v1alpha1

package
v0.0.195 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2020 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

+k8s:deepcopy-gen=package +k8s:openapi-gen=true Package v1alpha1 is the v1alpha1 version of the API. +groupName=secret.jenkins-x.io

Index

Constants

View Source 
const (
	SecretMappingFileName = "secret-mappings.yaml"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AzureKeyVaultConfig added in v0.0.185 

type AzureKeyVaultConfig struct {
	KeyVaultName string `json:"keyVaultName,omitempty"`
}

AzureKeyVaultConfig stores default config when using Azure Key Vault for secret storage

type BackendType 

type BackendType string

BackendType describes a secrets backend 

const (
	// BackendTypeVault Vault is the Backed service
	BackendTypeVault BackendType = "vault"
	// BackendTypeGSM Google Secrets Manager is the Backed service
	BackendTypeGSM BackendType = "gcpSecretsManager"
	// BackendTypeLocal local secrets - i.e. vanilla k8s Secrets
	BackendTypeLocal BackendType = "local"
	// BackendTypeAzure Azure Key Vault as the Backed service
	BackendTypeAzure BackendType = "azureKeyVault"
	// BackendTypeNone if none is configured
	BackendTypeNone BackendType = ""
)

type Defaults 

type Defaults struct {
	// DefaultBackendType the default back end to use if there's no specific mapping
	BackendType BackendType `json:"backendType,omitempty" validate:"nonzero"`

	// GcpSecretsManager config
	GcpSecretsManager *GcpSecretsManager `json:"gcpSecretsManager,omitempty"`

	// AzureKeyVault config
	AzureKeyVaultConfig *AzureKeyVaultConfig `json:"azureKeyVault,omitempty"`
}

Defaults contains default mapping configuration for any Kubernetes secrets to External Secrets

type GcpSecretsManager 

type GcpSecretsManager struct {
	// Version of the referenced secret
	Version string `json:"version,omitempty"`
	// ProjectID for the secret, defaults to the current GCP project
	ProjectID string `json:"projectId,omitempty"`
	// UniquePrefix needs to be a unique prefix in the GCP project where the secret resides, defaults to cluster name
	UniquePrefix string `json:"uniquePrefix,omitempty"`
}

GcpSecretsManager stores default config when using GSM for secret storage

type Mapping 

type Mapping struct {
	// Name the secret entry name which maps to the Key of the Secret.Data map
	Name string `json:"name,omitempty"`

	// Key the Vault key to load the secret value
	// +optional
	Key string `json:"key,omitempty"`

	// Property the Vault property on the key to load the secret value
	// +optional
	Property string `json:"property,omitempty"`
}

Mapping the predicates which must be true to invoke the associated tasks/pipelines

type SecretMapping 

type SecretMapping struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ObjectMeta `json:"metadata"`

	// Spec the definition of the secret mappings
	Spec SecretMappingSpec `json:"spec"`
}

SecretMapping represents a collection of mappings of Secrets to destinations in the underlying secret store (e.g. Vault keys)

+k8s:openapi-gen=true

func (*SecretMapping) DestinationString added in v0.0.73 

func (c *SecretMapping) DestinationString(rule *SecretRule, mapping *Mapping) string

DestinationString returns a unique string for where the entry will be stored so that we can find secrets using the same storage location.

func (*SecretMapping) Find 

func (c *SecretMapping) Find(secretName, dataKey string) *Mapping

Find finds a secret rule for the given secret name

func (*SecretMapping) FindRule 

func (c *SecretMapping) FindRule(namespace, secretName string) *SecretRule

FindRule finds a secret rule for the given secret name

func (*SecretMapping) FindSecret 

func (c *SecretMapping) FindSecret(secretName string) *SecretRule

Find finds a secret rule for the given secret name

func (*SecretMapping) SaveConfig 

func (c *SecretMapping) SaveConfig(fileName string) error

SaveConfig saves the configuration file to the given project directory

func (*SecretMapping) Validate 

func (c *SecretMapping) Validate() error

validate the secrete mapping fields

type SecretMappingList 

type SecretMappingList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretMapping `json:"items"`
}

SecretMappingList contains a list of SecretMapping

+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

type SecretMappingSpec 

type SecretMappingSpec struct {
	// Secrets rules for each secret
	Secrets []SecretRule `json:"secrets,omitempty"`

	Defaults `json:"defaults,omitempty" validate:"nonzero"`
}

SecretMappingSpec defines the desired state of SecretMapping.

type SecretRule 

type SecretRule struct {
	// Name name of the secret
	Name string `json:"name,omitempty"`
	// Namespace name of the secret
	Namespace string `json:"namespace,omitempty"`
	// BackendType for the secret
	BackendType BackendType `json:"backendType"`
	// Mappings one more mappings
	Mappings []Mapping `json:"mappings,omitempty"`
	// GcpSecretsManager config
	GcpSecretsManager *GcpSecretsManager `json:"gcpSecretsManager,omitempty"`
	// GcpSecretsManager config
	AzureKeyVaultConfig *AzureKeyVaultConfig `json:"azureKeyVault,omitempty"`
}

SecretRule the rules for a specific Secret

func (*SecretRule) Find 

func (r *SecretRule) Find(dataKey string) *Mapping

Find finds a mapping for the given data name

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.