v1alpha1

package
v0.1.23 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 21, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

+k8s:deepcopy-gen=package +k8s:openapi-gen=true Package v1alpha1 is the v1alpha1 version of the API. +groupName=secret.jenkins-x.io

Index

Constants

View Source
const (
	SecretMappingFileName = "secret-mappings.yaml"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AwsSecretsManager added in v0.1.23

type AwsSecretsManager struct {
	RoleArn      string `json:"roleArn,omitempty"`
	Region       string `json:"region,omitempty"`
	VersionStage string `json:"versionStage,omitempty"`
}

AwsSecretsManager stores default config when using AWS Secret Manager for secret storage

type AzureKeyVaultConfig

type AzureKeyVaultConfig struct {
	KeyVaultName string `json:"keyVaultName,omitempty"`
}

AzureKeyVaultConfig stores default config when using Azure Key Vault for secret storage

type BackendType

type BackendType string

BackendType describes a secrets backend

const (
	// BackendTypeAlicloud Alicloud KMS Secret Manager as the Backed service
	BackendTypeAlicloud BackendType = "alicloudSecretsManager"
	// BackendTypeAWSSecretsManager AWS Secrets Manager as the Backed service
	BackendTypeAWSSecretsManager BackendType = "secretsManager"
	// BackendTypeAWSParameterStore AWS SSM Parameter Store as the Backed service
	BackendTypeAWSParameterStore BackendType = "systemManager"
	// BackendTypeAzure Azure Key Vault as the Backed service
	BackendTypeAzure BackendType = "azureKeyVault"
	// BackendTypeGSM Google Secrets Manager is the Backed service
	BackendTypeGSM BackendType = "gcpSecretsManager"
	// BackendTypeIBMSecretsManager IBM Secrets Manager is the Backed service
	BackendTypeIBMSecretsManager BackendType = "ibmcloudSecretsManager"
	// BackendTypeLocal local secrets - i.e. vanilla k8s Secrets
	BackendTypeLocal BackendType = "local"
	// BackendTypeVault Vault is the Backed service
	BackendTypeVault BackendType = "vault"
	// BackendTypeNone if none is configured
	BackendTypeNone BackendType = ""
)

type Defaults

type Defaults struct {
	// DefaultBackendType the default back end to use if there's no specific mapping
	BackendType BackendType `json:"backendType,omitempty" validate:"nonzero"`

	// RoleArn is used for some back ends like AWS and Alicloud
	RoleArn string `json:"roleArn,omitempty"`

	// Region is used for some back ends like AWS
	Region string `json:"region,omitempty"`

	// VersionStage the default version stage to use which is used on some back ends like AWS and Alicloud
	VersionStage string `json:"versionStage,omitempty"`

	// AzureKeyVault config
	AzureKeyVaultConfig *AzureKeyVaultConfig `json:"azureKeyVault,omitempty"`

	// GcpSecretsManager config
	GcpSecretsManager *GcpSecretsManager `json:"gcpSecretsManager,omitempty"`
}

Defaults contains default mapping configuration for any Kubernetes secrets to External Secrets

type GcpSecretsManager

type GcpSecretsManager struct {
	// Version of the referenced secret
	Version string `json:"version,omitempty"`
	// ProjectID for the secret, defaults to the current GCP project
	ProjectID string `json:"projectId,omitempty"`
	// UniquePrefix needs to be a unique prefix in the GCP project where the secret resides, defaults to cluster name
	UniquePrefix string `json:"uniquePrefix,omitempty"`
}

GcpSecretsManager stores default config when using GSM for secret storage

type Mapping

type Mapping struct {
	// Name the secret entry name which maps to the Key of the Secret.Data map
	Name string `json:"name,omitempty"`

	// Key the Vault key to load the secret value
	// +optional
	Key string `json:"key,omitempty"`

	// Property the Vault property on the key to load the secret value
	// +optional
	Property string `json:"property,omitempty"`

	// VersionStage the version of the secret value
	// +optional
	VersionStage string `json:"versionStage,omitempty"`

	// IsBinary to indicate a binary secret
	// +optional
	IsBinary bool `json:"isBinary,omitempty"`
}

Mapping the predicates which must be true to invoke the associated tasks/pipelines

type SecretMapping

type SecretMapping struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata"`

	// Spec the definition of the secret mappings
	Spec SecretMappingSpec `json:"spec"`
}

SecretMapping represents a collection of mappings of Secrets to destinations in the underlying secret store (e.g. Vault keys)

+k8s:openapi-gen=true

func (*SecretMapping) DestinationString

func (c *SecretMapping) DestinationString(rule *SecretRule, mapping *Mapping) string

DestinationString returns a unique string for where the entry will be stored so that we can find secrets using the same storage location.

func (*SecretMapping) Find

func (c *SecretMapping) Find(secretName, dataKey string) *Mapping

Find finds a secret rule for the given secret name

func (*SecretMapping) FindRule

func (c *SecretMapping) FindRule(namespace, secretName string) *SecretRule

FindRule finds a secret rule for the given secret name

func (*SecretMapping) FindSecret

func (c *SecretMapping) FindSecret(secretName string) *SecretRule

Find finds a secret rule for the given secret name

func (*SecretMapping) IsSecretKeyUnsecured

func (c *SecretMapping) IsSecretKeyUnsecured(secretName string, keyName string) bool

func (*SecretMapping) SaveConfig

func (c *SecretMapping) SaveConfig(fileName string) error

SaveConfig saves the configuration file to the given project directory

func (*SecretMapping) Validate

func (c *SecretMapping) Validate() error

validate the secrete mapping fields

type SecretMappingList

type SecretMappingList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretMapping `json:"items"`
}

SecretMappingList contains a list of SecretMapping

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

type SecretMappingSpec

type SecretMappingSpec struct {
	// Secrets rules for each secret
	Secrets []SecretRule `json:"secrets,omitempty"`

	Defaults `json:"defaults,omitempty" validate:"nonzero"`
}

SecretMappingSpec defines the desired state of SecretMapping.

type SecretRule

type SecretRule struct {
	// Name name of the secret
	Name string `json:"name,omitempty"`
	// Namespace name of the secret
	Namespace string `json:"namespace,omitempty"`
	// BackendType for the secret
	BackendType BackendType `json:"backendType"`
	// Mappings one more mappings
	Mappings []Mapping `json:"mappings,omitempty"`
	// Unsecured represent a list of a secret's keys that will remain as plain secrets rather than undergoing conversion
	Unsecured []string `json:"unsecured,omitempty"`
	// RoleArn is used for some back ends like AWS and Alicloud
	RoleArn string `json:"roleArn,omitempty"`
	// Region is used for some back ends like AWS
	Region string `json:"region,omitempty"`
	// AzureKeyVaultConfig config
	AzureKeyVaultConfig *AzureKeyVaultConfig `json:"azureKeyVault,omitempty"`
	// GcpSecretsManager config
	GcpSecretsManager *GcpSecretsManager `json:"gcpSecretsManager,omitempty"`
}

SecretRule the rules for a specific Secret

func (*SecretRule) Find

func (r *SecretRule) Find(dataKey string) *Mapping

Find finds a mapping for the given data name

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL