Documentation
¶
Overview ¶
Package v1alpha1 contains the v1alpha1 group Sample resources of the Vault provider. +kubebuilder:object:generate=true +groupName=auth.vault.crossplane.io +versionName=v1alpha1
Index ¶
- Constants
- Variables
- type Role
- func (in *Role) DeepCopy() *Role
- func (in *Role) DeepCopyInto(out *Role)
- func (in *Role) DeepCopyObject() runtime.Object
- func (mg *Role) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (mg *Role) GetDeletionPolicy() xpv1.DeletionPolicy
- func (mg *Role) GetProviderConfigReference() *xpv1.Reference
- func (mg *Role) GetProviderReference() *xpv1.Reference
- func (mg *Role) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
- func (mg *Role) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (mg *Role) SetConditions(c ...xpv1.Condition)
- func (mg *Role) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *Role) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *Role) SetProviderReference(r *xpv1.Reference)
- func (mg *Role) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
- func (mg *Role) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type RoleList
- type RoleObservation
- type RoleParameters
- type RoleSpec
- type RoleStatus
Constants ¶
const ( Group = "auth.vault.crossplane.io" Version = "v1alpha1" )
Package type metadata.
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} )
var ( RoleKind = reflect.TypeOf(Role{}).Name() RoleGroupKind = schema.GroupKind{Group: Group, Kind: RoleKind}.String() RoleKindAPIVersion = RoleKind + "." + SchemeGroupVersion.String() RoleGroupVersionKind = SchemeGroupVersion.WithKind(RoleKind) )
Role type metadata.
Functions ¶
This section is empty.
Types ¶
type Role ¶ added in v0.3.1
type Role struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec RoleSpec `json:"spec"`
Status RoleStatus `json:"status,omitempty"`
}
A Role is an example API type. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}
func (*Role) DeepCopy ¶ added in v0.3.1
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Role.
func (*Role) DeepCopyInto ¶ added in v0.3.1
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Role) DeepCopyObject ¶ added in v0.3.1
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Role) GetCondition ¶ added in v0.3.1
func (mg *Role) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this Role.
func (*Role) GetDeletionPolicy ¶ added in v0.3.1
func (mg *Role) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this Role.
func (*Role) GetProviderConfigReference ¶ added in v0.3.1
GetProviderConfigReference of this Role.
func (*Role) GetProviderReference ¶ added in v0.3.1
GetProviderReference of this Role. Deprecated: Use GetProviderConfigReference.
func (*Role) GetPublishConnectionDetailsTo ¶ added in v0.3.1
func (mg *Role) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
GetPublishConnectionDetailsTo of this Role.
func (*Role) GetWriteConnectionSecretToReference ¶ added in v0.3.1
func (mg *Role) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this Role.
func (*Role) SetConditions ¶ added in v0.3.1
SetConditions of this Role.
func (*Role) SetDeletionPolicy ¶ added in v0.3.1
func (mg *Role) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this Role.
func (*Role) SetProviderConfigReference ¶ added in v0.3.1
SetProviderConfigReference of this Role.
func (*Role) SetProviderReference ¶ added in v0.3.1
SetProviderReference of this Role. Deprecated: Use SetProviderConfigReference.
func (*Role) SetPublishConnectionDetailsTo ¶ added in v0.3.1
func (mg *Role) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
SetPublishConnectionDetailsTo of this Role.
func (*Role) SetWriteConnectionSecretToReference ¶ added in v0.3.1
func (mg *Role) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this Role.
type RoleList ¶ added in v0.3.1
type RoleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Role `json:"items"`
}
RoleList contains a list of Role
func (*RoleList) DeepCopy ¶ added in v0.3.1
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleList.
func (*RoleList) DeepCopyInto ¶ added in v0.3.1
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RoleList) DeepCopyObject ¶ added in v0.3.1
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RoleObservation ¶ added in v0.3.1
type RoleObservation struct {
ObservableField string `json:"observableField,omitempty"`
}
RoleObservation are the observable fields of a Role.
func (*RoleObservation) DeepCopy ¶ added in v0.3.1
func (in *RoleObservation) DeepCopy() *RoleObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleObservation.
func (*RoleObservation) DeepCopyInto ¶ added in v0.3.1
func (in *RoleObservation) DeepCopyInto(out *RoleObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoleParameters ¶ added in v0.3.1
type RoleParameters struct {
// The namespace to provision the resource in. The value should not contain
// leading or trailing forward slashes. The namespace is always relative to
// the provider's configured namespace
// +optional
Namespace *string `json:"namespace"`
// Type of role, either "oidc" (default) or "jwt"
// +kubebuilder:default:="oidc"
// +kubebuilder:validation:Enum:=jwt;oidc
// +optional
RoleType *string `json:"type,omitempty"`
// List of aud claims to match against. Any match is sufficient.
// Required for roles of type jwt, optional for roles of type oidc)
// +optional
BoundAudiences []string `json:"boundAudiences,omitempty"`
// The claim to use to uniquely identify the user; this will be used
// as the name for the Identity entity alias created due to a successful login.
UserClaim *string `json:"userClaim"`
// Specifies if the user_claim value uses JSON pointer syntax for referencing claims.
// By default, the user_claim value will not use JSON pointer. Requires Vault 1.11+.
// +optional
// +kubebuilder:default:=false
UserClaimJSONPointer *bool `json:"userClaimJSONPointer,omitempty"`
// If set, requires that the sub claim matches this value.
// +optional
// +kubebuilder:default:=""
BoundSubject *string `json:"boundSubject,omitempty"`
// f set, a map of claims to values to match against. A claim's value must be a string,
// which may contain one value or multiple comma-separated values, e.g. "red" or "red,green,blue"
// +optional
BoundClaims map[string]string `json:"boundClaims,omitempty"`
// How to interpret values in the claims/values map (bound_claims): can be either string (exact match) or glob (wildcard match). Requires Vault 1.4.0 or above.
// +optional
// +kubebuilder:default:="string"
// +kubebuilder:validation:Enum:=string;glob
BoundClaimsType *string `json:"boundClaimsType,omitempty"`
// If set, a map of claims (keys) to be copied to specified metadata fields (values).
// +optional
ClaimMappings map[string]string `json:"claimMappings,omitempty"`
// If set, a list of OIDC scopes to be used with an OIDC role. The standard scope "openid" is
// automatically included and need not be specified.
// +optional
OIDCScopes []string `json:"oidcScopes,omitempty"`
// The claim to use to uniquely identify the set of groups to which the user belongs;
// this will be used as the names for the Identity group aliases created due to a successful login.
// The claim value must be a list of strings.
// +optional
// +kubebuilder:default:=""
GroupsClaim *string `json:"groupsClaim,omitempty"`
// The unique name of the auth backend to configure. Defaults to jwt.
// +optional
// +kubebuilder:default:=jwt
Backend *string `json:"backend,omitempty"`
// The list of allowed values for redirect_uri during OIDC logins. Required for OIDC roles
// +optional
AllowedRedirectURIs []string `json:"allowedRedirectURIs,omitempty"`
// The amount of leeway to add to all claims to account for clock skew, in seconds. Defaults to 60 seconds
// if set to 0 and can be disabled if set to -1. Only applicable with "jwt" roles.
// +optional
ClockSkewLeeway *int `json:"clockSkewLeeway,omitempty"`
// The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.
// Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with "jwt" roles.
// +optional
ExpirationLeeway *int `json:"expirationLeeway,omitempty"`
// The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds.
// Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with "jwt" roles.
// +optional
NotBeforeLeeway *int `json:"notBeforeLeeway,omitempty"`
// Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production
// since sensitive information may be present in OIDC responses.
// +optional
// +kubebuilder:default:=false
VerboseOIDCLogging *bool `json:"verboseOIDCLogging,omitempty"`
// Specifies the allowable elapsed time in seconds since the last time the user was actively
// authenticated with the OIDC provider.
// +optional
// +kubebuilder:default:=0
MaxAge *int `json:"maxAge,omitempty"`
// The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
// +optional
// +kubebuilder:default:=0
TokenTTL *int `json:"tokenTTL,omitempty"`
// The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
// +optional
// +kubebuilder:default:=0
TokenMaxTTL *int `json:"tokenMaxTTL,omitempty"`
// List of policies to encode onto generated tokens.
// Depending on the auth method, this list may be supplemented by user/group/other values.
// +optional
TokenPolicies []string `json:"tokenPolicies,omitempty"`
// List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully,
// and ties the resulting token to these blocks as well.
// +optional
TokenBoundCIDRS []string `json:"tokenBoundCIDRs,omitempty"`
// If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl
// and token_max_ttl would otherwise allow a renewal.
// +optional
// +kubebuilder:default:=0
TokenExplicitMaxTTL *int `json:"tokenExplicitMaxTTL,omitempty"`
// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
// +optional
// +kubebuilder:default:=false
TokenNoDefaultPolicy *bool `json:"tokenNoDefaultPolicy,omitempty"`
// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
// If you require the token to have the ability to create child tokens, you will need to set this value to 0.
// +optional
// +kubebuilder:default:=0
TokenNumUses *int `json:"tokenNumUses,omitempty"`
// The period, if any, to set on the token.
// +optional
// +kubebuilder:default:=0
TokenPeriod *int `json:"tokenPeriod,omitempty"`
// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned
// default (which unless changed will be service tokens). For token store roles, there are two additional
// possibilities: default-service and default-batch which specify the type to return unless the client requests
// a different type at generation time.
// +optional
// +kubebuilder:default:="default"
// +kubebuilder:validation:Enum:=service;batch;default
TokenType *string `json:"tokenType,omitempty"`
}
RoleParameters are the configurable fields of Auth Role
func (*RoleParameters) DeepCopy ¶ added in v0.3.1
func (in *RoleParameters) DeepCopy() *RoleParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleParameters.
func (*RoleParameters) DeepCopyInto ¶ added in v0.3.1
func (in *RoleParameters) DeepCopyInto(out *RoleParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoleSpec ¶ added in v0.3.1
type RoleSpec struct {
xpv1.ResourceSpec `json:",inline"`
ForProvider RoleParameters `json:"forProvider"`
}
A RoleSpec defines the desired state of a Role.
func (*RoleSpec) DeepCopy ¶ added in v0.3.1
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleSpec.
func (*RoleSpec) DeepCopyInto ¶ added in v0.3.1
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoleStatus ¶ added in v0.3.1
type RoleStatus struct {
xpv1.ResourceStatus `json:",inline"`
AtProvider RoleObservation `json:"atProvider,omitempty"`
}
A RoleStatus represents the observed state of a Role.
func (*RoleStatus) DeepCopy ¶ added in v0.3.1
func (in *RoleStatus) DeepCopy() *RoleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleStatus.
func (*RoleStatus) DeepCopyInto ¶ added in v0.3.1
func (in *RoleStatus) DeepCopyInto(out *RoleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files