Documentation ¶
Overview ¶
+k8s:deepcopy-gen=package +k8s:openapi-gen=true Package v1alpha1 is the v1alpha1 version of the API. +groupName=secret.jenkins-x.io
Index ¶
- Constants
- type AwsSecretsManager
- type AzureKeyVaultConfig
- type BackendType
- type Defaults
- type GcpSecretsManager
- type Mapping
- type SecretMapping
- func (c *SecretMapping) DestinationString(rule *SecretRule, mapping *Mapping) string
- func (c *SecretMapping) Find(secretName, dataKey string) *Mapping
- func (c *SecretMapping) FindRule(namespace, secretName string) *SecretRule
- func (c *SecretMapping) FindSecret(secretName string) *SecretRule
- func (c *SecretMapping) IsSecretKeyUnsecured(secretName, keyName string) bool
- func (c *SecretMapping) SaveConfig(fileName string) error
- func (c *SecretMapping) Validate() error
- type SecretMappingList
- type SecretMappingSpec
- type SecretRule
Constants ¶
const (
SecretMappingFileName = "secret-mappings.yaml"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsSecretsManager ¶ added in v0.1.23
type AwsSecretsManager struct { RoleArn string `json:"roleArn,omitempty"` Region string `json:"region,omitempty"` VersionStage string `json:"versionStage,omitempty"` }
AwsSecretsManager stores default config when using AWS Secret Manager for secret storage
type AzureKeyVaultConfig ¶
type AzureKeyVaultConfig struct {
KeyVaultName string `json:"keyVaultName,omitempty"`
}
AzureKeyVaultConfig stores default config when using Azure Key Vault for secret storage
type BackendType ¶
type BackendType string
BackendType describes a secrets backend
const ( // BackendTypeAlicloud Alicloud KMS Secret Manager as the Backed service BackendTypeAlicloud BackendType = "alicloudSecretsManager" // BackendTypeAWSSecretsManager AWS Secrets Manager as the Backed service BackendTypeAWSSecretsManager BackendType = "secretsManager" // BackendTypeAWSParameterStore AWS SSM Parameter Store as the Backed service BackendTypeAWSParameterStore BackendType = "systemManager" // BackendTypeAzure Azure Key Vault as the Backed service BackendTypeAzure BackendType = "azureKeyVault" // BackendTypeGSM Google Secrets Manager is the Backed service BackendTypeGSM BackendType = "gcpSecretsManager" // BackendTypeIBMSecretsManager IBM Secrets Manager is the Backed service BackendTypeIBMSecretsManager BackendType = "ibmcloudSecretsManager" // BackendTypeLocal local secrets - i.e. vanilla k8s Secrets BackendTypeLocal BackendType = "local" // BackendTypeVault Vault is the Backed service BackendTypeVault BackendType = "vault" // BackendTypeNone if none is configured BackendTypeNone BackendType = "" )
type Defaults ¶
type Defaults struct { // DefaultBackendType the default back end to use if there's no specific mapping BackendType BackendType `json:"backendType,omitempty" validate:"nonzero"` // RoleArn is used for some back ends like AWS and Alicloud RoleArn string `json:"roleArn,omitempty"` // Region is used for some back ends like AWS Region string `json:"region,omitempty"` // VersionStage the default version stage to use which is used on some back ends like AWS and Alicloud VersionStage string `json:"versionStage,omitempty"` // AzureKeyVault config AzureKeyVaultConfig *AzureKeyVaultConfig `json:"azureKeyVault,omitempty"` // GcpSecretsManager config GcpSecretsManager *GcpSecretsManager `json:"gcpSecretsManager,omitempty"` // AwsSecretsManager config AwsSecretsManager *AwsSecretsManager `json:"secretsManager,omitempty"` }
Defaults contains default mapping configuration for any Kubernetes secrets to External Secrets
type GcpSecretsManager ¶
type GcpSecretsManager struct { // Version of the referenced secret Version string `json:"version,omitempty"` // ProjectID for the secret, defaults to the current GCP project ProjectID string `json:"projectId,omitempty"` // UniquePrefix needs to be a unique prefix in the GCP project where the secret resides, defaults to cluster name UniquePrefix string `json:"uniquePrefix,omitempty"` }
GcpSecretsManager stores default config when using GSM for secret storage
type Mapping ¶
type Mapping struct { // Name the secret entry name which maps to the Key of the Secret.Data map Name string `json:"name,omitempty"` // Key the Vault key to load the secret value // +optional Key string `json:"key,omitempty"` // Property the Vault property on the key to load the secret value // +optional Property string `json:"property,omitempty"` // VersionStage the version of the secret value // +optional VersionStage string `json:"versionStage,omitempty"` // IsBinary to indicate a binary secret // +optional IsBinary bool `json:"isBinary,omitempty"` }
Mapping the predicates which must be true to invoke the associated tasks/pipelines
type SecretMapping ¶
type SecretMapping struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ObjectMeta `json:"metadata"` // Spec the definition of the secret mappings Spec SecretMappingSpec `json:"spec"` }
SecretMapping represents a collection of mappings of Secrets to destinations in the underlying secret store (e.g. Vault keys)
+k8s:openapi-gen=true
func (*SecretMapping) DestinationString ¶
func (c *SecretMapping) DestinationString(rule *SecretRule, mapping *Mapping) string
DestinationString returns a unique string for where the entry will be stored so that we can find secrets using the same storage location.
func (*SecretMapping) Find ¶
func (c *SecretMapping) Find(secretName, dataKey string) *Mapping
Find finds a secret rule for the given secret name
func (*SecretMapping) FindRule ¶
func (c *SecretMapping) FindRule(namespace, secretName string) *SecretRule
FindRule finds a secret rule for the given secret name
func (*SecretMapping) FindSecret ¶
func (c *SecretMapping) FindSecret(secretName string) *SecretRule
Find finds a secret rule for the given secret name
func (*SecretMapping) IsSecretKeyUnsecured ¶
func (c *SecretMapping) IsSecretKeyUnsecured(secretName, keyName string) bool
func (*SecretMapping) SaveConfig ¶
func (c *SecretMapping) SaveConfig(fileName string) error
SaveConfig saves the configuration file to the given project directory
func (*SecretMapping) Validate ¶
func (c *SecretMapping) Validate() error
validate the secrete mapping fields
type SecretMappingList ¶
type SecretMappingList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []SecretMapping `json:"items"` }
SecretMappingList contains a list of SecretMapping
+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type SecretMappingSpec ¶
type SecretMappingSpec struct { // Secrets rules for each secret Secrets []SecretRule `json:"secrets,omitempty"` Defaults `json:"defaults,omitempty" validate:"nonzero"` }
SecretMappingSpec defines the desired state of SecretMapping.
type SecretRule ¶
type SecretRule struct { // Name name of the secret Name string `json:"name,omitempty"` // Namespace name of the secret Namespace string `json:"namespace,omitempty"` // BackendType for the secret BackendType BackendType `json:"backendType"` // Mappings one more mappings Mappings []Mapping `json:"mappings,omitempty"` // Unsecured represent a list of a secret's keys that will remain as plain secrets rather than undergoing conversion Unsecured []string `json:"unsecured,omitempty"` // RoleArn is used for some back ends like AWS and Alicloud RoleArn string `json:"roleArn,omitempty"` // Region is used for some back ends like AWS Region string `json:"region,omitempty"` // AzureKeyVaultConfig config AzureKeyVaultConfig *AzureKeyVaultConfig `json:"azureKeyVault,omitempty"` // GcpSecretsManager config GcpSecretsManager *GcpSecretsManager `json:"gcpSecretsManager,omitempty"` // AwsSecretsManager config AwsSecretsManager *AwsSecretsManager `json:"secretsManager,omitempty"` }
SecretRule the rules for a specific Secret
func (*SecretRule) Find ¶
func (r *SecretRule) Find(dataKey string) *Mapping
Find finds a mapping for the given data name