3.11

func (in *YandexLockboxCAProvider) DeepCopyInto(out *YandexLockboxCAProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type YandexLockboxProvider added in v0.3.5

type YandexLockboxProvider struct {
	// Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
	// +optional
	APIEndpoint string `json:"apiEndpoint,omitempty"`

	// Auth defines the information necessary to authenticate against Yandex Lockbox
	Auth YandexLockboxAuth `json:"auth"`

	// The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
	// +optional
	CAProvider *YandexLockboxCAProvider `json:"caProvider,omitempty"`
}

YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.

func (*YandexLockboxProvider) DeepCopy added in v0.3.5

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new YandexLockboxProvider.

func (*YandexLockboxProvider) DeepCopyInto added in v0.3.5

func (in *YandexLockboxProvider) DeepCopyInto(out *YandexLockboxProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL