v1alpha1

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 14, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

+kubebuilder:object:generate=true +groupName=kubernetes.vault.upbound.io +versionName=v1alpha1

Index

Constants

View Source
const (
	CRDGroup   = "kubernetes.vault.upbound.io"
	CRDVersion = "v1alpha1"
)

Package type metadata.

Variables

View Source
var (
	AuthBackendConfig_Kind             = "AuthBackendConfig"
	AuthBackendConfig_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: AuthBackendConfig_Kind}.String()
	AuthBackendConfig_KindAPIVersion   = AuthBackendConfig_Kind + "." + CRDGroupVersion.String()
	AuthBackendConfig_GroupVersionKind = CRDGroupVersion.WithKind(AuthBackendConfig_Kind)
)

Repository type metadata.

View Source
var (
	AuthBackendRole_Kind             = "AuthBackendRole"
	AuthBackendRole_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: AuthBackendRole_Kind}.String()
	AuthBackendRole_KindAPIVersion   = AuthBackendRole_Kind + "." + CRDGroupVersion.String()
	AuthBackendRole_GroupVersionKind = CRDGroupVersion.WithKind(AuthBackendRole_Kind)
)

Repository type metadata.

View Source
var (
	// CRDGroupVersion is the API Group Version used to register the objects
	CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var (
	SecretBackend_Kind             = "SecretBackend"
	SecretBackend_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: SecretBackend_Kind}.String()
	SecretBackend_KindAPIVersion   = SecretBackend_Kind + "." + CRDGroupVersion.String()
	SecretBackend_GroupVersionKind = CRDGroupVersion.WithKind(SecretBackend_Kind)
)

Repository type metadata.

View Source
var (
	SecretBackendRole_Kind             = "SecretBackendRole"
	SecretBackendRole_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: SecretBackendRole_Kind}.String()
	SecretBackendRole_KindAPIVersion   = SecretBackendRole_Kind + "." + CRDGroupVersion.String()
	SecretBackendRole_GroupVersionKind = CRDGroupVersion.WithKind(SecretBackendRole_Kind)
)

Repository type metadata.

Functions

This section is empty.

Types

type AuthBackendConfig

type AuthBackendConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.kubernetesHost) || has(self.initProvider.kubernetesHost)",message="kubernetesHost is a required parameter"
	Spec   AuthBackendConfigSpec   `json:"spec"`
	Status AuthBackendConfigStatus `json:"status,omitempty"`
}

AuthBackendConfig is the Schema for the AuthBackendConfigs API. Manages Kubernetes auth backend configs in Vault. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*AuthBackendConfig) DeepCopy

func (in *AuthBackendConfig) DeepCopy() *AuthBackendConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendConfig.

func (*AuthBackendConfig) DeepCopyInto

func (in *AuthBackendConfig) DeepCopyInto(out *AuthBackendConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthBackendConfig) DeepCopyObject

func (in *AuthBackendConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthBackendConfig) GetCondition

func (mg *AuthBackendConfig) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this AuthBackendConfig.

func (*AuthBackendConfig) GetConnectionDetailsMapping

func (tr *AuthBackendConfig) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this AuthBackendConfig

func (*AuthBackendConfig) GetDeletionPolicy

func (mg *AuthBackendConfig) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this AuthBackendConfig.

func (*AuthBackendConfig) GetID

func (tr *AuthBackendConfig) GetID() string

GetID returns ID of underlying Terraform resource of this AuthBackendConfig

func (*AuthBackendConfig) GetInitParameters added in v0.2.0

func (tr *AuthBackendConfig) GetInitParameters() (map[string]any, error)

GetInitParameters of this AuthBackendConfig

func (*AuthBackendConfig) GetManagementPolicies added in v0.2.0

func (mg *AuthBackendConfig) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this AuthBackendConfig.

func (*AuthBackendConfig) GetObservation

func (tr *AuthBackendConfig) GetObservation() (map[string]any, error)

GetObservation of this AuthBackendConfig

func (*AuthBackendConfig) GetParameters

func (tr *AuthBackendConfig) GetParameters() (map[string]any, error)

GetParameters of this AuthBackendConfig

func (*AuthBackendConfig) GetProviderConfigReference

func (mg *AuthBackendConfig) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this AuthBackendConfig.

func (*AuthBackendConfig) GetProviderReference

func (mg *AuthBackendConfig) GetProviderReference() *xpv1.Reference

GetProviderReference of this AuthBackendConfig. Deprecated: Use GetProviderConfigReference.

func (*AuthBackendConfig) GetPublishConnectionDetailsTo

func (mg *AuthBackendConfig) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this AuthBackendConfig.

func (*AuthBackendConfig) GetTerraformResourceType

func (mg *AuthBackendConfig) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this AuthBackendConfig

func (*AuthBackendConfig) GetTerraformSchemaVersion

func (tr *AuthBackendConfig) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*AuthBackendConfig) GetWriteConnectionSecretToReference

func (mg *AuthBackendConfig) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this AuthBackendConfig.

func (*AuthBackendConfig) LateInitialize

func (tr *AuthBackendConfig) LateInitialize(attrs []byte) (bool, error)

LateInitialize this AuthBackendConfig using its observed tfState. returns True if there are any spec changes for the resource.

func (*AuthBackendConfig) SetConditions

func (mg *AuthBackendConfig) SetConditions(c ...xpv1.Condition)

SetConditions of this AuthBackendConfig.

func (*AuthBackendConfig) SetDeletionPolicy

func (mg *AuthBackendConfig) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this AuthBackendConfig.

func (*AuthBackendConfig) SetManagementPolicies added in v0.2.0

func (mg *AuthBackendConfig) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this AuthBackendConfig.

func (*AuthBackendConfig) SetObservation

func (tr *AuthBackendConfig) SetObservation(obs map[string]any) error

SetObservation for this AuthBackendConfig

func (*AuthBackendConfig) SetParameters

func (tr *AuthBackendConfig) SetParameters(params map[string]any) error

SetParameters for this AuthBackendConfig

func (*AuthBackendConfig) SetProviderConfigReference

func (mg *AuthBackendConfig) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this AuthBackendConfig.

func (*AuthBackendConfig) SetProviderReference

func (mg *AuthBackendConfig) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this AuthBackendConfig. Deprecated: Use SetProviderConfigReference.

func (*AuthBackendConfig) SetPublishConnectionDetailsTo

func (mg *AuthBackendConfig) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this AuthBackendConfig.

func (*AuthBackendConfig) SetWriteConnectionSecretToReference

func (mg *AuthBackendConfig) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this AuthBackendConfig.

type AuthBackendConfigInitParameters added in v0.2.0

type AuthBackendConfigInitParameters struct {

	// Unique name of the kubernetes backend to configure.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+
	// Optional disable JWT issuer validation. Allows to skip ISS validation.
	DisableIssValidation *bool `json:"disableIssValidation,omitempty" tf:"disable_iss_validation,omitempty"`

	// Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+
	// Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.
	DisableLocalCAJwt *bool `json:"disableLocalCaJwt,omitempty" tf:"disable_local_ca_jwt,omitempty"`

	// JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.
	// Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.
	Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"`

	// PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
	// PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
	KubernetesCACert *string `json:"kubernetesCaCert,omitempty" tf:"kubernetes_ca_cert,omitempty"`

	// Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	// Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	KubernetesHost *string `json:"kubernetesHost,omitempty" tf:"kubernetes_host,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	// Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	PemKeys []*string `json:"pemKeys,omitempty" tf:"pem_keys,omitempty"`
}

func (*AuthBackendConfigInitParameters) DeepCopy added in v0.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendConfigInitParameters.

func (*AuthBackendConfigInitParameters) DeepCopyInto added in v0.2.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendConfigList

type AuthBackendConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthBackendConfig `json:"items"`
}

AuthBackendConfigList contains a list of AuthBackendConfigs

func (*AuthBackendConfigList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendConfigList.

func (*AuthBackendConfigList) DeepCopyInto

func (in *AuthBackendConfigList) DeepCopyInto(out *AuthBackendConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthBackendConfigList) DeepCopyObject

func (in *AuthBackendConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthBackendConfigList) GetItems

func (l *AuthBackendConfigList) GetItems() []resource.Managed

GetItems of this AuthBackendConfigList.

type AuthBackendConfigObservation

type AuthBackendConfigObservation struct {

	// Unique name of the kubernetes backend to configure.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+
	// Optional disable JWT issuer validation. Allows to skip ISS validation.
	DisableIssValidation *bool `json:"disableIssValidation,omitempty" tf:"disable_iss_validation,omitempty"`

	// Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+
	// Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.
	DisableLocalCAJwt *bool `json:"disableLocalCaJwt,omitempty" tf:"disable_local_ca_jwt,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.
	// Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.
	Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"`

	// PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
	// PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
	KubernetesCACert *string `json:"kubernetesCaCert,omitempty" tf:"kubernetes_ca_cert,omitempty"`

	// Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	// Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	KubernetesHost *string `json:"kubernetesHost,omitempty" tf:"kubernetes_host,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	// Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	PemKeys []*string `json:"pemKeys,omitempty" tf:"pem_keys,omitempty"`
}

func (*AuthBackendConfigObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendConfigObservation.

func (*AuthBackendConfigObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendConfigParameters

type AuthBackendConfigParameters struct {

	// Unique name of the kubernetes backend to configure.
	// +kubebuilder:validation:Optional
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+
	// Optional disable JWT issuer validation. Allows to skip ISS validation.
	// +kubebuilder:validation:Optional
	DisableIssValidation *bool `json:"disableIssValidation,omitempty" tf:"disable_iss_validation,omitempty"`

	// Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+
	// Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.
	// +kubebuilder:validation:Optional
	DisableLocalCAJwt *bool `json:"disableLocalCaJwt,omitempty" tf:"disable_local_ca_jwt,omitempty"`

	// JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.
	// Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.
	// +kubebuilder:validation:Optional
	Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"`

	// PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
	// PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
	// +kubebuilder:validation:Optional
	KubernetesCACert *string `json:"kubernetesCaCert,omitempty" tf:"kubernetes_ca_cert,omitempty"`

	// Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	// Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	// +kubebuilder:validation:Optional
	KubernetesHost *string `json:"kubernetesHost,omitempty" tf:"kubernetes_host,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	// Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	// +kubebuilder:validation:Optional
	PemKeys []*string `json:"pemKeys,omitempty" tf:"pem_keys,omitempty"`

	// A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
	// A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
	// +kubebuilder:validation:Optional
	TokenReviewerJwtSecretRef *v1.SecretKeySelector `json:"tokenReviewerJwtSecretRef,omitempty" tf:"-"`
}

func (*AuthBackendConfigParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendConfigParameters.

func (*AuthBackendConfigParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendConfigSpec

type AuthBackendConfigSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     AuthBackendConfigParameters `json:"forProvider"`
	// THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
	// unless the relevant Crossplane feature flag is enabled, and may be
	// changed or removed without notice.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider AuthBackendConfigInitParameters `json:"initProvider,omitempty"`
}

AuthBackendConfigSpec defines the desired state of AuthBackendConfig

func (*AuthBackendConfigSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendConfigSpec.

func (*AuthBackendConfigSpec) DeepCopyInto

func (in *AuthBackendConfigSpec) DeepCopyInto(out *AuthBackendConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendConfigStatus

type AuthBackendConfigStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        AuthBackendConfigObservation `json:"atProvider,omitempty"`
}

AuthBackendConfigStatus defines the observed state of AuthBackendConfig.

func (*AuthBackendConfigStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendConfigStatus.

func (*AuthBackendConfigStatus) DeepCopyInto

func (in *AuthBackendConfigStatus) DeepCopyInto(out *AuthBackendConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRole

type AuthBackendRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.boundServiceAccountNames) || has(self.initProvider.boundServiceAccountNames)",message="boundServiceAccountNames is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.boundServiceAccountNamespaces) || has(self.initProvider.boundServiceAccountNamespaces)",message="boundServiceAccountNamespaces is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.roleName) || has(self.initProvider.roleName)",message="roleName is a required parameter"
	Spec   AuthBackendRoleSpec   `json:"spec"`
	Status AuthBackendRoleStatus `json:"status,omitempty"`
}

AuthBackendRole is the Schema for the AuthBackendRoles API. Manages Kubernetes auth backend roles in Vault. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*AuthBackendRole) DeepCopy

func (in *AuthBackendRole) DeepCopy() *AuthBackendRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRole.

func (*AuthBackendRole) DeepCopyInto

func (in *AuthBackendRole) DeepCopyInto(out *AuthBackendRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthBackendRole) DeepCopyObject

func (in *AuthBackendRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthBackendRole) GetCondition

func (mg *AuthBackendRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this AuthBackendRole.

func (*AuthBackendRole) GetConnectionDetailsMapping

func (tr *AuthBackendRole) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this AuthBackendRole

func (*AuthBackendRole) GetDeletionPolicy

func (mg *AuthBackendRole) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this AuthBackendRole.

func (*AuthBackendRole) GetID

func (tr *AuthBackendRole) GetID() string

GetID returns ID of underlying Terraform resource of this AuthBackendRole

func (*AuthBackendRole) GetInitParameters added in v0.2.0

func (tr *AuthBackendRole) GetInitParameters() (map[string]any, error)

GetInitParameters of this AuthBackendRole

func (*AuthBackendRole) GetManagementPolicies added in v0.2.0

func (mg *AuthBackendRole) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this AuthBackendRole.

func (*AuthBackendRole) GetObservation

func (tr *AuthBackendRole) GetObservation() (map[string]any, error)

GetObservation of this AuthBackendRole

func (*AuthBackendRole) GetParameters

func (tr *AuthBackendRole) GetParameters() (map[string]any, error)

GetParameters of this AuthBackendRole

func (*AuthBackendRole) GetProviderConfigReference

func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this AuthBackendRole.

func (*AuthBackendRole) GetProviderReference

func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference

GetProviderReference of this AuthBackendRole. Deprecated: Use GetProviderConfigReference.

func (*AuthBackendRole) GetPublishConnectionDetailsTo

func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this AuthBackendRole.

func (*AuthBackendRole) GetTerraformResourceType

func (mg *AuthBackendRole) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this AuthBackendRole

func (*AuthBackendRole) GetTerraformSchemaVersion

func (tr *AuthBackendRole) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*AuthBackendRole) GetWriteConnectionSecretToReference

func (mg *AuthBackendRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this AuthBackendRole.

func (*AuthBackendRole) LateInitialize

func (tr *AuthBackendRole) LateInitialize(attrs []byte) (bool, error)

LateInitialize this AuthBackendRole using its observed tfState. returns True if there are any spec changes for the resource.

func (*AuthBackendRole) SetConditions

func (mg *AuthBackendRole) SetConditions(c ...xpv1.Condition)

SetConditions of this AuthBackendRole.

func (*AuthBackendRole) SetDeletionPolicy

func (mg *AuthBackendRole) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this AuthBackendRole.

func (*AuthBackendRole) SetManagementPolicies added in v0.2.0

func (mg *AuthBackendRole) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this AuthBackendRole.

func (*AuthBackendRole) SetObservation

func (tr *AuthBackendRole) SetObservation(obs map[string]any) error

SetObservation for this AuthBackendRole

func (*AuthBackendRole) SetParameters

func (tr *AuthBackendRole) SetParameters(params map[string]any) error

SetParameters for this AuthBackendRole

func (*AuthBackendRole) SetProviderConfigReference

func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this AuthBackendRole.

func (*AuthBackendRole) SetProviderReference

func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this AuthBackendRole. Deprecated: Use SetProviderConfigReference.

func (*AuthBackendRole) SetPublishConnectionDetailsTo

func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this AuthBackendRole.

func (*AuthBackendRole) SetWriteConnectionSecretToReference

func (mg *AuthBackendRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this AuthBackendRole.

type AuthBackendRoleInitParameters added in v0.2.0

type AuthBackendRoleInitParameters struct {

	// Configures how identity aliases are generated.
	// Valid choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+)
	// Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name
	AliasNameSource *string `json:"aliasNameSource,omitempty" tf:"alias_name_source,omitempty"`

	// Audience claim to verify in the JWT.
	// Optional Audience claim to verify in the JWT.
	Audience *string `json:"audience,omitempty" tf:"audience,omitempty"`

	// Unique name of the kubernetes backend to configure.
	// Unique name of the kubernetes backend to configure.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// List of service account names able to access this role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces can not be "*".
	// List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
	BoundServiceAccountNames []*string `json:"boundServiceAccountNames,omitempty" tf:"bound_service_account_names,omitempty"`

	// List of namespaces allowed to access this role. If set to ["*"] all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
	// List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
	BoundServiceAccountNamespaces []*string `json:"boundServiceAccountNamespaces,omitempty" tf:"bound_service_account_namespaces,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// Name of the role.
	// Name of the role.
	RoleName *string `json:"roleName,omitempty" tf:"role_name,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs []*string `json:"tokenBoundCidrs,omitempty" tf:"token_bound_cidrs,omitempty"`

	// If set, will encode an
	// explicit max TTL
	// onto the token in number of seconds. This is a hard cap even if token_ttl and
	// token_max_ttl would otherwise allow a renewal.
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTTL *float64 `json:"tokenExplicitMaxTtl,omitempty" tf:"token_explicit_max_ttl,omitempty"`

	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	// The maximum lifetime of the generated token
	TokenMaxTTL *float64 `json:"tokenMaxTtl,omitempty" tf:"token_max_ttl,omitempty"`

	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy *bool `json:"tokenNoDefaultPolicy,omitempty" tf:"token_no_default_policy,omitempty"`

	// The maximum number
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses *float64 `json:"tokenNumUses,omitempty" tf:"token_num_uses,omitempty"`

	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	// Generated Token's Period
	TokenPeriod *float64 `json:"tokenPeriod,omitempty" tf:"token_period,omitempty"`

	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	// Generated Token's Policies
	TokenPolicies []*string `json:"tokenPolicies,omitempty" tf:"token_policies,omitempty"`

	// The initial ttl of the token to generate in seconds
	TokenTTL *float64 `json:"tokenTtl,omitempty" tf:"token_ttl,omitempty"`

	// The type of token that should be generated. Can be service,
	// batch, or default to use the mount's tuned default (which unless changed will be
	// service tokens). For token store roles, there are two additional possibilities:
	// default-service and default-batch which specify the type to return unless the client
	// requests a different type at generation time.
	// The type of token to generate, service or batch
	TokenType *string `json:"tokenType,omitempty" tf:"token_type,omitempty"`
}

func (*AuthBackendRoleInitParameters) DeepCopy added in v0.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleInitParameters.

func (*AuthBackendRoleInitParameters) DeepCopyInto added in v0.2.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRoleList

type AuthBackendRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthBackendRole `json:"items"`
}

AuthBackendRoleList contains a list of AuthBackendRoles

func (*AuthBackendRoleList) DeepCopy

func (in *AuthBackendRoleList) DeepCopy() *AuthBackendRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleList.

func (*AuthBackendRoleList) DeepCopyInto

func (in *AuthBackendRoleList) DeepCopyInto(out *AuthBackendRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthBackendRoleList) DeepCopyObject

func (in *AuthBackendRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthBackendRoleList) GetItems

func (l *AuthBackendRoleList) GetItems() []resource.Managed

GetItems of this AuthBackendRoleList.

type AuthBackendRoleObservation

type AuthBackendRoleObservation struct {

	// Configures how identity aliases are generated.
	// Valid choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+)
	// Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name
	AliasNameSource *string `json:"aliasNameSource,omitempty" tf:"alias_name_source,omitempty"`

	// Audience claim to verify in the JWT.
	// Optional Audience claim to verify in the JWT.
	Audience *string `json:"audience,omitempty" tf:"audience,omitempty"`

	// Unique name of the kubernetes backend to configure.
	// Unique name of the kubernetes backend to configure.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// List of service account names able to access this role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces can not be "*".
	// List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
	BoundServiceAccountNames []*string `json:"boundServiceAccountNames,omitempty" tf:"bound_service_account_names,omitempty"`

	// List of namespaces allowed to access this role. If set to ["*"] all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
	// List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
	BoundServiceAccountNamespaces []*string `json:"boundServiceAccountNamespaces,omitempty" tf:"bound_service_account_namespaces,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// Name of the role.
	// Name of the role.
	RoleName *string `json:"roleName,omitempty" tf:"role_name,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs []*string `json:"tokenBoundCidrs,omitempty" tf:"token_bound_cidrs,omitempty"`

	// If set, will encode an
	// explicit max TTL
	// onto the token in number of seconds. This is a hard cap even if token_ttl and
	// token_max_ttl would otherwise allow a renewal.
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTTL *float64 `json:"tokenExplicitMaxTtl,omitempty" tf:"token_explicit_max_ttl,omitempty"`

	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	// The maximum lifetime of the generated token
	TokenMaxTTL *float64 `json:"tokenMaxTtl,omitempty" tf:"token_max_ttl,omitempty"`

	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy *bool `json:"tokenNoDefaultPolicy,omitempty" tf:"token_no_default_policy,omitempty"`

	// The maximum number
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses *float64 `json:"tokenNumUses,omitempty" tf:"token_num_uses,omitempty"`

	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	// Generated Token's Period
	TokenPeriod *float64 `json:"tokenPeriod,omitempty" tf:"token_period,omitempty"`

	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	// Generated Token's Policies
	TokenPolicies []*string `json:"tokenPolicies,omitempty" tf:"token_policies,omitempty"`

	// The initial ttl of the token to generate in seconds
	TokenTTL *float64 `json:"tokenTtl,omitempty" tf:"token_ttl,omitempty"`

	// The type of token that should be generated. Can be service,
	// batch, or default to use the mount's tuned default (which unless changed will be
	// service tokens). For token store roles, there are two additional possibilities:
	// default-service and default-batch which specify the type to return unless the client
	// requests a different type at generation time.
	// The type of token to generate, service or batch
	TokenType *string `json:"tokenType,omitempty" tf:"token_type,omitempty"`
}

func (*AuthBackendRoleObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleObservation.

func (*AuthBackendRoleObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRoleParameters

type AuthBackendRoleParameters struct {

	// Configures how identity aliases are generated.
	// Valid choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+)
	// Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name
	// +kubebuilder:validation:Optional
	AliasNameSource *string `json:"aliasNameSource,omitempty" tf:"alias_name_source,omitempty"`

	// Audience claim to verify in the JWT.
	// Optional Audience claim to verify in the JWT.
	// +kubebuilder:validation:Optional
	Audience *string `json:"audience,omitempty" tf:"audience,omitempty"`

	// Unique name of the kubernetes backend to configure.
	// Unique name of the kubernetes backend to configure.
	// +kubebuilder:validation:Optional
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// List of service account names able to access this role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces can not be "*".
	// List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*".
	// +kubebuilder:validation:Optional
	BoundServiceAccountNames []*string `json:"boundServiceAccountNames,omitempty" tf:"bound_service_account_names,omitempty"`

	// List of namespaces allowed to access this role. If set to ["*"] all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
	// List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
	// +kubebuilder:validation:Optional
	BoundServiceAccountNamespaces []*string `json:"boundServiceAccountNamespaces,omitempty" tf:"bound_service_account_namespaces,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// Name of the role.
	// Name of the role.
	// +kubebuilder:validation:Optional
	RoleName *string `json:"roleName,omitempty" tf:"role_name,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	// +kubebuilder:validation:Optional
	TokenBoundCidrs []*string `json:"tokenBoundCidrs,omitempty" tf:"token_bound_cidrs,omitempty"`

	// If set, will encode an
	// explicit max TTL
	// onto the token in number of seconds. This is a hard cap even if token_ttl and
	// token_max_ttl would otherwise allow a renewal.
	// Generated Token's Explicit Maximum TTL in seconds
	// +kubebuilder:validation:Optional
	TokenExplicitMaxTTL *float64 `json:"tokenExplicitMaxTtl,omitempty" tf:"token_explicit_max_ttl,omitempty"`

	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	// The maximum lifetime of the generated token
	// +kubebuilder:validation:Optional
	TokenMaxTTL *float64 `json:"tokenMaxTtl,omitempty" tf:"token_max_ttl,omitempty"`

	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	// If true, the 'default' policy will not automatically be added to generated tokens
	// +kubebuilder:validation:Optional
	TokenNoDefaultPolicy *bool `json:"tokenNoDefaultPolicy,omitempty" tf:"token_no_default_policy,omitempty"`

	// The maximum number
	// of times a generated token may be used (within its lifetime); 0 means unlimited.
	// The maximum number of times a token may be used, a value of zero means unlimited
	// +kubebuilder:validation:Optional
	TokenNumUses *float64 `json:"tokenNumUses,omitempty" tf:"token_num_uses,omitempty"`

	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	// Generated Token's Period
	// +kubebuilder:validation:Optional
	TokenPeriod *float64 `json:"tokenPeriod,omitempty" tf:"token_period,omitempty"`

	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	// Generated Token's Policies
	// +kubebuilder:validation:Optional
	TokenPolicies []*string `json:"tokenPolicies,omitempty" tf:"token_policies,omitempty"`

	// The initial ttl of the token to generate in seconds
	// +kubebuilder:validation:Optional
	TokenTTL *float64 `json:"tokenTtl,omitempty" tf:"token_ttl,omitempty"`

	// The type of token that should be generated. Can be service,
	// batch, or default to use the mount's tuned default (which unless changed will be
	// service tokens). For token store roles, there are two additional possibilities:
	// default-service and default-batch which specify the type to return unless the client
	// requests a different type at generation time.
	// The type of token to generate, service or batch
	// +kubebuilder:validation:Optional
	TokenType *string `json:"tokenType,omitempty" tf:"token_type,omitempty"`
}

func (*AuthBackendRoleParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleParameters.

func (*AuthBackendRoleParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRoleSpec

type AuthBackendRoleSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     AuthBackendRoleParameters `json:"forProvider"`
	// THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
	// unless the relevant Crossplane feature flag is enabled, and may be
	// changed or removed without notice.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider AuthBackendRoleInitParameters `json:"initProvider,omitempty"`
}

AuthBackendRoleSpec defines the desired state of AuthBackendRole

func (*AuthBackendRoleSpec) DeepCopy

func (in *AuthBackendRoleSpec) DeepCopy() *AuthBackendRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleSpec.

func (*AuthBackendRoleSpec) DeepCopyInto

func (in *AuthBackendRoleSpec) DeepCopyInto(out *AuthBackendRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRoleStatus

type AuthBackendRoleStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        AuthBackendRoleObservation `json:"atProvider,omitempty"`
}

AuthBackendRoleStatus defines the observed state of AuthBackendRole.

func (*AuthBackendRoleStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleStatus.

func (*AuthBackendRoleStatus) DeepCopyInto

func (in *AuthBackendRoleStatus) DeepCopyInto(out *AuthBackendRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackend

type SecretBackend struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.path) || has(self.initProvider.path)",message="path is a required parameter"
	Spec   SecretBackendSpec   `json:"spec"`
	Status SecretBackendStatus `json:"status,omitempty"`
}

SecretBackend is the Schema for the SecretBackends API. Creates a Kubernetes Secrets Engine in Vault. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*SecretBackend) DeepCopy

func (in *SecretBackend) DeepCopy() *SecretBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackend.

func (*SecretBackend) DeepCopyInto

func (in *SecretBackend) DeepCopyInto(out *SecretBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretBackend) DeepCopyObject

func (in *SecretBackend) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretBackend) GetCondition

func (mg *SecretBackend) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this SecretBackend.

func (*SecretBackend) GetConnectionDetailsMapping

func (tr *SecretBackend) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this SecretBackend

func (*SecretBackend) GetDeletionPolicy

func (mg *SecretBackend) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this SecretBackend.

func (*SecretBackend) GetID

func (tr *SecretBackend) GetID() string

GetID returns ID of underlying Terraform resource of this SecretBackend

func (*SecretBackend) GetInitParameters added in v0.2.0

func (tr *SecretBackend) GetInitParameters() (map[string]any, error)

GetInitParameters of this SecretBackend

func (*SecretBackend) GetManagementPolicies added in v0.2.0

func (mg *SecretBackend) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this SecretBackend.

func (*SecretBackend) GetObservation

func (tr *SecretBackend) GetObservation() (map[string]any, error)

GetObservation of this SecretBackend

func (*SecretBackend) GetParameters

func (tr *SecretBackend) GetParameters() (map[string]any, error)

GetParameters of this SecretBackend

func (*SecretBackend) GetProviderConfigReference

func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this SecretBackend.

func (*SecretBackend) GetProviderReference

func (mg *SecretBackend) GetProviderReference() *xpv1.Reference

GetProviderReference of this SecretBackend. Deprecated: Use GetProviderConfigReference.

func (*SecretBackend) GetPublishConnectionDetailsTo

func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this SecretBackend.

func (*SecretBackend) GetTerraformResourceType

func (mg *SecretBackend) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this SecretBackend

func (*SecretBackend) GetTerraformSchemaVersion

func (tr *SecretBackend) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*SecretBackend) GetWriteConnectionSecretToReference

func (mg *SecretBackend) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this SecretBackend.

func (*SecretBackend) LateInitialize

func (tr *SecretBackend) LateInitialize(attrs []byte) (bool, error)

LateInitialize this SecretBackend using its observed tfState. returns True if there are any spec changes for the resource.

func (*SecretBackend) SetConditions

func (mg *SecretBackend) SetConditions(c ...xpv1.Condition)

SetConditions of this SecretBackend.

func (*SecretBackend) SetDeletionPolicy

func (mg *SecretBackend) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this SecretBackend.

func (*SecretBackend) SetManagementPolicies added in v0.2.0

func (mg *SecretBackend) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this SecretBackend.

func (*SecretBackend) SetObservation

func (tr *SecretBackend) SetObservation(obs map[string]any) error

SetObservation for this SecretBackend

func (*SecretBackend) SetParameters

func (tr *SecretBackend) SetParameters(params map[string]any) error

SetParameters for this SecretBackend

func (*SecretBackend) SetProviderConfigReference

func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this SecretBackend.

func (*SecretBackend) SetProviderReference

func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this SecretBackend. Deprecated: Use SetProviderConfigReference.

func (*SecretBackend) SetPublishConnectionDetailsTo

func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this SecretBackend.

func (*SecretBackend) SetWriteConnectionSecretToReference

func (mg *SecretBackend) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this SecretBackend.

type SecretBackendInitParameters added in v0.2.0

type SecretBackendInitParameters struct {

	// List of managed key registry entry names that the mount in question is allowed to access
	AllowedManagedKeys []*string `json:"allowedManagedKeys,omitempty" tf:"allowed_managed_keys,omitempty"`

	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	AuditNonHMACRequestKeys []*string `json:"auditNonHmacRequestKeys,omitempty" tf:"audit_non_hmac_request_keys,omitempty"`

	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	AuditNonHMACResponseKeys []*string `json:"auditNonHmacResponseKeys,omitempty" tf:"audit_non_hmac_response_keys,omitempty"`

	// Default lease duration for tokens and secrets in seconds
	DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"`

	// Human-friendly description of the mount
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Disable defaulting to the local CA certificate and
	// service account JWT when Vault is running in a Kubernetes pod.
	// Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.
	DisableLocalCAJwt *bool `json:"disableLocalCaJwt,omitempty" tf:"disable_local_ca_jwt,omitempty"`

	// Enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess *bool `json:"externalEntropyAccess,omitempty" tf:"external_entropy_access,omitempty"`

	// A PEM-encoded CA certificate used by the
	// secrets engine to verify the Kubernetes API server certificate. Defaults to the local
	// pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
	// Vault is running.
	// A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate. Defaults to the local pod’s CA if found, or otherwise the host's root CA set.
	KubernetesCACert *string `json:"kubernetesCaCert,omitempty" tf:"kubernetes_ca_cert,omitempty"`

	// The Kubernetes API URL to connect to. Required if the
	// standard pod environment variables KUBERNETES_SERVICE_HOST or KUBERNETES_SERVICE_PORT
	// are not set on the host that Vault is running on.
	// The Kubernetes API URL to connect to.
	KubernetesHost *string `json:"kubernetesHost,omitempty" tf:"kubernetes_host,omitempty"`

	// Local mount flag that can be explicitly set to true to enforce local mount in HA environment
	Local *bool `json:"local,omitempty" tf:"local,omitempty"`

	// Maximum possible lease duration for tokens and secrets in seconds
	MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// Specifies mount type specific options that are passed to the backend
	Options map[string]*string `json:"options,omitempty" tf:"options,omitempty"`

	// Where the secret backend will be mounted
	Path *string `json:"path,omitempty" tf:"path,omitempty"`

	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap *bool `json:"sealWrap,omitempty" tf:"seal_wrap,omitempty"`
}

func (*SecretBackendInitParameters) DeepCopy added in v0.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendInitParameters.

func (*SecretBackendInitParameters) DeepCopyInto added in v0.2.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendList

type SecretBackendList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretBackend `json:"items"`
}

SecretBackendList contains a list of SecretBackends

func (*SecretBackendList) DeepCopy

func (in *SecretBackendList) DeepCopy() *SecretBackendList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendList.

func (*SecretBackendList) DeepCopyInto

func (in *SecretBackendList) DeepCopyInto(out *SecretBackendList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretBackendList) DeepCopyObject

func (in *SecretBackendList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretBackendList) GetItems

func (l *SecretBackendList) GetItems() []resource.Managed

GetItems of this SecretBackendList.

type SecretBackendObservation

type SecretBackendObservation struct {

	// Accessor of the mount
	Accessor *string `json:"accessor,omitempty" tf:"accessor,omitempty"`

	// List of managed key registry entry names that the mount in question is allowed to access
	AllowedManagedKeys []*string `json:"allowedManagedKeys,omitempty" tf:"allowed_managed_keys,omitempty"`

	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	AuditNonHMACRequestKeys []*string `json:"auditNonHmacRequestKeys,omitempty" tf:"audit_non_hmac_request_keys,omitempty"`

	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	AuditNonHMACResponseKeys []*string `json:"auditNonHmacResponseKeys,omitempty" tf:"audit_non_hmac_response_keys,omitempty"`

	// Default lease duration for tokens and secrets in seconds
	DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"`

	// Human-friendly description of the mount
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Disable defaulting to the local CA certificate and
	// service account JWT when Vault is running in a Kubernetes pod.
	// Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.
	DisableLocalCAJwt *bool `json:"disableLocalCaJwt,omitempty" tf:"disable_local_ca_jwt,omitempty"`

	// Enable the secrets engine to access Vault's external entropy source
	ExternalEntropyAccess *bool `json:"externalEntropyAccess,omitempty" tf:"external_entropy_access,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// A PEM-encoded CA certificate used by the
	// secrets engine to verify the Kubernetes API server certificate. Defaults to the local
	// pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
	// Vault is running.
	// A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate. Defaults to the local pod’s CA if found, or otherwise the host's root CA set.
	KubernetesCACert *string `json:"kubernetesCaCert,omitempty" tf:"kubernetes_ca_cert,omitempty"`

	// The Kubernetes API URL to connect to. Required if the
	// standard pod environment variables KUBERNETES_SERVICE_HOST or KUBERNETES_SERVICE_PORT
	// are not set on the host that Vault is running on.
	// The Kubernetes API URL to connect to.
	KubernetesHost *string `json:"kubernetesHost,omitempty" tf:"kubernetes_host,omitempty"`

	// Local mount flag that can be explicitly set to true to enforce local mount in HA environment
	Local *bool `json:"local,omitempty" tf:"local,omitempty"`

	// Maximum possible lease duration for tokens and secrets in seconds
	MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// Specifies mount type specific options that are passed to the backend
	Options map[string]*string `json:"options,omitempty" tf:"options,omitempty"`

	// Where the secret backend will be mounted
	Path *string `json:"path,omitempty" tf:"path,omitempty"`

	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	SealWrap *bool `json:"sealWrap,omitempty" tf:"seal_wrap,omitempty"`
}

func (*SecretBackendObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendObservation.

func (*SecretBackendObservation) DeepCopyInto

func (in *SecretBackendObservation) DeepCopyInto(out *SecretBackendObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendParameters

type SecretBackendParameters struct {

	// List of managed key registry entry names that the mount in question is allowed to access
	// +kubebuilder:validation:Optional
	AllowedManagedKeys []*string `json:"allowedManagedKeys,omitempty" tf:"allowed_managed_keys,omitempty"`

	// Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
	// +kubebuilder:validation:Optional
	AuditNonHMACRequestKeys []*string `json:"auditNonHmacRequestKeys,omitempty" tf:"audit_non_hmac_request_keys,omitempty"`

	// Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
	// +kubebuilder:validation:Optional
	AuditNonHMACResponseKeys []*string `json:"auditNonHmacResponseKeys,omitempty" tf:"audit_non_hmac_response_keys,omitempty"`

	// Default lease duration for tokens and secrets in seconds
	// +kubebuilder:validation:Optional
	DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"`

	// Human-friendly description of the mount
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Disable defaulting to the local CA certificate and
	// service account JWT when Vault is running in a Kubernetes pod.
	// Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.
	// +kubebuilder:validation:Optional
	DisableLocalCAJwt *bool `json:"disableLocalCaJwt,omitempty" tf:"disable_local_ca_jwt,omitempty"`

	// Enable the secrets engine to access Vault's external entropy source
	// +kubebuilder:validation:Optional
	ExternalEntropyAccess *bool `json:"externalEntropyAccess,omitempty" tf:"external_entropy_access,omitempty"`

	// A PEM-encoded CA certificate used by the
	// secrets engine to verify the Kubernetes API server certificate. Defaults to the local
	// pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where
	// Vault is running.
	// A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate. Defaults to the local pod’s CA if found, or otherwise the host's root CA set.
	// +kubebuilder:validation:Optional
	KubernetesCACert *string `json:"kubernetesCaCert,omitempty" tf:"kubernetes_ca_cert,omitempty"`

	// The Kubernetes API URL to connect to. Required if the
	// standard pod environment variables KUBERNETES_SERVICE_HOST or KUBERNETES_SERVICE_PORT
	// are not set on the host that Vault is running on.
	// The Kubernetes API URL to connect to.
	// +kubebuilder:validation:Optional
	KubernetesHost *string `json:"kubernetesHost,omitempty" tf:"kubernetes_host,omitempty"`

	// Local mount flag that can be explicitly set to true to enforce local mount in HA environment
	// +kubebuilder:validation:Optional
	Local *bool `json:"local,omitempty" tf:"local,omitempty"`

	// Maximum possible lease duration for tokens and secrets in seconds
	// +kubebuilder:validation:Optional
	MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// Specifies mount type specific options that are passed to the backend
	// +kubebuilder:validation:Optional
	Options map[string]*string `json:"options,omitempty" tf:"options,omitempty"`

	// Where the secret backend will be mounted
	// +kubebuilder:validation:Optional
	Path *string `json:"path,omitempty" tf:"path,omitempty"`

	// Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
	// +kubebuilder:validation:Optional
	SealWrap *bool `json:"sealWrap,omitempty" tf:"seal_wrap,omitempty"`

	// The JSON web token of the service account used by the
	// secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault
	// is running in Kubernetes.
	// The JSON web token of the service account used by the secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if found.
	// +kubebuilder:validation:Optional
	ServiceAccountJwtSecretRef *v1.SecretKeySelector `json:"serviceAccountJwtSecretRef,omitempty" tf:"-"`
}

func (*SecretBackendParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendParameters.

func (*SecretBackendParameters) DeepCopyInto

func (in *SecretBackendParameters) DeepCopyInto(out *SecretBackendParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRole

type SecretBackendRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.allowedKubernetesNamespaces) || has(self.initProvider.allowedKubernetesNamespaces)",message="allowedKubernetesNamespaces is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.backend) || has(self.initProvider.backend)",message="backend is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.name) || has(self.initProvider.name)",message="name is a required parameter"
	Spec   SecretBackendRoleSpec   `json:"spec"`
	Status SecretBackendRoleStatus `json:"status,omitempty"`
}

SecretBackendRole is the Schema for the SecretBackendRoles API. Creates a role for the Kubernetes Secrets Engine in Vault. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*SecretBackendRole) DeepCopy

func (in *SecretBackendRole) DeepCopy() *SecretBackendRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRole.

func (*SecretBackendRole) DeepCopyInto

func (in *SecretBackendRole) DeepCopyInto(out *SecretBackendRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretBackendRole) DeepCopyObject

func (in *SecretBackendRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretBackendRole) GetCondition

func (mg *SecretBackendRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this SecretBackendRole.

func (*SecretBackendRole) GetConnectionDetailsMapping

func (tr *SecretBackendRole) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this SecretBackendRole

func (*SecretBackendRole) GetDeletionPolicy

func (mg *SecretBackendRole) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this SecretBackendRole.

func (*SecretBackendRole) GetID

func (tr *SecretBackendRole) GetID() string

GetID returns ID of underlying Terraform resource of this SecretBackendRole

func (*SecretBackendRole) GetInitParameters added in v0.2.0

func (tr *SecretBackendRole) GetInitParameters() (map[string]any, error)

GetInitParameters of this SecretBackendRole

func (*SecretBackendRole) GetManagementPolicies added in v0.2.0

func (mg *SecretBackendRole) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this SecretBackendRole.

func (*SecretBackendRole) GetObservation

func (tr *SecretBackendRole) GetObservation() (map[string]any, error)

GetObservation of this SecretBackendRole

func (*SecretBackendRole) GetParameters

func (tr *SecretBackendRole) GetParameters() (map[string]any, error)

GetParameters of this SecretBackendRole

func (*SecretBackendRole) GetProviderConfigReference

func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this SecretBackendRole.

func (*SecretBackendRole) GetProviderReference

func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference

GetProviderReference of this SecretBackendRole. Deprecated: Use GetProviderConfigReference.

func (*SecretBackendRole) GetPublishConnectionDetailsTo

func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this SecretBackendRole.

func (*SecretBackendRole) GetTerraformResourceType

func (mg *SecretBackendRole) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this SecretBackendRole

func (*SecretBackendRole) GetTerraformSchemaVersion

func (tr *SecretBackendRole) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*SecretBackendRole) GetWriteConnectionSecretToReference

func (mg *SecretBackendRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this SecretBackendRole.

func (*SecretBackendRole) LateInitialize

func (tr *SecretBackendRole) LateInitialize(attrs []byte) (bool, error)

LateInitialize this SecretBackendRole using its observed tfState. returns True if there are any spec changes for the resource.

func (*SecretBackendRole) SetConditions

func (mg *SecretBackendRole) SetConditions(c ...xpv1.Condition)

SetConditions of this SecretBackendRole.

func (*SecretBackendRole) SetDeletionPolicy

func (mg *SecretBackendRole) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this SecretBackendRole.

func (*SecretBackendRole) SetManagementPolicies added in v0.2.0

func (mg *SecretBackendRole) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this SecretBackendRole.

func (*SecretBackendRole) SetObservation

func (tr *SecretBackendRole) SetObservation(obs map[string]any) error

SetObservation for this SecretBackendRole

func (*SecretBackendRole) SetParameters

func (tr *SecretBackendRole) SetParameters(params map[string]any) error

SetParameters for this SecretBackendRole

func (*SecretBackendRole) SetProviderConfigReference

func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this SecretBackendRole.

func (*SecretBackendRole) SetProviderReference

func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this SecretBackendRole. Deprecated: Use SetProviderConfigReference.

func (*SecretBackendRole) SetPublishConnectionDetailsTo

func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this SecretBackendRole.

func (*SecretBackendRole) SetWriteConnectionSecretToReference

func (mg *SecretBackendRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this SecretBackendRole.

type SecretBackendRoleInitParameters added in v0.2.0

type SecretBackendRoleInitParameters struct {

	// The list of Kubernetes namespaces this role
	// can generate credentials for. If set to * all namespaces are allowed.
	// The list of Kubernetes namespaces this role can generate credentials for. If set to '*' all namespaces are allowed.
	AllowedKubernetesNamespaces []*string `json:"allowedKubernetesNamespaces,omitempty" tf:"allowed_kubernetes_namespaces,omitempty"`

	// The path of the Kubernetes Secrets Engine backend mount to create
	// the role in.
	// The mount path for the Kubernetes secrets engine.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Additional annotations to apply to all generated
	// Kubernetes objects.
	// Additional annotations to apply to all generated Kubernetes objects.
	ExtraAnnotations map[string]*string `json:"extraAnnotations,omitempty" tf:"extra_annotations,omitempty"`

	// Additional labels to apply to all generated Kubernetes
	// objects.
	// Additional labels to apply to all generated Kubernetes objects.
	ExtraLabels map[string]*string `json:"extraLabels,omitempty" tf:"extra_labels,omitempty"`

	// The Role or ClusterRole rules to use when generating
	// a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with service_account_name
	// and kubernetes_role_name. If set, the entire chain of Kubernetes objects will be generated
	// when credentials are requested.
	// The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. If set, the entire chain of Kubernetes objects will be generated when credentials are requested.
	GeneratedRoleRules *string `json:"generatedRoleRules,omitempty" tf:"generated_role_rules,omitempty"`

	// The pre-existing Role or ClusterRole to bind a
	// generated service account to. Mutually exclusive with service_account_name and
	// generated_role_rules. If set, Kubernetes token, service account, and role
	// binding objects will be created when credentials are requested.
	// The pre-existing Role or ClusterRole to bind a generated service account to. Mutually exclusive with 'service_account_name' and 'generated_role_rules'. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested.
	KubernetesRoleName *string `json:"kubernetesRoleName,omitempty" tf:"kubernetes_role_name,omitempty"`

	// Specifies whether the Kubernetes role is a Role or
	// ClusterRole.
	// Specifies whether the Kubernetes role is a Role or ClusterRole.
	KubernetesRoleType *string `json:"kubernetesRoleType,omitempty" tf:"kubernetes_role_type,omitempty"`

	// The name of the role.
	// The name of the role.
	Name *string `json:"name,omitempty" tf:"name,omitempty"`

	// The name template to use when generating service accounts,
	// roles and role bindings. If unset, a default template is used.
	// The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used.
	NameTemplate *string `json:"nameTemplate,omitempty" tf:"name_template,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The pre-existing service account to generate tokens for.
	// Mutually exclusive with kubernetes_role_name and generated_role_rules. If set, only a
	// Kubernetes token will be created when credentials are requested.
	// The pre-existing service account to generate tokens for. Mutually exclusive with 'kubernetes_role_name' and 'generated_role_rules'. If set, only a Kubernetes token will be created when credentials are requested.
	ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"`

	// The default TTL for generated Kubernetes tokens in seconds.
	// The default TTL for generated Kubernetes tokens in seconds.
	TokenDefaultTTL *float64 `json:"tokenDefaultTtl,omitempty" tf:"token_default_ttl,omitempty"`

	// The maximum TTL for generated Kubernetes tokens in seconds.
	// The maximum TTL for generated Kubernetes tokens in seconds.
	TokenMaxTTL *float64 `json:"tokenMaxTtl,omitempty" tf:"token_max_ttl,omitempty"`
}

func (*SecretBackendRoleInitParameters) DeepCopy added in v0.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleInitParameters.

func (*SecretBackendRoleInitParameters) DeepCopyInto added in v0.2.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRoleList

type SecretBackendRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretBackendRole `json:"items"`
}

SecretBackendRoleList contains a list of SecretBackendRoles

func (*SecretBackendRoleList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleList.

func (*SecretBackendRoleList) DeepCopyInto

func (in *SecretBackendRoleList) DeepCopyInto(out *SecretBackendRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretBackendRoleList) DeepCopyObject

func (in *SecretBackendRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretBackendRoleList) GetItems

func (l *SecretBackendRoleList) GetItems() []resource.Managed

GetItems of this SecretBackendRoleList.

type SecretBackendRoleObservation

type SecretBackendRoleObservation struct {

	// The list of Kubernetes namespaces this role
	// can generate credentials for. If set to * all namespaces are allowed.
	// The list of Kubernetes namespaces this role can generate credentials for. If set to '*' all namespaces are allowed.
	AllowedKubernetesNamespaces []*string `json:"allowedKubernetesNamespaces,omitempty" tf:"allowed_kubernetes_namespaces,omitempty"`

	// The path of the Kubernetes Secrets Engine backend mount to create
	// the role in.
	// The mount path for the Kubernetes secrets engine.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Additional annotations to apply to all generated
	// Kubernetes objects.
	// Additional annotations to apply to all generated Kubernetes objects.
	ExtraAnnotations map[string]*string `json:"extraAnnotations,omitempty" tf:"extra_annotations,omitempty"`

	// Additional labels to apply to all generated Kubernetes
	// objects.
	// Additional labels to apply to all generated Kubernetes objects.
	ExtraLabels map[string]*string `json:"extraLabels,omitempty" tf:"extra_labels,omitempty"`

	// The Role or ClusterRole rules to use when generating
	// a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with service_account_name
	// and kubernetes_role_name. If set, the entire chain of Kubernetes objects will be generated
	// when credentials are requested.
	// The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. If set, the entire chain of Kubernetes objects will be generated when credentials are requested.
	GeneratedRoleRules *string `json:"generatedRoleRules,omitempty" tf:"generated_role_rules,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// The pre-existing Role or ClusterRole to bind a
	// generated service account to. Mutually exclusive with service_account_name and
	// generated_role_rules. If set, Kubernetes token, service account, and role
	// binding objects will be created when credentials are requested.
	// The pre-existing Role or ClusterRole to bind a generated service account to. Mutually exclusive with 'service_account_name' and 'generated_role_rules'. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested.
	KubernetesRoleName *string `json:"kubernetesRoleName,omitempty" tf:"kubernetes_role_name,omitempty"`

	// Specifies whether the Kubernetes role is a Role or
	// ClusterRole.
	// Specifies whether the Kubernetes role is a Role or ClusterRole.
	KubernetesRoleType *string `json:"kubernetesRoleType,omitempty" tf:"kubernetes_role_type,omitempty"`

	// The name of the role.
	// The name of the role.
	Name *string `json:"name,omitempty" tf:"name,omitempty"`

	// The name template to use when generating service accounts,
	// roles and role bindings. If unset, a default template is used.
	// The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used.
	NameTemplate *string `json:"nameTemplate,omitempty" tf:"name_template,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The pre-existing service account to generate tokens for.
	// Mutually exclusive with kubernetes_role_name and generated_role_rules. If set, only a
	// Kubernetes token will be created when credentials are requested.
	// The pre-existing service account to generate tokens for. Mutually exclusive with 'kubernetes_role_name' and 'generated_role_rules'. If set, only a Kubernetes token will be created when credentials are requested.
	ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"`

	// The default TTL for generated Kubernetes tokens in seconds.
	// The default TTL for generated Kubernetes tokens in seconds.
	TokenDefaultTTL *float64 `json:"tokenDefaultTtl,omitempty" tf:"token_default_ttl,omitempty"`

	// The maximum TTL for generated Kubernetes tokens in seconds.
	// The maximum TTL for generated Kubernetes tokens in seconds.
	TokenMaxTTL *float64 `json:"tokenMaxTtl,omitempty" tf:"token_max_ttl,omitempty"`
}

func (*SecretBackendRoleObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleObservation.

func (*SecretBackendRoleObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRoleParameters

type SecretBackendRoleParameters struct {

	// The list of Kubernetes namespaces this role
	// can generate credentials for. If set to * all namespaces are allowed.
	// The list of Kubernetes namespaces this role can generate credentials for. If set to '*' all namespaces are allowed.
	// +kubebuilder:validation:Optional
	AllowedKubernetesNamespaces []*string `json:"allowedKubernetesNamespaces,omitempty" tf:"allowed_kubernetes_namespaces,omitempty"`

	// The path of the Kubernetes Secrets Engine backend mount to create
	// the role in.
	// The mount path for the Kubernetes secrets engine.
	// +kubebuilder:validation:Optional
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Additional annotations to apply to all generated
	// Kubernetes objects.
	// Additional annotations to apply to all generated Kubernetes objects.
	// +kubebuilder:validation:Optional
	ExtraAnnotations map[string]*string `json:"extraAnnotations,omitempty" tf:"extra_annotations,omitempty"`

	// Additional labels to apply to all generated Kubernetes
	// objects.
	// Additional labels to apply to all generated Kubernetes objects.
	// +kubebuilder:validation:Optional
	ExtraLabels map[string]*string `json:"extraLabels,omitempty" tf:"extra_labels,omitempty"`

	// The Role or ClusterRole rules to use when generating
	// a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with service_account_name
	// and kubernetes_role_name. If set, the entire chain of Kubernetes objects will be generated
	// when credentials are requested.
	// The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. If set, the entire chain of Kubernetes objects will be generated when credentials are requested.
	// +kubebuilder:validation:Optional
	GeneratedRoleRules *string `json:"generatedRoleRules,omitempty" tf:"generated_role_rules,omitempty"`

	// The pre-existing Role or ClusterRole to bind a
	// generated service account to. Mutually exclusive with service_account_name and
	// generated_role_rules. If set, Kubernetes token, service account, and role
	// binding objects will be created when credentials are requested.
	// The pre-existing Role or ClusterRole to bind a generated service account to. Mutually exclusive with 'service_account_name' and 'generated_role_rules'. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested.
	// +kubebuilder:validation:Optional
	KubernetesRoleName *string `json:"kubernetesRoleName,omitempty" tf:"kubernetes_role_name,omitempty"`

	// Specifies whether the Kubernetes role is a Role or
	// ClusterRole.
	// Specifies whether the Kubernetes role is a Role or ClusterRole.
	// +kubebuilder:validation:Optional
	KubernetesRoleType *string `json:"kubernetesRoleType,omitempty" tf:"kubernetes_role_type,omitempty"`

	// The name of the role.
	// The name of the role.
	// +kubebuilder:validation:Optional
	Name *string `json:"name,omitempty" tf:"name,omitempty"`

	// The name template to use when generating service accounts,
	// roles and role bindings. If unset, a default template is used.
	// The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used.
	// +kubebuilder:validation:Optional
	NameTemplate *string `json:"nameTemplate,omitempty" tf:"name_template,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The pre-existing service account to generate tokens for.
	// Mutually exclusive with kubernetes_role_name and generated_role_rules. If set, only a
	// Kubernetes token will be created when credentials are requested.
	// The pre-existing service account to generate tokens for. Mutually exclusive with 'kubernetes_role_name' and 'generated_role_rules'. If set, only a Kubernetes token will be created when credentials are requested.
	// +kubebuilder:validation:Optional
	ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"`

	// The default TTL for generated Kubernetes tokens in seconds.
	// The default TTL for generated Kubernetes tokens in seconds.
	// +kubebuilder:validation:Optional
	TokenDefaultTTL *float64 `json:"tokenDefaultTtl,omitempty" tf:"token_default_ttl,omitempty"`

	// The maximum TTL for generated Kubernetes tokens in seconds.
	// The maximum TTL for generated Kubernetes tokens in seconds.
	// +kubebuilder:validation:Optional
	TokenMaxTTL *float64 `json:"tokenMaxTtl,omitempty" tf:"token_max_ttl,omitempty"`
}

func (*SecretBackendRoleParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleParameters.

func (*SecretBackendRoleParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRoleSpec

type SecretBackendRoleSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     SecretBackendRoleParameters `json:"forProvider"`
	// THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
	// unless the relevant Crossplane feature flag is enabled, and may be
	// changed or removed without notice.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider SecretBackendRoleInitParameters `json:"initProvider,omitempty"`
}

SecretBackendRoleSpec defines the desired state of SecretBackendRole

func (*SecretBackendRoleSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleSpec.

func (*SecretBackendRoleSpec) DeepCopyInto

func (in *SecretBackendRoleSpec) DeepCopyInto(out *SecretBackendRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendRoleStatus

type SecretBackendRoleStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        SecretBackendRoleObservation `json:"atProvider,omitempty"`
}

SecretBackendRoleStatus defines the observed state of SecretBackendRole.

func (*SecretBackendRoleStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendRoleStatus.

func (*SecretBackendRoleStatus) DeepCopyInto

func (in *SecretBackendRoleStatus) DeepCopyInto(out *SecretBackendRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendSpec

type SecretBackendSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     SecretBackendParameters `json:"forProvider"`
	// THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
	// unless the relevant Crossplane feature flag is enabled, and may be
	// changed or removed without notice.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider SecretBackendInitParameters `json:"initProvider,omitempty"`
}

SecretBackendSpec defines the desired state of SecretBackend

func (*SecretBackendSpec) DeepCopy

func (in *SecretBackendSpec) DeepCopy() *SecretBackendSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendSpec.

func (*SecretBackendSpec) DeepCopyInto

func (in *SecretBackendSpec) DeepCopyInto(out *SecretBackendSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendStatus

type SecretBackendStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        SecretBackendObservation `json:"atProvider,omitempty"`
}

SecretBackendStatus defines the observed state of SecretBackend.

func (*SecretBackendStatus) DeepCopy

func (in *SecretBackendStatus) DeepCopy() *SecretBackendStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendStatus.

func (*SecretBackendStatus) DeepCopyInto

func (in *SecretBackendStatus) DeepCopyInto(out *SecretBackendStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL