v1alpha1

package
v0.8.29 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2024 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the redhatcop v1alpha1 API group +kubebuilder:object:generate=true +groupName=redhatcop.redhat.io

Index

Constants

View Source 
const (
	TeamRoleAdmin             TeamRole      = "admin"
	TeamRoleCreator           TeamRole      = "creator"
	TeamRoleMember            TeamRole      = "member"
	NamespaceTypeUser         NamespaceType = "user"
	NamespaceTypeOrganization NamespaceType = "organization"
	PermissionAdmin           Permission    = "admin"
	PermissionRead            Permission    = "read"
	PermissionWrite           Permission    = "write"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "redhatcop.redhat.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AuthEngineMount 

type AuthEngineMount struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AuthEngineMountSpec   `json:"spec,omitempty"`
	Status AuthEngineMountStatus `json:"status,omitempty"`
}

AuthEngineMount is the Schema for the authenginemounts API

func (*AuthEngineMount) DeepCopy 

func (in *AuthEngineMount) DeepCopy() *AuthEngineMount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthEngineMount.

func (*AuthEngineMount) DeepCopyInto 

func (in *AuthEngineMount) DeepCopyInto(out *AuthEngineMount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthEngineMount) DeepCopyObject 

func (in *AuthEngineMount) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthEngineMount) Default 

func (r *AuthEngineMount) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*AuthEngineMount) GetConditions 

func (m *AuthEngineMount) GetConditions() []metav1.Condition

func (*AuthEngineMount) GetEngineListPath 

func (d *AuthEngineMount) GetEngineListPath() string

func (*AuthEngineMount) GetEngineTunePath 

func (d *AuthEngineMount) GetEngineTunePath() string

func (*AuthEngineMount) GetKubeAuthConfiguration added in v0.6.3 

func (d *AuthEngineMount) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*AuthEngineMount) GetPath 

func (d *AuthEngineMount) GetPath() string

func (*AuthEngineMount) GetPayload 

func (d *AuthEngineMount) GetPayload() map[string]interface{}

func (*AuthEngineMount) GetTunePayload 

func (d *AuthEngineMount) GetTunePayload() map[string]interface{}

func (*AuthEngineMount) GetVaultConnection added in v0.8.9 

func (d *AuthEngineMount) GetVaultConnection() *vaultutils.VaultConnection

func (*AuthEngineMount) IsDeletable added in v0.8.29 

func (d *AuthEngineMount) IsDeletable() bool

func (*AuthEngineMount) IsEquivalentToDesiredState 

func (d *AuthEngineMount) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*AuthEngineMount) IsInitialized 

func (d *AuthEngineMount) IsInitialized() bool

func (*AuthEngineMount) IsValid 

func (d *AuthEngineMount) IsValid() (bool, error)

func (*AuthEngineMount) PrepareInternalValues 

func (d *AuthEngineMount) PrepareInternalValues(context context.Context, object client.Object) error

func (*AuthEngineMount) PrepareTLSConfig added in v0.8.24 

func (d *AuthEngineMount) PrepareTLSConfig(context context.Context, object client.Object) error

func (*AuthEngineMount) SetAccessor 

func (d *AuthEngineMount) SetAccessor(accessor string)

func (*AuthEngineMount) SetConditions 

func (m *AuthEngineMount) SetConditions(conditions []metav1.Condition)

func (*AuthEngineMount) SetupWebhookWithManager 

func (r *AuthEngineMount) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*AuthEngineMount) ValidateCreate 

func (r *AuthEngineMount) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*AuthEngineMount) ValidateDelete 

func (r *AuthEngineMount) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*AuthEngineMount) ValidateUpdate 

func (r *AuthEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type AuthEngineMountList 

type AuthEngineMountList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthEngineMount `json:"items"`
}

AuthEngineMountList contains a list of AuthEngineMount

func (*AuthEngineMountList) DeepCopy 

func (in *AuthEngineMountList) DeepCopy() *AuthEngineMountList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthEngineMountList.

func (*AuthEngineMountList) DeepCopyInto 

func (in *AuthEngineMountList) DeepCopyInto(out *AuthEngineMountList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthEngineMountList) DeepCopyObject 

func (in *AuthEngineMountList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthEngineMountSpec 

type AuthEngineMountSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	AuthMount `json:",inline"`

	// Path at which this auth engine will be mounted
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path /sys/auth/{[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

AuthEngineMountSpec defines the desired state of AuthEngineMount

func (*AuthEngineMountSpec) DeepCopy 

func (in *AuthEngineMountSpec) DeepCopy() *AuthEngineMountSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthEngineMountSpec.

func (*AuthEngineMountSpec) DeepCopyInto 

func (in *AuthEngineMountSpec) DeepCopyInto(out *AuthEngineMountSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthEngineMountStatus 

type AuthEngineMountStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	// +kubebuilder:validation:Optional
	Accessor string `json:"accessor,omitempty"`
}

AuthEngineMountStatus defines the observed state of AuthEngineMount

func (*AuthEngineMountStatus) DeepCopy 

func (in *AuthEngineMountStatus) DeepCopy() *AuthEngineMountStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthEngineMountStatus.

func (*AuthEngineMountStatus) DeepCopyInto 

func (in *AuthEngineMountStatus) DeepCopyInto(out *AuthEngineMountStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthMount 

type AuthMount struct {

	// Description Specifies a human-friendly description of the auth method.
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`

	// Type Specifies the name of the authentication method type, such as "github" or "token".
	// +kubebuilder:validation:Required
	Type string `json:"type,omitempty"`

	// Config Specifies configuration options for this auth method.
	// +kubebuilder:validation:Optional
	Config AuthMountConfig `json:"config,omitempty"`

	// Local Specifies if the auth method is local only. Local auth methods are not replicated nor (if a secondary) removed by replication. Logins via local auth methods do not make use of identity, i.e. no entity or groups will be attached to the token.
	// +kubebuilder:validation:Optional
	Local bool `json:"local,omitempty"`

	// SealWrap Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability.
	// +kubebuilder:validation:Optional
	SealWrap bool `json:"sealwrap,omitempty"`
}

func (*AuthMount) DeepCopy 

func (in *AuthMount) DeepCopy() *AuthMount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthMount.

func (*AuthMount) DeepCopyInto 

func (in *AuthMount) DeepCopyInto(out *AuthMount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthMountConfig 

type AuthMountConfig struct {
	// DefaultLeaseTTL  The default lease duration, specified as a string duration like "5s" or "30m".
	// +kubebuilder:validation:Optional
	DefaultLeaseTTL string `json:"defaultLeaseTTL"`

	// MaxLeaseTTL The maximum lease duration, specified as a string duration like "5s" or "30m".
	// +kubebuilder:validation:Optional
	MaxLeaseTTL string `json:"maxLeaseTTL"`

	// AuditNonHMACRequestKeys list of keys that will not be HMAC'd by audit devices in the request data object.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems:=true
	AuditNonHMACRequestKeys []string `json:"auditNonHMACRequestKeys,omitempty"`

	// AuditNonHMACResponseKeys list of keys that will not be HMAC'd by audit devices in the response data object.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AuditNonHMACResponseKeys []string `json:"auditNonHMACResponseKeys,omitempty"`

	// ListingVisibility Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden". If not set, behaves like "hidden"
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"unauth","hidden"}
	// +kubebuilder:default:="hidden"
	ListingVisibility string `json:"listingVisibility,omitempty"`

	// PassthroughRequestHeaders list of headers to whitelist and pass from the request to the plugin.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems:=true
	PassthroughRequestHeaders []string `json:"passthroughRequestHeaders,omitempty"`

	// AllowedResponseHeaders list of headers to whitelist, allowing a plugin to include them in the response.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedResponseHeaders []string `json:"allowedResponseHeaders,omitempty"`

	// Options undocumented
	// +kubebuilder:validation:Optional
	// +mapType=granular
	Options map[string]string `json:"options,omitempty"`

	// TokenType undocumented
	// +kubebuilder:validation:Optional
	TokenType string `json:"tokenType,omitempty"`

	// Description another description...
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty"`
}

func (*AuthMountConfig) DeepCopy 

func (in *AuthMountConfig) DeepCopy() *AuthMountConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthMountConfig.

func (*AuthMountConfig) DeepCopyInto 

func (in *AuthMountConfig) DeepCopyInto(out *AuthMountConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureAuthEngineConfig added in v0.8.28 

type AzureAuthEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AzureAuthEngineConfigSpec   `json:"spec,omitempty"`
	Status AzureAuthEngineConfigStatus `json:"status,omitempty"`
}

AzureAuthEngineConfig is the Schema for the azureauthengineconfigs API

func (*AzureAuthEngineConfig) DeepCopy added in v0.8.28 

func (in *AzureAuthEngineConfig) DeepCopy() *AzureAuthEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuthEngineConfig.

func (*AzureAuthEngineConfig) DeepCopyInto added in v0.8.28 

func (in *AzureAuthEngineConfig) DeepCopyInto(out *AzureAuthEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureAuthEngineConfig) DeepCopyObject added in v0.8.28 

func (in *AzureAuthEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AzureAuthEngineConfig) Default added in v0.8.28 

func (r *AzureAuthEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*AzureAuthEngineConfig) GetConditions added in v0.8.28 

func (r *AzureAuthEngineConfig) GetConditions() []metav1.Condition

func (*AzureAuthEngineConfig) GetKubeAuthConfiguration added in v0.8.28 

func (r *AzureAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*AzureAuthEngineConfig) GetPath added in v0.8.28 

func (r *AzureAuthEngineConfig) GetPath() string

func (*AzureAuthEngineConfig) GetPayload added in v0.8.28 

func (r *AzureAuthEngineConfig) GetPayload() map[string]interface{}

func (*AzureAuthEngineConfig) GetVaultConnection added in v0.8.28 

func (d *AzureAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*AzureAuthEngineConfig) IsDeletable added in v0.8.29 

func (d *AzureAuthEngineConfig) IsDeletable() bool

func (*AzureAuthEngineConfig) IsEquivalentToDesiredState added in v0.8.28 

func (r *AzureAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*AzureAuthEngineConfig) IsInitialized added in v0.8.28 

func (r *AzureAuthEngineConfig) IsInitialized() bool

func (*AzureAuthEngineConfig) IsValid added in v0.8.28 

func (r *AzureAuthEngineConfig) IsValid() (bool, error)

func (*AzureAuthEngineConfig) PrepareInternalValues added in v0.8.28 

func (r *AzureAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*AzureAuthEngineConfig) PrepareTLSConfig added in v0.8.28 

func (r *AzureAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*AzureAuthEngineConfig) SetClientIDAndClientSecret added in v0.8.28 

func (r *AzureAuthEngineConfig) SetClientIDAndClientSecret(ClientID string, ClientSecret string)

func (*AzureAuthEngineConfig) SetConditions added in v0.8.28 

func (r *AzureAuthEngineConfig) SetConditions(conditions []metav1.Condition)

func (*AzureAuthEngineConfig) SetupWebhookWithManager added in v0.8.28 

func (r *AzureAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*AzureAuthEngineConfig) ValidateCreate added in v0.8.28 

func (r *AzureAuthEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*AzureAuthEngineConfig) ValidateDelete added in v0.8.28 

func (r *AzureAuthEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*AzureAuthEngineConfig) ValidateUpdate added in v0.8.28 

func (r *AzureAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type AzureAuthEngineConfigList added in v0.8.28 

type AzureAuthEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AzureAuthEngineConfig `json:"items"`
}

AzureAuthEngineConfigList contains a list of AzureAuthEngineConfig

func (*AzureAuthEngineConfigList) DeepCopy added in v0.8.28 

func (in *AzureAuthEngineConfigList) DeepCopy() *AzureAuthEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuthEngineConfigList.

func (*AzureAuthEngineConfigList) DeepCopyInto added in v0.8.28 

func (in *AzureAuthEngineConfigList) DeepCopyInto(out *AzureAuthEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureAuthEngineConfigList) DeepCopyObject added in v0.8.28 

func (in *AzureAuthEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AzureAuthEngineConfigSpec added in v0.8.28 

type AzureAuthEngineConfigSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// +kubebuilder:validation:Required
	AzureConfig `json:",inline"`

	// AzureCredentials consists in ClientID and ClientSecret, which can be created as Kubernetes Secret, VaultSecret or RandomSecret
	// +kubebuilder:validation:Optional
	AzureCredentials vaultutils.RootCredentialConfig `json:"azureCredentials,omitempty"`
}

AzureAuthEngineConfigSpec defines the desired state of AzureAuthEngineConfig

func (*AzureAuthEngineConfigSpec) DeepCopy added in v0.8.28 

func (in *AzureAuthEngineConfigSpec) DeepCopy() *AzureAuthEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuthEngineConfigSpec.

func (*AzureAuthEngineConfigSpec) DeepCopyInto added in v0.8.28 

func (in *AzureAuthEngineConfigSpec) DeepCopyInto(out *AzureAuthEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureAuthEngineConfigStatus added in v0.8.28 

type AzureAuthEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

AzureAuthEngineConfigStatus defines the observed state of AzureAuthEngineConfig

func (*AzureAuthEngineConfigStatus) DeepCopy added in v0.8.28 

func (in *AzureAuthEngineConfigStatus) DeepCopy() *AzureAuthEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuthEngineConfigStatus.

func (*AzureAuthEngineConfigStatus) DeepCopyInto added in v0.8.28 

func (in *AzureAuthEngineConfigStatus) DeepCopyInto(out *AzureAuthEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureAuthEngineRole added in v0.8.28 

type AzureAuthEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AzureAuthEngineRoleSpec   `json:"spec,omitempty"`
	Status AzureAuthEngineRoleStatus `json:"status,omitempty"`
}

AzureAuthEngineRole is the Schema for the azureauthengineroles API

func (*AzureAuthEngineRole) DeepCopy added in v0.8.28 

func (in *AzureAuthEngineRole) DeepCopy() *AzureAuthEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuthEngineRole.

func (*AzureAuthEngineRole) DeepCopyInto added in v0.8.28 

func (in *AzureAuthEngineRole) DeepCopyInto(out *AzureAuthEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureAuthEngineRole) DeepCopyObject added in v0.8.28 

func (in *AzureAuthEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AzureAuthEngineRole) Default added in v0.8.28 

func (r *AzureAuthEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*AzureAuthEngineRole) GetConditions added in v0.8.28 

func (r *AzureAuthEngineRole) GetConditions() []metav1.Condition

func (*AzureAuthEngineRole) GetKubeAuthConfiguration added in v0.8.28 

func (r *AzureAuthEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*AzureAuthEngineRole) GetPath added in v0.8.28 

func (r *AzureAuthEngineRole) GetPath() string

func (*AzureAuthEngineRole) GetPayload added in v0.8.28 

func (r *AzureAuthEngineRole) GetPayload() map[string]interface{}

func (*AzureAuthEngineRole) GetVaultConnection added in v0.8.28 

func (d *AzureAuthEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*AzureAuthEngineRole) IsDeletable added in v0.8.29 

func (d *AzureAuthEngineRole) IsDeletable() bool

func (*AzureAuthEngineRole) IsEquivalentToDesiredState added in v0.8.28 

func (r *AzureAuthEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*AzureAuthEngineRole) IsInitialized added in v0.8.28 

func (r *AzureAuthEngineRole) IsInitialized() bool

func (*AzureAuthEngineRole) IsValid added in v0.8.28 

func (r *AzureAuthEngineRole) IsValid() (bool, error)

func (*AzureAuthEngineRole) PrepareInternalValues added in v0.8.28 

func (d *AzureAuthEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*AzureAuthEngineRole) PrepareTLSConfig added in v0.8.28 

func (d *AzureAuthEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*AzureAuthEngineRole) SetConditions added in v0.8.28 

func (r *AzureAuthEngineRole) SetConditions(conditions []metav1.Condition)

func (*AzureAuthEngineRole) SetupWebhookWithManager added in v0.8.28 

func (r *AzureAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*AzureAuthEngineRole) ValidateCreate added in v0.8.28 

func (r *AzureAuthEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*AzureAuthEngineRole) ValidateDelete added in v0.8.28 

func (r *AzureAuthEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*AzureAuthEngineRole) ValidateUpdate added in v0.8.28 

func (r *AzureAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type AzureAuthEngineRoleList added in v0.8.28 

type AzureAuthEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AzureAuthEngineRole `json:"items"`
}

AzureAuthEngineRoleList contains a list of AzureAuthEngineRole

func (*AzureAuthEngineRoleList) DeepCopy added in v0.8.28 

func (in *AzureAuthEngineRoleList) DeepCopy() *AzureAuthEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuthEngineRoleList.

func (*AzureAuthEngineRoleList) DeepCopyInto added in v0.8.28 

func (in *AzureAuthEngineRoleList) DeepCopyInto(out *AzureAuthEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureAuthEngineRoleList) DeepCopyObject added in v0.8.28 

func (in *AzureAuthEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AzureAuthEngineRoleSpec added in v0.8.28 

type AzureAuthEngineRoleSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuraiton to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/groups/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	AzureRole `json:",inline"`
}

AzureAuthEngineRoleSpec defines the desired state of AzureAuthEngineRole

func (*AzureAuthEngineRoleSpec) DeepCopy added in v0.8.28 

func (in *AzureAuthEngineRoleSpec) DeepCopy() *AzureAuthEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuthEngineRoleSpec.

func (*AzureAuthEngineRoleSpec) DeepCopyInto added in v0.8.28 

func (in *AzureAuthEngineRoleSpec) DeepCopyInto(out *AzureAuthEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureAuthEngineRoleStatus added in v0.8.28 

type AzureAuthEngineRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

AzureAuthEngineRoleStatus defines the observed state of AzureAuthEngineRole

func (*AzureAuthEngineRoleStatus) DeepCopy added in v0.8.28 

func (in *AzureAuthEngineRoleStatus) DeepCopy() *AzureAuthEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureAuthEngineRoleStatus.

func (*AzureAuthEngineRoleStatus) DeepCopyInto added in v0.8.28 

func (in *AzureAuthEngineRoleStatus) DeepCopyInto(out *AzureAuthEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureConfig added in v0.8.28 

type AzureConfig struct {
	//The tenant id for the Azure Active Directory organization. This value can also be provided with the AZURE_TENANT_ID environment variable.
	// +kubebuilder:validation:Required
	TenantID string `json:"tenantID"`

	//The resource URL for the application registered in Azure Active Directory.
	//The value is expected to match the audience (aud claim) of the JWT provided to the login API.
	//See the resource parameter for how the audience is set when requesting a JWT access token from the Azure Instance Metadata Service (IMDS) endpoint.
	//This value can also be provided with the AZURE_AD_RESOURCE environment variable.
	// +kubebuilder:validation:Required
	Resource string `json:"resource"`

	//The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.
	//This value can also be provided with the AZURE_ENVIRONMENT environment variable
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="AzurePublicCloud"
	Environment string `json:"environment,omitempty"`

	//The client id for credentials to query the Azure APIs.
	//Currently read permissions to query compute resources are required.
	//This value can also be provided with the AZURE_CLIENT_ID environment variable.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	ClientID string `json:"clientID,omitempty"`

	//The maximum number of attempts a failed operation will be retried before producing an error.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=3
	MaxRetries int64 `json:"maxRetries"`

	//The maximum delay, in seconds, allowed before retrying an operation
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=60
	MaxRetryDelay int64 `json:"maxRetryDelay"`

	//The initial amount of delay, in seconds, to use before retrying an operation.
	//Increases exponentially
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=4
	RetryDelay int64 `json:"retryDelay"`
	// contains filtered or unexported fields
}

func (*AzureConfig) DeepCopy added in v0.8.28 

func (in *AzureConfig) DeepCopy() *AzureConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureConfig.

func (*AzureConfig) DeepCopyInto added in v0.8.28 

func (in *AzureConfig) DeepCopyInto(out *AzureConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureRole added in v0.8.28 

type AzureRole struct {

	// Name of the role.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// The list of Service Principal IDs that login is restricted to.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundServicePrincipalIDs []string `json:"boundServicePrincipalIDs,omitempty"`

	// The list of group ids that login is restricted to.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundGroupIDs []string `json:"boundGroupIDs,omitempty"`

	// The list of locations that login is restricted to.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundLocations []string `json:"boundLocations,omitempty"`

	// The list of subscription IDs that login is restricted to.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundSubscriptionIDs []string `json:"boundSubscriptionIDs,omitempty"`

	// The list of resource groups that login is restricted to.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundResourceGroups []string `json:"boundResourceGroups,omitempty"`

	// The list of scale set names that the login is restricted to.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundScaleSets []string `json:"boundScaleSets,omitempty"`

	// The incremental lifetime for generated tokens.
	//This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenTTL string `json:"tokenTTL,omitempty"`

	// The maximum lifetime for generated tokens.
	// This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenMaxTTL string `json:"tokenMaxTTL,omitempty"`

	// List of token policies to encode onto generated tokens.
	// Depending on the auth method, this list may be supplemented by user/group/other values.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenPolicies []string `json:"tokenPolicies,omitempty"`

	// DEPRECATED: Please use the token_policies parameter instead.
	// List of token policies to encode onto generated tokens.
	// Depending on the auth method, this list may be supplemented by user/group/other values.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	Policies []string `json:"policies,omitempty"`

	// List of CIDR blocks.
	// If set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenBoundCIDRs []string `json:"tokenBoundCIDRs,omitempty"`

	// If set, will encode an explicit max TTL onto the token.
	// This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenExplicitMaxTTL string `json:"tokenExplicitMaxTTL,omitempty"`

	// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy"`

	// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	// If you require the token to have the ability to create child tokens, you will need to set this value to 0.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenNumUses int64 `json:"tokenNumUses"`

	// The maximum allowed period value when a periodic token is requested from this role.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenPeriod int64 `json:"tokenPeriod"`

	// The type of token that should be generated.
	// Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens).
	// For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	// For machine based authentication cases, you should use batch type tokens.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenType string `json:"tokenType,omitempty"`
}

func (*AzureRole) DeepCopy added in v0.8.28 

func (in *AzureRole) DeepCopy() *AzureRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureRole.

func (*AzureRole) DeepCopyInto added in v0.8.28 

func (in *AzureRole) DeepCopyInto(out *AzureRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureSEConfig added in v0.8.29 

type AzureSEConfig struct {

	// The subscription id for the Azure Active Directory. This value can also be provided with the AZURE_SUBSCRIPTION_ID environment variable.
	// +kubebuilder:validation:Required
	SubscriptionID string `json:"subscriptionID"`

	// The tenant id for the Azure Active Directory organization. This value can also be provided with the AZURE_TENANT_ID environment variable.
	// +kubebuilder:validation:Required
	TenantID string `json:"tenantID"`

	// The client id for credentials to query the Azure APIs.
	// Currently read permissions to query compute resources are required.
	// This value can also be provided with the AZURE_CLIENT_ID environment variable.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	ClientID string `json:"clientID,omitempty"`

	// The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.
	// This value can also be provided with the AZURE_ENVIRONMENT environment variable
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="AzurePublicCloud"
	Environment string `json:"environment,omitempty"`

	// Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	PasswordPolicy string `json:"passwordPolicy,omitempty"`

	// Specifies how long the root password is valid for in Azure when rotate-root generates a new client secret. Uses duration format strings.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="182d"
	RootPasswordTTL string `json:"rootPasswordTTL,omitempty"`
	// contains filtered or unexported fields
}

func (*AzureSEConfig) DeepCopy added in v0.8.29 

func (in *AzureSEConfig) DeepCopy() *AzureSEConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureSEConfig.

func (*AzureSEConfig) DeepCopyInto added in v0.8.29 

func (in *AzureSEConfig) DeepCopyInto(out *AzureSEConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureSecretEngineConfig added in v0.8.29 

type AzureSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AzureSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status AzureSecretEngineConfigStatus `json:"status,omitempty"`
}

AzureSecretEngineConfig is the Schema for the azuresecretengineconfigs API

func (*AzureSecretEngineConfig) DeepCopy added in v0.8.29 

func (in *AzureSecretEngineConfig) DeepCopy() *AzureSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureSecretEngineConfig.

func (*AzureSecretEngineConfig) DeepCopyInto added in v0.8.29 

func (in *AzureSecretEngineConfig) DeepCopyInto(out *AzureSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureSecretEngineConfig) DeepCopyObject added in v0.8.29 

func (in *AzureSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AzureSecretEngineConfig) Default added in v0.8.29 

func (r *AzureSecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*AzureSecretEngineConfig) GetConditions added in v0.8.29 

func (r *AzureSecretEngineConfig) GetConditions() []metav1.Condition

func (*AzureSecretEngineConfig) GetKubeAuthConfiguration added in v0.8.29 

func (r *AzureSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*AzureSecretEngineConfig) GetPath added in v0.8.29 

func (d *AzureSecretEngineConfig) GetPath() string

func (*AzureSecretEngineConfig) GetPayload added in v0.8.29 

func (d *AzureSecretEngineConfig) GetPayload() map[string]interface{}

func (*AzureSecretEngineConfig) GetVaultConnection added in v0.8.29 

func (d *AzureSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*AzureSecretEngineConfig) IsDeletable added in v0.8.29 

func (d *AzureSecretEngineConfig) IsDeletable() bool

func (*AzureSecretEngineConfig) IsEquivalentToDesiredState added in v0.8.29 

func (r *AzureSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*AzureSecretEngineConfig) IsInitialized added in v0.8.29 

func (r *AzureSecretEngineConfig) IsInitialized() bool

func (*AzureSecretEngineConfig) IsValid added in v0.8.29 

func (r *AzureSecretEngineConfig) IsValid() (bool, error)

func (*AzureSecretEngineConfig) PrepareInternalValues added in v0.8.29 

func (r *AzureSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*AzureSecretEngineConfig) PrepareTLSConfig added in v0.8.29 

func (d *AzureSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*AzureSecretEngineConfig) SetClientIDAndClientSecret added in v0.8.29 

func (r *AzureSecretEngineConfig) SetClientIDAndClientSecret(ClientID string, ClientSecret string)

func (*AzureSecretEngineConfig) SetConditions added in v0.8.29 

func (r *AzureSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*AzureSecretEngineConfig) SetupWebhookWithManager added in v0.8.29 

func (r *AzureSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*AzureSecretEngineConfig) ValidateCreate added in v0.8.29 

func (r *AzureSecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*AzureSecretEngineConfig) ValidateDelete added in v0.8.29 

func (r *AzureSecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*AzureSecretEngineConfig) ValidateUpdate added in v0.8.29 

func (r *AzureSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type AzureSecretEngineConfigList added in v0.8.29 

type AzureSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AzureSecretEngineConfig `json:"items"`
}

AzureSecretEngineConfigList contains a list of AzureSecretEngineConfig

func (*AzureSecretEngineConfigList) DeepCopy added in v0.8.29 

func (in *AzureSecretEngineConfigList) DeepCopy() *AzureSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureSecretEngineConfigList.

func (*AzureSecretEngineConfigList) DeepCopyInto added in v0.8.29 

func (in *AzureSecretEngineConfigList) DeepCopyInto(out *AzureSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureSecretEngineConfigList) DeepCopyObject added in v0.8.29 

func (in *AzureSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AzureSecretEngineConfigSpec added in v0.8.29 

type AzureSecretEngineConfigSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// AzureCredentials consists in ClientID and ClientSecret, which can be created as Kubernetes Secret, VaultSecret or RandomSecret
	// +kubebuilder:validation:Optional
	AzureCredentials vaultutils.RootCredentialConfig `json:"azureCredentials,omitempty"`

	// +kubebuilder:validation:Required
	AzureSEConfig `json:",inline"`
}

AzureSecretEngineConfigSpec defines the desired state of AzureSecretEngineConfig

func (*AzureSecretEngineConfigSpec) DeepCopy added in v0.8.29 

func (in *AzureSecretEngineConfigSpec) DeepCopy() *AzureSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureSecretEngineConfigSpec.

func (*AzureSecretEngineConfigSpec) DeepCopyInto added in v0.8.29 

func (in *AzureSecretEngineConfigSpec) DeepCopyInto(out *AzureSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AzureSecretEngineConfigStatus added in v0.8.29 

type AzureSecretEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

AzureSecretEngineConfigStatus defines the observed state of AzureSecretEngineConfig

func (*AzureSecretEngineConfigStatus) DeepCopy added in v0.8.29 

func (in *AzureSecretEngineConfigStatus) DeepCopy() *AzureSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureSecretEngineConfigStatus.

func (*AzureSecretEngineConfigStatus) DeepCopyInto added in v0.8.29 

func (in *AzureSecretEngineConfigStatus) DeepCopyInto(out *AzureSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DBSEConfig 

type DBSEConfig struct {

	// PluginName Specifies the name of the plugin to use for this connection.
	// +kubebuilder:validation:Required
	PluginName string `json:"pluginName,omitempty"`

	// PluginVersion Specifies the semantic version of the plugin to use for this connection.
	// +kubebuilder:validation:Optional
	PluginVersion string `json:"pluginVersion,omitempty"`

	// VerifyConnection Specifies if the connection is verified during initial configuration. Defaults to true.
	// +kubebuilder:validation:Optional
	VerifyConnection bool `json:"verifyConnection,omitempty"`

	// AllowedRoles List of the roles allowed to use this connection. Defaults to empty (no roles), if contains a "*" any role can use this connection.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={"*"}
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedRoles []string `json:"allowedRoles,omitempty"`

	// RootRotationStatements Specifies the database statements to be executed to rotate the root user's credentials. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RootRotationStatements []string `json:"rootRotationStatements,omitempty"`

	// PasswordPolicy The name of the password policy to use when generating passwords for this database. If not specified, this will use a default policy defined as: 20 characters with at least 1 uppercase, 1 lowercase, 1 number, and 1 dash character.
	// +kubebuilder:validation:Optional
	PasswordPolicy string `json:"passwordPolicy,omitempty"`

	// ConnectionURL Specifies the connection string used to connect to the database. Some plugins use url rather than connection_url. This allows for simple templating of the username and password of the root user. Typically, this is done by including a "{{"username"}}", "{{"name"}}", and/or "{{"password"}}" field within the string. These fields are typically be replaced with the values in the username and password fields.
	// +kubebuilder:validation:Required
	ConnectionURL string `json:"connectionURL,omitempty"`

	// Username Specifies the name of the user to use as the "root" user when connecting to the database. This "root" user is used to create/update/delete users managed by these plugins, so you will need to ensure that this user has permissions to manipulate users appropriate to the database. This is typically used in the connection_url field via the templating directive "{{"username"}}" or "{{"name"}}"
	// If username is provided it takes precedence over the username retrieved from the referenced secrets
	// +kubebuilder:validation:Optional
	Username string `json:"username,omitempty"`

	// DisableEscaping Determines whether special characters in the username and password fields will be escaped. Useful for alternate connection string formats like ADO. More information regarding this parameter can be found on the databases secrets engine docs. Defaults to false
	// +kubebuilder:validation:Optional
	DisableEscaping bool `json:"disableEscaping,omitempty"`

	// DatabaseSpecificConfig this are the configuration specific to each database type
	// +kubebuilder:validation:Optional
	// +mapType=granular
	DatabaseSpecificConfig map[string]string `json:"databaseSpecificConfig,omitempty"`

	// +kubebuilder:validation:Optional
	RootPasswordRotation *RootPasswordRotation `json:"rootPasswordRotation,omitempty"`
	// contains filtered or unexported fields
}

func (*DBSEConfig) DeepCopy 

func (in *DBSEConfig) DeepCopy() *DBSEConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DBSEConfig.

func (*DBSEConfig) DeepCopyInto 

func (in *DBSEConfig) DeepCopyInto(out *DBSEConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DBSERole 

type DBSERole struct {
	// DBName The name of the database connection to use for this role.
	// +kubebuilder:validation:Required
	DBName string `json:"dBName,omitempty"`

	// DeafulTTL Specifies the TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/engine default TTL time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	DefaultTTL metav1.Duration `json:"defaultTTL,omitempty"`

	// MaxTTL Specifies the maximum TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also The TTL General Case.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	MaxTTL metav1.Duration `json:"maxTTL,omitempty"`

	// CreationStatements Specifies the database statements executed to create and configure a user. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	CreationStatements []string `json:"creationStatements,omitempty"`

	// RevocationStatements Specifies the database statements to be executed to revoke a user. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RevocationStatements []string `json:"revocationStatements,omitempty"`

	// RollbackStatements Specifies the database statements to be executed to rollback a create operation in the event of an error. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RollbackStatements []string `json:"rollbackStatements,omitempty"`

	// RenewStatements Specifies the database statements to be executed to renew a user. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RenewStatements []string `json:"renewStatements,omitempty"`
}

func (*DBSERole) DeepCopy 

func (in *DBSERole) DeepCopy() *DBSERole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DBSERole.

func (*DBSERole) DeepCopyInto 

func (in *DBSERole) DeepCopyInto(out *DBSERole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DBSEStaticRole added in v0.8.3 

type DBSEStaticRole struct {
	// DBName The name of the database connection to use for this role.
	// +kubebuilder:validation:Required
	DBName string `json:"dBName,omitempty"`

	// Username Specifies the database username that this Vault role corresponds to.
	// +kubebuilder:validation:Required
	Username string `json:"username,omitempty"`

	// RotationPeriod Specifies the amount of time Vault should wait before rotating the password. The minimum is 5 seconds.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Minimum=5
	RotationPeriod int `json:"rotationPeriod,omitempty"`

	// RotationStatements Specifies the database statements to be executed to rotate the password for the configured database user. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RotationStatements []string `json:"rotationStatements,omitempty"`

	// CredentialType Specifies the type of credential that will be generated for the role. Options include: password, rsa_private_key. See the plugin's API page for credential types supported by individual databases.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum={"password","rsa_private_key"}
	CredentialType string `json:"credentialType,omitempty"`

	// PasswordCredentialConfig specifies the configuraiton when the password credential type is chosen.
	// +kubebuilder:validation:Optional
	PasswordCredentialConfig *PasswordCredentialConfig `json:"passwordCredentialConfig,omitempty"`

	RSAPrivateKeyCredentialConfig *RSAPrivateKeyCredentialConfig `json:"rsaPrivateKeyCredentialConfig,omitempty"`
}

func (*DBSEStaticRole) DeepCopy added in v0.8.4 

func (in *DBSEStaticRole) DeepCopy() *DBSEStaticRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DBSEStaticRole.

func (*DBSEStaticRole) DeepCopyInto added in v0.8.4 

func (in *DBSEStaticRole) DeepCopyInto(out *DBSEStaticRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineConfig 

type DatabaseSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DatabaseSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status DatabaseSecretEngineConfigStatus `json:"status,omitempty"`
}

DatabaseSecretEngineConfig is the Schema for the databasesecretengineconfigs API

func (*DatabaseSecretEngineConfig) DeepCopy 

func (in *DatabaseSecretEngineConfig) DeepCopy() *DatabaseSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineConfig.

func (*DatabaseSecretEngineConfig) DeepCopyInto 

func (in *DatabaseSecretEngineConfig) DeepCopyInto(out *DatabaseSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineConfig) DeepCopyObject 

func (in *DatabaseSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DatabaseSecretEngineConfig) Default 

func (r *DatabaseSecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*DatabaseSecretEngineConfig) GetConditions 

func (m *DatabaseSecretEngineConfig) GetConditions() []metav1.Condition

func (*DatabaseSecretEngineConfig) GetKubeAuthConfiguration added in v0.6.3 

func (d *DatabaseSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*DatabaseSecretEngineConfig) GetPath 

func (d *DatabaseSecretEngineConfig) GetPath() string

func (*DatabaseSecretEngineConfig) GetPayload 

func (d *DatabaseSecretEngineConfig) GetPayload() map[string]interface{}

func (*DatabaseSecretEngineConfig) GetRootPasswordRotationPath added in v0.8.4 

func (d *DatabaseSecretEngineConfig) GetRootPasswordRotationPath() string

func (*DatabaseSecretEngineConfig) GetVaultConnection added in v0.8.9 

func (d *DatabaseSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*DatabaseSecretEngineConfig) IsDeletable added in v0.8.29 

func (d *DatabaseSecretEngineConfig) IsDeletable() bool

func (*DatabaseSecretEngineConfig) IsEquivalentToDesiredState 

func (d *DatabaseSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*DatabaseSecretEngineConfig) IsInitialized 

func (d *DatabaseSecretEngineConfig) IsInitialized() bool

func (*DatabaseSecretEngineConfig) IsValid 

func (r *DatabaseSecretEngineConfig) IsValid() (bool, error)

func (*DatabaseSecretEngineConfig) PrepareInternalValues 

func (d *DatabaseSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*DatabaseSecretEngineConfig) PrepareTLSConfig added in v0.8.24 

func (d *DatabaseSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*DatabaseSecretEngineConfig) RotateRootPassword added in v0.8.4 

func (d *DatabaseSecretEngineConfig) RotateRootPassword(ctx context.Context) error

func (*DatabaseSecretEngineConfig) SetConditions 

func (m *DatabaseSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*DatabaseSecretEngineConfig) SetUsernameAndPassword 

func (m *DatabaseSecretEngineConfig) SetUsernameAndPassword(username string, password string)

func (*DatabaseSecretEngineConfig) SetupWebhookWithManager 

func (r *DatabaseSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*DatabaseSecretEngineConfig) ValidateCreate 

func (r *DatabaseSecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineConfig) ValidateDelete 

func (r *DatabaseSecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineConfig) ValidateUpdate 

func (r *DatabaseSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type DatabaseSecretEngineConfigList 

type DatabaseSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DatabaseSecretEngineConfig `json:"items"`
}

DatabaseSecretEngineConfigList contains a list of DatabaseSecretEngineConfig

func (*DatabaseSecretEngineConfigList) DeepCopy 

func (in *DatabaseSecretEngineConfigList) DeepCopy() *DatabaseSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineConfigList.

func (*DatabaseSecretEngineConfigList) DeepCopyInto 

func (in *DatabaseSecretEngineConfigList) DeepCopyInto(out *DatabaseSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineConfigList) DeepCopyObject 

func (in *DatabaseSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DatabaseSecretEngineConfigSpec 

type DatabaseSecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// +kubebuilder:validation:Required
	DBSEConfig `json:",inline"`

	// RootCredentials specifies how to retrieve the credentials for this DatabaseEngine connection.
	// +kubebuilder:validation:Required
	RootCredentials vaultutils.RootCredentialConfig `json:"rootCredentials,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

DatabaseSecretEngineConfigSpec defines the desired state of DatabaseSecretEngineConfig

func (*DatabaseSecretEngineConfigSpec) DeepCopy 

func (in *DatabaseSecretEngineConfigSpec) DeepCopy() *DatabaseSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineConfigSpec.

func (*DatabaseSecretEngineConfigSpec) DeepCopyInto 

func (in *DatabaseSecretEngineConfigSpec) DeepCopyInto(out *DatabaseSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineConfigStatus 

type DatabaseSecretEngineConfigStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	// +kubebuilder:validation:Optional
	LastRootPasswordRotation metav1.Time `json:"lastRootPasswordRotation,omitempty"`
}

DatabaseSecretEngineConfigStatus defines the observed state of DatabaseSecretEngineConfig

func (*DatabaseSecretEngineConfigStatus) DeepCopy 

func (in *DatabaseSecretEngineConfigStatus) DeepCopy() *DatabaseSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineConfigStatus.

func (*DatabaseSecretEngineConfigStatus) DeepCopyInto 

func (in *DatabaseSecretEngineConfigStatus) DeepCopyInto(out *DatabaseSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineRole 

type DatabaseSecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DatabaseSecretEngineRoleSpec   `json:"spec,omitempty"`
	Status DatabaseSecretEngineRoleStatus `json:"status,omitempty"`
}

DatabaseSecretEngineRole is the Schema for the databasesecretengineroles API

func (*DatabaseSecretEngineRole) DeepCopy 

func (in *DatabaseSecretEngineRole) DeepCopy() *DatabaseSecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineRole.

func (*DatabaseSecretEngineRole) DeepCopyInto 

func (in *DatabaseSecretEngineRole) DeepCopyInto(out *DatabaseSecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineRole) DeepCopyObject 

func (in *DatabaseSecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DatabaseSecretEngineRole) Default 

func (r *DatabaseSecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*DatabaseSecretEngineRole) GetConditions 

func (m *DatabaseSecretEngineRole) GetConditions() []metav1.Condition

func (*DatabaseSecretEngineRole) GetKubeAuthConfiguration added in v0.6.3 

func (d *DatabaseSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*DatabaseSecretEngineRole) GetPath 

func (d *DatabaseSecretEngineRole) GetPath() string

func (*DatabaseSecretEngineRole) GetPayload 

func (d *DatabaseSecretEngineRole) GetPayload() map[string]interface{}

func (*DatabaseSecretEngineRole) GetVaultConnection added in v0.8.9 

func (d *DatabaseSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*DatabaseSecretEngineRole) IsDeletable added in v0.8.29 

func (d *DatabaseSecretEngineRole) IsDeletable() bool

func (*DatabaseSecretEngineRole) IsEquivalentToDesiredState 

func (d *DatabaseSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*DatabaseSecretEngineRole) IsInitialized 

func (d *DatabaseSecretEngineRole) IsInitialized() bool

func (*DatabaseSecretEngineRole) IsValid 

func (r *DatabaseSecretEngineRole) IsValid() (bool, error)

func (*DatabaseSecretEngineRole) PrepareInternalValues 

func (d *DatabaseSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*DatabaseSecretEngineRole) PrepareTLSConfig added in v0.8.24 

func (d *DatabaseSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*DatabaseSecretEngineRole) SetConditions 

func (m *DatabaseSecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*DatabaseSecretEngineRole) SetupWebhookWithManager 

func (r *DatabaseSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*DatabaseSecretEngineRole) ValidateCreate 

func (r *DatabaseSecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineRole) ValidateDelete 

func (r *DatabaseSecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineRole) ValidateUpdate 

func (r *DatabaseSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type DatabaseSecretEngineRoleList 

type DatabaseSecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DatabaseSecretEngineRole `json:"items"`
}

DatabaseSecretEngineRoleList contains a list of DatabaseSecretEngineRole

func (*DatabaseSecretEngineRoleList) DeepCopy 

func (in *DatabaseSecretEngineRoleList) DeepCopy() *DatabaseSecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineRoleList.

func (*DatabaseSecretEngineRoleList) DeepCopyInto 

func (in *DatabaseSecretEngineRoleList) DeepCopyInto(out *DatabaseSecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineRoleList) DeepCopyObject 

func (in *DatabaseSecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DatabaseSecretEngineRoleSpec 

type DatabaseSecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	DBSERole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

DatabaseSecretEngineRoleSpec defines the desired state of DatabaseSecretEngineRole

func (*DatabaseSecretEngineRoleSpec) DeepCopy 

func (in *DatabaseSecretEngineRoleSpec) DeepCopy() *DatabaseSecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineRoleSpec.

func (*DatabaseSecretEngineRoleSpec) DeepCopyInto 

func (in *DatabaseSecretEngineRoleSpec) DeepCopyInto(out *DatabaseSecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineRoleStatus 

type DatabaseSecretEngineRoleStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

DatabaseSecretEngineRoleStatus defines the observed state of DatabaseSecretEngineRole

func (*DatabaseSecretEngineRoleStatus) DeepCopy 

func (in *DatabaseSecretEngineRoleStatus) DeepCopy() *DatabaseSecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineRoleStatus.

func (*DatabaseSecretEngineRoleStatus) DeepCopyInto 

func (in *DatabaseSecretEngineRoleStatus) DeepCopyInto(out *DatabaseSecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineStaticRole added in v0.8.3 

type DatabaseSecretEngineStaticRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DatabaseSecretEngineStaticRoleSpec   `json:"spec,omitempty"`
	Status DatabaseSecretEngineStaticRoleStatus `json:"status,omitempty"`
}

DatabaseSecretEngineStaticRole is the Schema for the databasesecretenginestaticroles API

func (*DatabaseSecretEngineStaticRole) DeepCopy added in v0.8.3 

func (in *DatabaseSecretEngineStaticRole) DeepCopy() *DatabaseSecretEngineStaticRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineStaticRole.

func (*DatabaseSecretEngineStaticRole) DeepCopyInto added in v0.8.3 

func (in *DatabaseSecretEngineStaticRole) DeepCopyInto(out *DatabaseSecretEngineStaticRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineStaticRole) DeepCopyObject added in v0.8.3 

func (in *DatabaseSecretEngineStaticRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DatabaseSecretEngineStaticRole) Default added in v0.8.3 

func (r *DatabaseSecretEngineStaticRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*DatabaseSecretEngineStaticRole) GetConditions added in v0.8.3 

func (m *DatabaseSecretEngineStaticRole) GetConditions() []metav1.Condition

func (*DatabaseSecretEngineStaticRole) GetKubeAuthConfiguration added in v0.8.3 

func (d *DatabaseSecretEngineStaticRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*DatabaseSecretEngineStaticRole) GetPath added in v0.8.3 

func (d *DatabaseSecretEngineStaticRole) GetPath() string

func (*DatabaseSecretEngineStaticRole) GetPayload added in v0.8.3 

func (d *DatabaseSecretEngineStaticRole) GetPayload() map[string]interface{}

func (*DatabaseSecretEngineStaticRole) GetVaultConnection added in v0.8.9 

func (d *DatabaseSecretEngineStaticRole) GetVaultConnection() *vaultutils.VaultConnection

func (*DatabaseSecretEngineStaticRole) IsDeletable added in v0.8.29 

func (d *DatabaseSecretEngineStaticRole) IsDeletable() bool

func (*DatabaseSecretEngineStaticRole) IsEquivalentToDesiredState added in v0.8.3 

func (d *DatabaseSecretEngineStaticRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*DatabaseSecretEngineStaticRole) IsInitialized added in v0.8.3 

func (d *DatabaseSecretEngineStaticRole) IsInitialized() bool

func (*DatabaseSecretEngineStaticRole) IsValid added in v0.8.3 

func (r *DatabaseSecretEngineStaticRole) IsValid() (bool, error)

func (*DatabaseSecretEngineStaticRole) PrepareInternalValues added in v0.8.3 

func (d *DatabaseSecretEngineStaticRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*DatabaseSecretEngineStaticRole) PrepareTLSConfig added in v0.8.24 

func (d *DatabaseSecretEngineStaticRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*DatabaseSecretEngineStaticRole) SetConditions added in v0.8.3 

func (m *DatabaseSecretEngineStaticRole) SetConditions(conditions []metav1.Condition)

func (*DatabaseSecretEngineStaticRole) SetupWebhookWithManager added in v0.8.3 

func (r *DatabaseSecretEngineStaticRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*DatabaseSecretEngineStaticRole) ValidateCreate added in v0.8.3 

func (r *DatabaseSecretEngineStaticRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineStaticRole) ValidateDelete added in v0.8.3 

func (r *DatabaseSecretEngineStaticRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineStaticRole) ValidateUpdate added in v0.8.3 

func (r *DatabaseSecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type DatabaseSecretEngineStaticRoleList added in v0.8.3 

type DatabaseSecretEngineStaticRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DatabaseSecretEngineStaticRole `json:"items"`
}

DatabaseSecretEngineStaticRoleList contains a list of DatabaseSecretEngineStaticRole

func (*DatabaseSecretEngineStaticRoleList) DeepCopy added in v0.8.3 

func (in *DatabaseSecretEngineStaticRoleList) DeepCopy() *DatabaseSecretEngineStaticRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineStaticRoleList.

func (*DatabaseSecretEngineStaticRoleList) DeepCopyInto added in v0.8.3 

func (in *DatabaseSecretEngineStaticRoleList) DeepCopyInto(out *DatabaseSecretEngineStaticRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineStaticRoleList) DeepCopyObject added in v0.8.3 

func (in *DatabaseSecretEngineStaticRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DatabaseSecretEngineStaticRoleSpec added in v0.8.3 

type DatabaseSecretEngineStaticRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	DBSEStaticRole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

DatabaseSecretEngineStaticRoleSpec defines the desired state of DatabaseSecretEngineStaticRole

func (*DatabaseSecretEngineStaticRoleSpec) DeepCopy added in v0.8.3 

func (in *DatabaseSecretEngineStaticRoleSpec) DeepCopy() *DatabaseSecretEngineStaticRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineStaticRoleSpec.

func (*DatabaseSecretEngineStaticRoleSpec) DeepCopyInto added in v0.8.3 

func (in *DatabaseSecretEngineStaticRoleSpec) DeepCopyInto(out *DatabaseSecretEngineStaticRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineStaticRoleStatus added in v0.8.3 

type DatabaseSecretEngineStaticRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

DatabaseSecretEngineStaticRoleStatus defines the observed state of DatabaseSecretEngineStaticRole

func (*DatabaseSecretEngineStaticRoleStatus) DeepCopy added in v0.8.3 

func (in *DatabaseSecretEngineStaticRoleStatus) DeepCopy() *DatabaseSecretEngineStaticRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineStaticRoleStatus.

func (*DatabaseSecretEngineStaticRoleStatus) DeepCopyInto added in v0.8.3 

func (in *DatabaseSecretEngineStaticRoleStatus) DeepCopyInto(out *DatabaseSecretEngineStaticRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPAuthEngineConfig added in v0.8.29 

type GCPAuthEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GCPAuthEngineConfigSpec   `json:"spec,omitempty"`
	Status GCPAuthEngineConfigStatus `json:"status,omitempty"`
}

GCPAuthEngineConfig is the Schema for the gcpauthengineconfigs API

func (*GCPAuthEngineConfig) DeepCopy added in v0.8.29 

func (in *GCPAuthEngineConfig) DeepCopy() *GCPAuthEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuthEngineConfig.

func (*GCPAuthEngineConfig) DeepCopyInto added in v0.8.29 

func (in *GCPAuthEngineConfig) DeepCopyInto(out *GCPAuthEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GCPAuthEngineConfig) DeepCopyObject added in v0.8.29 

func (in *GCPAuthEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GCPAuthEngineConfig) Default added in v0.8.29 

func (r *GCPAuthEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*GCPAuthEngineConfig) GetConditions added in v0.8.29 

func (r *GCPAuthEngineConfig) GetConditions() []metav1.Condition

func (*GCPAuthEngineConfig) GetKubeAuthConfiguration added in v0.8.29 

func (r *GCPAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*GCPAuthEngineConfig) GetPath added in v0.8.29 

func (r *GCPAuthEngineConfig) GetPath() string

func (*GCPAuthEngineConfig) GetPayload added in v0.8.29 

func (r *GCPAuthEngineConfig) GetPayload() map[string]interface{}

func (*GCPAuthEngineConfig) GetVaultConnection added in v0.8.29 

func (d *GCPAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*GCPAuthEngineConfig) IsDeletable added in v0.8.29 

func (d *GCPAuthEngineConfig) IsDeletable() bool

func (*GCPAuthEngineConfig) IsEquivalentToDesiredState added in v0.8.29 

func (r *GCPAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*GCPAuthEngineConfig) IsInitialized added in v0.8.29 

func (r *GCPAuthEngineConfig) IsInitialized() bool

func (*GCPAuthEngineConfig) IsValid added in v0.8.29 

func (r *GCPAuthEngineConfig) IsValid() (bool, error)

func (*GCPAuthEngineConfig) PrepareInternalValues added in v0.8.29 

func (r *GCPAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*GCPAuthEngineConfig) PrepareTLSConfig added in v0.8.29 

func (r *GCPAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*GCPAuthEngineConfig) SetConditions added in v0.8.29 

func (r *GCPAuthEngineConfig) SetConditions(conditions []metav1.Condition)

func (*GCPAuthEngineConfig) SetServiceAccountAndCredentials added in v0.8.29 

func (r *GCPAuthEngineConfig) SetServiceAccountAndCredentials(ServiceAccount string, Credentials string)

func (*GCPAuthEngineConfig) SetupWebhookWithManager added in v0.8.29 

func (r *GCPAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*GCPAuthEngineConfig) ValidateCreate added in v0.8.29 

func (r *GCPAuthEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*GCPAuthEngineConfig) ValidateDelete added in v0.8.29 

func (r *GCPAuthEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*GCPAuthEngineConfig) ValidateUpdate added in v0.8.29 

func (r *GCPAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GCPAuthEngineConfigList added in v0.8.29 

type GCPAuthEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GCPAuthEngineConfig `json:"items"`
}

GCPAuthEngineConfigList contains a list of GCPAuthEngineConfig

func (*GCPAuthEngineConfigList) DeepCopy added in v0.8.29 

func (in *GCPAuthEngineConfigList) DeepCopy() *GCPAuthEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuthEngineConfigList.

func (*GCPAuthEngineConfigList) DeepCopyInto added in v0.8.29 

func (in *GCPAuthEngineConfigList) DeepCopyInto(out *GCPAuthEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GCPAuthEngineConfigList) DeepCopyObject added in v0.8.29 

func (in *GCPAuthEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GCPAuthEngineConfigSpec added in v0.8.29 

type GCPAuthEngineConfigSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// +kubebuilder:validation:Required
	GCPConfig `json:",inline"`

	// GCPCredentials in JSON string containing the contents of a GCP service account credentials file.
	// +kubebuilder:validation:Optional
	GCPCredentials vaultutils.RootCredentialConfig `json:"GCPCredentials,omitempty"`
}

GCPAuthEngineConfigSpec defines the desired state of GCPAuthEngineConfig

func (*GCPAuthEngineConfigSpec) DeepCopy added in v0.8.29 

func (in *GCPAuthEngineConfigSpec) DeepCopy() *GCPAuthEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuthEngineConfigSpec.

func (*GCPAuthEngineConfigSpec) DeepCopyInto added in v0.8.29 

func (in *GCPAuthEngineConfigSpec) DeepCopyInto(out *GCPAuthEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPAuthEngineConfigStatus added in v0.8.29 

type GCPAuthEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GCPAuthEngineConfigStatus defines the observed state of GCPAuthEngineConfig

func (*GCPAuthEngineConfigStatus) DeepCopy added in v0.8.29 

func (in *GCPAuthEngineConfigStatus) DeepCopy() *GCPAuthEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuthEngineConfigStatus.

func (*GCPAuthEngineConfigStatus) DeepCopyInto added in v0.8.29 

func (in *GCPAuthEngineConfigStatus) DeepCopyInto(out *GCPAuthEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPAuthEngineRole added in v0.8.29 

type GCPAuthEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GCPAuthEngineRoleSpec   `json:"spec,omitempty"`
	Status GCPAuthEngineRoleStatus `json:"status,omitempty"`
}

GCPAuthEngineRole is the Schema for the gcpauthengineroles API

func (*GCPAuthEngineRole) DeepCopy added in v0.8.29 

func (in *GCPAuthEngineRole) DeepCopy() *GCPAuthEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuthEngineRole.

func (*GCPAuthEngineRole) DeepCopyInto added in v0.8.29 

func (in *GCPAuthEngineRole) DeepCopyInto(out *GCPAuthEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GCPAuthEngineRole) DeepCopyObject added in v0.8.29 

func (in *GCPAuthEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GCPAuthEngineRole) Default added in v0.8.29 

func (r *GCPAuthEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*GCPAuthEngineRole) GetConditions added in v0.8.29 

func (r *GCPAuthEngineRole) GetConditions() []metav1.Condition

func (*GCPAuthEngineRole) GetKubeAuthConfiguration added in v0.8.29 

func (r *GCPAuthEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*GCPAuthEngineRole) GetPath added in v0.8.29 

func (r *GCPAuthEngineRole) GetPath() string

func (*GCPAuthEngineRole) GetPayload added in v0.8.29 

func (r *GCPAuthEngineRole) GetPayload() map[string]interface{}

func (*GCPAuthEngineRole) GetVaultConnection added in v0.8.29 

func (d *GCPAuthEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*GCPAuthEngineRole) IsDeletable added in v0.8.29 

func (d *GCPAuthEngineRole) IsDeletable() bool

func (*GCPAuthEngineRole) IsEquivalentToDesiredState added in v0.8.29 

func (r *GCPAuthEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*GCPAuthEngineRole) IsInitialized added in v0.8.29 

func (r *GCPAuthEngineRole) IsInitialized() bool

func (*GCPAuthEngineRole) IsValid added in v0.8.29 

func (r *GCPAuthEngineRole) IsValid() (bool, error)

func (*GCPAuthEngineRole) PrepareInternalValues added in v0.8.29 

func (d *GCPAuthEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*GCPAuthEngineRole) PrepareTLSConfig added in v0.8.29 

func (d *GCPAuthEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*GCPAuthEngineRole) SetConditions added in v0.8.29 

func (r *GCPAuthEngineRole) SetConditions(conditions []metav1.Condition)

func (*GCPAuthEngineRole) SetupWebhookWithManager added in v0.8.29 

func (r *GCPAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*GCPAuthEngineRole) ValidateCreate added in v0.8.29 

func (r *GCPAuthEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*GCPAuthEngineRole) ValidateDelete added in v0.8.29 

func (r *GCPAuthEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*GCPAuthEngineRole) ValidateUpdate added in v0.8.29 

func (r *GCPAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GCPAuthEngineRoleList added in v0.8.29 

type GCPAuthEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GCPAuthEngineRole `json:"items"`
}

GCPAuthEngineRoleList contains a list of GCPAuthEngineRole

func (*GCPAuthEngineRoleList) DeepCopy added in v0.8.29 

func (in *GCPAuthEngineRoleList) DeepCopy() *GCPAuthEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuthEngineRoleList.

func (*GCPAuthEngineRoleList) DeepCopyInto added in v0.8.29 

func (in *GCPAuthEngineRoleList) DeepCopyInto(out *GCPAuthEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GCPAuthEngineRoleList) DeepCopyObject added in v0.8.29 

func (in *GCPAuthEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GCPAuthEngineRoleSpec added in v0.8.29 

type GCPAuthEngineRoleSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuraiton to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/groups/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	GCPRole `json:",inline"`
}

GCPAuthEngineRoleSpec defines the desired state of GCPAuthEngineRole

func (*GCPAuthEngineRoleSpec) DeepCopy added in v0.8.29 

func (in *GCPAuthEngineRoleSpec) DeepCopy() *GCPAuthEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuthEngineRoleSpec.

func (*GCPAuthEngineRoleSpec) DeepCopyInto added in v0.8.29 

func (in *GCPAuthEngineRoleSpec) DeepCopyInto(out *GCPAuthEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPAuthEngineRoleStatus added in v0.8.29 

type GCPAuthEngineRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GCPAuthEngineRoleStatus defines the observed state of GCPAuthEngineRole

func (*GCPAuthEngineRoleStatus) DeepCopy added in v0.8.29 

func (in *GCPAuthEngineRoleStatus) DeepCopy() *GCPAuthEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPAuthEngineRoleStatus.

func (*GCPAuthEngineRoleStatus) DeepCopyInto added in v0.8.29 

func (in *GCPAuthEngineRoleStatus) DeepCopyInto(out *GCPAuthEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPConfig added in v0.8.29 

type GCPConfig struct {

	// Service Account Name. A service account is a special kind of account typically used by an application or compute workload, such as a Compute Engine instance, rather than a person.
	// A service account is identified by its email address, which is unique to the account.
	// Applications use service accounts to make authorized API calls by authenticating as either the service account itself, or as Google Workspace or Cloud Identity users through domain-wide delegation.
	// When an application authenticates as a service account, it has access to all resources that the service account has permission to access.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	ServiceAccount string `json:"serviceAccount,omitempty"`

	// Must be either unique_id or role_id.
	// If unique_id is specified, the service account's unique ID will be used for alias names during login.
	// If role_id is specified, the ID of the Vault role will be used. Only used if role type is iam.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="default"
	IAMalias string `json:"IAMalias,omitempty"`

	// The metadata to include on the token returned by the login endpoint. This metadata will be added to both audit logs, and on the iam_alias.
	// By default, it includes project_id, role, service_account_id, and service_account_email.
	// To include no metadata, set to "" via the CLI or [] via the API. To use only particular fields, select the explicit fields.
	// To restore to defaults, send only a field of default.
	// Only select fields that will have a low rate of change for your iam_alias because each change triggers a storage write and can have a performance impact at scale.
	// Only used if role type is iam.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="default"
	IAMmetadata string `json:"IAMmetadata,omitempty"`

	// Must be either instance_id or role_id. If instance_id is specified, the GCE instance ID will be used for alias names during login.
	// If role_id is specified, the ID of the Vault role will be used. Only used if role type is gce.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="role_id"
	GCEalias string `json:"GCEalias,omitempty"`

	// The metadata to include on the token returned by the login endpoint. This metadata will be added to both audit logs, and on the gce_alias.
	// By default, it includes instance_creation_timestamp, instance_id, instance_name, project_id, project_number, role, service_account_id, service_account_email, and zone.
	// To include no metadata, set to "" via the CLI or [] via the API. To use only particular fields, select the explicit fields. To restore to defaults, send only a field of default.
	// Only select fields that will have a low rate of change for your gce_alias because each change triggers a storage write and can have a performance impact at scale.
	// Only used if role type is gce.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="default"
	GCEmetadata string `json:"GCEmetadata,omitempty"`

	// Specifies overrides to service endpoints used when making API requests.
	// This allows specific requests made during authentication to target alternative service endpoints for use in Private Google Access environments.
	// Overrides are set at the subdomain level using the following keys:
	// api - Replaces the service endpoint used in API requests to https://www.googleapis.com.
	// iam - Replaces the service endpoint used in API requests to https://iam.googleapis.com.
	// crm - Replaces the service endpoint used in API requests to https://cloudresourcemanager.googleapis.com.
	// compute - Replaces the service endpoint used in API requests to https://compute.googleapis.com.
	// The endpoint value provided for a given key has the form of scheme://host:port. The scheme:// and :port portions of the endpoint value are optional.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	CustomEndpoint *apiextensionsv1.JSON `json:"customEndpoint,omitempty"`
	// contains filtered or unexported fields
}

func (*GCPConfig) DeepCopy added in v0.8.29 

func (in *GCPConfig) DeepCopy() *GCPConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPConfig.

func (*GCPConfig) DeepCopyInto added in v0.8.29 

func (in *GCPConfig) DeepCopyInto(out *GCPConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GCPRole added in v0.8.29 

type GCPRole struct {
	// Name of the role.
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// The type of this role. Certain fields correspond to specific roles and will be rejected otherwise. Please see below for more information.
	// +kubebuilder:validation:Required
	Type string `json:"type"`

	// An array of service account emails or IDs that login is restricted to, either directly or through an associated instance.
	// If set to *, all service accounts are allowed (you can bind this further using bound_projects.)
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	BoundServiceAccounts []string `json:"boundServiceAccounts,omitempty"`

	// An array of GCP project IDs. Only entities belonging to this project can authenticate under the role.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	BoundProjects []string `json:"boundProjects,omitempty"`

	// If true, any auth token generated under this token will have associated group aliases, namely project-$PROJECT_ID, folder-$PROJECT_ID, and organization-$ORG_ID for the entities project and all its folder or organization ancestors.
	// This requires Vault to have IAM permission resourcemanager.projects.get.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	AddGroupAliases bool `json:"addGroupAliases"`

	// The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenTTL string `json:"tokenTTL,omitempty"`

	// The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenMaxTTL string `json:"tokenMaxTTL,omitempty"`

	// List of token policies to encode onto generated tokens.
	// Depending on the auth method, this list may be supplemented by user/group/other values.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenPolicies []string `json:"tokenPolicies,omitempty"`

	// DEPRECATED: Please use the token_policies parameter instead. List of token policies to encode onto generated tokens.
	// Depending on the auth method, this list may be supplemented by user/group/other values.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	Policies []string `json:"policies,omitempty"`

	// List of CIDR blocks.
	// If set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenBoundCIDRs []string `json:"tokenBoundCIDRs,omitempty"`

	// If set, will encode an explicit max TTL onto the token.
	// This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenExplicitMaxTTL string `json:"tokenExplicitMaxTTL,omitempty"`

	// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy"`

	// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	// If you require the token to have the ability to create child tokens, you will need to set this value to 0.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenNumUses int64 `json:"tokenNumUses"`

	// The maximum allowed period value when a periodic token is requested from this role.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenPeriod int64 `json:"tokenPeriod"`

	// The type of token that should be generated.
	// Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens).
	// For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	// For machine based authentication cases, you should use batch type tokens.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenType string `json:"tokenType,omitempty"`

	// The number of seconds past the time of authentication that the login param JWT must expire within.
	// For example, if a user attempts to login with a token that expires within an hour and this is set to 15 minutes, Vault will return an error prompting the user to create a new signed JWT with a shorter exp.
	// The GCE metadata tokens currently do not allow the exp claim to be customized.
	// The following parameter is only valid when the role is of type "iam".
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	MaxJWTExp string `json:"maxJWTExp,omitempty"`

	// A flag to determine if this role should allow GCE instances to authenticate by inferring service accounts from the GCE identity metadata token.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	AllowGCEInference bool `json:"allowGCEInference"`

	// The list of zones that a GCE instance must belong to in order to be authenticated.
	// If bound_instance_groups is provided, it is assumed to be a zonal group and the group must belong to this zone.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundZones []string `json:"boundZones,omitempty"`

	// The list of regions that a GCE instance must belong to in order to be authenticated.
	// If bound_instance_groups is provided, it is assumed to be a regional group and the group must belong to this region.
	// If bound_zones are provided, this attribute is ignored.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundRegions []string `json:"boundRegions,omitempty"`

	// The instance groups that an authorized instance must belong to in order to be authenticated.
	// If specified, either bound_zones or bound_regions must be set too.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundInstanceGroups []string `json:"boundInstanceGroups,omitempty"`

	// A comma-separated list of GCP labels formatted as "key:value" strings that must be set on authorized GCE instances.
	// Because GCP labels are not currently ACL'd, we recommend that this be used in conjunction with other restrictions.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundLabels []string `json:"boundLabels,omitempty"`
}

func (*GCPRole) DeepCopy added in v0.8.29 

func (in *GCPRole) DeepCopy() *GCPRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPRole.

func (*GCPRole) DeepCopyInto added in v0.8.29 

func (in *GCPRole) DeepCopyInto(out *GCPRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GHConfig 

type GHConfig struct {
	// ApplicationID the Application ID of the GitHub App.
	// +kubebuilder:validation:Required
	ApplicationID int64 `json:"applicationID,omitempty"`

	// GitHubAPIBaseURL the base URL for API requests (defaults to the public GitHub API).
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="https://api.github.com"
	GitHubAPIBaseURL string `json:"gitHubAPIBaseURL,omitempty"`
	// contains filtered or unexported fields
}

func (*GHConfig) DeepCopy 

func (in *GHConfig) DeepCopy() *GHConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GHConfig.

func (*GHConfig) DeepCopyInto 

func (in *GHConfig) DeepCopyInto(out *GHConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitHubSecretEngineConfig 

type GitHubSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GitHubSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status GitHubSecretEngineConfigStatus `json:"status,omitempty"`
}

GitHubSecretEngineConfig is the Schema for the githubsecretengineconfigs API

func (*GitHubSecretEngineConfig) DeepCopy 

func (in *GitHubSecretEngineConfig) DeepCopy() *GitHubSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineConfig.

func (*GitHubSecretEngineConfig) DeepCopyInto 

func (in *GitHubSecretEngineConfig) DeepCopyInto(out *GitHubSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GitHubSecretEngineConfig) DeepCopyObject 

func (in *GitHubSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GitHubSecretEngineConfig) Default 

func (r *GitHubSecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*GitHubSecretEngineConfig) GetConditions 

func (m *GitHubSecretEngineConfig) GetConditions() []metav1.Condition

func (*GitHubSecretEngineConfig) GetKubeAuthConfiguration added in v0.6.3 

func (d *GitHubSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*GitHubSecretEngineConfig) GetPath 

func (d *GitHubSecretEngineConfig) GetPath() string

func (*GitHubSecretEngineConfig) GetPayload 

func (d *GitHubSecretEngineConfig) GetPayload() map[string]interface{}

func (*GitHubSecretEngineConfig) GetVaultConnection added in v0.8.9 

func (d *GitHubSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*GitHubSecretEngineConfig) IsDeletable added in v0.8.29 

func (d *GitHubSecretEngineConfig) IsDeletable() bool

func (*GitHubSecretEngineConfig) IsEquivalentToDesiredState 

func (d *GitHubSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*GitHubSecretEngineConfig) IsInitialized 

func (d *GitHubSecretEngineConfig) IsInitialized() bool

func (*GitHubSecretEngineConfig) IsValid 

func (r *GitHubSecretEngineConfig) IsValid() (bool, error)

func (*GitHubSecretEngineConfig) PrepareInternalValues 

func (d *GitHubSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*GitHubSecretEngineConfig) PrepareTLSConfig added in v0.8.24 

func (d *GitHubSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*GitHubSecretEngineConfig) SetConditions 

func (m *GitHubSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*GitHubSecretEngineConfig) SetupWebhookWithManager 

func (r *GitHubSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*GitHubSecretEngineConfig) ValidateCreate 

func (r *GitHubSecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*GitHubSecretEngineConfig) ValidateDelete 

func (r *GitHubSecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*GitHubSecretEngineConfig) ValidateUpdate 

func (r *GitHubSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GitHubSecretEngineConfigList 

type GitHubSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GitHubSecretEngineConfig `json:"items"`
}

GitHubSecretEngineConfigList contains a list of GitHubSecretEngineConfig

func (*GitHubSecretEngineConfigList) DeepCopy 

func (in *GitHubSecretEngineConfigList) DeepCopy() *GitHubSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineConfigList.

func (*GitHubSecretEngineConfigList) DeepCopyInto 

func (in *GitHubSecretEngineConfigList) DeepCopyInto(out *GitHubSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GitHubSecretEngineConfigList) DeepCopyObject 

func (in *GitHubSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GitHubSecretEngineConfigSpec 

type GitHubSecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	GHConfig `json:",inline"`

	// SSHKeyReference allows ofr options to retrieve the ssh key. For security reasons it is never displayed.
	// +kubebuilder:validation:Required
	SSHKeyReference SSHKeyConfig `json:"sSHKeyReference,omitempty"`
}

GitHubSecretEngineConfigSpec defines the desired state of GitHubSecretEngineConfig

func (*GitHubSecretEngineConfigSpec) DeepCopy 

func (in *GitHubSecretEngineConfigSpec) DeepCopy() *GitHubSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineConfigSpec.

func (*GitHubSecretEngineConfigSpec) DeepCopyInto 

func (in *GitHubSecretEngineConfigSpec) DeepCopyInto(out *GitHubSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitHubSecretEngineConfigStatus 

type GitHubSecretEngineConfigStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GitHubSecretEngineConfigStatus defines the observed state of GitHubSecretEngineConfig

func (*GitHubSecretEngineConfigStatus) DeepCopy 

func (in *GitHubSecretEngineConfigStatus) DeepCopy() *GitHubSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineConfigStatus.

func (*GitHubSecretEngineConfigStatus) DeepCopyInto 

func (in *GitHubSecretEngineConfigStatus) DeepCopyInto(out *GitHubSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitHubSecretEngineRole 

type GitHubSecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GitHubSecretEngineRoleSpec   `json:"spec,omitempty"`
	Status GitHubSecretEngineRoleStatus `json:"status,omitempty"`
}

GitHubSecretEngineRole is the Schema for the githubsecretengineroles API

func (*GitHubSecretEngineRole) DeepCopy 

func (in *GitHubSecretEngineRole) DeepCopy() *GitHubSecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineRole.

func (*GitHubSecretEngineRole) DeepCopyInto 

func (in *GitHubSecretEngineRole) DeepCopyInto(out *GitHubSecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GitHubSecretEngineRole) DeepCopyObject 

func (in *GitHubSecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GitHubSecretEngineRole) Default 

func (r *GitHubSecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*GitHubSecretEngineRole) GetConditions 

func (m *GitHubSecretEngineRole) GetConditions() []metav1.Condition

func (*GitHubSecretEngineRole) GetKubeAuthConfiguration added in v0.6.3 

func (d *GitHubSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*GitHubSecretEngineRole) GetPath 

func (d *GitHubSecretEngineRole) GetPath() string

func (*GitHubSecretEngineRole) GetPayload 

func (d *GitHubSecretEngineRole) GetPayload() map[string]interface{}

func (*GitHubSecretEngineRole) GetVaultConnection added in v0.8.9 

func (d *GitHubSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*GitHubSecretEngineRole) IsDeletable added in v0.8.29 

func (d *GitHubSecretEngineRole) IsDeletable() bool

func (*GitHubSecretEngineRole) IsEquivalentToDesiredState 

func (d *GitHubSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*GitHubSecretEngineRole) IsInitialized 

func (d *GitHubSecretEngineRole) IsInitialized() bool

func (*GitHubSecretEngineRole) IsValid 

func (r *GitHubSecretEngineRole) IsValid() (bool, error)

func (*GitHubSecretEngineRole) PrepareInternalValues 

func (d *GitHubSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*GitHubSecretEngineRole) PrepareTLSConfig added in v0.8.24 

func (d *GitHubSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*GitHubSecretEngineRole) SetConditions 

func (m *GitHubSecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*GitHubSecretEngineRole) SetupWebhookWithManager 

func (r *GitHubSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*GitHubSecretEngineRole) ValidateCreate 

func (r *GitHubSecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*GitHubSecretEngineRole) ValidateDelete 

func (r *GitHubSecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*GitHubSecretEngineRole) ValidateUpdate 

func (r *GitHubSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GitHubSecretEngineRoleList 

type GitHubSecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GitHubSecretEngineRole `json:"items"`
}

GitHubSecretEngineRoleList contains a list of GitHubSecretEngineRole

func (*GitHubSecretEngineRoleList) DeepCopy 

func (in *GitHubSecretEngineRoleList) DeepCopy() *GitHubSecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineRoleList.

func (*GitHubSecretEngineRoleList) DeepCopyInto 

func (in *GitHubSecretEngineRoleList) DeepCopyInto(out *GitHubSecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GitHubSecretEngineRoleList) DeepCopyObject 

func (in *GitHubSecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GitHubSecretEngineRoleSpec 

type GitHubSecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/permissionset/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// PermissionsSet All parameters are optional. Omitting them results in a token that has access to all of the repositories and permissions that the GitHub App has.
	// When crafting Vault policy, hyper security sensitive organisations may wish to favour repository_ids (GitHub repository IDs are immutable) instead of repositories (GitHub repository names are mutable).
	// +kubebuilder:validation:Optional
	PermissionSet `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

GitHubSecretEngineRoleSpec defines the desired state of GitHubSecretEngineRole

func (*GitHubSecretEngineRoleSpec) DeepCopy 

func (in *GitHubSecretEngineRoleSpec) DeepCopy() *GitHubSecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineRoleSpec.

func (*GitHubSecretEngineRoleSpec) DeepCopyInto 

func (in *GitHubSecretEngineRoleSpec) DeepCopyInto(out *GitHubSecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitHubSecretEngineRoleStatus 

type GitHubSecretEngineRoleStatus struct {

	// Important: Run "make" to regenerate code after modifying this file
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GitHubSecretEngineRoleStatus defines the observed state of GitHubSecretEngineRole

func (*GitHubSecretEngineRoleStatus) DeepCopy 

func (in *GitHubSecretEngineRoleStatus) DeepCopy() *GitHubSecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineRoleStatus.

func (*GitHubSecretEngineRoleStatus) DeepCopyInto 

func (in *GitHubSecretEngineRoleStatus) DeepCopyInto(out *GitHubSecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Group added in v0.8.20 

type Group struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GroupSpec   `json:"spec,omitempty"`
	Status GroupStatus `json:"status,omitempty"`
}

Group is the Schema for the groups API

func (*Group) DeepCopy added in v0.8.20 

func (in *Group) DeepCopy() *Group

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Group.

func (*Group) DeepCopyInto added in v0.8.20 

func (in *Group) DeepCopyInto(out *Group)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Group) DeepCopyObject added in v0.8.20 

func (in *Group) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Group) Default added in v0.8.20 

func (r *Group) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*Group) GetConditions added in v0.8.20 

func (m *Group) GetConditions() []metav1.Condition

func (*Group) GetKubeAuthConfiguration added in v0.8.20 

func (d *Group) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*Group) GetPath added in v0.8.20 

func (d *Group) GetPath() string

func (*Group) GetPayload added in v0.8.20 

func (d *Group) GetPayload() map[string]interface{}

func (*Group) GetVaultConnection added in v0.8.20 

func (d *Group) GetVaultConnection() *vaultutils.VaultConnection

func (*Group) IsDeletable added in v0.8.29 

func (d *Group) IsDeletable() bool

func (*Group) IsEquivalentToDesiredState added in v0.8.20 

func (d *Group) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*Group) IsInitialized added in v0.8.20 

func (d *Group) IsInitialized() bool

func (*Group) IsValid added in v0.8.20 

func (r *Group) IsValid() (bool, error)

func (*Group) PrepareInternalValues added in v0.8.20 

func (d *Group) PrepareInternalValues(context context.Context, object client.Object) error

func (*Group) PrepareTLSConfig added in v0.8.24 

func (d *Group) PrepareTLSConfig(context context.Context, object client.Object) error

func (*Group) SetConditions added in v0.8.20 

func (m *Group) SetConditions(conditions []metav1.Condition)

func (*Group) SetupWebhookWithManager added in v0.8.20 

func (r *Group) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*Group) ValidateCreate added in v0.8.20 

func (r *Group) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*Group) ValidateDelete added in v0.8.20 

func (r *Group) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*Group) ValidateUpdate added in v0.8.20 

func (r *Group) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GroupAlias added in v0.8.20 

type GroupAlias struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GroupAliasSpec   `json:"spec,omitempty"`
	Status GroupAliasStatus `json:"status,omitempty"`
}

GroupAlias is the Schema for the groupalias API

func (*GroupAlias) DeepCopy added in v0.8.20 

func (in *GroupAlias) DeepCopy() *GroupAlias

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAlias.

func (*GroupAlias) DeepCopyInto added in v0.8.20 

func (in *GroupAlias) DeepCopyInto(out *GroupAlias)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupAlias) DeepCopyObject added in v0.8.20 

func (in *GroupAlias) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GroupAlias) Default added in v0.8.20 

func (r *GroupAlias) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*GroupAlias) GetConditions added in v0.8.20 

func (m *GroupAlias) GetConditions() []metav1.Condition

func (*GroupAlias) GetKubeAuthConfiguration added in v0.8.20 

func (d *GroupAlias) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*GroupAlias) GetPath added in v0.8.20 

func (d *GroupAlias) GetPath() string

func (*GroupAlias) GetPayload added in v0.8.20 

func (d *GroupAlias) GetPayload() map[string]interface{}

func (*GroupAlias) GetVaultConnection added in v0.8.20 

func (d *GroupAlias) GetVaultConnection() *vaultutils.VaultConnection

func (*GroupAlias) IsDeletable added in v0.8.29 

func (d *GroupAlias) IsDeletable() bool

func (*GroupAlias) IsEquivalentToDesiredState added in v0.8.20 

func (d *GroupAlias) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*GroupAlias) IsInitialized added in v0.8.20 

func (d *GroupAlias) IsInitialized() bool

func (*GroupAlias) IsValid added in v0.8.20 

func (r *GroupAlias) IsValid() (bool, error)

func (*GroupAlias) PrepareInternalValues added in v0.8.20 

func (d *GroupAlias) PrepareInternalValues(context context.Context, object client.Object) error

func (*GroupAlias) PrepareTLSConfig added in v0.8.24 

func (d *GroupAlias) PrepareTLSConfig(context context.Context, object client.Object) error

func (*GroupAlias) SetConditions added in v0.8.20 

func (m *GroupAlias) SetConditions(conditions []metav1.Condition)

func (*GroupAlias) SetupWebhookWithManager added in v0.8.20 

func (r *GroupAlias) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*GroupAlias) ValidateCreate added in v0.8.20 

func (r *GroupAlias) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*GroupAlias) ValidateDelete added in v0.8.20 

func (r *GroupAlias) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*GroupAlias) ValidateUpdate added in v0.8.20 

func (r *GroupAlias) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GroupAliasConfig added in v0.8.20 

type GroupAliasConfig struct {
	AuthEngineMountPath string `json:"authEngineMountPath,omitempty"`
	GroupName           string `json:"groupName,omitempty"`
}

func (*GroupAliasConfig) DeepCopy added in v0.8.20 

func (in *GroupAliasConfig) DeepCopy() *GroupAliasConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAliasConfig.

func (*GroupAliasConfig) DeepCopyInto added in v0.8.20 

func (in *GroupAliasConfig) DeepCopyInto(out *GroupAliasConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupAliasList added in v0.8.20 

type GroupAliasList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GroupAlias `json:"items"`
}

GroupAliasList contains a list of GroupAlias

func (*GroupAliasList) DeepCopy added in v0.8.20 

func (in *GroupAliasList) DeepCopy() *GroupAliasList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAliasList.

func (*GroupAliasList) DeepCopyInto added in v0.8.20 

func (in *GroupAliasList) DeepCopyInto(out *GroupAliasList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupAliasList) DeepCopyObject added in v0.8.20 

func (in *GroupAliasList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GroupAliasSpec added in v0.8.20 

type GroupAliasSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	GroupAliasConfig `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
	// contains filtered or unexported fields
}

GroupAliasSpec defines the desired state of GroupAlias

func (*GroupAliasSpec) DeepCopy added in v0.8.20 

func (in *GroupAliasSpec) DeepCopy() *GroupAliasSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAliasSpec.

func (*GroupAliasSpec) DeepCopyInto added in v0.8.20 

func (in *GroupAliasSpec) DeepCopyInto(out *GroupAliasSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupAliasStatus added in v0.8.20 

type GroupAliasStatus struct {
	// +kubebuilder:validation:Optional
	ID string `json:"id,omitempty"`

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GroupAliasStatus defines the observed state of GroupAlias

func (*GroupAliasStatus) DeepCopy added in v0.8.20 

func (in *GroupAliasStatus) DeepCopy() *GroupAliasStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAliasStatus.

func (*GroupAliasStatus) DeepCopyInto added in v0.8.20 

func (in *GroupAliasStatus) DeepCopyInto(out *GroupAliasStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupConfig added in v0.8.20 

type GroupConfig struct {

	// Type Type of the group, internal or external. Defaults to internal
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"internal","external"}
	// +kubebuilder:default:="internal"
	Type string `json:"type,omitempty"`

	// Metadata Metadata to be associated with the group.
	// +kubebuilder:validation:Optional
	// +mapType=granular
	Metadata map[string]string `json:"metadata,omitempty"`

	// Policies Policies to be tied to the group.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	Policies []string `json:"policies,omitempty"`

	// MemberGroupIDs Group IDs to be assigned as group members.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	MemberGroupIDs []string `json:"memberGroupIDs,omitempty"`

	// MemberEntityIDs Entity IDs to be assigned as group members.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	MemberEntityIDs []string `json:"memberEntityIDs,omitempty"`
}

func (*GroupConfig) DeepCopy added in v0.8.20 

func (in *GroupConfig) DeepCopy() *GroupConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupConfig.

func (*GroupConfig) DeepCopyInto added in v0.8.20 

func (in *GroupConfig) DeepCopyInto(out *GroupConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupList added in v0.8.20 

type GroupList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Group `json:"items"`
}

GroupList contains a list of Group

func (*GroupList) DeepCopy added in v0.8.20 

func (in *GroupList) DeepCopy() *GroupList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupList.

func (*GroupList) DeepCopyInto added in v0.8.20 

func (in *GroupList) DeepCopyInto(out *GroupList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupList) DeepCopyObject added in v0.8.20 

func (in *GroupList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GroupSpec added in v0.8.20 

type GroupSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	GroupConfig `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

GroupSpec defines the desired state of Group

func (*GroupSpec) DeepCopy added in v0.8.20 

func (in *GroupSpec) DeepCopy() *GroupSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSpec.

func (*GroupSpec) DeepCopyInto added in v0.8.20 

func (in *GroupSpec) DeepCopyInto(out *GroupSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupStatus added in v0.8.20 

type GroupStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GroupStatus defines the observed state of Group

func (*GroupStatus) DeepCopy added in v0.8.20 

func (in *GroupStatus) DeepCopy() *GroupStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupStatus.

func (*GroupStatus) DeepCopyInto added in v0.8.20 

func (in *GroupStatus) DeepCopyInto(out *GroupStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCAuthEngineConfig added in v0.7.0 

type JWTOIDCAuthEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   JWTOIDCAuthEngineConfigSpec   `json:"spec,omitempty"`
	Status JWTOIDCAuthEngineConfigStatus `json:"status,omitempty"`
}

JWTOIDCAuthEngineConfig is the Schema for the jwtoidcauthengineconfigs API

func (*JWTOIDCAuthEngineConfig) DeepCopy added in v0.7.0 

func (in *JWTOIDCAuthEngineConfig) DeepCopy() *JWTOIDCAuthEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineConfig.

func (*JWTOIDCAuthEngineConfig) DeepCopyInto added in v0.7.0 

func (in *JWTOIDCAuthEngineConfig) DeepCopyInto(out *JWTOIDCAuthEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTOIDCAuthEngineConfig) DeepCopyObject added in v0.7.0 

func (in *JWTOIDCAuthEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*JWTOIDCAuthEngineConfig) Default added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*JWTOIDCAuthEngineConfig) GetConditions added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) GetConditions() []metav1.Condition

func (*JWTOIDCAuthEngineConfig) GetKubeAuthConfiguration added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*JWTOIDCAuthEngineConfig) GetPath added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) GetPath() string

func (*JWTOIDCAuthEngineConfig) GetPayload added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) GetPayload() map[string]interface{}

func (*JWTOIDCAuthEngineConfig) GetVaultConnection added in v0.8.9 

func (d *JWTOIDCAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*JWTOIDCAuthEngineConfig) IsDeletable added in v0.8.29 

func (d *JWTOIDCAuthEngineConfig) IsDeletable() bool

func (*JWTOIDCAuthEngineConfig) IsEquivalentToDesiredState added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*JWTOIDCAuthEngineConfig) IsInitialized added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) IsInitialized() bool

func (*JWTOIDCAuthEngineConfig) IsValid added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) IsValid() (bool, error)

func (*JWTOIDCAuthEngineConfig) PrepareInternalValues added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*JWTOIDCAuthEngineConfig) PrepareTLSConfig added in v0.8.24 

func (r *JWTOIDCAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*JWTOIDCAuthEngineConfig) SetConditions added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) SetConditions(conditions []metav1.Condition)

func (*JWTOIDCAuthEngineConfig) SetUsernameAndPassword added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) SetUsernameAndPassword(OIDCClientID string, OIDCClientSecret string)

func (*JWTOIDCAuthEngineConfig) SetupWebhookWithManager added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*JWTOIDCAuthEngineConfig) ValidateCreate added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*JWTOIDCAuthEngineConfig) ValidateDelete added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*JWTOIDCAuthEngineConfig) ValidateUpdate added in v0.7.0 

func (r *JWTOIDCAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type JWTOIDCAuthEngineConfigList added in v0.7.0 

type JWTOIDCAuthEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []JWTOIDCAuthEngineConfig `json:"items"`
}

JWTOIDCAuthEngineConfigList contains a list of JWTOIDCAuthEngineConfig

func (*JWTOIDCAuthEngineConfigList) DeepCopy added in v0.7.0 

func (in *JWTOIDCAuthEngineConfigList) DeepCopy() *JWTOIDCAuthEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineConfigList.

func (*JWTOIDCAuthEngineConfigList) DeepCopyInto added in v0.7.0 

func (in *JWTOIDCAuthEngineConfigList) DeepCopyInto(out *JWTOIDCAuthEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTOIDCAuthEngineConfigList) DeepCopyObject added in v0.7.0 

func (in *JWTOIDCAuthEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type JWTOIDCAuthEngineConfigSpec added in v0.7.0 

type JWTOIDCAuthEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	JWTOIDCConfig `json:",inline"`

	// OIDCCredentials from the provider for OIDC roles
	// OIDCCredentials consists in OIDCClientID and OIDCClientSecret, which can be created as Kubernetes Secret, VaultSecret or RandomSecret
	// +kubebuilder:validation:Optional
	OIDCCredentials vaultutils.RootCredentialConfig `json:"OIDCCredentials,omitempty"`
}

JWTOIDCAuthEngineConfigSpec defines the desired state of JWTOIDCAuthEngineConfig

func (*JWTOIDCAuthEngineConfigSpec) DeepCopy added in v0.7.0 

func (in *JWTOIDCAuthEngineConfigSpec) DeepCopy() *JWTOIDCAuthEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineConfigSpec.

func (*JWTOIDCAuthEngineConfigSpec) DeepCopyInto added in v0.7.0 

func (in *JWTOIDCAuthEngineConfigSpec) DeepCopyInto(out *JWTOIDCAuthEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCAuthEngineConfigStatus added in v0.7.0 

type JWTOIDCAuthEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

JWTOIDCAuthEngineConfigStatus defines the observed state of JWTOIDCAuthEngineConfig

func (*JWTOIDCAuthEngineConfigStatus) DeepCopy added in v0.7.0 

func (in *JWTOIDCAuthEngineConfigStatus) DeepCopy() *JWTOIDCAuthEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineConfigStatus.

func (*JWTOIDCAuthEngineConfigStatus) DeepCopyInto added in v0.7.0 

func (in *JWTOIDCAuthEngineConfigStatus) DeepCopyInto(out *JWTOIDCAuthEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCAuthEngineRole added in v0.8.0 

type JWTOIDCAuthEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   JWTOIDCAuthEngineRoleSpec   `json:"spec,omitempty"`
	Status JWTOIDCAuthEngineRoleStatus `json:"status,omitempty"`
}

JWTOIDCAuthEngineRole is the Schema for the jwtoidcauthengineroles API

func (*JWTOIDCAuthEngineRole) DeepCopy added in v0.8.0 

func (in *JWTOIDCAuthEngineRole) DeepCopy() *JWTOIDCAuthEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineRole.

func (*JWTOIDCAuthEngineRole) DeepCopyInto added in v0.8.0 

func (in *JWTOIDCAuthEngineRole) DeepCopyInto(out *JWTOIDCAuthEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTOIDCAuthEngineRole) DeepCopyObject added in v0.8.0 

func (in *JWTOIDCAuthEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*JWTOIDCAuthEngineRole) Default added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*JWTOIDCAuthEngineRole) GetConditions added in v0.8.2 

func (r *JWTOIDCAuthEngineRole) GetConditions() []metav1.Condition

func (*JWTOIDCAuthEngineRole) GetKubeAuthConfiguration added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*JWTOIDCAuthEngineRole) GetPath added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) GetPath() string

func (*JWTOIDCAuthEngineRole) GetPayload added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) GetPayload() map[string]interface{}

func (*JWTOIDCAuthEngineRole) GetVaultConnection added in v0.8.9 

func (d *JWTOIDCAuthEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*JWTOIDCAuthEngineRole) IsDeletable added in v0.8.29 

func (d *JWTOIDCAuthEngineRole) IsDeletable() bool

func (*JWTOIDCAuthEngineRole) IsEquivalentToDesiredState added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*JWTOIDCAuthEngineRole) IsInitialized added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) IsInitialized() bool

func (*JWTOIDCAuthEngineRole) IsValid added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) IsValid() (bool, error)

func (*JWTOIDCAuthEngineRole) PrepareInternalValues added in v0.8.0 

func (d *JWTOIDCAuthEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*JWTOIDCAuthEngineRole) PrepareTLSConfig added in v0.8.24 

func (d *JWTOIDCAuthEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*JWTOIDCAuthEngineRole) SetConditions added in v0.8.2 

func (r *JWTOIDCAuthEngineRole) SetConditions(conditions []metav1.Condition)

func (*JWTOIDCAuthEngineRole) SetupWebhookWithManager added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*JWTOIDCAuthEngineRole) ValidateCreate added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*JWTOIDCAuthEngineRole) ValidateDelete added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*JWTOIDCAuthEngineRole) ValidateUpdate added in v0.8.0 

func (r *JWTOIDCAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type JWTOIDCAuthEngineRoleList added in v0.8.0 

type JWTOIDCAuthEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []JWTOIDCAuthEngineRole `json:"items"`
}

JWTOIDCAuthEngineRoleList contains a list of JWTOIDCAuthEngineRole

func (*JWTOIDCAuthEngineRoleList) DeepCopy added in v0.8.0 

func (in *JWTOIDCAuthEngineRoleList) DeepCopy() *JWTOIDCAuthEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineRoleList.

func (*JWTOIDCAuthEngineRoleList) DeepCopyInto added in v0.8.0 

func (in *JWTOIDCAuthEngineRoleList) DeepCopyInto(out *JWTOIDCAuthEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTOIDCAuthEngineRoleList) DeepCopyObject added in v0.8.0 

func (in *JWTOIDCAuthEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type JWTOIDCAuthEngineRoleSpec added in v0.8.0 

type JWTOIDCAuthEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuraiton to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/groups/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	JWTOIDCRole `json:",inline"`
}

JWTOIDCAuthEngineRoleSpec defines the desired state of JWTOIDCAuthEngineRole

func (*JWTOIDCAuthEngineRoleSpec) DeepCopy added in v0.8.0 

func (in *JWTOIDCAuthEngineRoleSpec) DeepCopy() *JWTOIDCAuthEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineRoleSpec.

func (*JWTOIDCAuthEngineRoleSpec) DeepCopyInto added in v0.8.0 

func (in *JWTOIDCAuthEngineRoleSpec) DeepCopyInto(out *JWTOIDCAuthEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCAuthEngineRoleStatus added in v0.8.0 

type JWTOIDCAuthEngineRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

JWTOIDCAuthEngineRoleStatus defines the observed state of JWTOIDCAuthEngineRole

func (*JWTOIDCAuthEngineRoleStatus) DeepCopy added in v0.8.0 

func (in *JWTOIDCAuthEngineRoleStatus) DeepCopy() *JWTOIDCAuthEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineRoleStatus.

func (*JWTOIDCAuthEngineRoleStatus) DeepCopyInto added in v0.8.0 

func (in *JWTOIDCAuthEngineRoleStatus) DeepCopyInto(out *JWTOIDCAuthEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCConfig added in v0.7.0 

type JWTOIDCConfig struct {
	// The OIDC Discovery URL, without any .well-known component (base path). Cannot be used with "jwks_url" or "jwt_validation_pubkeys"
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	OIDCDiscoveryURL string `json:"OIDCDiscoveryURL"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL.
	// If not set, system certificates are used
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	OIDCDiscoveryCAPEM string `json:"OIDCDiscoveryCAPEM,omitempty"`

	// The OAuth Client ID from the provider for OIDC roles.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	OIDCClientID string `json:"OIDCClientID,omitempty"`

	// The response mode to be used in the OAuth2 request.
	// Allowed values are "query" and "form_post". Defaults to "query".
	// If using Vault namespaces, and oidc_response_mode is "form_post", then "namespace_in_state" should be set to false
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	OIDCResponseMode string `json:"OIDCResponseMode,omitempty"`

	// The response types to request. Allowed values are "code" and "id_token". Defaults to "code".
	// Note: "id_token" may only be used if "oidc_response_mode" is set to "form_post"
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	OIDCResponseTypes []string `json:"OIDCResponseTypes,omitempty"`

	// JWKS URL to use to authenticate signatures.
	// Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys"
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	JWKSURL string `json:"JWKSURL,omitempty"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL.
	// If not set, system certificates are used.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	JWKSCAPEM string `json:"JWKSCAPEM,omitempty"`

	// A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with "jwks_url" or "oidc_discovery_url"
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	JWTValidationPubKeys []string `json:"JWTValidationPubKeys,omitempty"`

	// The value against which to match the iss claim in a JWT
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	BoundIssuer string `json:"boundIssuer,omitempty"`

	// A list of supported signing algorithms. Defaults to [RS256] for OIDC roles. Defaults to all available algorithms for JWT roles
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	JWTSupportedAlgs []string `json:"JWTSupportedAlgs,omitempty"`

	// The default role to use if none is provided during login
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	DefaultRole string `json:"defaultRole,omitempty"`

	// Configuration options for provider-specific handling. Providers with specific handling include: Azure, Google.
	// The options are described in each provider's section in OIDC Provider Setup
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	ProviderConfig *apiextensionsv1.JSON `json:"providerConfig,omitempty"`

	// Pass namespace in the OIDC state parameter instead of as a separate query parameter.
	// With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter.
	// This means only one redirect URL entry needs to be maintained on the provider side for all vault namespaces that will be authenticating against it.
	// Defaults to true for new configs
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	NamespaceInState bool `json:"namespaceInState,omitempty"`
	// contains filtered or unexported fields
}

func (*JWTOIDCConfig) DeepCopy added in v0.8.0 

func (in *JWTOIDCConfig) DeepCopy() *JWTOIDCConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCConfig.

func (*JWTOIDCConfig) DeepCopyInto added in v0.8.0 

func (in *JWTOIDCConfig) DeepCopyInto(out *JWTOIDCConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCRole added in v0.8.0 

type JWTOIDCRole struct {

	// Name of the role
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Type of role, either "oidc" (default) or "jwt"
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	RoleType string `json:"roleType,omitempty"`

	// List of aud claims to match against. Any match is sufficient. Required for "jwt" roles, optional for "oidc" roles
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundAudiences []string `json:"boundAudiences,omitempty"`

	// The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login.
	// The claim value must be a string
	// +kubebuilder:validation:Required
	UserClaim string `json:"userClaim"`

	// Specifies if the user_claim value uses JSON pointer syntax for referencing claims.
	// By default, the user_claim value will not use JSON pointer.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	UserClaimJSONPointer bool `json:"userClaimJSONPointer"`

	// The amount of leeway to add to all claims to account for clock skew, in seconds.
	// Defaults to 60 seconds if set to 0 and can be disabled if set to -1.
	// Accepts an integer number of seconds, or a Go duration format string. Only applicable with "jwt" roles
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	ClockSkewLeeway int64 `json:"clockSkewLeeway"`

	// The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.
	// Defaults to 150 seconds if set to 0 and can be disabled if set to -1.
	// Accepts an integer number of seconds, or a Go duration format string. Only applicable with "jwt" roles.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	ExpirationLeeway int64 `json:"expirationLeeway"`

	// he amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds
	// Defaults to 150 seconds if set to 0 and can be disabled if set to -1.
	// Accepts an integer number of seconds, or a Go duration format string. Only applicable with "jwt" roles
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	NotBeforeLeeway int64 `json:"notBeforeLeeway"`

	// If set, requires that the sub claim matches this value.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	BoundSubject string `json:"boundSubject,omitempty"`

	// If set, a map of claims (keys) to match against respective claim values (values)
	// The expected value may be a single string or a list of strings
	// The interpretation of the bound claim values is configured with bound_claims_type
	// Keys support JSON pointer syntax for referencing claims
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	BoundClaims *apiextensionsv1.JSON `json:"boundClaims,omitempty"`

	// Configures the interpretation of the bound_claims values.
	// If "string" (the default), the values will treated as string literals and must match exactly.
	// If set to "glob", the values will be interpreted as globs, with * matching any number of characters
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="string"
	BoundClaimsType string `json:"boundClaimsType,omitempty"`

	// The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login.
	// The claim value must be a list of strings. Supports JSON pointer syntax for referencing claims
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	GroupsClaim string `json:"groupsClaim,omitempty"`

	// If set, a map of claims (keys) to be copied to specified metadata fields (values)
	// Keys support JSON pointer syntax for referencing claims
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	ClaimMappings map[string]string `json:"claimMappings,omitempty"`

	// If set, a list of OIDC scopes to be used with an OIDC role
	// The standard scope "openid" is automatically included and need not be specified
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	OIDCScopes []string `json:"OIDCScopes,omitempty"`

	// The list of allowed values for redirect_uri during OIDC logins
	// +kubebuilder:validation:Required
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedRedirectURIs []string `json:"allowedRedirectURIs,omitempty"`

	// Log received OIDC tokens and claims when debug-level logging is active
	// Not recommended in production since sensitive information may be present in OIDC responses
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	VerboseOIDCLogging bool `json:"verboseOIDCLogging"`

	// Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated with the OIDC provider
	// If set, the max_age request parameter will be included in the authentication request
	// See AuthRequest for additional details
	// Accepts an integer number of seconds, or a Go duration format string
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	MaxAge int64 `json:"maxage"`

	// The incremental lifetime for generated tokens
	// This current value of this will be referenced at renewal time
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenTTL string `json:"tokenTTL,omitempty"`

	// The maximum lifetime for generated tokens.
	// This current value of this will be referenced at renewal time
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenMaxTTL string `json:"tokenMaxTTL,omitempty"`

	// List of policies to encode onto generated tokens
	// Depending on the auth method, this list may be supplemented by user/group/other values
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenPolicies []string `json:"tokenPolicies,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenBoundCIDRs []string `json:"tokenBoundCIDRs,omitempty"`

	// If set, will encode an explicit max TTL onto the token.
	// This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenExplicitMaxTTL string `json:"tokenExplicitMaxTTL,omitempty"`

	// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy"`

	// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	// If you require the token to have the ability to create child tokens, you will need to set this value to 0
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenNumUses int64 `json:"tokenNumUses"`

	// The period, if any, to set on the token
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenPeriod int64 `json:"tokenPeriod"`

	// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens).
	// For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenType string `json:"tokenType,omitempty"`
}

func (*JWTOIDCRole) DeepCopy added in v0.8.0 

func (in *JWTOIDCRole) DeepCopy() *JWTOIDCRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCRole.

func (*JWTOIDCRole) DeepCopyInto added in v0.8.0 

func (in *JWTOIDCRole) DeepCopyInto(out *JWTOIDCRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KAECConfig 

type KAECConfig struct {

	// KubernetesHost Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	// +kubebuilder:validation:Required
	// +kubebuilder:default="https://kubernetes.default.svc:443"
	KubernetesHost string `json:"kubernetesHost,omitempty"`

	// kubernetesCACert PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. NOTE: Every line must end with a newline: \n
	// if omitted will default to the content of the file "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" in the operator pod
	// +kubebuilder:validation:Optional
	KubernetesCACert string `json:"kubernetesCACert,omitempty"`

	// PEMKeys Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	// +kubebuilder:validation:Optional
	PEMKeys []string `json:"PEMKeys,omitempty"`

	// Issuer Optional JWT issuer. If no issuer is specified, then this plugin will use kubernetes/serviceaccount as the default issuer. See these instructions for looking up the issuer for a given Kubernetes cluster.
	// +kubebuilder:validation:Optional
	Issuer string `json:"issuer,omitempty"`

	// DisableISSValidation Disable JWT issuer validation. Allows to skip ISS validation.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DisableISSValidation bool `json:"disableISSValidation,omitempty"`

	// DisableLocalCAJWT Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DisableLocalCAJWT bool `json:"disableLocalCAJWT,omitempty"`

	// UseOperatorPodCA . This field is considered only if `kubernetesCACert` is not set and `disableLocalCAJWT` is set to true.
	// In this case if this field is set to true the operator pod's CA is injected. This is the original behavior before the introduction of this field
	// If tis field is set to false, the os ca bundle of where vault is running will be used.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	UseOperatorPodCA bool `json:"useOperatorPodCA,omitempty"`

	// UseAnnotationsAsAliasMetadata  Use annotations from the client token's associated service account as alias metadata for the Vault entity. Only annotations with the vault.hashicorp.com/alias-metadata- key prefix are targeted as alias metadata and your annotations must be 512 characters or less due to the Vault alias metadata value limit. For example, if you configure the annotation vault.hashicorp.com/alias-metadata-foo, Vault saves the string "foo" along with the annotation value to the alias metadata. To save alias metadata, Vault must have permission to read service accounts from the Kubernetes API.
	// +kubebuilder:validation:Optional
	UseAnnotationsAsAliasMetadata bool `json:"useAnnotationsAsAliasMetadata,omitempty"`
	// contains filtered or unexported fields
}

func (*KAECConfig) DeepCopy 

func (in *KAECConfig) DeepCopy() *KAECConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KAECConfig.

func (*KAECConfig) DeepCopyInto 

func (in *KAECConfig) DeepCopyInto(out *KAECConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeSEConfig added in v0.6.0 

type KubeSEConfig struct {
	// KubernetesHost Kubernetes API URL to connect to.
	// +kubebuilder:validation:Required
	KubernetesHost string `json:"kubernetesHost,omitempty"`

	// KubernetesCACert PEM encoded CA certificate to verify the Kubernetes API server certificate.
	// +kubebuilder:validation:Optional
	KubernetesCACert string `json:"kubernetesCACert,omitempty"`

	// DisableLocalCAJWT Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DisableLocalCAJWT bool `json:"disableLocalCAJWT,omitempty"`
	// contains filtered or unexported fields
}

func (*KubeSEConfig) DeepCopy added in v0.6.0 

func (in *KubeSEConfig) DeepCopy() *KubeSEConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSEConfig.

func (*KubeSEConfig) DeepCopyInto added in v0.6.0 

func (in *KubeSEConfig) DeepCopyInto(out *KubeSEConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeSERole added in v0.6.0 

type KubeSERole struct {

	// AllowedKubernetesNamespaces The list of Kubernetes namespaces this role can generate credentials for. If set to "*" all namespaces are allowed.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedKubernetesNamespaces []string `json:"allowedKubernetesNamespaces,omitempty"`

	// A label selector for Kubernetes namespaces in which credentials can be generated.
	// Accepts either a JSON or YAML object. The value should be of type LabelSelector as illustrated: "'{'matchLabels':{'stage':'prod','sa-generator':'vault'}}".
	// If set with allowed_kubernetes_namespaces, the conditions are ORed.
	// +kubebuilder:validation:Optional
	AllowedKubernetesNamespaceSelector string `json:"allowedKubernetesNamespaceSelector,omitempty"`

	// DeafulTTL Specifies the TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/engine default TTL time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	DefaultTTL metav1.Duration `json:"defaultTTL,omitempty"`

	// MaxTTL Specifies the maximum TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also The TTL General Case.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	MaxTTL metav1.Duration `json:"maxTTL,omitempty"`

	// DefaultAudiences The default intended audiences for generated Kubernetes tokens, specified by a comma separated string. e.g "custom-audience-0,custom-audience-1".
	// If not set or set to "", the Kubernetes cluster default for audiences of service account tokens will be used.
	// +kubebuilder:validation:Optional
	DefaultAudiences string `json:"defaultAudiences,omitempty"`

	// ServiceAccountName The pre-existing service account to generate tokens for. Mutually exclusive with all role parameters. If set, only a Kubernetes token will be created when credentials are requested. See the Kubernetes service account documentation for more details on service accounts.
	// +kubebuilder:validation:Optional
	ServiceAccountName string `json:"serviceAccountName,omitempty"`

	// KubernetesRoleName The pre-existing Role or ClusterRole to bind a generated service account to. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested. See the Kubernetes roles documentation for more details on Kubernetes roles.
	// +kubebuilder:validation:Optional
	KubernetesRoleName string `json:"kubernetesRoleName,omitempty"`

	// KubernetesRoleType Specifies whether the Kubernetes role is a Role or ClusterRole
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="Role"
	// +kubebuilder:validation:Enum={"Role","ClusterRole"}
	KubernetesRoleType string `json:"kubernetesRoleType,omitempty"`

	// GenerateRoleRules The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. If set, the entire chain of Kubernetes objects will be generated when credentials are requested. The value should be a rules key with an array of PolicyRule objects, as illustrated in the Kubernetes RBAC documentation and Sample Payload 3 below.
	// +kubebuilder:validation:Optional
	GenerateRoleRules string `json:"generateRoleRules,omitempty"`

	// NameTemplate The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used. See username templating for details on how to write a custom template.
	// +kubebuilder:validation:Optional
	NameTemplate string `json:"nameTemplate,omitempty"`

	// ExtraAnnotations Additional annotations to apply to all generated Kubernetes objects. See the Kubernetes annotations documentation for more details on annotations.
	// +kubebuilder:validation:Optional
	ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty"`

	// ExtraLabels Additional labels to apply to all generated Kubernetes objects. See the Kubernetes labels documentation for more details on labels.
	// +kubebuilder:validation:Optional
	ExtraLabels map[string]string `json:"extraLabels,omitempty"`
}

func (*KubeSERole) DeepCopy added in v0.6.0 

func (in *KubeSERole) DeepCopy() *KubeSERole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSERole.

func (*KubeSERole) DeepCopyInto added in v0.6.0 

func (in *KubeSERole) DeepCopyInto(out *KubeSERole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuthEngineConfig 

type KubernetesAuthEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   KubernetesAuthEngineConfigSpec   `json:"spec,omitempty"`
	Status KubernetesAuthEngineConfigStatus `json:"status,omitempty"`
}

KubernetesAuthEngineConfig is the Schema for the kubernetesauthengineconfigs API

func (*KubernetesAuthEngineConfig) DeepCopy 

func (in *KubernetesAuthEngineConfig) DeepCopy() *KubernetesAuthEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineConfig.

func (*KubernetesAuthEngineConfig) DeepCopyInto 

func (in *KubernetesAuthEngineConfig) DeepCopyInto(out *KubernetesAuthEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesAuthEngineConfig) DeepCopyObject 

func (in *KubernetesAuthEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*KubernetesAuthEngineConfig) Default 

func (r *KubernetesAuthEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*KubernetesAuthEngineConfig) GetConditions 

func (m *KubernetesAuthEngineConfig) GetConditions() []metav1.Condition

func (*KubernetesAuthEngineConfig) GetKubeAuthConfiguration added in v0.6.3 

func (d *KubernetesAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*KubernetesAuthEngineConfig) GetPath 

func (d *KubernetesAuthEngineConfig) GetPath() string

func (*KubernetesAuthEngineConfig) GetPayload 

func (d *KubernetesAuthEngineConfig) GetPayload() map[string]interface{}

func (*KubernetesAuthEngineConfig) GetVaultConnection added in v0.8.9 

func (d *KubernetesAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*KubernetesAuthEngineConfig) IsDeletable added in v0.8.29 

func (d *KubernetesAuthEngineConfig) IsDeletable() bool

func (*KubernetesAuthEngineConfig) IsEquivalentToDesiredState 

func (d *KubernetesAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*KubernetesAuthEngineConfig) IsInitialized 

func (d *KubernetesAuthEngineConfig) IsInitialized() bool

func (*KubernetesAuthEngineConfig) IsValid 

func (r *KubernetesAuthEngineConfig) IsValid() (bool, error)

func (*KubernetesAuthEngineConfig) PrepareInternalValues 

func (d *KubernetesAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*KubernetesAuthEngineConfig) PrepareTLSConfig added in v0.8.24 

func (d *KubernetesAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*KubernetesAuthEngineConfig) SetConditions 

func (m *KubernetesAuthEngineConfig) SetConditions(conditions []metav1.Condition)

func (*KubernetesAuthEngineConfig) SetupWebhookWithManager 

func (r *KubernetesAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*KubernetesAuthEngineConfig) ValidateCreate 

func (r *KubernetesAuthEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesAuthEngineConfig) ValidateDelete 

func (r *KubernetesAuthEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesAuthEngineConfig) ValidateUpdate 

func (r *KubernetesAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type KubernetesAuthEngineConfigList 

type KubernetesAuthEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []KubernetesAuthEngineConfig `json:"items"`
}

KubernetesAuthEngineConfigList contains a list of KubernetesAuthEngineConfig

func (*KubernetesAuthEngineConfigList) DeepCopy 

func (in *KubernetesAuthEngineConfigList) DeepCopy() *KubernetesAuthEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineConfigList.

func (*KubernetesAuthEngineConfigList) DeepCopyInto 

func (in *KubernetesAuthEngineConfigList) DeepCopyInto(out *KubernetesAuthEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesAuthEngineConfigList) DeepCopyObject 

func (in *KubernetesAuthEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubernetesAuthEngineConfigSpec 

type KubernetesAuthEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	KAECConfig `json:",inline"`

	// TokenReviewerServiceAccount A service account JWT used to access the TokenReview API to validate other JWTs during login. If not set, the JWT submitted in the login payload will be used to access the Kubernetes TokenReview API.
	// +kubebuilder:validation:Optional
	TokenReviewerServiceAccount *corev1.LocalObjectReference `json:"tokenReviewerServiceAccount,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

KubernetesAuthEngineConfigSpec defines the desired state of KubernetesAuthEngineConfig

func (*KubernetesAuthEngineConfigSpec) DeepCopy 

func (in *KubernetesAuthEngineConfigSpec) DeepCopy() *KubernetesAuthEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineConfigSpec.

func (*KubernetesAuthEngineConfigSpec) DeepCopyInto 

func (in *KubernetesAuthEngineConfigSpec) DeepCopyInto(out *KubernetesAuthEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuthEngineConfigStatus 

type KubernetesAuthEngineConfigStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

KubernetesAuthEngineConfigStatus defines the observed state of KubernetesAuthEngineConfig

func (*KubernetesAuthEngineConfigStatus) DeepCopy 

func (in *KubernetesAuthEngineConfigStatus) DeepCopy() *KubernetesAuthEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineConfigStatus.

func (*KubernetesAuthEngineConfigStatus) DeepCopyInto 

func (in *KubernetesAuthEngineConfigStatus) DeepCopyInto(out *KubernetesAuthEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuthEngineRole 

type KubernetesAuthEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   KubernetesAuthEngineRoleSpec   `json:"spec,omitempty"`
	Status KubernetesAuthEngineRoleStatus `json:"status,omitempty"`
}

KubernetesAuthEngineRole can be used to define a KubernetesAuthEngineRole for the kube-auth authentication method

func (*KubernetesAuthEngineRole) DeepCopy 

func (in *KubernetesAuthEngineRole) DeepCopy() *KubernetesAuthEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineRole.

func (*KubernetesAuthEngineRole) DeepCopyInto 

func (in *KubernetesAuthEngineRole) DeepCopyInto(out *KubernetesAuthEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesAuthEngineRole) DeepCopyObject 

func (in *KubernetesAuthEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*KubernetesAuthEngineRole) Default 

func (r *KubernetesAuthEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*KubernetesAuthEngineRole) GetConditions 

func (m *KubernetesAuthEngineRole) GetConditions() []metav1.Condition

func (*KubernetesAuthEngineRole) GetKubeAuthConfiguration added in v0.6.3 

func (d *KubernetesAuthEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*KubernetesAuthEngineRole) GetPath 

func (d *KubernetesAuthEngineRole) GetPath() string

func (*KubernetesAuthEngineRole) GetPayload 

func (d *KubernetesAuthEngineRole) GetPayload() map[string]interface{}

func (*KubernetesAuthEngineRole) GetVaultConnection added in v0.8.9 

func (d *KubernetesAuthEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*KubernetesAuthEngineRole) IsDeletable added in v0.8.29 

func (d *KubernetesAuthEngineRole) IsDeletable() bool

func (*KubernetesAuthEngineRole) IsEquivalentToDesiredState 

func (d *KubernetesAuthEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*KubernetesAuthEngineRole) IsInitialized 

func (d *KubernetesAuthEngineRole) IsInitialized() bool

func (*KubernetesAuthEngineRole) IsValid 

func (r *KubernetesAuthEngineRole) IsValid() (bool, error)

func (*KubernetesAuthEngineRole) PrepareInternalValues 

func (d *KubernetesAuthEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*KubernetesAuthEngineRole) PrepareTLSConfig added in v0.8.24 

func (d *KubernetesAuthEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*KubernetesAuthEngineRole) SetConditions 

func (m *KubernetesAuthEngineRole) SetConditions(conditions []metav1.Condition)

func (*KubernetesAuthEngineRole) SetInternalNamespaces 

func (m *KubernetesAuthEngineRole) SetInternalNamespaces(namespaces []string)

func (*KubernetesAuthEngineRole) SetupWebhookWithManager 

func (r *KubernetesAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*KubernetesAuthEngineRole) ValidateCreate 

func (r *KubernetesAuthEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesAuthEngineRole) ValidateDelete 

func (r *KubernetesAuthEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesAuthEngineRole) ValidateUpdate 

func (r *KubernetesAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type KubernetesAuthEngineRoleList 

type KubernetesAuthEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []KubernetesAuthEngineRole `json:"items"`
}

KubernetesAuthEngineRoleList contains a list of KubernetesAuthEngineRole

func (*KubernetesAuthEngineRoleList) DeepCopy 

func (in *KubernetesAuthEngineRoleList) DeepCopy() *KubernetesAuthEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineRoleList.

func (*KubernetesAuthEngineRoleList) DeepCopyInto 

func (in *KubernetesAuthEngineRoleList) DeepCopyInto(out *KubernetesAuthEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesAuthEngineRoleList) DeepCopyObject 

func (in *KubernetesAuthEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubernetesAuthEngineRoleSpec 

type KubernetesAuthEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/role/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	VRole `json:",inline"`

	// TargetNamespaces specifies how to retrieve the namespaces bound to this Vault role.
	// +kubebuilder:validation:Required
	TargetNamespaces vaultutils.TargetNamespaceConfig `json:"targetNamespaces,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

KubernetesAuthEngineRoleSpec defines the desired state of KubernetesAuthEngineRole

func (*KubernetesAuthEngineRoleSpec) DeepCopy 

func (in *KubernetesAuthEngineRoleSpec) DeepCopy() *KubernetesAuthEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineRoleSpec.

func (*KubernetesAuthEngineRoleSpec) DeepCopyInto 

func (in *KubernetesAuthEngineRoleSpec) DeepCopyInto(out *KubernetesAuthEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuthEngineRoleStatus 

type KubernetesAuthEngineRoleStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

KubernetesAuthEngineRoleStatus defines the observed state of KubernetesAuthEngineRole

func (*KubernetesAuthEngineRoleStatus) DeepCopy 

func (in *KubernetesAuthEngineRoleStatus) DeepCopy() *KubernetesAuthEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineRoleStatus.

func (*KubernetesAuthEngineRoleStatus) DeepCopyInto 

func (in *KubernetesAuthEngineRoleStatus) DeepCopyInto(out *KubernetesAuthEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSecretEngineConfig added in v0.6.0 

type KubernetesSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   KubernetesSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status KubernetesSecretEngineConfigStatus `json:"status,omitempty"`
}

KubernetesSecretEngineConfig is the Schema for the kubernetessecretengineconfigs API

func (*KubernetesSecretEngineConfig) DeepCopy added in v0.6.0 

func (in *KubernetesSecretEngineConfig) DeepCopy() *KubernetesSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineConfig.

func (*KubernetesSecretEngineConfig) DeepCopyInto added in v0.6.0 

func (in *KubernetesSecretEngineConfig) DeepCopyInto(out *KubernetesSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretEngineConfig) DeepCopyObject added in v0.6.0 

func (in *KubernetesSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*KubernetesSecretEngineConfig) Default added in v0.6.0 

func (r *KubernetesSecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*KubernetesSecretEngineConfig) GetConditions added in v0.6.0 

func (m *KubernetesSecretEngineConfig) GetConditions() []metav1.Condition

func (*KubernetesSecretEngineConfig) GetKubeAuthConfiguration added in v0.6.3 

func (d *KubernetesSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*KubernetesSecretEngineConfig) GetPath added in v0.6.0 

func (d *KubernetesSecretEngineConfig) GetPath() string

func (*KubernetesSecretEngineConfig) GetPayload added in v0.6.0 

func (d *KubernetesSecretEngineConfig) GetPayload() map[string]interface{}

func (*KubernetesSecretEngineConfig) GetVaultConnection added in v0.8.9 

func (d *KubernetesSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*KubernetesSecretEngineConfig) IsDeletable added in v0.8.29 

func (d *KubernetesSecretEngineConfig) IsDeletable() bool

func (*KubernetesSecretEngineConfig) IsEquivalentToDesiredState added in v0.6.0 

func (d *KubernetesSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*KubernetesSecretEngineConfig) IsInitialized added in v0.6.0 

func (d *KubernetesSecretEngineConfig) IsInitialized() bool

func (*KubernetesSecretEngineConfig) IsValid added in v0.6.0 

func (r *KubernetesSecretEngineConfig) IsValid() (bool, error)

func (*KubernetesSecretEngineConfig) PrepareInternalValues added in v0.6.0 

func (d *KubernetesSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*KubernetesSecretEngineConfig) PrepareTLSConfig added in v0.8.24 

func (d *KubernetesSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*KubernetesSecretEngineConfig) SetConditions added in v0.6.0 

func (m *KubernetesSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*KubernetesSecretEngineConfig) SetupWebhookWithManager added in v0.6.0 

func (r *KubernetesSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*KubernetesSecretEngineConfig) ValidateCreate added in v0.6.0 

func (r *KubernetesSecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesSecretEngineConfig) ValidateDelete added in v0.6.0 

func (r *KubernetesSecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesSecretEngineConfig) ValidateUpdate added in v0.6.0 

func (r *KubernetesSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type KubernetesSecretEngineConfigList added in v0.6.0 

type KubernetesSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []KubernetesSecretEngineConfig `json:"items"`
}

KubernetesSecretEngineConfigList contains a list of KubernetesSecretEngineConfig

func (*KubernetesSecretEngineConfigList) DeepCopy added in v0.6.0 

func (in *KubernetesSecretEngineConfigList) DeepCopy() *KubernetesSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineConfigList.

func (*KubernetesSecretEngineConfigList) DeepCopyInto added in v0.6.0 

func (in *KubernetesSecretEngineConfigList) DeepCopyInto(out *KubernetesSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretEngineConfigList) DeepCopyObject added in v0.6.0 

func (in *KubernetesSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubernetesSecretEngineConfigSpec added in v0.6.0 

type KubernetesSecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// JWTReference specifies how to retrieve the JWT token for this Kubernetes Engine connection. Only VaultSecretReference or LocalObjectRefence can be used, random secret is not allowed.
	// +kubebuilder:validation:Required
	JWTReference vaultutils.RootCredentialConfig `json:"jwtReference,omitempty"`

	KubeSEConfig `json:",inline"`
}

KubernetesSecretEngineConfigSpec defines the desired state of KubernetesSecretEngineConfig

func (*KubernetesSecretEngineConfigSpec) DeepCopy added in v0.6.0 

func (in *KubernetesSecretEngineConfigSpec) DeepCopy() *KubernetesSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineConfigSpec.

func (*KubernetesSecretEngineConfigSpec) DeepCopyInto added in v0.6.0 

func (in *KubernetesSecretEngineConfigSpec) DeepCopyInto(out *KubernetesSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSecretEngineConfigStatus added in v0.6.0 

type KubernetesSecretEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

KubernetesSecretEngineConfigStatus defines the observed state of KubernetesSecretEngineConfig

func (*KubernetesSecretEngineConfigStatus) DeepCopy added in v0.6.0 

func (in *KubernetesSecretEngineConfigStatus) DeepCopy() *KubernetesSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineConfigStatus.

func (*KubernetesSecretEngineConfigStatus) DeepCopyInto added in v0.6.0 

func (in *KubernetesSecretEngineConfigStatus) DeepCopyInto(out *KubernetesSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSecretEngineRole added in v0.6.0 

type KubernetesSecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   KubernetesSecretEngineRoleSpec   `json:"spec,omitempty"`
	Status KubernetesSecretEngineRoleStatus `json:"status,omitempty"`
}

KubernetesSecretEngineRole is the Schema for the kubernetessecretengineroles API

func (*KubernetesSecretEngineRole) DeepCopy added in v0.6.0 

func (in *KubernetesSecretEngineRole) DeepCopy() *KubernetesSecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineRole.

func (*KubernetesSecretEngineRole) DeepCopyInto added in v0.6.0 

func (in *KubernetesSecretEngineRole) DeepCopyInto(out *KubernetesSecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretEngineRole) DeepCopyObject added in v0.6.0 

func (in *KubernetesSecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*KubernetesSecretEngineRole) Default added in v0.6.0 

func (r *KubernetesSecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*KubernetesSecretEngineRole) GetConditions added in v0.6.0 

func (m *KubernetesSecretEngineRole) GetConditions() []metav1.Condition

func (*KubernetesSecretEngineRole) GetKubeAuthConfiguration added in v0.6.3 

func (d *KubernetesSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*KubernetesSecretEngineRole) GetPath added in v0.6.0 

func (d *KubernetesSecretEngineRole) GetPath() string

func (*KubernetesSecretEngineRole) GetPayload added in v0.6.0 

func (d *KubernetesSecretEngineRole) GetPayload() map[string]interface{}

func (*KubernetesSecretEngineRole) GetVaultConnection added in v0.8.9 

func (d *KubernetesSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*KubernetesSecretEngineRole) IsDeletable added in v0.8.29 

func (d *KubernetesSecretEngineRole) IsDeletable() bool

func (*KubernetesSecretEngineRole) IsEquivalentToDesiredState added in v0.6.0 

func (d *KubernetesSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*KubernetesSecretEngineRole) IsInitialized added in v0.6.0 

func (d *KubernetesSecretEngineRole) IsInitialized() bool

func (*KubernetesSecretEngineRole) IsValid added in v0.6.0 

func (r *KubernetesSecretEngineRole) IsValid() (bool, error)

func (*KubernetesSecretEngineRole) PrepareInternalValues added in v0.6.0 

func (d *KubernetesSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*KubernetesSecretEngineRole) PrepareTLSConfig added in v0.8.24 

func (d *KubernetesSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*KubernetesSecretEngineRole) SetConditions added in v0.6.0 

func (m *KubernetesSecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*KubernetesSecretEngineRole) SetupWebhookWithManager added in v0.6.0 

func (r *KubernetesSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*KubernetesSecretEngineRole) ValidateCreate added in v0.6.0 

func (r *KubernetesSecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesSecretEngineRole) ValidateDelete added in v0.6.0 

func (r *KubernetesSecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesSecretEngineRole) ValidateUpdate added in v0.6.0 

func (r *KubernetesSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type KubernetesSecretEngineRoleList added in v0.6.0 

type KubernetesSecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []KubernetesSecretEngineRole `json:"items"`
}

KubernetesSecretEngineRoleList contains a list of KubernetesSecretEngineRole

func (*KubernetesSecretEngineRoleList) DeepCopy added in v0.6.0 

func (in *KubernetesSecretEngineRoleList) DeepCopy() *KubernetesSecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineRoleList.

func (*KubernetesSecretEngineRoleList) DeepCopyInto added in v0.6.0 

func (in *KubernetesSecretEngineRoleList) DeepCopyInto(out *KubernetesSecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretEngineRoleList) DeepCopyObject added in v0.6.0 

func (in *KubernetesSecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubernetesSecretEngineRoleSpec added in v0.6.0 

type KubernetesSecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// TargetNamespaces specifies how to retrieve the list of Kubernetes namespaces this role can generate credentials for.
	// +kubebuilder:validation:Required
	TargetNamespaces vaultutils.TargetNamespaceConfig `json:"targetNamespaces,omitempty"`

	KubeSERole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

KubernetesSecretEngineRoleSpec defines the desired state of KubernetesSecretEngineRole

func (*KubernetesSecretEngineRoleSpec) DeepCopy added in v0.6.0 

func (in *KubernetesSecretEngineRoleSpec) DeepCopy() *KubernetesSecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineRoleSpec.

func (*KubernetesSecretEngineRoleSpec) DeepCopyInto added in v0.6.0 

func (in *KubernetesSecretEngineRoleSpec) DeepCopyInto(out *KubernetesSecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSecretEngineRoleStatus added in v0.6.0 

type KubernetesSecretEngineRoleStatus struct {
	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
	// Important: Run "make" to regenerate code after modifying this file
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

KubernetesSecretEngineRoleStatus defines the observed state of KubernetesSecretEngineRole

func (*KubernetesSecretEngineRoleStatus) DeepCopy added in v0.6.0 

func (in *KubernetesSecretEngineRoleStatus) DeepCopy() *KubernetesSecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineRoleStatus.

func (*KubernetesSecretEngineRoleStatus) DeepCopyInto added in v0.6.0 

func (in *KubernetesSecretEngineRoleStatus) DeepCopyInto(out *KubernetesSecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPAuthEngineConfig added in v0.5.0 

type LDAPAuthEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   LDAPAuthEngineConfigSpec   `json:"spec,omitempty"`
	Status LDAPAuthEngineConfigStatus `json:"status,omitempty"`
}

LDAPAuthEngineConfig is the Schema for the ldapauthengineconfigs API

func (*LDAPAuthEngineConfig) DeepCopy added in v0.5.0 

func (in *LDAPAuthEngineConfig) DeepCopy() *LDAPAuthEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineConfig.

func (*LDAPAuthEngineConfig) DeepCopyInto added in v0.5.0 

func (in *LDAPAuthEngineConfig) DeepCopyInto(out *LDAPAuthEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPAuthEngineConfig) DeepCopyObject added in v0.5.0 

func (in *LDAPAuthEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*LDAPAuthEngineConfig) Default added in v0.5.0 

func (r *LDAPAuthEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*LDAPAuthEngineConfig) GetConditions added in v0.5.0 

func (m *LDAPAuthEngineConfig) GetConditions() []metav1.Condition

func (*LDAPAuthEngineConfig) GetKubeAuthConfiguration added in v0.6.3 

func (d *LDAPAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*LDAPAuthEngineConfig) GetPath added in v0.5.0 

func (d *LDAPAuthEngineConfig) GetPath() string

func (*LDAPAuthEngineConfig) GetPayload added in v0.5.0 

func (d *LDAPAuthEngineConfig) GetPayload() map[string]interface{}

func (*LDAPAuthEngineConfig) GetVaultConnection added in v0.8.9 

func (d *LDAPAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*LDAPAuthEngineConfig) IsDeletable added in v0.8.29 

func (d *LDAPAuthEngineConfig) IsDeletable() bool

func (*LDAPAuthEngineConfig) IsEquivalentToDesiredState added in v0.5.0 

func (d *LDAPAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*LDAPAuthEngineConfig) IsInitialized added in v0.5.0 

func (d *LDAPAuthEngineConfig) IsInitialized() bool

func (*LDAPAuthEngineConfig) IsValid added in v0.5.0 

func (r *LDAPAuthEngineConfig) IsValid() (bool, error)

func (*LDAPAuthEngineConfig) PrepareInternalValues added in v0.5.0 

func (d *LDAPAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*LDAPAuthEngineConfig) PrepareTLSConfig added in v0.8.24 

func (d *LDAPAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*LDAPAuthEngineConfig) SetConditions added in v0.5.0 

func (m *LDAPAuthEngineConfig) SetConditions(conditions []metav1.Condition)

func (*LDAPAuthEngineConfig) SetUsernameAndPassword added in v0.5.0 

func (m *LDAPAuthEngineConfig) SetUsernameAndPassword(bindDN string, bindPass string)

func (*LDAPAuthEngineConfig) SetupWebhookWithManager added in v0.5.0 

func (r *LDAPAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*LDAPAuthEngineConfig) ValidateCreate added in v0.5.0 

func (r *LDAPAuthEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*LDAPAuthEngineConfig) ValidateDelete added in v0.5.0 

func (r *LDAPAuthEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*LDAPAuthEngineConfig) ValidateUpdate added in v0.5.0 

func (r *LDAPAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type LDAPAuthEngineConfigList added in v0.5.0 

type LDAPAuthEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []LDAPAuthEngineConfig `json:"items"`
}

LDAPAuthEngineConfigList contains a list of LDAPAuthEngineConfig

func (*LDAPAuthEngineConfigList) DeepCopy added in v0.5.0 

func (in *LDAPAuthEngineConfigList) DeepCopy() *LDAPAuthEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineConfigList.

func (*LDAPAuthEngineConfigList) DeepCopyInto added in v0.5.0 

func (in *LDAPAuthEngineConfigList) DeepCopyInto(out *LDAPAuthEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPAuthEngineConfigList) DeepCopyObject added in v0.5.0 

func (in *LDAPAuthEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type LDAPAuthEngineConfigSpec added in v0.5.0 

type LDAPAuthEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	LDAPConfig `json:",inline"`

	// BindCredentials is used to connect to the LDAP service on the specified LDAP Server.
	// BindCredentials consists in bindDN and bindPass, which can be created as Kubernetes Secret, VaultSecret or RandomSecret.
	// +kubebuilder:validation:Required
	BindCredentials vaultutils.RootCredentialConfig `json:"bindCredentials,omitempty"`

	// CertificateConfig represents the LDAP service certificate configuration.
	// CertificateConfig consists in certificate, clientTLSCert and clientTLSKey which can be consumed from an Kubernetes Secret.
	// +kubebuilder:validation:Optional
	TLSConfig vaultutils.TLSConfig `json:"tLSConfig,omitempty"`
}

LDAPAuthEngineConfigSpec defines the desired state of LDAPAuthEngineConfig

func (*LDAPAuthEngineConfigSpec) DeepCopy added in v0.5.0 

func (in *LDAPAuthEngineConfigSpec) DeepCopy() *LDAPAuthEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineConfigSpec.

func (*LDAPAuthEngineConfigSpec) DeepCopyInto added in v0.5.0 

func (in *LDAPAuthEngineConfigSpec) DeepCopyInto(out *LDAPAuthEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPAuthEngineConfigStatus added in v0.5.0 

type LDAPAuthEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

LDAPAuthEngineConfigStatus defines the observed state of LDAPAuthEngineConfig

func (*LDAPAuthEngineConfigStatus) DeepCopy added in v0.5.0 

func (in *LDAPAuthEngineConfigStatus) DeepCopy() *LDAPAuthEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineConfigStatus.

func (*LDAPAuthEngineConfigStatus) DeepCopyInto added in v0.5.0 

func (in *LDAPAuthEngineConfigStatus) DeepCopyInto(out *LDAPAuthEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPAuthEngineGroup added in v0.5.1 

type LDAPAuthEngineGroup struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   LDAPAuthEngineGroupSpec   `json:"spec,omitempty"`
	Status LDAPAuthEngineGroupStatus `json:"status,omitempty"`
}

LDAPAuthEngineGroup is the Schema for the ldapauthenginegroups API

func (*LDAPAuthEngineGroup) DeepCopy added in v0.5.1 

func (in *LDAPAuthEngineGroup) DeepCopy() *LDAPAuthEngineGroup

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineGroup.

func (*LDAPAuthEngineGroup) DeepCopyInto added in v0.5.1 

func (in *LDAPAuthEngineGroup) DeepCopyInto(out *LDAPAuthEngineGroup)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPAuthEngineGroup) DeepCopyObject added in v0.5.1 

func (in *LDAPAuthEngineGroup) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*LDAPAuthEngineGroup) Default added in v0.5.1 

func (r *LDAPAuthEngineGroup) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*LDAPAuthEngineGroup) GetConditions added in v0.5.1 

func (m *LDAPAuthEngineGroup) GetConditions() []metav1.Condition

func (*LDAPAuthEngineGroup) GetKubeAuthConfiguration added in v0.6.3 

func (d *LDAPAuthEngineGroup) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*LDAPAuthEngineGroup) GetPath added in v0.5.1 

func (d *LDAPAuthEngineGroup) GetPath() string

func (*LDAPAuthEngineGroup) GetPayload added in v0.5.1 

func (d *LDAPAuthEngineGroup) GetPayload() map[string]interface{}

func (*LDAPAuthEngineGroup) GetVaultConnection added in v0.8.9 

func (d *LDAPAuthEngineGroup) GetVaultConnection() *vaultutils.VaultConnection

func (*LDAPAuthEngineGroup) IsDeletable added in v0.8.29 

func (d *LDAPAuthEngineGroup) IsDeletable() bool

func (*LDAPAuthEngineGroup) IsEquivalentToDesiredState added in v0.5.1 

func (d *LDAPAuthEngineGroup) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*LDAPAuthEngineGroup) IsInitialized added in v0.5.1 

func (d *LDAPAuthEngineGroup) IsInitialized() bool

func (*LDAPAuthEngineGroup) IsValid added in v0.5.1 

func (r *LDAPAuthEngineGroup) IsValid() (bool, error)

func (*LDAPAuthEngineGroup) PrepareInternalValues added in v0.5.1 

func (d *LDAPAuthEngineGroup) PrepareInternalValues(context context.Context, object client.Object) error

func (*LDAPAuthEngineGroup) PrepareTLSConfig added in v0.8.24 

func (d *LDAPAuthEngineGroup) PrepareTLSConfig(context context.Context, object client.Object) error

func (*LDAPAuthEngineGroup) SetConditions added in v0.5.1 

func (m *LDAPAuthEngineGroup) SetConditions(conditions []metav1.Condition)

func (*LDAPAuthEngineGroup) SetupWebhookWithManager added in v0.5.1 

func (r *LDAPAuthEngineGroup) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*LDAPAuthEngineGroup) ValidateCreate added in v0.5.1 

func (r *LDAPAuthEngineGroup) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*LDAPAuthEngineGroup) ValidateDelete added in v0.5.1 

func (r *LDAPAuthEngineGroup) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*LDAPAuthEngineGroup) ValidateUpdate added in v0.5.1 

func (r *LDAPAuthEngineGroup) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type LDAPAuthEngineGroupList added in v0.5.1 

type LDAPAuthEngineGroupList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []LDAPAuthEngineGroup `json:"items"`
}

LDAPAuthEngineGroupList contains a list of LDAPAuthEngineGroup

func (*LDAPAuthEngineGroupList) DeepCopy added in v0.5.1 

func (in *LDAPAuthEngineGroupList) DeepCopy() *LDAPAuthEngineGroupList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineGroupList.

func (*LDAPAuthEngineGroupList) DeepCopyInto added in v0.5.1 

func (in *LDAPAuthEngineGroupList) DeepCopyInto(out *LDAPAuthEngineGroupList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPAuthEngineGroupList) DeepCopyObject added in v0.5.1 

func (in *LDAPAuthEngineGroupList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type LDAPAuthEngineGroupSpec added in v0.5.1 

type LDAPAuthEngineGroupSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuraiton to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/groups/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// The name of the LDAP group
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`

	// Comma-separated list of policies associated to the group
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	Policies string `json:"policies,omitempty"`
}

LDAPAuthEngineGroupSpec defines the desired state of LDAPAuthEngineGroup

func (*LDAPAuthEngineGroupSpec) DeepCopy added in v0.5.1 

func (in *LDAPAuthEngineGroupSpec) DeepCopy() *LDAPAuthEngineGroupSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineGroupSpec.

func (*LDAPAuthEngineGroupSpec) DeepCopyInto added in v0.5.1 

func (in *LDAPAuthEngineGroupSpec) DeepCopyInto(out *LDAPAuthEngineGroupSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPAuthEngineGroupStatus added in v0.5.1 

type LDAPAuthEngineGroupStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

LDAPAuthEngineGroupStatus defines the observed state of LDAPAuthEngineGroup

func (*LDAPAuthEngineGroupStatus) DeepCopy added in v0.5.1 

func (in *LDAPAuthEngineGroupStatus) DeepCopy() *LDAPAuthEngineGroupStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineGroupStatus.

func (*LDAPAuthEngineGroupStatus) DeepCopyInto added in v0.5.1 

func (in *LDAPAuthEngineGroupStatus) DeepCopyInto(out *LDAPAuthEngineGroupStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPConfig added in v0.5.0 

type LDAPConfig struct {

	// URL The LDAP server to connect to. Examples: ldap://ldap.myorg.com, ldaps://ldap.myorg.com:636.
	// Multiple URLs can be specified with commas, e.g. ldap://ldap.myorg.com,ldap://ldap2.myorg.com; these will be tried in-order.
	// +kubebuilder:validation:Required
	// +kubebuilder:default="ldap://127.0.0.1"
	URL string `json:"url"`

	// CaseSensitiveNames If set, user and group names assigned to policies within the backend will be case sensitive.
	// Otherwise, names will be normalized to lower case. Case will still be preserved when sending the username to the LDAP server at login time; this is only for matching local user/group definitions.
	// +kubebuilder:validation:Required
	// +kubebuilder:default=false
	CaseSensitiveNames bool `json:"caseSensitiveNames"`

	// RequestTimeout Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="90s"
	RequestTimeout string `json:"requestTimeout"`

	// StartTLS If true, issues a StartTLS command after establishing an unencrypted connection.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	StartTLS bool `json:"startTLS"`

	// TLSMinVersion Minimum TLS version to use. Accepted values are tls10, tls11, tls12 or tls13
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="tls12"
	TLSMinVersion string `json:"TLSMinVersion"`

	// TLSMaxVersion Maximum TLS version to use. Accepted values are tls10, tls11, tls12 or tls13
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="tls12"
	TLSMaxVersion string `json:"TLSMaxVersion"`

	// InsecureTLS If true, skips LDAP server SSL certificate verification - insecure, use with caution!
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	InsecureTLS bool `json:"insecureTLS"`

	// Certificate CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	Certificate string `json:"certificate,omitempty"`

	// ClientTLSCert Client certificate to provide to the LDAP server, must be x509 PEM encoded
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	ClientTLSCert string `json:"clientTLSCert,omitempty"`

	// ClientTLSKey Client certificate key to provide to the LDAP server, must be x509 PEM encoded
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	ClientTLSKey string `json:"clientTLSKey,omitempty"`

	// BindDN - Username used to connect to the LDAP service on the specified LDAP Server.
	// If in the form accountname@domain.com, the username is transformed into a proper LDAP bind DN, for example, CN=accountname,CN=users,DC=domain,DC=com, when accessing the LDAP server.
	// If username is provided it takes precedence over the username retrieved from the referenced secrets
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	BindDN string `json:"bindDN,omitempty"`

	// UserDN Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	UserDN string `json:"userDN,omitempty"`

	// UserAttr Attribute on user attribute object matching the username passed when authenticating. Examples: sAMAccountName, cn, uid
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="cn"
	UserAttr string `json:"userAttr"`

	// DiscoverDN Use anonymous bind to discover the bind DN of a user.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DiscoverDN bool `json:"discoverDN"`

	// DenyNullBind This option prevents users from bypassing authentication when providing an empty password
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	DenyNullBind bool `json:"denyNullBind"`

	// UPNDomain  The userPrincipalDomain used to construct the UPN string for the authenticating user.
	// The constructed UPN will appear as [username]@UPNDomain. Example: example.com, which will cause vault to bind as username@example.com
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	UPNDomain string `json:"UPNDomain,omitempty"`

	// UserFilter An optional LDAP user search filter. The template can access the following context variables: UserAttr, Username.
	// The default is ({{.UserAttr}}={{.Username}}), or ({{.UserAttr}}={{.Username@.upndomain}}) if upndomain is set.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	UserFilter string `json:"userFilter,omitempty"`

	// AnonymousGroupSearch Use anonymous binds when performing LDAP group searches (note: even when true, the initial credentials will still be used for the initial connection test).
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	AnonymousGroupSearch bool `json:"anonymousGroupSearch"`

	// GroupFilter Go template used when constructing the group membership query. The template can access the following context variables: [UserDN, Username].
	// The default is (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})), which is compatible with several common directory schemas.
	// To support nested group resolution for Active Directory, instead use the following query: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	GroupFilter string `json:"groupFilter,omitempty"`

	// GroupDN LDAP search base to use for group membership search. This can be the root containing either groups or users. Example: ou=Groups,dc=example,dc=com
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	GroupDN string `json:"groupDN,omitempty"`

	// GroupAttr LDAP attribute to follow on objects returned by groupfilter in order to enumerate user group membership.
	// Examples: for groupfilter queries returning group objects, use: cn. For queries returning user objects, use: memberOf. The default is cn.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	GroupAttr string `json:"groupAttr,omitempty"`

	// UsernameAsAlias If set to true, forces the auth method to use the username passed by the user as the alias name.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	UsernameAsAlias bool `json:"usernameAsAlias"`

	// TokenTTL The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenTTL string `json:"tokenTTL,omitempty"`

	// TokenMaxTTL The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenMaxTTL string `json:"tokenMaxTTL,omitempty"`

	// TokenPolicies List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenPolicies string `json:"tokenPolicies,omitempty"`

	// TokenBoundCIDRs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenBoundCIDRs string `json:"tokenBoundCIDRs,omitempty"`

	// TonenExplicitMaxTTL If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenExplicitMaxTTL string `json:"tokenExplicitMaxTTL,omitempty"`

	// TokenNoDefaultPolicy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy"`

	// TokenNumUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	// If you require the token to have the ability to create child tokens, you will need to set this value to 0.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenNumUses int64 `json:"tokenNumUses"`

	// TokenPeriod The period, if any, to set on the token
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenPeriod int64 `json:"tokenPeriod"`

	// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens).
	// For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenType string `json:"tokenType,omitempty"`
	// contains filtered or unexported fields
}

func (*LDAPConfig) DeepCopy added in v0.5.0 

func (in *LDAPConfig) DeepCopy() *LDAPConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPConfig.

func (*LDAPConfig) DeepCopyInto added in v0.5.0 

func (in *LDAPConfig) DeepCopyInto(out *LDAPConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Mount 

type Mount struct {
	// Type Specifies the type of the backend, such as "aws".
	// +kubebuilder:validation:Required
	Type string `json:"type,omitempty"`

	// Description Specifies the human-friendly description of the mount.
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`

	// Specifies configuration options for this mount; if set on a specific mount, values will override any global defaults (e.g. the system TTL/Max TTL)
	// +kubebuilder:validation:Optional
	Config MountConfig `json:"config,omitempty"`

	// Local Specifies if the secrets engine is a local mount only. Local mounts are not replicated nor (if a secondary) removed by replication.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	Local bool `json:"local,omitempty"`

	// SealWrap Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	SealWrap bool `json:"sealWrap,omitempty"`

	// ExternalEntropyAccess Enable the secrets engine to access Vault's external entropy source.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	ExternalEntropyAccess bool `json:"externalEntropyAccess,omitempty"`

	// Options Specifies mount type specific options that are passed to the backend.
	// +kubebuilder:validation:Optional
	// +mapType=granular
	Options map[string]string `json:"options,omitempty"`
}

+k8s:openapi-gen=true

func (*Mount) DeepCopy 

func (in *Mount) DeepCopy() *Mount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mount.

func (*Mount) DeepCopyInto 

func (in *Mount) DeepCopyInto(out *Mount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MountConfig 

type MountConfig struct {

	// DefaultLeaseTTL  The default lease duration, specified as a string duration like "5s" or "30m".
	// +kubebuilder:validation:Optional
	DefaultLeaseTTL string `json:"defaultLeaseTTL"`

	// MaxLeaseTTL The maximum lease duration, specified as a string duration like "5s" or "30m".
	// +kubebuilder:validation:Optional
	MaxLeaseTTL string `json:"maxLeaseTTL"`

	// ForceNoCache Disable caching.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	ForceNoCache bool `json:"forceNoCache"`

	// AuditNonHMACRequestKeys list of keys that will not be HMAC'd by audit devices in the request data object.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AuditNonHMACRequestKeys []string `json:"auditNonHMACRequestKeys,omitempty"`

	// AuditNonHMACResponseKeys list of keys that will not be HMAC'd by audit devices in the response data object.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AuditNonHMACResponseKeys []string `json:"auditNonHMACResponseKeys,omitempty"`

	// ListingVisibility Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden". If not set, behaves like "hidden"
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"unauth","hidden"}
	// +kubebuilder:default:="hidden"
	ListingVisibility string `json:"listingVisibility,omitempty"`

	// PassthroughRequestHeaders list of headers to whitelist and pass from the request to the plugin.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	PassthroughRequestHeaders []string `json:"passthroughRequestHeaders,omitempty"`

	// AllowedResponseHeaders list of headers to whitelist, allowing a plugin to include them in the response.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedResponseHeaders []string `json:"allowedResponseHeaders,omitempty"`
}

+k8s:openapi-gen=true

func (*MountConfig) DeepCopy 

func (in *MountConfig) DeepCopy() *MountConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MountConfig.

func (*MountConfig) DeepCopyInto 

func (in *MountConfig) DeepCopyInto(out *MountConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamespaceType added in v0.4.0 

type NamespaceType string

type PKICommon added in v0.3.0 

type PKICommon struct {

	// Specifies the requested CN for the certificate.
	// +kubebuilder:validation:Required
	CommonName string `json:"commonName,omitempty"`

	// Specifies the requested Subject Alternative Names, in a comma-delimited list. These can be host names or email addresses; they will be parsed into their respective fields.
	// +kubebuilder:validation:Optional
	AltNames string `json:"altNames,omitempty"`

	// Specifies the requested IP Subject Alternative Names, in a comma-delimited list.
	// +kubebuilder:validation:Optional
	IPSans string `json:"IPSans,omitempty"`

	// Specifies the requested URI Subject Alternative Names, in a comma-delimited list.
	// +kubebuilder:validation:Optional
	URISans string `json:"URISans,omitempty"`

	// Specifies custom OID/UTF8-string SANs. These must match values specified on the role in allowed_other_sans (see role creation for allowed_other_sans globbing rules). The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8. This can be a comma-delimited list or a JSON string slice.
	// +kubebuilder:validation:Optional
	OtherSans string `json:"otherSans,omitempty"`

	// Specifies the requested Time To Live (after which the certificate will be expired). This cannot be larger than the engine's max (or, if not set, the system max).
	// +kubebuilder:validation:Optional
	TTL metav1.Duration `json:"TTL,omitempty"`

	// Specifies the format for returned data. Can be pem, der, or pem_bundle. If der, the output is base64 encoded. If pem_bundle, the certificate field will contain the private key (if exported) and certificate, concatenated; if the issuing CA is not a Vault-derived self-signed root, this will be included as well.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"pem","pem_bundle", "der"}
	// +kubebuilder:default="pem"
	Format string `json:"format,omitempty"`

	// Specifies the format for marshaling the private key. Defaults to der which will return either base64-encoded DER or PEM-encoded DER, depending on the value of format. The other option is pkcs8 which will return the key marshalled as PEM-encoded PKCS8.
	// +kubebuilder:validation:Optional
	PrivateKeyFormat string `json:"privateKeyFormat,omitempty"`

	// Specifies the desired key type; must be rsa or ec.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"rsa","ec"}
	// +kubebuilder:default="rsa"
	KeyType string `json:"keyType,omitempty"`

	// Specifies the number of bits to use. This must be changed to a valid value if the key_type is ec, e.g., 224, 256, 384 or 521.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=2048
	KeyBits int `json:"keyBits,omitempty"`

	// Specifies the maximum path length to encode in the generated certificate. -1 means no limit. Unless the signing certificate has a maximum path length set, in which case the path length is set to one less than that of the signing certificate. A limit of 0 means a literal path length of zero.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=-1
	MaxPathLength int `json:"maxPathLength,omitempty"`

	// If set, the given common_name will not be included in DNS or Email Subject Alternate Names (as appropriate). Useful if the CN is not a hostname or email address, but is instead some human-readable identifier.
	// +kubebuilder:validation:Optional
	ExcludeCnFromSans bool `json:"excludeCnFromSans,omitempty"`

	// A comma separated string (or, string array) containing DNS domains for which certificates are allowed to be issued or signed by this CA certificate. Note that subdomains are allowed, as per RFC.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	PermittedDnsDomains []string `json:"permittedDnsDomains,omitempty"`

	// Specifies the OU (OrganizationalUnit) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	OU string `json:"ou,omitempty"`

	// Specifies the O (Organization) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Organization string `json:"organization,omitempty"`

	// Specifies the C (Country) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Country string `json:"country,omitempty"`

	// Specifies the L (Locality) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Locality string `json:"locality,omitempty"`

	// Specifies the ST (Province) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Province string `json:"province,omitempty"`

	// Specifies the Street Address values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	StreetAddress string `json:"streetAddress,omitempty"`

	// Specifies the Postal Code values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	PostalCode string `json:"postalCode,omitempty"`

	// Specifies the Serial Number, if any. Otherwise Vault will generate a random serial for you. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5.
	// +kubebuilder:validation:Optional
	SerialNumber string `json:"serialNumber,omitempty"`
}

func (*PKICommon) DeepCopy added in v0.3.0 

func (in *PKICommon) DeepCopy() *PKICommon

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICommon.

func (*PKICommon) DeepCopyInto added in v0.3.0 

func (in *PKICommon) DeepCopyInto(out *PKICommon)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIConfig added in v0.3.0 

type PKIConfig struct {
	// +kubebuilder:validation:Optional
	PKIConfigUrls `json:",inline"`
	// +kubebuilder:validation:Optional
	PKIConfigCRL `json:",inline"`
}

func (*PKIConfig) DeepCopy added in v0.3.0 

func (in *PKIConfig) DeepCopy() *PKIConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIConfig.

func (*PKIConfig) DeepCopyInto added in v0.3.0 

func (in *PKIConfig) DeepCopyInto(out *PKIConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIConfigCRL added in v0.3.0 

type PKIConfigCRL struct {
	// Specifies the time until expiration.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="72h"
	CRLExpiry metav1.Duration `json:"CRLExpiry,omitempty"`

	// Disables or enables CRL building.
	// +kubebuilder:validation:Optional
	CRLDisable bool `json:"CRLDisable,omitempty"`
}

func (*PKIConfigCRL) DeepCopy added in v0.3.0 

func (in *PKIConfigCRL) DeepCopy() *PKIConfigCRL

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIConfigCRL.

func (*PKIConfigCRL) DeepCopyInto added in v0.3.0 

func (in *PKIConfigCRL) DeepCopyInto(out *PKIConfigCRL)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIConfigUrls added in v0.3.0 

type PKIConfigUrls struct {
	// Specifies the URL values for the Issuing Certificate field. This can be an array or a comma-separated string list.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	IssuingCertificates []string `json:"issuingCertificates,omitempty"`

	// Specifies the URL values for the CRL Distribution Points field. This can be an array or a comma-separated string list.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	CRLDistributionPoints []string `json:"CRLDistributionPoints,omitempty"`

	// Specifies the URL values for the OCSP Servers field. This can be an array or a comma-separated string list.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	OcspServers []string `json:"ocspServers,omitempty"`
}

func (*PKIConfigUrls) DeepCopy added in v0.3.0 

func (in *PKIConfigUrls) DeepCopy() *PKIConfigUrls

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIConfigUrls.

func (*PKIConfigUrls) DeepCopyInto added in v0.3.0 

func (in *PKIConfigUrls) DeepCopyInto(out *PKIConfigUrls)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIIntermediate added in v0.3.0 

type PKIIntermediate struct {
	// ExternalSignSecret retrieves the signed intermediate certificate from a Kubernetes secret. Allows submitting the signed CA certificate corresponding to a private key generated.
	// +kubebuilder:validation:Optional
	ExternalSignSecret *corev1.LocalObjectReference `json:"externalSignSecret,omitempty"`

	// CertificateKey key to be used when retrieving the signed certificate
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="tls.crt"
	CertificateKey string `json:"certificateKey,omitempty"`

	// Use the configured refered Vault PKISecretEngineConfig to issue a certificate with appropriate values for acting as an intermediate CA.
	// +kubebuilder:validation:Optional
	InternalSign *corev1.LocalObjectReference `json:"internalSign,omitempty"`
	// contains filtered or unexported fields
}

func (*PKIIntermediate) DeepCopy added in v0.3.0 

func (in *PKIIntermediate) DeepCopy() *PKIIntermediate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIIntermediate.

func (*PKIIntermediate) DeepCopyInto added in v0.3.0 

func (in *PKIIntermediate) DeepCopyInto(out *PKIIntermediate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIRole added in v0.3.0 

type PKIRole struct {

	// Specifies the Time To Live value provided as a string duration with time suffix. Hour is the largest suffix. If not set, uses the system default value or the value of max_ttl, whichever is shorter.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	TTL metav1.Duration `json:"TTL,omitempty"`

	// Specifies the maximum Time To Live provided as a string duration with time suffix. Hour is the largest suffix. If not set, defaults to the system maximum lease TTL.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	MaxTTL metav1.Duration `json:"maxTTL,omitempty"`

	// +kubebuilder:validation:Optional
	AllowLocalhost bool `json:"allowLocalhost,omitempty"`

	// Specifies the domains of the role. This is used with the allow_bare_domains and allow_subdomains options.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedDomains []string `json:"allowedDomains,omitempty"`

	// When set, allowed_domains may contain templates, as with ACL Path Templating.
	// +kubebuilder:validation:Optional
	AllowedDomainsTemplate bool `json:"allowedDomainsTemplate,omitempty"`

	// Specifies if clients can request certificates matching the value of the actual domains themselves; e.g. if a configured domain set with allowed_domains is example.com, this allows clients to actually request a certificate containing the name example.com as one of the DNS values on the final certificate. In some scenarios, this can be considered a security risk.
	// +kubebuilder:validation:Optional
	AllowBareDomains bool `json:"allowBareDomains,omitempty"`

	// Specifies if clients can request certificates with CNs that are subdomains of the CNs allowed by the other role options. This includes wildcard subdomains. For example, an allowed_domains value of example.com with this option set to true will allow foo.example.com and bar.example.com as well as *.example.com. This is redundant when using the allow_any_name option.
	// +kubebuilder:validation:Optional
	AllowSubdomains bool `json:"allowSubdomains,omitempty"`

	// Allows names specified in allowed_domains to contain glob patterns (e.g. ftp*.example.com). Clients will be allowed to request certificates with names matching the glob patterns.
	// +kubebuilder:validation:Optional
	AllowGlobDomains bool `json:"allowGlobDomains,omitempty"`

	// Specifies if clients can request any CN. Useful in some circumstances, but make sure you understand whether it is appropriate for your installation before enabling it.
	// +kubebuilder:validation:Optional
	AllowAnyName bool `json:"allowAnyName,omitempty"`

	// Specifies if only valid host names are allowed for CNs, DNS SANs, and the host part of email addresses.
	// +kubebuilder:validation:Optional
	EnforceHostnames bool `json:"enforceHostnames,omitempty"`

	// Specifies if clients can request IP Subject Alternative Names. No authorization checking is performed except to verify that the given values are valid IP addresses.
	// +kubebuilder:validation:Optional
	AllowIPSans bool `json:"allowIPSans,omitempty"`

	// Defines allowed URI Subject Alternative Names. No authorization checking is performed except to verify that the given values are valid URIs. This can be a comma-delimited list or a JSON string slice. Values can contain glob patterns (e.g. spiffe://hostname/*).
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedURISans []string `json:"allowedURISans,omitempty"`

	// Defines allowed custom OID/UTF8-string SANs. This can be a comma-delimited list or a JSON string slice, where each element has the same format as OpenSSL: <oid>;<type>:<value>, but the only valid type is UTF8 or UTF-8. The value part of an element may be a * to allow any value with that OID. Alternatively, specifying a single * will allow any other_sans input.
	// +kubebuilder:validation:Optional
	AllowedOtherSans string `json:"allowedOtherSans,omitempty"`

	// Specifies if certificates are flagged for server use.
	// +kubebuilder:validation:Optional
	ServerFlag bool `json:"serverFlag,omitempty"`

	// Specifies if certificates are flagged for client use.
	// +kubebuilder:validation:Optional
	ClientFlag bool `json:"clientFlag,omitempty"`

	// Specifies if certificates are flagged for code signing use.
	// +kubebuilder:validation:Optional
	CodeSigningFlag bool `json:"codeSigningFlag,omitempty"`

	// Specifies if certificates are flagged for email protection use.
	// +kubebuilder:validation:Optional
	EmailProtectionFlag bool `json:"emailProtectionFlag,omitempty"`

	// Specifies the type of key to generate for generated private keys and the type of key expected for submitted CSRs. Currently, rsa and ec are supported, or when signing CSRs any can be specified to allow keys of either type and with any bit size (subject to > 1024 bits for RSA keys).
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"rsa","ec"}
	// +kubebuilder:default="rsa"
	KeyType string `json:"keyType,omitempty"`

	// Specifies the number of bits to use for the generated keys. This will need to be changed for ec keys, e.g., 224, 256, 384 or 521.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=2048
	KeyBits int `json:"keyBits,omitempty"`

	// Specifies the allowed key usage constraint on issued certificates. Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage - simply drop the KeyUsage part of the value. Values are not case-sensitive. To specify no key usage constraints, set this to an empty list.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:=DigitalSignature;KeyAgreement;KeyEncipherment;ContentCommitment;DataEncipherment;CertSign;CRLSign;EncipherOnly;DecipherOnly
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	KeyUsage []string `json:"keyUsage,omitempty"`

	// Specifies the allowed extended key usage constraint on issued certificates. Valid values can be found at https://golang.org/pkg/crypto/x509/#ExtKeyUsage - simply drop the ExtKeyUsage part of the value. Values are not case-sensitive. To specify no key usage constraints, set this to an empty list.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:=ServerAuth;ClientAuth;CodeSigning;EmailProtection;IPSECEndSystem;IPSECTunnel;IPSECUser;TimeStamping;OCSPSigning;MicrosoftServerGatedCrypto;NetscapeServerGatedCrypto;MicrosoftCommercialCodeSigning;MicrosoftKernelCodeSigning
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	ExtKeyUsage []string `json:"extKeyUsage,omitempty"`

	// A comma-separated string or list of extended key usage oids.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	ExtKeyUsageOids []string `json:"extKeyUsageOids,omitempty"`

	// When used with the CSR signing endpoint, the common name in the CSR will be used instead of taken from the JSON data. This does not include any requested SANs in the CSR; use use_csr_sans for that.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	UseCSRCommonName bool `json:"useCSRCommonName,omitempty"`

	// When used with the CSR signing endpoint, the subject alternate names in the CSR will be used instead of taken from the JSON data. This does not include the common name in the CSR; use use_csr_common_name for that.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	UseCSRSans bool `json:"useCSRSans,omitempty"`

	// Specifies the OU (OrganizationalUnit) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	OU string `json:"ou,omitempty"`

	// Specifies the O (Organization) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Organization string `json:"organization,omitempty"`

	// Specifies the C (Country) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Country string `json:"country,omitempty"`

	// Specifies the L (Locality) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Locality string `json:"locality,omitempty"`

	// Specifies the ST (Province) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Province string `json:"province,omitempty"`

	// Specifies the Street Address values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	StreetAddress string `json:"streetAddress,omitempty"`

	// Specifies the Postal Code values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	PostalCode string `json:"postalCode,omitempty"`

	// Specifies the Serial Number, if any. Otherwise Vault will generate a random serial for you. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5.
	// +kubebuilder:validation:Optional
	SerialNumber string `json:"serialNumber,omitempty"`

	// Specifies if certificates issued/signed against this role will have Vault leases attached to them. Certificates can be added to the CRL by vault revoke <lease_id> when certificates are associated with leases. It can also be done using the pki/revoke endpoint. However, when lease generation is disabled, invoking pki/revoke would be the only way to add the certificates to the CRL.
	// +kubebuilder:validation:Optional
	GenerateLease bool `json:"generateLease,omitempty"`

	// If set, certificates issued/signed against this role will not be stored in the storage backend. This can improve performance when issuing large numbers of certificates. However, certificates issued in this way cannot be enumerated or revoked, so this option is recommended only for certificates that are non-sensitive, or extremely short-lived. This option implies a value of false for generate_lease.
	// +kubebuilder:validation:Optional
	NoStore bool `json:"noStore,omitempty"`

	// If set to false, makes the common_name field optional while generating a certificate.
	// +kubebuilder:validation:Optional
	RequireCn bool `json:"requireCn,omitempty"`

	// A comma-separated string or list of policy OIDs.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	PolicyIdentifiers []string `json:"policyIdentifiers,omitempty"`

	// Mark Basic Constraints valid when issuing non-CA certificates.
	// +kubebuilder:validation:Optional
	BasicConstraintsValidForNonCa bool `json:"basicConstraintsValidForNonCa,omitempty"`

	// Specifies the duration by which to backdate the NotBefore property.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="30s"
	NotBeforeDuration metav1.Duration `json:"notBeforeDuration,omitempty"`
}

func (*PKIRole) DeepCopy added in v0.3.0 

func (in *PKIRole) DeepCopy() *PKIRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIRole.

func (*PKIRole) DeepCopyInto added in v0.3.0 

func (in *PKIRole) DeepCopyInto(out *PKIRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKISecretEngineConfig added in v0.3.0 

type PKISecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PKISecretEngineConfigSpec   `json:"spec,omitempty"`
	Status PKISecretEngineConfigStatus `json:"status,omitempty"`
}

PKISecretEngineConfig is the Schema for the pkisecretengineconfigs API

func (*PKISecretEngineConfig) CreateExported added in v0.3.0 

func (p *PKISecretEngineConfig) CreateExported(context context.Context, secret *vault.Secret) (bool, error)

func (*PKISecretEngineConfig) DeepCopy added in v0.3.0 

func (in *PKISecretEngineConfig) DeepCopy() *PKISecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineConfig.

func (*PKISecretEngineConfig) DeepCopyInto added in v0.3.0 

func (in *PKISecretEngineConfig) DeepCopyInto(out *PKISecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PKISecretEngineConfig) DeepCopyObject added in v0.3.0 

func (in *PKISecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PKISecretEngineConfig) Default added in v0.3.0 

func (r *PKISecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*PKISecretEngineConfig) GetConditions added in v0.3.0 

func (m *PKISecretEngineConfig) GetConditions() []metav1.Condition

func (*PKISecretEngineConfig) GetConfigCrlPath added in v0.3.0 

func (p *PKISecretEngineConfig) GetConfigCrlPath() string

func (*PKISecretEngineConfig) GetConfigCrlPayload added in v0.3.0 

func (p *PKISecretEngineConfig) GetConfigCrlPayload() map[string]interface{}

func (*PKISecretEngineConfig) GetConfigUrlsPath added in v0.3.0 

func (p *PKISecretEngineConfig) GetConfigUrlsPath() string

func (*PKISecretEngineConfig) GetConfigUrlsPayload added in v0.3.0 

func (p *PKISecretEngineConfig) GetConfigUrlsPayload() map[string]interface{}

func (*PKISecretEngineConfig) GetDeletePath added in v0.3.0 

func (p *PKISecretEngineConfig) GetDeletePath() string

func (*PKISecretEngineConfig) GetExportedPayload added in v0.3.0 

func (p *PKISecretEngineConfig) GetExportedPayload(data map[string]interface{}) map[string]string

func (*PKISecretEngineConfig) GetGeneratePath added in v0.3.0 

func (p *PKISecretEngineConfig) GetGeneratePath() string

func (*PKISecretEngineConfig) GetGeneratedStatus added in v0.3.0 

func (p *PKISecretEngineConfig) GetGeneratedStatus() bool

func (*PKISecretEngineConfig) GetIntermediateSetSignedPath added in v0.3.0 

func (p *PKISecretEngineConfig) GetIntermediateSetSignedPath() string

func (*PKISecretEngineConfig) GetIntermediateSetSignedPayload added in v0.3.0 

func (p *PKISecretEngineConfig) GetIntermediateSetSignedPayload() map[string]interface{}

func (*PKISecretEngineConfig) GetKubeAuthConfiguration added in v0.6.3 

func (d *PKISecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*PKISecretEngineConfig) GetPath added in v0.3.0 

func (p *PKISecretEngineConfig) GetPath() string

func (*PKISecretEngineConfig) GetPayload added in v0.3.0 

func (p *PKISecretEngineConfig) GetPayload() map[string]interface{}

func (*PKISecretEngineConfig) GetSignIntermediatePath added in v0.3.0 

func (p *PKISecretEngineConfig) GetSignIntermediatePath() string

func (*PKISecretEngineConfig) GetSignIntermediatePayload added in v0.3.0 

func (p *PKISecretEngineConfig) GetSignIntermediatePayload() map[string]interface{}

func (*PKISecretEngineConfig) GetSignedStatus added in v0.5.0 

func (p *PKISecretEngineConfig) GetSignedStatus() bool

func (*PKISecretEngineConfig) GetVaultConnection added in v0.8.9 

func (d *PKISecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*PKISecretEngineConfig) IsDeletable added in v0.8.29 

func (d *PKISecretEngineConfig) IsDeletable() bool

func (*PKISecretEngineConfig) IsEquivalentToDesiredState added in v0.3.0 

func (p *PKISecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*PKISecretEngineConfig) IsInitialized added in v0.3.0 

func (p *PKISecretEngineConfig) IsInitialized() bool

func (*PKISecretEngineConfig) IsValid added in v0.3.0 

func (p *PKISecretEngineConfig) IsValid() (bool, error)

func (*PKISecretEngineConfig) PrepareInternalValues added in v0.3.0 

func (p *PKISecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*PKISecretEngineConfig) PrepareTLSConfig added in v0.8.24 

func (p *PKISecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*PKISecretEngineConfig) SetConditions added in v0.3.0 

func (m *PKISecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*PKISecretEngineConfig) SetExportedStatus added in v0.3.0 

func (p *PKISecretEngineConfig) SetExportedStatus(status bool)

func (*PKISecretEngineConfig) SetGeneratedStatus added in v0.3.0 

func (p *PKISecretEngineConfig) SetGeneratedStatus(status bool)

func (*PKISecretEngineConfig) SetIntermediate added in v0.3.0 

func (p *PKISecretEngineConfig) SetIntermediate(context context.Context) error

func (*PKISecretEngineConfig) SetSignedStatus added in v0.5.0 

func (p *PKISecretEngineConfig) SetSignedStatus(status bool)

func (*PKISecretEngineConfig) SetupWebhookWithManager added in v0.3.0 

func (r *PKISecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*PKISecretEngineConfig) ValidateCreate added in v0.3.0 

func (r *PKISecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*PKISecretEngineConfig) ValidateDelete added in v0.3.0 

func (r *PKISecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*PKISecretEngineConfig) ValidateUpdate added in v0.3.0 

func (r *PKISecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PKISecretEngineConfigList added in v0.3.0 

type PKISecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PKISecretEngineConfig `json:"items"`
}

PKISecretEngineConfigList contains a list of PKISecretEngineConfig

func (*PKISecretEngineConfigList) DeepCopy added in v0.3.0 

func (in *PKISecretEngineConfigList) DeepCopy() *PKISecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineConfigList.

func (*PKISecretEngineConfigList) DeepCopyInto added in v0.3.0 

func (in *PKISecretEngineConfigList) DeepCopyInto(out *PKISecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PKISecretEngineConfigList) DeepCopyObject added in v0.3.0 

func (in *PKISecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PKISecretEngineConfigSpec added in v0.3.0 

type PKISecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	PKIType `json:",inline"`

	PKICommon `json:",inline"`

	PKIConfig `json:",inline"`

	PKIIntermediate `json:",inline"`
}

PKISecretEngineConfigSpec defines the desired state of PKISecretEngineConfig

func (*PKISecretEngineConfigSpec) DeepCopy added in v0.3.0 

func (in *PKISecretEngineConfigSpec) DeepCopy() *PKISecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineConfigSpec.

func (*PKISecretEngineConfigSpec) DeepCopyInto added in v0.3.0 

func (in *PKISecretEngineConfigSpec) DeepCopyInto(out *PKISecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKISecretEngineConfigStatus added in v0.3.0 

type PKISecretEngineConfigStatus struct {
	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
	// Important: Run "make" to regenerate code after modifying this file
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	// +kubebuilder:validation:Optional
	Generated bool `json:"generated,omitempty"`

	// +kubebuilder:validation:Optional
	Exported bool `json:"exported,omitempty"`

	// +kubebuilder:validation:Optional
	Signed bool `json:"signed,omitempty"`
}

PKISecretEngineConfigStatus defines the observed state of PKISecretEngineConfig

func (*PKISecretEngineConfigStatus) DeepCopy added in v0.3.0 

func (in *PKISecretEngineConfigStatus) DeepCopy() *PKISecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineConfigStatus.

func (*PKISecretEngineConfigStatus) DeepCopyInto added in v0.3.0 

func (in *PKISecretEngineConfigStatus) DeepCopyInto(out *PKISecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKISecretEngineRole added in v0.3.0 

type PKISecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PKISecretEngineRoleSpec   `json:"spec,omitempty"`
	Status PKISecretEngineRoleStatus `json:"status,omitempty"`
}

PKISecretEngineRole is the Schema for the pkisecretengineroles API

func (*PKISecretEngineRole) DeepCopy added in v0.3.0 

func (in *PKISecretEngineRole) DeepCopy() *PKISecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineRole.

func (*PKISecretEngineRole) DeepCopyInto added in v0.3.0 

func (in *PKISecretEngineRole) DeepCopyInto(out *PKISecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PKISecretEngineRole) DeepCopyObject added in v0.3.0 

func (in *PKISecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PKISecretEngineRole) Default added in v0.3.0 

func (r *PKISecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*PKISecretEngineRole) GetConditions added in v0.3.0 

func (m *PKISecretEngineRole) GetConditions() []metav1.Condition

func (*PKISecretEngineRole) GetKubeAuthConfiguration added in v0.6.3 

func (d *PKISecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*PKISecretEngineRole) GetPath added in v0.3.0 

func (d *PKISecretEngineRole) GetPath() string

func (*PKISecretEngineRole) GetPayload added in v0.3.0 

func (d *PKISecretEngineRole) GetPayload() map[string]interface{}

func (*PKISecretEngineRole) GetVaultConnection added in v0.8.9 

func (d *PKISecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*PKISecretEngineRole) IsDeletable added in v0.8.29 

func (d *PKISecretEngineRole) IsDeletable() bool

func (*PKISecretEngineRole) IsEquivalentToDesiredState added in v0.3.0 

func (d *PKISecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*PKISecretEngineRole) IsInitialized added in v0.3.0 

func (d *PKISecretEngineRole) IsInitialized() bool

func (*PKISecretEngineRole) IsValid added in v0.3.0 

func (r *PKISecretEngineRole) IsValid() (bool, error)

func (*PKISecretEngineRole) PrepareInternalValues added in v0.3.0 

func (d *PKISecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*PKISecretEngineRole) PrepareTLSConfig added in v0.8.24 

func (p *PKISecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*PKISecretEngineRole) SetConditions added in v0.3.0 

func (m *PKISecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*PKISecretEngineRole) SetupWebhookWithManager added in v0.3.0 

func (r *PKISecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*PKISecretEngineRole) ValidateCreate added in v0.3.0 

func (r *PKISecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*PKISecretEngineRole) ValidateDelete added in v0.3.0 

func (r *PKISecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*PKISecretEngineRole) ValidateUpdate added in v0.3.0 

func (r *PKISecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PKISecretEngineRoleList added in v0.3.0 

type PKISecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PKISecretEngineRole `json:"items"`
}

PKISecretEngineRoleList contains a list of PKISecretEngineRole

func (*PKISecretEngineRoleList) DeepCopy added in v0.3.0 

func (in *PKISecretEngineRoleList) DeepCopy() *PKISecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineRoleList.

func (*PKISecretEngineRoleList) DeepCopyInto added in v0.3.0 

func (in *PKISecretEngineRoleList) DeepCopyInto(out *PKISecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PKISecretEngineRoleList) DeepCopyObject added in v0.3.0 

func (in *PKISecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PKISecretEngineRoleSpec added in v0.3.0 

type PKISecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	PKIRole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

PKISecretEngineRoleSpec defines the desired state of PKISecretEngineRole

func (*PKISecretEngineRoleSpec) DeepCopy added in v0.3.0 

func (in *PKISecretEngineRoleSpec) DeepCopy() *PKISecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineRoleSpec.

func (*PKISecretEngineRoleSpec) DeepCopyInto added in v0.3.0 

func (in *PKISecretEngineRoleSpec) DeepCopyInto(out *PKISecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKISecretEngineRoleStatus added in v0.3.0 

type PKISecretEngineRoleStatus struct {
	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
	// Important: Run "make" to regenerate code after modifying this file
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

PKISecretEngineRoleStatus defines the observed state of PKISecretEngineRole

func (*PKISecretEngineRoleStatus) DeepCopy added in v0.3.0 

func (in *PKISecretEngineRoleStatus) DeepCopy() *PKISecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineRoleStatus.

func (*PKISecretEngineRoleStatus) DeepCopyInto added in v0.3.0 

func (in *PKISecretEngineRoleStatus) DeepCopyInto(out *PKISecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIType added in v0.3.0 

type PKIType struct {
	// Specifies the type of certificate authority. Root CA or Intermediate CA. This is part of the request URL.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:={"root","intermediate"}
	// +kubebuilder:default="root"
	Type string `json:"type,omitempty"`

	// Specifies the type of the root to create. If exported, the private key will be returned in the response; if internal the private key will not be returned and cannot be retrieved later. This is part of the request URL.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:={"internal","exported"}
	// +kubebuilder:default="internal"
	PrivateKeyType string `json:"privateKeyType,omitempty"`
}

func (*PKIType) DeepCopy added in v0.3.0 

func (in *PKIType) DeepCopy() *PKIType

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIType.

func (*PKIType) DeepCopyInto added in v0.3.0 

func (in *PKIType) DeepCopyInto(out *PKIType)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordCredentialConfig added in v0.8.3 

type PasswordCredentialConfig struct {
	// PasswordPolicy The policy used for password generation. If not provided, defaults to the password policy of the database configuration
	// +kubebuilder:validation:Optional
	PasswordPolicy string `json:"passwordPolicy,omitempty"`
}

func (*PasswordCredentialConfig) DeepCopy added in v0.8.4 

func (in *PasswordCredentialConfig) DeepCopy() *PasswordCredentialConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordCredentialConfig.

func (*PasswordCredentialConfig) DeepCopyInto added in v0.8.4 

func (in *PasswordCredentialConfig) DeepCopyInto(out *PasswordCredentialConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordPolicy 

type PasswordPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PasswordPolicySpec   `json:"spec,omitempty"`
	Status PasswordPolicyStatus `json:"status,omitempty"`
}

PasswordPolicy is the Schema for the passowordpolicies API

func (*PasswordPolicy) DeepCopy 

func (in *PasswordPolicy) DeepCopy() *PasswordPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicy.

func (*PasswordPolicy) DeepCopyInto 

func (in *PasswordPolicy) DeepCopyInto(out *PasswordPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PasswordPolicy) DeepCopyObject 

func (in *PasswordPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PasswordPolicy) Default 

func (r *PasswordPolicy) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*PasswordPolicy) GetConditions 

func (m *PasswordPolicy) GetConditions() []metav1.Condition

func (*PasswordPolicy) GetKubeAuthConfiguration added in v0.6.3 

func (d *PasswordPolicy) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*PasswordPolicy) GetPath 

func (d *PasswordPolicy) GetPath() string

func (*PasswordPolicy) GetPayload 

func (d *PasswordPolicy) GetPayload() map[string]interface{}

func (*PasswordPolicy) GetVaultConnection added in v0.8.9 

func (d *PasswordPolicy) GetVaultConnection() *vaultutils.VaultConnection

func (*PasswordPolicy) IsDeletable added in v0.8.29 

func (d *PasswordPolicy) IsDeletable() bool

func (*PasswordPolicy) IsEquivalentToDesiredState 

func (d *PasswordPolicy) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*PasswordPolicy) IsInitialized 

func (d *PasswordPolicy) IsInitialized() bool

func (*PasswordPolicy) IsValid 

func (r *PasswordPolicy) IsValid() (bool, error)

func (*PasswordPolicy) PrepareInternalValues 

func (d *PasswordPolicy) PrepareInternalValues(context context.Context, object client.Object) error

func (*PasswordPolicy) PrepareTLSConfig added in v0.8.24 

func (d *PasswordPolicy) PrepareTLSConfig(context context.Context, object client.Object) error

func (*PasswordPolicy) SetConditions 

func (m *PasswordPolicy) SetConditions(conditions []metav1.Condition)

func (*PasswordPolicy) SetupWebhookWithManager 

func (r *PasswordPolicy) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*PasswordPolicy) ValidateCreate 

func (r *PasswordPolicy) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*PasswordPolicy) ValidateDelete 

func (r *PasswordPolicy) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*PasswordPolicy) ValidateUpdate 

func (r *PasswordPolicy) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PasswordPolicyFormat 

type PasswordPolicyFormat struct {
	Length int                  `hcl:"length"`
	Rules  []PasswordPolicyRule `hcl:"rule,block"`
}

func (*PasswordPolicyFormat) DeepCopy 

func (in *PasswordPolicyFormat) DeepCopy() *PasswordPolicyFormat

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicyFormat.

func (*PasswordPolicyFormat) DeepCopyInto 

func (in *PasswordPolicyFormat) DeepCopyInto(out *PasswordPolicyFormat)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordPolicyList 

type PasswordPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PasswordPolicy `json:"items"`
}

PasswordPolicyList contains a list of PasswordPolicy

func (*PasswordPolicyList) DeepCopy 

func (in *PasswordPolicyList) DeepCopy() *PasswordPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicyList.

func (*PasswordPolicyList) DeepCopyInto 

func (in *PasswordPolicyList) DeepCopyInto(out *PasswordPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PasswordPolicyList) DeepCopyObject 

func (in *PasswordPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PasswordPolicyRule 

type PasswordPolicyRule struct {
	RuleType string `hcl:"type,label"`
	Charset  string `hcl:"charset"`
	MinChars int    `hcl:"min-chars"`
}

func (*PasswordPolicyRule) DeepCopy 

func (in *PasswordPolicyRule) DeepCopy() *PasswordPolicyRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicyRule.

func (*PasswordPolicyRule) DeepCopyInto 

func (in *PasswordPolicyRule) DeepCopyInto(out *PasswordPolicyRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordPolicySpec 

type PasswordPolicySpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// PasswordPolicy  is a Vault password policy (https://www.vaultproject.io/docs/concepts/password-policies) expressed in HCL language.
	// +kubebuilder:validation:Required
	PasswordPolicy string `json:"passwordPolicy,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

PasswordPolicySpec defines the desired state of PasswordPolicy

func (*PasswordPolicySpec) DeepCopy 

func (in *PasswordPolicySpec) DeepCopy() *PasswordPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicySpec.

func (*PasswordPolicySpec) DeepCopyInto 

func (in *PasswordPolicySpec) DeepCopyInto(out *PasswordPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordPolicyStatus 

type PasswordPolicyStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

PolicyStatus defines the observed state of Policy

func (*PasswordPolicyStatus) DeepCopy 

func (in *PasswordPolicyStatus) DeepCopy() *PasswordPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicyStatus.

func (*PasswordPolicyStatus) DeepCopyInto 

func (in *PasswordPolicyStatus) DeepCopyInto(out *PasswordPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Permission added in v0.4.0 

type Permission string

+kubebuilder:validation:Enum:={"admin","read","write"}

type PermissionSet 

type PermissionSet struct {

	//  InstallationID the ID of the app installation. Note the Installation ID from the URL of this page (usually: https://github.com/settings/installations/<installation id>) if you wish to configure using the installation ID directly. Only one of installationID or organizationName is required. If both are provided, installationID takes precedence.
	// +kubebuilder:validation:Optional
	InstallationID int64 `json:"installationID,omitempty"`

	// OrganizationName the name of the organization with the GitHub App installation. Only one of installationID or organizationName is required. If both are provided, installationID takes precedence.
	// +kubebuilder:validation:Optional
	OrganizationName string `json:"organizationName,omitempty"`

	// Repositories a list of the names of the repositories within the organisation that the installation token can access
	// +kubebuilder:validation:Optional
	Repositories []string `json:"repositories,omitempty"`

	// Repositories a list of the IDs of the repositories that the installation token can access. See [this StackOverflow](https://stackoverflow.com/a/47223479) post for the quickest way to find a repository ID
	// +kubebuilder:validation:Optional
	RepositoriesIDs []string `json:"repositoriesIDs,omitempty"`

	// Permissions a key value map of permission names to their access type (read or write). See [GitHub’s documentation](https://developer.github.com/v3/apps/permissions) on permission names and access types.
	// +kubebuilder:validation:Optional
	Permissions map[string]string `json:"permissions,omitempty"`
}

func (*PermissionSet) DeepCopy 

func (in *PermissionSet) DeepCopy() *PermissionSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSet.

func (*PermissionSet) DeepCopyInto 

func (in *PermissionSet) DeepCopyInto(out *PermissionSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Policy 

type Policy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PolicySpec   `json:"spec,omitempty"`
	Status PolicyStatus `json:"status,omitempty"`
}

Policy is the Schema for the policies API

func (*Policy) DeepCopy 

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto 

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject 

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Policy) Default 

func (r *Policy) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*Policy) GetConditions 

func (m *Policy) GetConditions() []metav1.Condition

func (*Policy) GetKubeAuthConfiguration added in v0.6.3 

func (d *Policy) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*Policy) GetPath 

func (d *Policy) GetPath() string

func (*Policy) GetPayload 

func (d *Policy) GetPayload() map[string]interface{}

func (*Policy) GetVaultConnection added in v0.8.9 

func (d *Policy) GetVaultConnection() *vaultutils.VaultConnection

func (*Policy) IsDeletable added in v0.8.29 

func (d *Policy) IsDeletable() bool

func (*Policy) IsEquivalentToDesiredState 

func (d *Policy) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*Policy) IsInitialized 

func (d *Policy) IsInitialized() bool

func (*Policy) IsValid 

func (r *Policy) IsValid() (bool, error)

func (*Policy) PrepareInternalValues 

func (d *Policy) PrepareInternalValues(context context.Context, object client.Object) error

func (*Policy) PrepareTLSConfig added in v0.8.24 

func (d *Policy) PrepareTLSConfig(context context.Context, object client.Object) error

func (*Policy) SetConditions 

func (m *Policy) SetConditions(conditions []metav1.Condition)

func (*Policy) SetupWebhookWithManager 

func (r *Policy) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*Policy) ValidateCreate 

func (r *Policy) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*Policy) ValidateDelete 

func (r *Policy) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*Policy) ValidateUpdate 

func (r *Policy) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PolicyList 

type PolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Policy `json:"items"`
}

PolicyList contains a list of Policy

func (*PolicyList) DeepCopy 

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto 

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject 

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicySpec 

type PolicySpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Policy is a Vault policy expressed in HCL language.
	// +kubebuilder:validation:Required
	Policy string `json:"policy,omitempty"`

	// Type represents the policy type, currently the only supported policy type is "acl", but in the future rgp and egp  might be supported. If not specified a policy will be created at /sys/policies/<name>, if specified (the recommended approach) a policy will be created at /sys/policies/acl/<name>
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum={"acl"}
	Type string `json:"type,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

PolicySpec defines the desired state of Policy

func (*PolicySpec) DeepCopy 

func (in *PolicySpec) DeepCopy() *PolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.

func (*PolicySpec) DeepCopyInto 

func (in *PolicySpec) DeepCopyInto(out *PolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyStatus 

type PolicyStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

PolicyStatus defines the observed state of Policy

func (*PolicyStatus) DeepCopy 

func (in *PolicyStatus) DeepCopy() *PolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.

func (*PolicyStatus) DeepCopyInto 

func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuayBaseRole added in v0.4.0 

type QuayBaseRole struct {
	// NamespaceType Type of account namespace to manage.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"organization","user"}
	// +kubebuilder:default="organization"
	NamespaceType NamespaceType `json:"namespaceType,omitempty"`

	// NamespaceName Name of the Quay account.
	// +kubebuilder:validation:Required
	NamespaceName string `json:"namespaceName,omitempty"`

	// CreateRepositories Access to create Quay repositories.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	CreateRepositories *bool `json:"createRepositories,omitempty"`

	// Teams Permissions granted to the Robot Account to Teams.
	// +kubebuilder:validation:Optional
	Teams *map[string]TeamRole `json:"teams,omitempty"`

	// Teams Permissions granted to the Robot Account to Repositories.
	// +kubebuilder:validation:Optional
	Repositories *map[string]Permission `json:"repositories,omitempty"`

	// DefaultPermission Permissions granted to the Robot Account in newly created repositories
	// +kubebuilder:validation:Optional
	DefaultPermission *Permission `json:"defaultPermission,omitempty"`
}

func (*QuayBaseRole) DeepCopy added in v0.4.0 

func (in *QuayBaseRole) DeepCopy() *QuayBaseRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayBaseRole.

func (*QuayBaseRole) DeepCopyInto added in v0.4.0 

func (in *QuayBaseRole) DeepCopyInto(out *QuayBaseRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuayConfig added in v0.4.0 

type QuayConfig struct {

	// url Specifies the location of the Quay instance
	// +kubebuilder:validation:Required
	URL string `json:"url,omitempty"`

	// CACertertificate PEM encoded CA cert for use by the TLS client used to communicate with Quay.
	// +kubebuilder:validation:Optional
	CACertertificate string `json:"caCertificate,omitempty"`

	// DisableSslVerification Disable SSL verification when communicating with Quay.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DisableSslVerification bool `json:"disableSslVerification,omitempty"`
	// contains filtered or unexported fields
}

func (*QuayConfig) DeepCopy added in v0.4.0 

func (in *QuayConfig) DeepCopy() *QuayConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayConfig.

func (*QuayConfig) DeepCopyInto added in v0.4.0 

func (in *QuayConfig) DeepCopyInto(out *QuayConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuayRole added in v0.4.0 

type QuayRole struct {
	QuayBaseRole `json:",inline"`

	// TTL Time-to-Live for the credential
	// +kubebuilder:validation:Optional
	TTL *metav1.Duration `json:"TTL,omitempty"`

	// MaxTTL Maximum Time-to-Live for the credential
	// +kubebuilder:validation:Optional
	MaxTTL *metav1.Duration `json:"maxTTL,omitempty"`
}

func (*QuayRole) DeepCopy added in v0.4.0 

func (in *QuayRole) DeepCopy() *QuayRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayRole.

func (*QuayRole) DeepCopyInto added in v0.4.0 

func (in *QuayRole) DeepCopyInto(out *QuayRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineConfig added in v0.4.0 

type QuaySecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   QuaySecretEngineConfigSpec   `json:"spec,omitempty"`
	Status QuaySecretEngineConfigStatus `json:"status,omitempty"`
}

QuaySecretEngineConfig is the Schema for the quaysecretengineconfigs API

func (*QuaySecretEngineConfig) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineConfig) DeepCopy() *QuaySecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineConfig.

func (*QuaySecretEngineConfig) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineConfig) DeepCopyInto(out *QuaySecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineConfig) DeepCopyObject added in v0.4.0 

func (in *QuaySecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*QuaySecretEngineConfig) Default added in v0.4.0 

func (r *QuaySecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*QuaySecretEngineConfig) GetConditions added in v0.4.0 

func (q *QuaySecretEngineConfig) GetConditions() []metav1.Condition

func (*QuaySecretEngineConfig) GetKubeAuthConfiguration added in v0.6.3 

func (d *QuaySecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*QuaySecretEngineConfig) GetPath added in v0.4.0 

func (q *QuaySecretEngineConfig) GetPath() string

func (*QuaySecretEngineConfig) GetPayload added in v0.4.0 

func (q *QuaySecretEngineConfig) GetPayload() map[string]interface{}

func (*QuaySecretEngineConfig) GetVaultConnection added in v0.8.9 

func (d *QuaySecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*QuaySecretEngineConfig) IsDeletable added in v0.8.29 

func (d *QuaySecretEngineConfig) IsDeletable() bool

func (*QuaySecretEngineConfig) IsEquivalentToDesiredState added in v0.4.0 

func (q *QuaySecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*QuaySecretEngineConfig) IsInitialized added in v0.4.0 

func (q *QuaySecretEngineConfig) IsInitialized() bool

func (*QuaySecretEngineConfig) IsValid added in v0.4.0 

func (q *QuaySecretEngineConfig) IsValid() (bool, error)

func (*QuaySecretEngineConfig) PrepareInternalValues added in v0.4.0 

func (q *QuaySecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*QuaySecretEngineConfig) PrepareTLSConfig added in v0.8.24 

func (q *QuaySecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*QuaySecretEngineConfig) SetConditions added in v0.4.0 

func (q *QuaySecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*QuaySecretEngineConfig) SetToken added in v0.4.0 

func (q *QuaySecretEngineConfig) SetToken(token string)

func (*QuaySecretEngineConfig) SetupWebhookWithManager added in v0.4.0 

func (r *QuaySecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*QuaySecretEngineConfig) ValidateCreate added in v0.4.0 

func (r *QuaySecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineConfig) ValidateDelete added in v0.4.0 

func (r *QuaySecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineConfig) ValidateUpdate added in v0.4.0 

func (r *QuaySecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type QuaySecretEngineConfigList added in v0.4.0 

type QuaySecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []QuaySecretEngineConfig `json:"items"`
}

QuaySecretEngineConfigList contains a list of QuaySecretEngineConfig

func (*QuaySecretEngineConfigList) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineConfigList) DeepCopy() *QuaySecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineConfigList.

func (*QuaySecretEngineConfigList) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineConfigList) DeepCopyInto(out *QuaySecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineConfigList) DeepCopyObject added in v0.4.0 

func (in *QuaySecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type QuaySecretEngineConfigSpec added in v0.4.0 

type QuaySecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	QuayConfig `json:",inline"`

	// RootCredentials specifies how to retrieve the credentials for this Quay connection.
	// +kubebuilder:validation:Required
	RootCredentials vaultutils.RootCredentialConfig `json:"rootCredentials,omitempty"`
}

QuaySecretEngineConfigSpec defines the desired state of QuaySecretEngineConfig

func (*QuaySecretEngineConfigSpec) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineConfigSpec) DeepCopy() *QuaySecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineConfigSpec.

func (*QuaySecretEngineConfigSpec) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineConfigSpec) DeepCopyInto(out *QuaySecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineConfigStatus added in v0.4.0 

type QuaySecretEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

QuaySecretEngineConfigStatus defines the observed state of QuaySecretEngineConfig

func (*QuaySecretEngineConfigStatus) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineConfigStatus) DeepCopy() *QuaySecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineConfigStatus.

func (*QuaySecretEngineConfigStatus) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineConfigStatus) DeepCopyInto(out *QuaySecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineRole added in v0.4.0 

type QuaySecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   QuaySecretEngineRoleSpec   `json:"spec,omitempty"`
	Status QuaySecretEngineRoleStatus `json:"status,omitempty"`
}

QuaySecretEngineRole is the Schema for the quaysecretengineroles API

func (*QuaySecretEngineRole) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineRole) DeepCopy() *QuaySecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineRole.

func (*QuaySecretEngineRole) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineRole) DeepCopyInto(out *QuaySecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineRole) DeepCopyObject added in v0.4.0 

func (in *QuaySecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*QuaySecretEngineRole) Default added in v0.4.0 

func (r *QuaySecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*QuaySecretEngineRole) GetConditions added in v0.4.0 

func (q *QuaySecretEngineRole) GetConditions() []metav1.Condition

func (*QuaySecretEngineRole) GetKubeAuthConfiguration added in v0.6.3 

func (d *QuaySecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*QuaySecretEngineRole) GetPath added in v0.4.0 

func (d *QuaySecretEngineRole) GetPath() string

func (*QuaySecretEngineRole) GetPayload added in v0.4.0 

func (q *QuaySecretEngineRole) GetPayload() map[string]interface{}

func (*QuaySecretEngineRole) GetVaultConnection added in v0.8.9 

func (d *QuaySecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*QuaySecretEngineRole) IsDeletable added in v0.8.29 

func (d *QuaySecretEngineRole) IsDeletable() bool

func (*QuaySecretEngineRole) IsEquivalentToDesiredState added in v0.4.0 

func (q *QuaySecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*QuaySecretEngineRole) IsInitialized added in v0.4.0 

func (q *QuaySecretEngineRole) IsInitialized() bool

func (*QuaySecretEngineRole) IsValid added in v0.4.0 

func (q *QuaySecretEngineRole) IsValid() (bool, error)

func (*QuaySecretEngineRole) PrepareInternalValues added in v0.4.0 

func (q *QuaySecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*QuaySecretEngineRole) PrepareTLSConfig added in v0.8.24 

func (q *QuaySecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*QuaySecretEngineRole) SetConditions added in v0.4.0 

func (q *QuaySecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*QuaySecretEngineRole) SetupWebhookWithManager added in v0.4.0 

func (r *QuaySecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*QuaySecretEngineRole) ValidateCreate added in v0.4.0 

func (r *QuaySecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineRole) ValidateDelete added in v0.4.0 

func (r *QuaySecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineRole) ValidateUpdate added in v0.4.0 

func (r *QuaySecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type QuaySecretEngineRoleList added in v0.4.0 

type QuaySecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []QuaySecretEngineRole `json:"items"`
}

QuaySecretEngineRoleList contains a list of QuaySecretEngineRole

func (*QuaySecretEngineRoleList) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineRoleList) DeepCopy() *QuaySecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineRoleList.

func (*QuaySecretEngineRoleList) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineRoleList) DeepCopyInto(out *QuaySecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineRoleList) DeepCopyObject added in v0.4.0 

func (in *QuaySecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type QuaySecretEngineRoleSpec added in v0.4.0 

type QuaySecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	QuayRole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

QuaySecretEngineRoleSpec defines the desired state of QuaySecretEngineRole

func (*QuaySecretEngineRoleSpec) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineRoleSpec) DeepCopy() *QuaySecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineRoleSpec.

func (*QuaySecretEngineRoleSpec) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineRoleSpec) DeepCopyInto(out *QuaySecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineRoleStatus added in v0.4.0 

type QuaySecretEngineRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

QuaySecretEngineRoleStatus defines the observed state of QuaySecretEngineRole

func (*QuaySecretEngineRoleStatus) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineRoleStatus) DeepCopy() *QuaySecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineRoleStatus.

func (*QuaySecretEngineRoleStatus) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineRoleStatus) DeepCopyInto(out *QuaySecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineStaticRole added in v0.4.0 

type QuaySecretEngineStaticRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   QuaySecretEngineStaticRoleSpec   `json:"spec,omitempty"`
	Status QuaySecretEngineStaticRoleStatus `json:"status,omitempty"`
}

QuaySecretEngineStaticRole is the Schema for the quaysecretenginestaticroles API

func (*QuaySecretEngineStaticRole) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineStaticRole) DeepCopy() *QuaySecretEngineStaticRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineStaticRole.

func (*QuaySecretEngineStaticRole) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineStaticRole) DeepCopyInto(out *QuaySecretEngineStaticRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineStaticRole) DeepCopyObject added in v0.4.0 

func (in *QuaySecretEngineStaticRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*QuaySecretEngineStaticRole) Default added in v0.4.0 

func (r *QuaySecretEngineStaticRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*QuaySecretEngineStaticRole) GetConditions added in v0.4.0 

func (q *QuaySecretEngineStaticRole) GetConditions() []metav1.Condition

func (*QuaySecretEngineStaticRole) GetKubeAuthConfiguration added in v0.6.3 

func (d *QuaySecretEngineStaticRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*QuaySecretEngineStaticRole) GetPath added in v0.4.0 

func (d *QuaySecretEngineStaticRole) GetPath() string

func (*QuaySecretEngineStaticRole) GetPayload added in v0.4.0 

func (q *QuaySecretEngineStaticRole) GetPayload() map[string]interface{}

func (*QuaySecretEngineStaticRole) GetVaultConnection added in v0.8.9 

func (d *QuaySecretEngineStaticRole) GetVaultConnection() *vaultutils.VaultConnection

func (*QuaySecretEngineStaticRole) IsDeletable added in v0.8.29 

func (d *QuaySecretEngineStaticRole) IsDeletable() bool

func (*QuaySecretEngineStaticRole) IsEquivalentToDesiredState added in v0.4.0 

func (q *QuaySecretEngineStaticRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*QuaySecretEngineStaticRole) IsInitialized added in v0.4.0 

func (q *QuaySecretEngineStaticRole) IsInitialized() bool

func (*QuaySecretEngineStaticRole) IsValid added in v0.4.0 

func (q *QuaySecretEngineStaticRole) IsValid() (bool, error)

func (*QuaySecretEngineStaticRole) PrepareInternalValues added in v0.4.0 

func (q *QuaySecretEngineStaticRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*QuaySecretEngineStaticRole) PrepareTLSConfig added in v0.8.24 

func (q *QuaySecretEngineStaticRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*QuaySecretEngineStaticRole) SetConditions added in v0.4.0 

func (q *QuaySecretEngineStaticRole) SetConditions(conditions []metav1.Condition)

func (*QuaySecretEngineStaticRole) SetupWebhookWithManager added in v0.4.0 

func (r *QuaySecretEngineStaticRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*QuaySecretEngineStaticRole) ValidateCreate added in v0.4.0 

func (r *QuaySecretEngineStaticRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineStaticRole) ValidateDelete added in v0.4.0 

func (r *QuaySecretEngineStaticRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineStaticRole) ValidateUpdate added in v0.4.0 

func (r *QuaySecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type QuaySecretEngineStaticRoleList added in v0.4.0 

type QuaySecretEngineStaticRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []QuaySecretEngineStaticRole `json:"items"`
}

QuaySecretEngineStaticRoleList contains a list of QuaySecretEngineStaticRole

func (*QuaySecretEngineStaticRoleList) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineStaticRoleList) DeepCopy() *QuaySecretEngineStaticRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineStaticRoleList.

func (*QuaySecretEngineStaticRoleList) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineStaticRoleList) DeepCopyInto(out *QuaySecretEngineStaticRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineStaticRoleList) DeepCopyObject added in v0.4.0 

func (in *QuaySecretEngineStaticRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type QuaySecretEngineStaticRoleSpec added in v0.4.0 

type QuaySecretEngineStaticRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/static-roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	QuayBaseRole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

QuaySecretEngineStaticRoleSpec defines the desired state of QuaySecretEngineStaticRole

func (*QuaySecretEngineStaticRoleSpec) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineStaticRoleSpec) DeepCopy() *QuaySecretEngineStaticRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineStaticRoleSpec.

func (*QuaySecretEngineStaticRoleSpec) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineStaticRoleSpec) DeepCopyInto(out *QuaySecretEngineStaticRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineStaticRoleStatus added in v0.4.0 

type QuaySecretEngineStaticRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

QuaySecretEngineStaticRoleStatus defines the observed state of QuaySecretEngineStaticRole

func (*QuaySecretEngineStaticRoleStatus) DeepCopy added in v0.4.0 

func (in *QuaySecretEngineStaticRoleStatus) DeepCopy() *QuaySecretEngineStaticRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineStaticRoleStatus.

func (*QuaySecretEngineStaticRoleStatus) DeepCopyInto added in v0.4.0 

func (in *QuaySecretEngineStaticRoleStatus) DeepCopyInto(out *QuaySecretEngineStaticRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RMQSEConfig 

type RMQSEConfig struct {
	// ConnectionURL Specifies the connection string used to connect to the RabbitMQ cluster.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^(http|https):\/\/.+$`
	ConnectionURI string `json:"connectionURI,omitempty"`

	// Username Specifies the name of the user to use as the "administrator" user when connecting to the RabbitMQ cluster. This "administrator" user is used to create/update/delete users, so you will need to ensure that this user has permissions to manipulate users. If management plugin is used, this user need to have "administrator" tag, no additional permissions necessary.
	// If username is provided it takes precedence over the username retrieved from the referenced secrets
	// +kubebuilder:validation:Optional
	Username string `json:"username,omitempty"`

	// VerifyConnection Specifies if the connection is verified during initial configuration. Defaults to true.
	// +kubebuilder:validation:Optional
	VerifyConnection bool `json:"verifyConnection,omitempty"`

	// PasswordPolicy The name of the password policy to use when generating passwords for this engine. Defaults to generating an alphanumeric password if not set.
	// +kubebuilder:validation:Optional
	PasswordPolicy string `json:"passwordPolicy,omitempty"`

	// UsernameTemplate Vault username template describing how dynamic usernames are generated.
	UsernameTemplate string `json:"usernameTemplate,omitempty"`

	// Lease TTL for generated credentials in seconds.
	// +kubebuilder:validation:Optional
	LeaseTTL int `json:"leaseTTL,omitempty"`

	// Lease maximum TTL for generated credentials in seconds.
	// +kubebuilder:validation:Optional
	LeaseMaxTTL int `json:"leaseMaxTTL,omitempty"`
	// contains filtered or unexported fields
}

func (*RMQSEConfig) DeepCopy 

func (in *RMQSEConfig) DeepCopy() *RMQSEConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RMQSEConfig.

func (*RMQSEConfig) DeepCopyInto 

func (in *RMQSEConfig) DeepCopyInto(out *RMQSEConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RMQSERole 

type RMQSERole struct {
	// Comma-separated RabbitMQ permissions tags to associate with the user. This determines the level of
	// access to the RabbitMQ management UI granted to the user. Omitting this field will
	// lead to a user than can still connect to the cluster through messaging protocols,
	// but cannot perform any management actions.
	// +kubebuilder:validation:Optional
	Tags string `json:"tags,omitempty"`

	// +kubebuilder:validation:Optional
	// +listType=atomic
	Vhosts []Vhost `json:"vhosts,omitempty"`

	// This option requires RabbitMQ 3.7.0 or later.
	// +kubebuilder:validation:Optional
	// +listType=atomic
	VhostTopics []VhostTopic `json:"vhostTopics,omitempty"`
}

func (*RMQSERole) DeepCopy 

func (in *RMQSERole) DeepCopy() *RMQSERole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RMQSERole.

func (*RMQSERole) DeepCopyInto 

func (in *RMQSERole) DeepCopyInto(out *RMQSERole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RSAPrivateKeyCredentialConfig added in v0.8.3 

type RSAPrivateKeyCredentialConfig struct {
	// KeyBits The bit size of the RSA key to generate. Options include: 2048, 3072, 4096.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum={2048,3072,4096}
	KeyBits int `json:"keyBits,omitempty"`
	// Format The output format of the generated private key credential. The private key will be returned from the API in PEM encoding. Options include: pkcs8
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum={"pkcs8"}
	Format string `json:"format,omitempty"`
}

func (*RSAPrivateKeyCredentialConfig) DeepCopy added in v0.8.4 

func (in *RSAPrivateKeyCredentialConfig) DeepCopy() *RSAPrivateKeyCredentialConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RSAPrivateKeyCredentialConfig.

func (*RSAPrivateKeyCredentialConfig) DeepCopyInto added in v0.8.4 

func (in *RSAPrivateKeyCredentialConfig) DeepCopyInto(out *RSAPrivateKeyCredentialConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RabbitMQSecretEngineConfig 

type RabbitMQSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RabbitMQSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status RabbitMQSecretEngineConfigStatus `json:"status,omitempty"`
}

RabbitMQSecretEngineConfig is the Schema for the rabbitmqsecretengineconfigs API

func (*RabbitMQSecretEngineConfig) CheckTTLValuesProvided 

func (rabbitMQ *RabbitMQSecretEngineConfig) CheckTTLValuesProvided() bool

func (*RabbitMQSecretEngineConfig) DeepCopy 

func (in *RabbitMQSecretEngineConfig) DeepCopy() *RabbitMQSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineConfig.

func (*RabbitMQSecretEngineConfig) DeepCopyInto 

func (in *RabbitMQSecretEngineConfig) DeepCopyInto(out *RabbitMQSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RabbitMQSecretEngineConfig) DeepCopyObject 

func (in *RabbitMQSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RabbitMQSecretEngineConfig) GetConditions 

func (m *RabbitMQSecretEngineConfig) GetConditions() []metav1.Condition

func (*RabbitMQSecretEngineConfig) GetKubeAuthConfiguration added in v0.6.3 

func (d *RabbitMQSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*RabbitMQSecretEngineConfig) GetLeasePath 

func (rabbitMQ *RabbitMQSecretEngineConfig) GetLeasePath() string

func (*RabbitMQSecretEngineConfig) GetLeasePayload 

func (rabbitMQ *RabbitMQSecretEngineConfig) GetLeasePayload() map[string]interface{}

func (*RabbitMQSecretEngineConfig) GetPath 

func (rabbitMQ *RabbitMQSecretEngineConfig) GetPath() string

func (*RabbitMQSecretEngineConfig) GetPayload 

func (rabbitMQ *RabbitMQSecretEngineConfig) GetPayload() map[string]interface{}

func (*RabbitMQSecretEngineConfig) GetVaultConnection added in v0.8.9 

func (d *RabbitMQSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*RabbitMQSecretEngineConfig) IsDeletable added in v0.8.29 

func (d *RabbitMQSecretEngineConfig) IsDeletable() bool

func (*RabbitMQSecretEngineConfig) IsEquivalentToDesiredState 

func (rabbitMQ *RabbitMQSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*RabbitMQSecretEngineConfig) IsInitialized 

func (rabbitMQ *RabbitMQSecretEngineConfig) IsInitialized() bool

func (*RabbitMQSecretEngineConfig) IsValid 

func (rabbitMQ *RabbitMQSecretEngineConfig) IsValid() (bool, error)

func (*RabbitMQSecretEngineConfig) PrepareInternalValues 

func (rabbitMQ *RabbitMQSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*RabbitMQSecretEngineConfig) PrepareTLSConfig added in v0.8.24 

func (rabbitMQ *RabbitMQSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*RabbitMQSecretEngineConfig) SetConditions 

func (m *RabbitMQSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*RabbitMQSecretEngineConfig) SetUsernameAndPassword 

func (m *RabbitMQSecretEngineConfig) SetUsernameAndPassword(username string, password string)

type RabbitMQSecretEngineConfigList 

type RabbitMQSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RabbitMQSecretEngineConfig `json:"items"`
}

RabbitMQSecretEngineConfigList contains a list of RabbitMQSecretEngineConfig

func (*RabbitMQSecretEngineConfigList) DeepCopy 

func (in *RabbitMQSecretEngineConfigList) DeepCopy() *RabbitMQSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineConfigList.

func (*RabbitMQSecretEngineConfigList) DeepCopyInto 

func (in *RabbitMQSecretEngineConfigList) DeepCopyInto(out *RabbitMQSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RabbitMQSecretEngineConfigList) DeepCopyObject 

func (in *RabbitMQSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RabbitMQSecretEngineConfigSpec 

type RabbitMQSecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the k8s auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/{metadata.name}/config/connection.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// +kubebuilder:validation:Required
	RMQSEConfig `json:",inline"`

	// RootCredentials specifies how to retrieve the credentials for this RabbitMQEngine connection.
	// +kubebuilder:validation:Required
	RootCredentials vaultutils.RootCredentialConfig `json:"rootCredentials,omitempty"`
}

RabbitMQSecretEngineConfigSpec defines the desired state of RabbitMQSecretEngineConfig

func (*RabbitMQSecretEngineConfigSpec) DeepCopy 

func (in *RabbitMQSecretEngineConfigSpec) DeepCopy() *RabbitMQSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineConfigSpec.

func (*RabbitMQSecretEngineConfigSpec) DeepCopyInto 

func (in *RabbitMQSecretEngineConfigSpec) DeepCopyInto(out *RabbitMQSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RabbitMQSecretEngineConfigStatus 

type RabbitMQSecretEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

RabbitMQSecretEngineConfigStatus defines the observed state of RabbitMQSecretEngineConfig

func (*RabbitMQSecretEngineConfigStatus) DeepCopy 

func (in *RabbitMQSecretEngineConfigStatus) DeepCopy() *RabbitMQSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineConfigStatus.

func (*RabbitMQSecretEngineConfigStatus) DeepCopyInto 

func (in *RabbitMQSecretEngineConfigStatus) DeepCopyInto(out *RabbitMQSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RabbitMQSecretEngineConfigValidation 

type RabbitMQSecretEngineConfigValidation struct {
	Client client.Client
}

+kubebuilder:object:generate:=false

func (*RabbitMQSecretEngineConfigValidation) Handle 

func (r *RabbitMQSecretEngineConfigValidation) Handle(ctx context.Context, req admission.Request) admission.Response

type RabbitMQSecretEngineRole 

type RabbitMQSecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RabbitMQSecretEngineRoleSpec   `json:"spec,omitempty"`
	Status RabbitMQSecretEngineRoleStatus `json:"status,omitempty"`
}

RabbitMQSecretEngineRole is the Schema for the rabbitmqsecretengineroles API

func (*RabbitMQSecretEngineRole) DeepCopy 

func (in *RabbitMQSecretEngineRole) DeepCopy() *RabbitMQSecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineRole.

func (*RabbitMQSecretEngineRole) DeepCopyInto 

func (in *RabbitMQSecretEngineRole) DeepCopyInto(out *RabbitMQSecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RabbitMQSecretEngineRole) DeepCopyObject 

func (in *RabbitMQSecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RabbitMQSecretEngineRole) Default 

func (r *RabbitMQSecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*RabbitMQSecretEngineRole) GetConditions 

func (m *RabbitMQSecretEngineRole) GetConditions() []metav1.Condition

func (*RabbitMQSecretEngineRole) GetKubeAuthConfiguration added in v0.6.3 

func (d *RabbitMQSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*RabbitMQSecretEngineRole) GetPath 

func (d *RabbitMQSecretEngineRole) GetPath() string

func (*RabbitMQSecretEngineRole) GetPayload 

func (rabbitMQ *RabbitMQSecretEngineRole) GetPayload() map[string]interface{}

func (*RabbitMQSecretEngineRole) GetVaultConnection added in v0.8.9 

func (d *RabbitMQSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*RabbitMQSecretEngineRole) IsDeletable added in v0.8.29 

func (d *RabbitMQSecretEngineRole) IsDeletable() bool

func (*RabbitMQSecretEngineRole) IsEquivalentToDesiredState 

func (rabbitMQ *RabbitMQSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*RabbitMQSecretEngineRole) IsInitialized 

func (rabbitMQ *RabbitMQSecretEngineRole) IsInitialized() bool

func (*RabbitMQSecretEngineRole) IsValid 

func (rabbitMQ *RabbitMQSecretEngineRole) IsValid() (bool, error)

func (*RabbitMQSecretEngineRole) PrepareInternalValues 

func (rabbitMQ *RabbitMQSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*RabbitMQSecretEngineRole) PrepareTLSConfig added in v0.8.24 

func (rabbitMQ *RabbitMQSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*RabbitMQSecretEngineRole) SetConditions 

func (m *RabbitMQSecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*RabbitMQSecretEngineRole) SetupWebhookWithManager 

func (r *RabbitMQSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*RabbitMQSecretEngineRole) ValidateCreate 

func (r *RabbitMQSecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*RabbitMQSecretEngineRole) ValidateDelete 

func (r *RabbitMQSecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*RabbitMQSecretEngineRole) ValidateUpdate 

func (r *RabbitMQSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type RabbitMQSecretEngineRoleList 

type RabbitMQSecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RabbitMQSecretEngineRole `json:"items"`
}

RabbitMQSecretEngineRoleList contains a list of RabbitMQSecretEngineRole

func (*RabbitMQSecretEngineRoleList) DeepCopy 

func (in *RabbitMQSecretEngineRoleList) DeepCopy() *RabbitMQSecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineRoleList.

func (*RabbitMQSecretEngineRoleList) DeepCopyInto 

func (in *RabbitMQSecretEngineRoleList) DeepCopyInto(out *RabbitMQSecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RabbitMQSecretEngineRoleList) DeepCopyObject 

func (in *RabbitMQSecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RabbitMQSecretEngineRoleSpec 

type RabbitMQSecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the k8s auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path"`

	// +kubebuilder:validation:Required
	RMQSERole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

RabbitMQSecretEngineRoleSpec defines the desired state of RabbitMQSecretEngineRole

func (*RabbitMQSecretEngineRoleSpec) DeepCopy 

func (in *RabbitMQSecretEngineRoleSpec) DeepCopy() *RabbitMQSecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineRoleSpec.

func (*RabbitMQSecretEngineRoleSpec) DeepCopyInto 

func (in *RabbitMQSecretEngineRoleSpec) DeepCopyInto(out *RabbitMQSecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RabbitMQSecretEngineRoleStatus 

type RabbitMQSecretEngineRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

RabbitMQSecretEngineRoleStatus defines the observed state of RabbitMQSecretEngineRole

func (*RabbitMQSecretEngineRoleStatus) DeepCopy 

func (in *RabbitMQSecretEngineRoleStatus) DeepCopy() *RabbitMQSecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineRoleStatus.

func (*RabbitMQSecretEngineRoleStatus) DeepCopyInto 

func (in *RabbitMQSecretEngineRoleStatus) DeepCopyInto(out *RabbitMQSecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RandomSecret 

type RandomSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RandomSecretSpec   `json:"spec,omitempty"`
	Status RandomSecretStatus `json:"status,omitempty"`
}

RandomSecret is the Schema for the randomsecrets API

func (*RandomSecret) DeepCopy 

func (in *RandomSecret) DeepCopy() *RandomSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RandomSecret.

func (*RandomSecret) DeepCopyInto 

func (in *RandomSecret) DeepCopyInto(out *RandomSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RandomSecret) DeepCopyObject 

func (in *RandomSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RandomSecret) Default 

func (r *RandomSecret) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*RandomSecret) GenerateNewPassword 

func (d *RandomSecret) GenerateNewPassword(context context.Context) error

func (*RandomSecret) GetConditions 

func (m *RandomSecret) GetConditions() []metav1.Condition

func (*RandomSecret) GetKubeAuthConfiguration added in v0.6.3 

func (d *RandomSecret) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*RandomSecret) GetPath 

func (d *RandomSecret) GetPath() string

func (*RandomSecret) GetPayload 

func (d *RandomSecret) GetPayload() map[string]interface{}

func (*RandomSecret) GetVaultConnection added in v0.8.9 

func (d *RandomSecret) GetVaultConnection() *vaultutils.VaultConnection

func (*RandomSecret) IsDeletable added in v0.8.29 

func (d *RandomSecret) IsDeletable() bool

func (*RandomSecret) IsEquivalentToDesiredState 

func (d *RandomSecret) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*RandomSecret) IsInitialized 

func (d *RandomSecret) IsInitialized() bool

func (*RandomSecret) IsKVSecretsEngineV2 added in v0.8.17 

func (d *RandomSecret) IsKVSecretsEngineV2() bool

func (*RandomSecret) IsValid 

func (r *RandomSecret) IsValid() (bool, error)

func (*RandomSecret) PrepareInternalValues 

func (d *RandomSecret) PrepareInternalValues(context context.Context, object client.Object) error

func (*RandomSecret) PrepareTLSConfig added in v0.8.24 

func (d *RandomSecret) PrepareTLSConfig(context context.Context, object client.Object) error

func (*RandomSecret) SetConditions 

func (m *RandomSecret) SetConditions(conditions []metav1.Condition)

func (*RandomSecret) SetupWebhookWithManager 

func (r *RandomSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*RandomSecret) ValidateCreate 

func (r *RandomSecret) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*RandomSecret) ValidateDelete 

func (r *RandomSecret) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*RandomSecret) ValidateUpdate 

func (r *RandomSecret) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type RandomSecretList 

type RandomSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RandomSecret `json:"items"`
}

RandomSecretList contains a list of RandomSecret

func (*RandomSecretList) DeepCopy 

func (in *RandomSecretList) DeepCopy() *RandomSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RandomSecretList.

func (*RandomSecretList) DeepCopyInto 

func (in *RandomSecretList) DeepCopyInto(out *RandomSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RandomSecretList) DeepCopyObject 

func (in *RandomSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RandomSecretSpec 

type RandomSecretSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the secret.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
	// If IsKVSecretsEngineV2 is false, the authentication role must have the following capabilities = [ "create", "update", "delete"] on the {[spec.authentication.namespace]}/{spec.path}/{metadata.name} path.
	// If IsKVSecretsEngineV2 is true, the authentication role must have the following capabilities = [ "create", "update"] on the {[spec.authentication.namespace]}/{spec.path}/data/{metadata.name} path and capabilities = [ "delete"] on the {[spec.authentication.namespace]}/{spec.path}/metadata/{metadata.name} path.
	// Additionally, if IsKVSecretsEngineV2 is true, it is acceptable for this value to have a suffix of "/data" or not. This suffix is no longer needed but still supported for backwards compatibility.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// SecretFormat specifies a map of key and password policies used to generate random values
	// +kubebuilder:validation:Required
	SecretFormat VaultPasswordPolicy `json:"secretFormat,omitempty"`

	// RefreshPeriod if specified, the operator will refresh the secret with the given frequency. This will also set the ttl of the secret which provides a hint for how often consumers should check back for a new value when reading the secret's lease_duration.
	// +kubebuilder:validation:Optional
	RefreshPeriod *metav1.Duration `json:"refreshPeriod,omitempty"`

	// SecretKey is the key to be used for this secret when stored in Vault kv
	// +kubebuilder:validation:Required
	SecretKey string `json:"secretKey,omitempty"`

	// IsKVSecretsEngineV2 indicates if the KV Secrets engine is V2 or not. Default is false to indicate the payload to send is for KV Secret Engine V1.
	// +kubebuilder:validation:Required
	// +kubebuilder:default=false
	IsKVSecretsEngineV2 bool `json:"isKVSecretsEngineV2,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
	// contains filtered or unexported fields
}

RandomSecretSpec defines the desired state of RandomSecret

func (*RandomSecretSpec) DeepCopy 

func (in *RandomSecretSpec) DeepCopy() *RandomSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RandomSecretSpec.

func (*RandomSecretSpec) DeepCopyInto 

func (in *RandomSecretSpec) DeepCopyInto(out *RandomSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RandomSecretStatus 

type RandomSecretStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	//LastVaultSecretUpdate last time when this secret was updated in Vault
	LastVaultSecretUpdate *metav1.Time `json:"lastVaultSecretUpdate,omitempty"`
}

RandomSecretStatus defines the observed state of RandomSecret

func (*RandomSecretStatus) DeepCopy 

func (in *RandomSecretStatus) DeepCopy() *RandomSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RandomSecretStatus.

func (*RandomSecretStatus) DeepCopyInto 

func (in *RandomSecretStatus) DeepCopyInto(out *RandomSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RootPasswordRotation added in v0.8.4 

type RootPasswordRotation struct {
	// Enabled whether the toot password should be rotated with the rotation statement. If set to true the root password will be rotated immediately.
	// +kubebuilder:validation:Optional
	Enable bool `json:"enable,omitempty"`
	// RotationPeriod if this value is set, the root password will be rotated approximately with teh requested frequency.
	// +kubebuilder:validation:Optional
	RotationPeriod metav1.Duration `json:"rotationPeriod,omitempty"`
}

func (*RootPasswordRotation) DeepCopy added in v0.8.4 

func (in *RootPasswordRotation) DeepCopy() *RootPasswordRotation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RootPasswordRotation.

func (*RootPasswordRotation) DeepCopyInto added in v0.8.4 

func (in *RootPasswordRotation) DeepCopyInto(out *RootPasswordRotation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SSHKeyConfig 

type SSHKeyConfig struct {
	// VaultSecret retrieves the sshkey from a Vault secret. The sshkey will be retrieve at the key "key" (pun intented).
	// +kubebuilder:validation:Optional
	VaultSecret *vaultutils.VaultSecretReference `json:"vaultSecret,omitempty"`

	// Secret retrieves the ssh key from a Kubernetes secret. The secret must be of ssh type (https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets).
	// +kubebuilder:validation:Optional
	Secret *corev1.LocalObjectReference `json:"secret,omitempty"`
}

func (*SSHKeyConfig) DeepCopy 

func (in *SSHKeyConfig) DeepCopy() *SSHKeyConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSHKeyConfig.

func (*SSHKeyConfig) DeepCopyInto 

func (in *SSHKeyConfig) DeepCopyInto(out *SSHKeyConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretEngineMount 

type SecretEngineMount struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretEngineMountSpec   `json:"spec,omitempty"`
	Status SecretEngineMountStatus `json:"status,omitempty"`
}

SecretEngineMount is the Schema for the secretenginemounts API

func (*SecretEngineMount) DeepCopy 

func (in *SecretEngineMount) DeepCopy() *SecretEngineMount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineMount.

func (*SecretEngineMount) DeepCopyInto 

func (in *SecretEngineMount) DeepCopyInto(out *SecretEngineMount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretEngineMount) DeepCopyObject 

func (in *SecretEngineMount) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretEngineMount) Default 

func (r *SecretEngineMount) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*SecretEngineMount) GetConditions 

func (m *SecretEngineMount) GetConditions() []metav1.Condition

func (*SecretEngineMount) GetEngineListPath 

func (d *SecretEngineMount) GetEngineListPath() string

func (*SecretEngineMount) GetEngineTunePath 

func (d *SecretEngineMount) GetEngineTunePath() string

func (*SecretEngineMount) GetKubeAuthConfiguration added in v0.6.3 

func (d *SecretEngineMount) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*SecretEngineMount) GetPath 

func (d *SecretEngineMount) GetPath() string

func (*SecretEngineMount) GetPayload 

func (d *SecretEngineMount) GetPayload() map[string]interface{}

func (*SecretEngineMount) GetTunePayload 

func (d *SecretEngineMount) GetTunePayload() map[string]interface{}

func (*SecretEngineMount) GetVaultConnection added in v0.8.9 

func (d *SecretEngineMount) GetVaultConnection() *vaultutils.VaultConnection

func (*SecretEngineMount) IsDeletable added in v0.8.29 

func (d *SecretEngineMount) IsDeletable() bool

func (*SecretEngineMount) IsEquivalentToDesiredState 

func (d *SecretEngineMount) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*SecretEngineMount) IsInitialized 

func (d *SecretEngineMount) IsInitialized() bool

func (*SecretEngineMount) IsValid 

func (d *SecretEngineMount) IsValid() (bool, error)

func (*SecretEngineMount) PrepareInternalValues 

func (d *SecretEngineMount) PrepareInternalValues(context context.Context, object client.Object) error

func (*SecretEngineMount) PrepareTLSConfig added in v0.8.24 

func (d *SecretEngineMount) PrepareTLSConfig(context context.Context, object client.Object) error

func (*SecretEngineMount) SetAccessor 

func (d *SecretEngineMount) SetAccessor(accessor string)

func (*SecretEngineMount) SetConditions 

func (m *SecretEngineMount) SetConditions(conditions []metav1.Condition)

func (*SecretEngineMount) SetupWebhookWithManager 

func (r *SecretEngineMount) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*SecretEngineMount) ValidateCreate 

func (r *SecretEngineMount) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*SecretEngineMount) ValidateDelete 

func (r *SecretEngineMount) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*SecretEngineMount) ValidateUpdate 

func (r *SecretEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type SecretEngineMountList 

type SecretEngineMountList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretEngineMount `json:"items"`
}

SecretEngineMountList contains a list of SecretEngineMount

func (*SecretEngineMountList) DeepCopy 

func (in *SecretEngineMountList) DeepCopy() *SecretEngineMountList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineMountList.

func (*SecretEngineMountList) DeepCopyInto 

func (in *SecretEngineMountList) DeepCopyInto(out *SecretEngineMountList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretEngineMountList) DeepCopyObject 

func (in *SecretEngineMountList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecretEngineMountSpec 

type SecretEngineMountSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	Mount `json:",inline"`

	// Path at which this secret engine will be available
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path /sys/mounts/{[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

SecretEngineMountSpec defines the desired state of SecretEngineMount

func (*SecretEngineMountSpec) DeepCopy 

func (in *SecretEngineMountSpec) DeepCopy() *SecretEngineMountSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineMountSpec.

func (*SecretEngineMountSpec) DeepCopyInto 

func (in *SecretEngineMountSpec) DeepCopyInto(out *SecretEngineMountSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretEngineMountStatus 

type SecretEngineMountStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	// +kubebuilder:validation:Optional
	Accessor string `json:"accessor,omitempty"`
}

SecretEngineMountStatus defines the observed state of SecretEngineMount

func (*SecretEngineMountStatus) DeepCopy 

func (in *SecretEngineMountStatus) DeepCopy() *SecretEngineMountStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineMountStatus.

func (*SecretEngineMountStatus) DeepCopyInto 

func (in *SecretEngineMountStatus) DeepCopyInto(out *SecretEngineMountStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TeamRole added in v0.4.0 

type TeamRole string

+kubebuilder:validation:Enum:={"admin","creator","member"}

type TemplatizedK8sSecret 

type TemplatizedK8sSecret struct {
	// Name is the K8s Secret name to output to.
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`
	// Type is the K8s Secret type to output to.
	// +kubebuilder:validation:Required
	Type string `json:"type,omitempty"`
	// StringData is the K8s Secret stringData and allows specifying non-binary secret data in string form with go templating support
	// to transform the Vault KV secrets into a formatted K8s Secret.
	// The Sprig template library and Helm functions (like toYaml) are supported.
	// +kubebuilder:validation:Required
	StringData map[string]string `json:"stringData,omitempty"`
	// Labels are labels to add to the final K8s Secret.
	// +kubebuilder:validation:Optional
	Labels map[string]string `json:"labels,omitempty"`
	// Annotations are annotations to add to the final K8s Secret.
	// +kubebuilder:validation:Optional
	Annotations map[string]string `json:"annotations,omitempty"`
}

func (*TemplatizedK8sSecret) DeepCopy 

func (in *TemplatizedK8sSecret) DeepCopy() *TemplatizedK8sSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplatizedK8sSecret.

func (*TemplatizedK8sSecret) DeepCopyInto 

func (in *TemplatizedK8sSecret) DeepCopyInto(out *TemplatizedK8sSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Topic 

type Topic struct {
	// Name of an existing topic.
	// +kubebuilder:validation:Required
	TopicName string `json:"topicName,omitempty"`

	// Permissions to grant to the user in the specific vhost
	// +kubebuilder:validation:Required
	Permissions VhostPermissions `json:"permissions,omitempty"`
}

func (*Topic) DeepCopy 

func (in *Topic) DeepCopy() *Topic

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Topic.

func (*Topic) DeepCopyInto 

func (in *Topic) DeepCopyInto(out *Topic)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VRole 

type VRole struct {

	// TargetServiceAccounts is a list of service account names that will receive this role
	// +kubebuilder:validation:MinItems=1
	// kubebuilder:validation:UniqueItems=true
	// +kubebuilder:default={"default"}
	TargetServiceAccounts []string `json:"targetServiceAccounts"`

	// Audience Audience claim to verify in the JWT.
	// +kubebuilder:validation:Optional
	Audience *string `json:"audience,omitempty"`

	// AliasNameSource Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name When serviceaccount_uid is specified, the machine generated UID from the service account will be used as the identity alias name. When serviceaccount_name is specified, the service account's namespace and name will be used as the identity alias name e.g vault/vault-auth. While it is strongly advised that you use serviceaccount_uid, you may also use serviceaccount_name in cases where you want to set the alias ahead of time, and the risks are mitigated or otherwise acceptable given your use case. It is very important to limit who is able to delete/create service accounts within a given cluster. See the Create an Entity Alias document which further expands on the potential security implications mentioned above.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"serviceaccount_uid", "serviceaccount_name"}
	// +kubebuilder:default="serviceaccount_uid"
	AliasNameSource string `json:"aliasNameSource,omitempty"`

	// TokenTTL The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenTTL int `json:"tokenTTL,omitempty"`

	// Policies is a list of policy names to be bound to this role.
	// +kubebuilder:validation:MinItems=1
	// kubebuilder:validation:UniqueItems=true
	// +kubebuilder:validation:Required
	Policies []string `json:"policies"`

	// TokenMaxTTL The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenMaxTTL int `json:"tokenMaxTTL,omitempty"`

	// TokenBoundCIDRs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenBoundCIDRs []string `json:"tokenBoundCIDRs,omitempty"`

	// TokenExplicitMaxTTL If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenExplicitMaxTTL int `json:"tokenExplicitMaxTTL,omitempty"`

	// TokenNoDefaultPolicy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy,omitempty"`

	// TokenNumUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited. If you require the token to have the ability to create child tokens, you will need to set this value to 0.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenNumUses int `json:"tokenNumUses,omitempty"`

	// TokenPeriod The period, if any, to set on the token.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenPeriod int `json:"tokenPeriod,omitempty"`

	// TokenType The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"service","batch","default","default-service","default-batch"}
	// +kubebuilder:default="default"
	TokenType string `json:"tokenType,omitempty"`
	// contains filtered or unexported fields
}

func (*VRole) DeepCopy 

func (in *VRole) DeepCopy() *VRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VRole.

func (*VRole) DeepCopyInto 

func (in *VRole) DeepCopyInto(out *VRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPasswordPolicy 

type VaultPasswordPolicy struct {
	// PasswordPolicyName a ref to a password policy defined in Vault. Notice that in order to use this, the Vault role you use needs the following capabilities = ["read"] on /sys/policy/password.
	// Only one of PasswordPolicyName or InlinePasswordPolicy can be specified
	// +kubebuilder:validation:Optional
	PasswordPolicyName string `json:"passwordPolicyName,omitempty"`

	// InlinePasswordPolicy is an inline password policy specified using Vault password policy syntax (https://www.vaultproject.io/docs/concepts/password-policies#password-policy-syntax)
	// Only one of PasswordPolicyName or InlinePasswordPolicy can be specified
	// +kubebuilder:validation:Optional
	InlinePasswordPolicy string `json:"inlinePasswordPolicy,omitempty"`
}

func (*VaultPasswordPolicy) DeepCopy 

func (in *VaultPasswordPolicy) DeepCopy() *VaultPasswordPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPasswordPolicy.

func (*VaultPasswordPolicy) DeepCopyInto 

func (in *VaultPasswordPolicy) DeepCopyInto(out *VaultPasswordPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSecret 

type VaultSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultSecretSpec   `json:"spec,omitempty"`
	Status VaultSecretStatus `json:"status,omitempty"`
}

VaultSecret is the Schema for the vaultsecrets API

func (*VaultSecret) DeepCopy 

func (in *VaultSecret) DeepCopy() *VaultSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecret.

func (*VaultSecret) DeepCopyInto 

func (in *VaultSecret) DeepCopyInto(out *VaultSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSecret) DeepCopyObject 

func (in *VaultSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultSecret) Default 

func (r *VaultSecret) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*VaultSecret) GetConditions 

func (vs *VaultSecret) GetConditions() []metav1.Condition

func (*VaultSecret) IsValid 

func (vs *VaultSecret) IsValid() (bool, error)

func (*VaultSecret) SetConditions 

func (vs *VaultSecret) SetConditions(conditions []metav1.Condition)

func (*VaultSecret) SetupWebhookWithManager 

func (r *VaultSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultSecret) ValidateCreate 

func (r *VaultSecret) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*VaultSecret) ValidateDelete 

func (r *VaultSecret) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*VaultSecret) ValidateUpdate 

func (r *VaultSecret) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type VaultSecretDefinition 

type VaultSecretDefinition struct {
	// Name is an arbitrary, but unique, name for this KV Vault secret and referenced when templating.
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuraiton to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`
	// Path is the path of the secret.
	// +kubebuilder:validation:Required
	// +kubebuilder:default=kubernetes
	Path vaultutils.Path `json:"path,omitempty"`

	// RequestType the type of request needed to retrieve a secret. Normally a GET, but some secret engnes require a POST.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=GET
	// +kubebuilder:validation:Enum={"GET","POST"}
	RequestType string `json:"requestType,omitempty"`

	// RequestPayload for POST type of requests, this field contains the payload of the request. Not used for GET requests.
	// +kubebuilder:validation:Optional
	RequestPayload map[string]string `json:"requestPayload,omitempty"`
}

func (*VaultSecretDefinition) DeepCopy 

func (in *VaultSecretDefinition) DeepCopy() *VaultSecretDefinition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretDefinition.

func (*VaultSecretDefinition) DeepCopyInto 

func (in *VaultSecretDefinition) DeepCopyInto(out *VaultSecretDefinition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSecretDefinition) GetKubeAuthConfiguration added in v0.6.3 

func (d *VaultSecretDefinition) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*VaultSecretDefinition) GetPath 

func (d *VaultSecretDefinition) GetPath() string

func (*VaultSecretDefinition) GetPostRequestPayload added in v0.6.0 

func (d *VaultSecretDefinition) GetPostRequestPayload() map[string]string

func (*VaultSecretDefinition) GetRequestMethod added in v0.6.0 

func (d *VaultSecretDefinition) GetRequestMethod() string

func (*VaultSecretDefinition) GetVaultConnection added in v0.8.9 

func (d *VaultSecretDefinition) GetVaultConnection() *vaultutils.VaultConnection

type VaultSecretDefinitionStatus 

type VaultSecretDefinitionStatus struct {
	// Name is an arbitrary, but unique, name for this KV Vault secret and referenced when templating.
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`
	// LeaseID is the id of a lease, this denotes the secret is dynamic
	// +kubebuilder:validation:Optional
	LeaseID string `json:"lease_id,omitempty"`
	// LeaseDuration is the time until the secret should be read in again, thus recreating the k8s Secret
	// +kubebuilder:validation:Optional
	LeaseDuration int `json:"lease_duration,omitempty"`
	// Renewable informs if the lease is renewable for the dynamic secret
	// +kubebuilder:validation:Optional
	Renewable bool `json:"renewable,omitempty"`
}

func (*VaultSecretDefinitionStatus) DeepCopy 

func (in *VaultSecretDefinitionStatus) DeepCopy() *VaultSecretDefinitionStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretDefinitionStatus.

func (*VaultSecretDefinitionStatus) DeepCopyInto 

func (in *VaultSecretDefinitionStatus) DeepCopyInto(out *VaultSecretDefinitionStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSecretList 

type VaultSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultSecret `json:"items"`
}

VaultSecretList contains a list of VaultSecret

func (*VaultSecretList) DeepCopy 

func (in *VaultSecretList) DeepCopy() *VaultSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretList.

func (*VaultSecretList) DeepCopyInto 

func (in *VaultSecretList) DeepCopyInto(out *VaultSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSecretList) DeepCopyObject 

func (in *VaultSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultSecretSpec 

type VaultSecretSpec struct {

	// RefreshPeriod if specified, the operator will refresh the secret with the given frequency.
	// This takes precedence over any vault secret lease duration and can be used to force a refresh.
	// +kubebuilder:validation:Optional
	RefreshPeriod *metav1.Duration `json:"refreshPeriod,omitempty"`
	// RefreshThreshold if specified, will instruct the operator to refresh when a percentage of the lease duration is met when there is no RefreshPeriod specified.
	// This is particularly useful for controlling when dynamic secrets should be refreshed before the lease duration is exceeded.
	// The default is 90, meaning the secret would refresh after 90% of the time has passed from the vault secret's lease duration.
	// +kubebuilder:validation:Required
	// +kubebuilder:default=90
	RefreshThreshold int `json:"refreshThreshold,omitempty"`
	// VaultSecretDefinitions are the secrets in Vault.
	// +kubebuilder:validation:Required
	VaultSecretDefinitions []VaultSecretDefinition `json:"vaultSecretDefinitions,omitempty"`
	// TemplatizedK8sSecret is the formatted K8s Secret created by templating from the Vault KV secrets.
	// +kubebuilder:validation:Required
	TemplatizedK8sSecret TemplatizedK8sSecret `json:"output,omitempty"`
}

VaultSecretSpec defines the desired state of VaultSecret

func (*VaultSecretSpec) DeepCopy 

func (in *VaultSecretSpec) DeepCopy() *VaultSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretSpec.

func (*VaultSecretSpec) DeepCopyInto 

func (in *VaultSecretSpec) DeepCopyInto(out *VaultSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSecretStatus 

type VaultSecretStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	//LastVaultSecretUpdate the last time when this secret was updated from Vault
	LastVaultSecretUpdate *metav1.Time `json:"lastVaultSecretUpdate,omitempty"`

	//NextVaultSecretUpdate the next time when this secret will be synced with Vault. If nil, it will not be refreshed.
	NextVaultSecretUpdate *metav1.Time `json:"nextVaultSecretUpdate,omitempty"`

	//VaultSecretDefinitionsStatus information used to determine if the secret should be rereconciled
	VaultSecretDefinitionsStatus []VaultSecretDefinitionStatus `json:"vaultSecretDefinitionsStatus,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

VaultSecretStatus defines the observed state of VaultSecret

func (*VaultSecretStatus) DeepCopy 

func (in *VaultSecretStatus) DeepCopy() *VaultSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretStatus.

func (*VaultSecretStatus) DeepCopyInto 

func (in *VaultSecretStatus) DeepCopyInto(out *VaultSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Vhost 

type Vhost struct {
	// Name of an existing vhost.
	// +kubebuilder:validation:Required
	VhostName string `json:"vhostName,omitempty"`
	// Permissions to grant to the user in the specific vhost.
	// +kubebuilder:validation:Required
	Permissions VhostPermissions `json:"permissions,omitempty"`
}

func (*Vhost) DeepCopy 

func (in *Vhost) DeepCopy() *Vhost

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Vhost.

func (*Vhost) DeepCopyInto 

func (in *Vhost) DeepCopyInto(out *Vhost)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VhostPermissions 

type VhostPermissions struct {
	// +kubebuilder:validation:Optional
	Configure string `json:"configure,omitempty"`
	// +kubebuilder:validation:Optional
	Write string `json:"write,omitempty"`
	// +kubebuilder:validation:Optional
	Read string `json:"read,omitempty"`
}

Set of RabbitMQ permissions: configure, read and write. By not setting a property (configure/write/read), it result in an empty string which does not match any permission.

func (*VhostPermissions) DeepCopy 

func (in *VhostPermissions) DeepCopy() *VhostPermissions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VhostPermissions.

func (*VhostPermissions) DeepCopyInto 

func (in *VhostPermissions) DeepCopyInto(out *VhostPermissions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VhostTopic 

type VhostTopic struct {
	// Name of an existing vhost.
	// +kubebuilder:validation:Required
	VhostName string `json:"vhostName,omitempty"`

	// List of topics to provide
	// +kubebuilder:validation:Required
	// +listType=atomic
	Topics []Topic `json:"topics,omitempty"`
}

func (*VhostTopic) DeepCopy 

func (in *VhostTopic) DeepCopy() *VhostTopic

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VhostTopic.

func (*VhostTopic) DeepCopyInto 

func (in *VhostTopic) DeepCopyInto(out *VhostTopic)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.