v1alpha1

package
v1.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

+kubebuilder:object:generate=true +groupName=aws.vault.upbound.io +versionName=v1alpha1

Index

Constants

View Source 
const (
	CRDGroup   = "aws.vault.upbound.io"
	CRDVersion = "v1alpha1"
)

Package type metadata.

Variables

View Source 
var (
	// CRDGroupVersion is the API Group Version used to register the objects
	CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var (
	SecretBackendRole_Kind             = "SecretBackendRole"
	SecretBackendRole_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: SecretBackendRole_Kind}.String()
	SecretBackendRole_KindAPIVersion   = SecretBackendRole_Kind + "." + CRDGroupVersion.String()
	SecretBackendRole_GroupVersionKind = CRDGroupVersion.WithKind(SecretBackendRole_Kind)
)

Repository type metadata.

Functions

This section is empty.

Types

type SecretBackendRole added in v1.4.3 

type SecretBackendRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.backend) || (has(self.initProvider) && has(self.initProvider.backend))",message="spec.forProvider.backend is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.credentialType) || (has(self.initProvider) && has(self.initProvider.credentialType))",message="spec.forProvider.credentialType is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || (has(self.initProvider) && has(self.initProvider.name))",message="spec.forProvider.name is a required parameter"
	Spec   SecretBackendRoleSpec   `json:"spec"`
	Status SecretBackendRoleStatus `json:"status,omitempty"`
}

SecretBackendRole is the Schema for the SecretBackendRoles API. Creates a role on an AWS Secret Backend for Vault. +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*SecretBackendRole) DeepCopy added in v1.4.3 

func (in *SecretBackendRole) DeepCopy() *SecretBackendRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRole.

func (*SecretBackendRole) DeepCopyInto added in v1.4.3 

func (in *SecretBackendRole) DeepCopyInto(out *SecretBackendRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretBackendRole) DeepCopyObject added in v1.4.3 

func (in *SecretBackendRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretBackendRole) GetCondition added in v1.4.3 

func (mg *SecretBackendRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this SecretBackendRole.

func (*SecretBackendRole) GetConnectionDetailsMapping added in v1.4.3 

func (tr *SecretBackendRole) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this SecretBackendRole

func (*SecretBackendRole) GetDeletionPolicy added in v1.4.3 

func (mg *SecretBackendRole) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this SecretBackendRole.

func (*SecretBackendRole) GetID added in v1.4.3 

func (tr *SecretBackendRole) GetID() string

GetID returns ID of underlying Terraform resource of this SecretBackendRole

func (*SecretBackendRole) GetInitParameters added in v1.4.3 

func (tr *SecretBackendRole) GetInitParameters() (map[string]any, error)

GetInitParameters of this SecretBackendRole

func (*SecretBackendRole) GetManagementPolicies added in v1.4.3 

func (mg *SecretBackendRole) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this SecretBackendRole.

func (*SecretBackendRole) GetMergedParameters added in v1.4.3 

func (tr *SecretBackendRole) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error)

GetInitParameters of this SecretBackendRole

func (*SecretBackendRole) GetObservation added in v1.4.3 

func (tr *SecretBackendRole) GetObservation() (map[string]any, error)

GetObservation of this SecretBackendRole

func (*SecretBackendRole) GetParameters added in v1.4.3 

func (tr *SecretBackendRole) GetParameters() (map[string]any, error)

GetParameters of this SecretBackendRole

func (*SecretBackendRole) GetProviderConfigReference added in v1.4.3 

func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this SecretBackendRole.

func (*SecretBackendRole) GetPublishConnectionDetailsTo added in v1.4.3 

func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this SecretBackendRole.

func (*SecretBackendRole) GetTerraformResourceType added in v1.4.3 

func (mg *SecretBackendRole) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this SecretBackendRole

func (*SecretBackendRole) GetTerraformSchemaVersion added in v1.4.3 

func (tr *SecretBackendRole) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*SecretBackendRole) GetWriteConnectionSecretToReference added in v1.4.3 

func (mg *SecretBackendRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this SecretBackendRole.

func (*SecretBackendRole) Hub added in v1.4.3 

func (tr *SecretBackendRole) Hub()

Hub marks this type as a conversion hub.

func (*SecretBackendRole) LateInitialize added in v1.4.3 

func (tr *SecretBackendRole) LateInitialize(attrs []byte) (bool, error)

LateInitialize this SecretBackendRole using its observed tfState. returns True if there are any spec changes for the resource.

func (*SecretBackendRole) SetConditions added in v1.4.3 

func (mg *SecretBackendRole) SetConditions(c ...xpv1.Condition)

SetConditions of this SecretBackendRole.

func (*SecretBackendRole) SetDeletionPolicy added in v1.4.3 

func (mg *SecretBackendRole) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this SecretBackendRole.

func (*SecretBackendRole) SetManagementPolicies added in v1.4.3 

func (mg *SecretBackendRole) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this SecretBackendRole.

func (*SecretBackendRole) SetObservation added in v1.4.3 

func (tr *SecretBackendRole) SetObservation(obs map[string]any) error

SetObservation for this SecretBackendRole

func (*SecretBackendRole) SetParameters added in v1.4.3 

func (tr *SecretBackendRole) SetParameters(params map[string]any) error

SetParameters for this SecretBackendRole

func (*SecretBackendRole) SetProviderConfigReference added in v1.4.3 

func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this SecretBackendRole.

func (*SecretBackendRole) SetPublishConnectionDetailsTo added in v1.4.3 

func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this SecretBackendRole.

func (*SecretBackendRole) SetWriteConnectionSecretToReference added in v1.4.3 

func (mg *SecretBackendRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this SecretBackendRole.

type SecretBackendRoleInitParameters added in v1.4.3 

type SecretBackendRoleInitParameters struct {

	// The path the AWS secret backend is mounted at,
	// with no leading or trailing /s.
	// The path of the AWS Secret Backend the role belongs to.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of iam_user, assumed_role, or
	// federation_token.
	// Role credential type.
	CredentialType *string `json:"credentialType,omitempty" tf:"credential_type,omitempty"`

	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when credential_type is one of
	// assumed_role or federation_token.
	// The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.
	DefaultStsTTL *float64 `json:"defaultStsTtl,omitempty" tf:"default_sts_ttl,omitempty"`

	// External ID to set for assume role creds.
	// Valid only when credential_type is set to assumed_role.
	// External ID to set for assume role creds.
	ExternalID *string `json:"externalId,omitempty" tf:"external_id,omitempty"`

	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of assumed_role or federation_token, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in iam_groups combined with the policy_document
	// and policy_arns parameters.
	// A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.
	// +listType=set
	IAMGroups []*string `json:"iamGroups,omitempty" tf:"iam_groups,omitempty"`

	// A map of strings representing key/value pairs
	// to be used as tags for any IAM user that is created by this role.
	// A map of strings representing key/value pairs used as tags for any IAM user created by this role.
	// +mapType=granular
	IAMTags map[string]*string `json:"iamTags,omitempty" tf:"iam_tags,omitempty"`

	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is
	// one of assumed_role or federation_token.
	// The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token.
	MaxStsTTL *float64 `json:"maxStsTtl,omitempty" tf:"max_sts_ttl,omitempty"`

	// The name to identify this role within the backend.
	// Must be unique within the backend.
	// Unique name for the role.
	Name *string `json:"name,omitempty" tf:"name,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The ARN of the AWS Permissions
	// Boundary to attach to IAM users created in the role. Valid only when
	// credential_type is iam_user. If not specified, then no permissions boundary
	// policy will be attached.
	// The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached.
	PermissionsBoundaryArn *string `json:"permissionsBoundaryArn,omitempty" tf:"permissions_boundary_arn,omitempty"`

	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With iam_user, the policies will be
	// attached to IAM users when they are requested. With assumed_role and
	// federation_token, the policy ARNs will act as a filter on what the credentials
	// can do, similar to policy_document. When credential_type is iam_user or
	// federation_token, at least one of policy_document or policy_arns must
	// be specified.
	// ARN for an existing IAM policy the role should use.
	// +listType=set
	PolicyArns []*string `json:"policyArns,omitempty" tf:"policy_arns,omitempty"`

	// The IAM policy document for the role. The
	// behavior depends on the credential type. With iam_user, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With assumed_role and federation_token, the policy document will
	// act as a filter on what the credentials can do, similar to policy_arns.
	// IAM policy the role should use in JSON format.
	PolicyDocument *string `json:"policyDocument,omitempty" tf:"policy_document,omitempty"`

	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when credential_type is assumed_role and
	// prohibited otherwise.
	// ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'
	// +listType=set
	RoleArns []*string `json:"roleArns,omitempty" tf:"role_arns,omitempty"`

	// A map of strings representing key/value pairs to be set
	// during assume role creds creation. Valid only when credential_type is set to
	// assumed_role.
	// Session tags to be set for assume role creds created.
	// +mapType=granular
	SessionTags map[string]*string `json:"sessionTags,omitempty" tf:"session_tags,omitempty"`

	// The path for the user name. Valid only when
	// credential_type is iam_user. Default is /.
	// The path for the user name. Valid only when credential_type is iam_user. Default is /
	UserPath *string `json:"userPath,omitempty" tf:"user_path,omitempty"`
}

func (*SecretBackendRoleInitParameters) DeepCopy added in v1.4.3 

func (in *SecretBackendRoleInitParameters) DeepCopy() *SecretBackendRoleInitParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleInitParameters.

func (*SecretBackendRoleInitParameters) DeepCopyInto added in v1.4.3 

func (in *SecretBackendRoleInitParameters) DeepCopyInto(out *SecretBackendRoleInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRoleList added in v1.4.3 

type SecretBackendRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretBackendRole `json:"items"`
}

SecretBackendRoleList contains a list of SecretBackendRoles

func (*SecretBackendRoleList) DeepCopy added in v1.4.3 

func (in *SecretBackendRoleList) DeepCopy() *SecretBackendRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleList.

func (*SecretBackendRoleList) DeepCopyInto added in v1.4.3 

func (in *SecretBackendRoleList) DeepCopyInto(out *SecretBackendRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretBackendRoleList) DeepCopyObject added in v1.4.3 

func (in *SecretBackendRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretBackendRoleList) GetItems added in v1.4.3 

func (l *SecretBackendRoleList) GetItems() []resource.Managed

GetItems of this SecretBackendRoleList.

type SecretBackendRoleObservation added in v1.4.3 

type SecretBackendRoleObservation struct {

	// The path the AWS secret backend is mounted at,
	// with no leading or trailing /s.
	// The path of the AWS Secret Backend the role belongs to.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of iam_user, assumed_role, or
	// federation_token.
	// Role credential type.
	CredentialType *string `json:"credentialType,omitempty" tf:"credential_type,omitempty"`

	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when credential_type is one of
	// assumed_role or federation_token.
	// The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.
	DefaultStsTTL *float64 `json:"defaultStsTtl,omitempty" tf:"default_sts_ttl,omitempty"`

	// External ID to set for assume role creds.
	// Valid only when credential_type is set to assumed_role.
	// External ID to set for assume role creds.
	ExternalID *string `json:"externalId,omitempty" tf:"external_id,omitempty"`

	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of assumed_role or federation_token, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in iam_groups combined with the policy_document
	// and policy_arns parameters.
	// A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.
	// +listType=set
	IAMGroups []*string `json:"iamGroups,omitempty" tf:"iam_groups,omitempty"`

	// A map of strings representing key/value pairs
	// to be used as tags for any IAM user that is created by this role.
	// A map of strings representing key/value pairs used as tags for any IAM user created by this role.
	// +mapType=granular
	IAMTags map[string]*string `json:"iamTags,omitempty" tf:"iam_tags,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is
	// one of assumed_role or federation_token.
	// The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token.
	MaxStsTTL *float64 `json:"maxStsTtl,omitempty" tf:"max_sts_ttl,omitempty"`

	// The name to identify this role within the backend.
	// Must be unique within the backend.
	// Unique name for the role.
	Name *string `json:"name,omitempty" tf:"name,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The ARN of the AWS Permissions
	// Boundary to attach to IAM users created in the role. Valid only when
	// credential_type is iam_user. If not specified, then no permissions boundary
	// policy will be attached.
	// The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached.
	PermissionsBoundaryArn *string `json:"permissionsBoundaryArn,omitempty" tf:"permissions_boundary_arn,omitempty"`

	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With iam_user, the policies will be
	// attached to IAM users when they are requested. With assumed_role and
	// federation_token, the policy ARNs will act as a filter on what the credentials
	// can do, similar to policy_document. When credential_type is iam_user or
	// federation_token, at least one of policy_document or policy_arns must
	// be specified.
	// ARN for an existing IAM policy the role should use.
	// +listType=set
	PolicyArns []*string `json:"policyArns,omitempty" tf:"policy_arns,omitempty"`

	// The IAM policy document for the role. The
	// behavior depends on the credential type. With iam_user, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With assumed_role and federation_token, the policy document will
	// act as a filter on what the credentials can do, similar to policy_arns.
	// IAM policy the role should use in JSON format.
	PolicyDocument *string `json:"policyDocument,omitempty" tf:"policy_document,omitempty"`

	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when credential_type is assumed_role and
	// prohibited otherwise.
	// ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'
	// +listType=set
	RoleArns []*string `json:"roleArns,omitempty" tf:"role_arns,omitempty"`

	// A map of strings representing key/value pairs to be set
	// during assume role creds creation. Valid only when credential_type is set to
	// assumed_role.
	// Session tags to be set for assume role creds created.
	// +mapType=granular
	SessionTags map[string]*string `json:"sessionTags,omitempty" tf:"session_tags,omitempty"`

	// The path for the user name. Valid only when
	// credential_type is iam_user. Default is /.
	// The path for the user name. Valid only when credential_type is iam_user. Default is /
	UserPath *string `json:"userPath,omitempty" tf:"user_path,omitempty"`
}

func (*SecretBackendRoleObservation) DeepCopy added in v1.4.3 

func (in *SecretBackendRoleObservation) DeepCopy() *SecretBackendRoleObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleObservation.

func (*SecretBackendRoleObservation) DeepCopyInto added in v1.4.3 

func (in *SecretBackendRoleObservation) DeepCopyInto(out *SecretBackendRoleObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRoleParameters added in v1.4.3 

type SecretBackendRoleParameters struct {

	// The path the AWS secret backend is mounted at,
	// with no leading or trailing /s.
	// The path of the AWS Secret Backend the role belongs to.
	// +kubebuilder:validation:Optional
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of iam_user, assumed_role, or
	// federation_token.
	// Role credential type.
	// +kubebuilder:validation:Optional
	CredentialType *string `json:"credentialType,omitempty" tf:"credential_type,omitempty"`

	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when credential_type is one of
	// assumed_role or federation_token.
	// The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.
	// +kubebuilder:validation:Optional
	DefaultStsTTL *float64 `json:"defaultStsTtl,omitempty" tf:"default_sts_ttl,omitempty"`

	// External ID to set for assume role creds.
	// Valid only when credential_type is set to assumed_role.
	// External ID to set for assume role creds.
	// +kubebuilder:validation:Optional
	ExternalID *string `json:"externalId,omitempty" tf:"external_id,omitempty"`

	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of assumed_role or federation_token, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in iam_groups combined with the policy_document
	// and policy_arns parameters.
	// A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.
	// +kubebuilder:validation:Optional
	// +listType=set
	IAMGroups []*string `json:"iamGroups,omitempty" tf:"iam_groups,omitempty"`

	// A map of strings representing key/value pairs
	// to be used as tags for any IAM user that is created by this role.
	// A map of strings representing key/value pairs used as tags for any IAM user created by this role.
	// +kubebuilder:validation:Optional
	// +mapType=granular
	IAMTags map[string]*string `json:"iamTags,omitempty" tf:"iam_tags,omitempty"`

	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is
	// one of assumed_role or federation_token.
	// The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token.
	// +kubebuilder:validation:Optional
	MaxStsTTL *float64 `json:"maxStsTtl,omitempty" tf:"max_sts_ttl,omitempty"`

	// The name to identify this role within the backend.
	// Must be unique within the backend.
	// Unique name for the role.
	// +kubebuilder:validation:Optional
	Name *string `json:"name,omitempty" tf:"name,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The ARN of the AWS Permissions
	// Boundary to attach to IAM users created in the role. Valid only when
	// credential_type is iam_user. If not specified, then no permissions boundary
	// policy will be attached.
	// The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached.
	// +kubebuilder:validation:Optional
	PermissionsBoundaryArn *string `json:"permissionsBoundaryArn,omitempty" tf:"permissions_boundary_arn,omitempty"`

	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With iam_user, the policies will be
	// attached to IAM users when they are requested. With assumed_role and
	// federation_token, the policy ARNs will act as a filter on what the credentials
	// can do, similar to policy_document. When credential_type is iam_user or
	// federation_token, at least one of policy_document or policy_arns must
	// be specified.
	// ARN for an existing IAM policy the role should use.
	// +kubebuilder:validation:Optional
	// +listType=set
	PolicyArns []*string `json:"policyArns,omitempty" tf:"policy_arns,omitempty"`

	// The IAM policy document for the role. The
	// behavior depends on the credential type. With iam_user, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With assumed_role and federation_token, the policy document will
	// act as a filter on what the credentials can do, similar to policy_arns.
	// IAM policy the role should use in JSON format.
	// +kubebuilder:validation:Optional
	PolicyDocument *string `json:"policyDocument,omitempty" tf:"policy_document,omitempty"`

	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when credential_type is assumed_role and
	// prohibited otherwise.
	// ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'
	// +kubebuilder:validation:Optional
	// +listType=set
	RoleArns []*string `json:"roleArns,omitempty" tf:"role_arns,omitempty"`

	// A map of strings representing key/value pairs to be set
	// during assume role creds creation. Valid only when credential_type is set to
	// assumed_role.
	// Session tags to be set for assume role creds created.
	// +kubebuilder:validation:Optional
	// +mapType=granular
	SessionTags map[string]*string `json:"sessionTags,omitempty" tf:"session_tags,omitempty"`

	// The path for the user name. Valid only when
	// credential_type is iam_user. Default is /.
	// The path for the user name. Valid only when credential_type is iam_user. Default is /
	// +kubebuilder:validation:Optional
	UserPath *string `json:"userPath,omitempty" tf:"user_path,omitempty"`
}

func (*SecretBackendRoleParameters) DeepCopy added in v1.4.3 

func (in *SecretBackendRoleParameters) DeepCopy() *SecretBackendRoleParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleParameters.

func (*SecretBackendRoleParameters) DeepCopyInto added in v1.4.3 

func (in *SecretBackendRoleParameters) DeepCopyInto(out *SecretBackendRoleParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRoleSpec added in v1.4.3 

type SecretBackendRoleSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     SecretBackendRoleParameters `json:"forProvider"`
	// THIS IS A BETA FIELD. It will be honored
	// unless the Management Policies feature flag is disabled.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider SecretBackendRoleInitParameters `json:"initProvider,omitempty"`
}

SecretBackendRoleSpec defines the desired state of SecretBackendRole

func (*SecretBackendRoleSpec) DeepCopy added in v1.4.3 

func (in *SecretBackendRoleSpec) DeepCopy() *SecretBackendRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleSpec.

func (*SecretBackendRoleSpec) DeepCopyInto added in v1.4.3 

func (in *SecretBackendRoleSpec) DeepCopyInto(out *SecretBackendRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRoleStatus added in v1.4.3 

type SecretBackendRoleStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        SecretBackendRoleObservation `json:"atProvider,omitempty"`
}

SecretBackendRoleStatus defines the observed state of SecretBackendRole.

func (*SecretBackendRoleStatus) DeepCopy added in v1.4.3 

func (in *SecretBackendRoleStatus) DeepCopy() *SecretBackendRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleStatus.

func (*SecretBackendRoleStatus) DeepCopyInto added in v1.4.3 

func (in *SecretBackendRoleStatus) DeepCopyInto(out *SecretBackendRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.