v1alpha1

package
v1.1.125 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 31, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the vault v1alpha1 API group +kubebuilder:object:generate=true +groupName=heist.youniqx.com

Index

Constants

This section is empty.

Variables

View Source
var (
	// SchemeGroupVersion is used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: "heist.youniqx.com", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var Conditions = &ConditionsWrapper{
	Reasons: &ConditionReason{
		Provisioned:     "provisioned",
		Terminating:     "terminating",
		ErrorVault:      "vault_error",
		Initializing:    "initializing",
		ErrorConfig:     "config_error",
		ErrorKubernetes: "kubernetes_error",
	},
	Types: &ConditionType{
		Provisioned: "Provisioned",
		Active:      "Active",
	},
}

Functions

func Component

func Component() operator.Component

Types

type ConditionReason

type ConditionReason struct {
	Provisioned     string
	Terminating     string
	ErrorVault      string
	Initializing    string
	ErrorConfig     string
	ErrorKubernetes string
}

func (*ConditionReason) DeepCopy

func (in *ConditionReason) DeepCopy() *ConditionReason

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionReason.

func (*ConditionReason) DeepCopyInto

func (in *ConditionReason) DeepCopyInto(out *ConditionReason)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConditionType

type ConditionType struct {
	Provisioned string
	Active      string
}

func (*ConditionType) DeepCopy

func (in *ConditionType) DeepCopy() *ConditionType

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionType.

func (*ConditionType) DeepCopyInto

func (in *ConditionType) DeepCopyInto(out *ConditionType)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConditionsWrapper

type ConditionsWrapper struct {
	Reasons *ConditionReason
	Types   *ConditionType
}

func (*ConditionsWrapper) DeepCopy

func (in *ConditionsWrapper) DeepCopy() *ConditionsWrapper

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsWrapper.

func (*ConditionsWrapper) DeepCopyInto

func (in *ConditionsWrapper) DeepCopyInto(out *ConditionsWrapper)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EncryptedValue

type EncryptedValue string

EncryptedValue represents a value that has been encrypted by Heists managed Transit Engine. +optional +kubebuilder:validation:Optional +kubebuilder:validation:Pattern:=`^vault:([a-z0-9]+):(.+)$`

type VaultBinding

type VaultBinding struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultBindingSpec   `json:"spec,omitempty"`
	Status VaultBindingStatus `json:"status,omitempty"`
}

VaultBinding is the Schema for the VaultBindings API.

func (*VaultBinding) DeepCopy

func (in *VaultBinding) DeepCopy() *VaultBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBinding.

func (*VaultBinding) DeepCopyInto

func (in *VaultBinding) DeepCopyInto(out *VaultBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultBinding) DeepCopyObject

func (in *VaultBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultBinding) SetupWebhookWithManager

func (r *VaultBinding) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultBinding) ValidateCreate

func (r *VaultBinding) ValidateCreate() (warnings admission.Warnings, err error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*VaultBinding) ValidateDelete

func (r *VaultBinding) ValidateDelete() (warnings admission.Warnings, err error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*VaultBinding) ValidateUpdate

func (r *VaultBinding) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type VaultBindingAgentConfig

type VaultBindingAgentConfig struct {
	// CertificateTemplates is a list of certificate templates to be used when issuing
	// certificates in the agent.
	// +optional
	// +kubebuilder:validation:Optional
	CertificateTemplates []VaultCertificateTemplate `json:"certificateTemplates,omitempty"`

	// Templates is a list of files to be populated in relevant pods by the
	// Heist agent.
	// +optional
	// +kubebuilder:validation:Optional
	Templates []VaultBindingValueTemplate `json:"templates,omitempty"`
}

func (*VaultBindingAgentConfig) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingAgentConfig.

func (*VaultBindingAgentConfig) DeepCopyInto

func (in *VaultBindingAgentConfig) DeepCopyInto(out *VaultBindingAgentConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultBindingCertificate

type VaultBindingCertificate struct {
	// Name is the name of the VaultCertificateRole.
	// +required
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Capabilities is a list of Vault capabilities for which access is granted.
	// If not otherwise set then the "issue" capability will be granted by
	// default.
	// +optional
	// +kubebuilder:validation:Optional
	Capabilities []VaultBindingCertificateCapability `json:"capabilities,omitempty"`
}

func (*VaultBindingCertificate) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingCertificate.

func (*VaultBindingCertificate) DeepCopyInto

func (in *VaultBindingCertificate) DeepCopyInto(out *VaultBindingCertificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultBindingCertificateAuthority

type VaultBindingCertificateAuthority struct {
	// Name is the name of the VaultCertificateAuthority Kubernetes object. It
	// is expected to be in the same namespace as the binding.
	// +required
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`

	// Capabilities is a list of Vault capabilities for which access is granted.
	// If not otherwise set then the "read_public" capability will be granted
	// by default.
	// +optional
	// +kubebuilder:validation:Optional
	Capabilities []VaultBindingCertificateAuthorityCapability `json:"capabilities,omitempty"`
}

func (*VaultBindingCertificateAuthority) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingCertificateAuthority.

func (*VaultBindingCertificateAuthority) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultBindingCertificateAuthorityCapability

type VaultBindingCertificateAuthorityCapability string

VaultBindingCertificateAuthorityCapability represents Vault capabilities for VaultCertificateAuthority objects which can be granted to a subject. The "read_public" capability is granted by default +kubebuilder:validation:Enum:=read_public;read_private

const (
	VaultBindingCertificateAuthorityCapabilityReadPublic  VaultBindingCertificateAuthorityCapability = "read_public"
	VaultBindingCertificateAuthorityCapabilityReadPrivate VaultBindingCertificateAuthorityCapability = "read_private"
)

type VaultBindingCertificateCapability

type VaultBindingCertificateCapability string

VaultBindingCertificateCapability represents capabilities for VaultCertificateRole objects which can be granted to a subject. The "issue" capability is granted by default +kubebuilder:validation:Enum:=issue;sign_csr;sign_verbatim

const (
	// VaultBindingCertificateCapabilityIssue allows the bound ServiceAccount to
	// issue a new certificate based on the provided configuration. This
	// capability is the minimum requirement when issuing a certificate with a
	// VaultBinding. If no Capability is configured, the
	// VaultBindingCertificateCapabilityIssue will be added automatically.
	VaultBindingCertificateCapabilityIssue VaultBindingCertificateCapability = "issue"
	// VaultBindingCertificateCapabilitySignCSR allows the bound ServiceAccount
	// to be able to sign user provided CSRs, using the fields as configured in
	// the VaultCertificateAuthority.
	VaultBindingCertificateCapabilitySignCSR VaultBindingCertificateCapability = "sign_csr"
	// VaultBindingCertificateCapabilitySignVerbatim allows the bound
	// ServiceAccount to be able to sign user provided CSRs, using the
	// fields provided by the CSRs. Generally speaking it is safer to use the
	// capability VaultBindingCertificateCapabilitySignCSR, since it performs
	// validation before issuing the certificate.
	VaultBindingCertificateCapabilitySignVerbatim VaultBindingCertificateCapability = "sign_verbatim"
)

type VaultBindingHeistCapability

type VaultBindingHeistCapability string

VaultBindingHeistCapability represents general capabilities which can be granted to a subject. +kubebuilder:validation:Enum:=encrypt

const (
	// VaultBindingHeistCapabilityEncrypt allows the service account to use the
	// default managed transit engine `managed.encrypt` to encrypt values.
	VaultBindingHeistCapabilityEncrypt VaultBindingHeistCapability = "encrypt"
)

type VaultBindingKV

type VaultBindingKV struct {
	// Name is the name of the VaultKVSecret.
	// +required
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`

	// Capabilities is a list of granted capabilities for the specified KV
	// secret in Vault.
	// If not otherwise set then the "read" capability is granted by default
	// https://www.vaultproject.io/docs/concepts/policies#capabilities, however,
	// currently Heist only supports "read".
	// +optional
	// +kubebuilder:validation:Optional
	Capabilities []VaultBindingKVCapability `json:"capabilities,omitempty"`
}

func (*VaultBindingKV) DeepCopy

func (in *VaultBindingKV) DeepCopy() *VaultBindingKV

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingKV.

func (*VaultBindingKV) DeepCopyInto

func (in *VaultBindingKV) DeepCopyInto(out *VaultBindingKV)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultBindingKVCapability

type VaultBindingKVCapability string

VaultBindingKVCapability represents capabilities for VaultKVSecret objects which can be granted to a subject. The "read" capability is granted by default. +kubebuilder:validation:Enum:=read

const (
	VaultBindingKVCapabilityRead VaultBindingKVCapability = "read"
)

type VaultBindingList

type VaultBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultBinding `json:"items"`
}

VaultBindingList contains a list of VaultBinding.

func (*VaultBindingList) DeepCopy

func (in *VaultBindingList) DeepCopy() *VaultBindingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingList.

func (*VaultBindingList) DeepCopyInto

func (in *VaultBindingList) DeepCopyInto(out *VaultBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultBindingList) DeepCopyObject

func (in *VaultBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultBindingSpec

type VaultBindingSpec struct {
	// Subject configures the service account to which access is granted.
	// +required
	// +kubebuilder:validation:Required
	Subject VaultBindingSubject `json:"subject,omitempty"`

	// Capabilities configures general Vault capabilities for which access is
	// granted.
	// +optional
	// +kubebuilder:validation:Optional
	Capabilities []VaultBindingHeistCapability `json:"capabilities,omitempty"`

	// KVSecrets is a list of kv secrets to which access is granted.
	// +optional
	// +kubebuilder:validation:Optional
	KVSecrets []VaultBindingKV `json:"kvSecrets,omitempty"`

	// CertificateAuthorities is a list of certificate authorities to which
	// access is granted.
	// +optional
	// +kubebuilder:validation:Optional
	CertificateAuthorities []VaultBindingCertificateAuthority `json:"certificateAuthorities,omitempty"`

	// CertificateRoles is a list of certificate roles for which access
	// is granted.
	// +optional
	// +kubebuilder:validation:Optional
	CertificateRoles []VaultBindingCertificate `json:"certificateRoles,omitempty"`

	// TransitKeys is a list of transit keys and capabilities for which access
	// is granted.
	// +optional
	// +kubebuilder:validation:Optional
	TransitKeys []VaultBindingTransitKey `json:"transitKeys,omitempty"`

	// Agent can be used to configure the Heist agent sidecar.
	// +optional
	// +kubebuilder:validation:Optional
	Agent VaultBindingAgentConfig `json:"agent,omitempty"`
}

func (*VaultBindingSpec) DeepCopy

func (in *VaultBindingSpec) DeepCopy() *VaultBindingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingSpec.

func (*VaultBindingSpec) DeepCopyInto

func (in *VaultBindingSpec) DeepCopyInto(out *VaultBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultBindingStatus

type VaultBindingStatus struct {
	Conditions  []metav1.Condition `json:"conditions"`
	AppliedSpec VaultBindingSpec   `json:"appliedSpec,omitempty"`
}

VaultBindingStatus defines the observed state of VaultBinding.

func (*VaultBindingStatus) DeepCopy

func (in *VaultBindingStatus) DeepCopy() *VaultBindingStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingStatus.

func (*VaultBindingStatus) DeepCopyInto

func (in *VaultBindingStatus) DeepCopyInto(out *VaultBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultBindingSubject

type VaultBindingSubject struct {
	// Name is the name of the service account you want to grant access to the
	// referenced secrets.
	// +required
	// +kubebuilder:validation:Required
	Name string `json:"name"`
}

VaultBindingSubject defines the desired service account for the VaultBinding.

func (*VaultBindingSubject) DeepCopy

func (in *VaultBindingSubject) DeepCopy() *VaultBindingSubject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingSubject.

func (*VaultBindingSubject) DeepCopyInto

func (in *VaultBindingSubject) DeepCopyInto(out *VaultBindingSubject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultBindingTransitKey

type VaultBindingTransitKey struct {
	// Name is the name of the VaultTransitKey.
	// +required
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Capabilities is a list of Vault capabilities for which access is granted.
	// +optional
	// +kubebuilder:validation:Optional
	Capabilities []VaultBindingTransitKeyCapability `json:"capabilities,omitempty"`
}

func (*VaultBindingTransitKey) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingTransitKey.

func (*VaultBindingTransitKey) DeepCopyInto

func (in *VaultBindingTransitKey) DeepCopyInto(out *VaultBindingTransitKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultBindingTransitKeyCapability

type VaultBindingTransitKeyCapability string

VaultBindingTransitKeyCapability represents capabilities for VaultTransitKey objects which can be granted to a subject. +kubebuilder:validation:Enum:=encrypt;decrypt;datakey;rewrap;sign;hmac;verify;read

const (
	// VaultBindingTransitKeyCapabilityEncrypt allows the service account to use
	// the transit engine to encrypt data.
	VaultBindingTransitKeyCapabilityEncrypt VaultBindingTransitKeyCapability = "encrypt"
	// VaultBindingTransitKeyCapabilityDecrypt allows the service account to use
	// the transit engine to decrypt data.
	VaultBindingTransitKeyCapabilityDecrypt VaultBindingTransitKeyCapability = "decrypt"
	// VaultBindingTransitKeyCapabilityDatakey allows the service account to use
	// the transit engine to use a datakey that can be used for offline de- and
	// encryption. The datakey is NOT the transit key used when encrypting or
	// decrypting values with the API. Vault provides an example
	// [Use Case](https://learn.hashicorp.com/tutorials/vault/eaas-transit#generate-data-key)
	// with a tutorial on how to use datakeys.
	VaultBindingTransitKeyCapabilityDatakey VaultBindingTransitKeyCapability = "datakey"
	// VaultBindingTransitKeyCapabilityRewrap allows the service account to use
	// the transit engine to rewrap an already encrypted secret with the latest
	// version of the encryption key.
	VaultBindingTransitKeyCapabilityRewrap VaultBindingTransitKeyCapability = "rewrap"
	// VaultBindingTransitKeyCapabilitySign allows the service account to use
	// the transit engine to sign data.
	VaultBindingTransitKeyCapabilitySign VaultBindingTransitKeyCapability = "sign"
	// VaultBindingTransitKeyCapabilityHmac allows the service account to use
	// the transit engine to generate a digest of the provided data and key.
	VaultBindingTransitKeyCapabilityHmac VaultBindingTransitKeyCapability = "hmac"
	// VaultBindingTransitKeyCapabilityVerify allows the service account to use
	// the transit engine to verify signed data.
	VaultBindingTransitKeyCapabilityVerify VaultBindingTransitKeyCapability = "verify"
	// VaultBindingTransitKeyCapabilityRead allows the service account to use
	// the transit engine to retrieve information about the transit key. The
	// transit key itself is not exposed via the API.
	VaultBindingTransitKeyCapabilityRead VaultBindingTransitKeyCapability = "read"
)

type VaultBindingValueTemplate

type VaultBindingValueTemplate struct {
	// Path is the desired output path for this value. Relative paths are
	// interpreted to be relative to the default Heist secret directory
	// /heist/secrets. The path must be in a shared directory, where the Heist
	// Agent and application container have access.
	// +required
	// +kubebuilder:validation:Required
	Path string `json:"path,omitempty"`

	// Mode is the desired file mode of the output file. 0640 is the default.
	// The agent is the owner of the file, owner permissions will always be
	// read + write and cannot be modified this way. Must be specified as octal.
	// +optional
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`^[0][0-7]{3}$`
	Mode string `json:"mode,omitempty"`

	// Template is the template for this value.
	// The template supports [sprig](https://masterminds.github.io/sprig/)
	// template functions and can access all bound secrets and associated
	// capabilities with additional template functions:
	//   - `kvSecret "<name>" "<field>"`: retrieves the value of field "<field>"
	//     from a KV secret with name "<name>".
	//   - `caField "<name>" "<field>"`: retrieves the value of field "<field>"
	//     from CA "<name>". Supported values for "<field>" are defined in
	//     VaultCertificateFieldType.
	//   - `certField "<name>" "<field>"`: retrieves the value of field "<field>"
	//     from certificate template "<name>". Supported values for "<field>"
	//     are defined in VaultCertificateFieldType.
	// +required
	// +kubebuilder:validation:Required
	Template string `json:"template,omitempty"`
}

func (*VaultBindingValueTemplate) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingValueTemplate.

func (*VaultBindingValueTemplate) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateAuthority

type VaultCertificateAuthority struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultCertificateAuthoritySpec   `json:"spec,omitempty"`
	Status VaultCertificateAuthorityStatus `json:"status,omitempty"`
}

VaultCertificateAuthority is the Schema for the VaultCertificateAuthorities API.

func (*VaultCertificateAuthority) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthority.

func (*VaultCertificateAuthority) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultCertificateAuthority) DeepCopyObject

func (in *VaultCertificateAuthority) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultCertificateAuthority) GetMountPath

func (in *VaultCertificateAuthority) GetMountPath() (string, error)

func (*VaultCertificateAuthority) SetupWebhookWithManager

func (in *VaultCertificateAuthority) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultCertificateAuthority) ValidateCreate

func (in *VaultCertificateAuthority) ValidateCreate() (warnings admission.Warnings, err error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*VaultCertificateAuthority) ValidateDelete

func (in *VaultCertificateAuthority) ValidateDelete() (warnings admission.Warnings, err error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*VaultCertificateAuthority) ValidateUpdate

func (in *VaultCertificateAuthority) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type VaultCertificateAuthorityImport

type VaultCertificateAuthorityImport struct {
	// Certificate contains the certificate matching the private key that should
	// be imported. Can be either encrypted, or plain text.
	Certificate string `json:"certificate,omitempty"`

	// PrivateKey is the private key that should be imported. The private key
	// must be encrypted with the default Heist transit engine to ensure no
	// secrets are stored in plaintext as a Kubernetes object.
	PrivateKey string `json:"privateKey,omitempty"`
}

func (*VaultCertificateAuthorityImport) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityImport.

func (*VaultCertificateAuthorityImport) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateAuthorityKVSecretRef

type VaultCertificateAuthorityKVSecretRef struct {
	EnginePath        string `json:"enginePath,omitempty"`
	PublicSecretPath  string `json:"publicSecret,omitempty"`
	PrivateSecretPath string `json:"privateSecret,omitempty"`
}

func (*VaultCertificateAuthorityKVSecretRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityKVSecretRef.

func (*VaultCertificateAuthorityKVSecretRef) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateAuthorityList

type VaultCertificateAuthorityList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultCertificateAuthority `json:"items,omitempty"`
}

VaultCertificateAuthorityList contains a list of VaultCertificateAuthority.

func (*VaultCertificateAuthorityList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityList.

func (*VaultCertificateAuthorityList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultCertificateAuthorityList) DeepCopyObject

func (in *VaultCertificateAuthorityList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultCertificateAuthorityRef

type VaultCertificateAuthorityRef struct {
	Name         string                                       `json:"name,omitempty"`
	EnginePath   string                                       `json:"enginePath,omitempty"`
	KVSecrets    VaultCertificateAuthorityKVSecretRef         `json:"kvSecrets,omitempty"`
	Capabilities []VaultBindingCertificateAuthorityCapability `json:"capabilities,omitempty"`
}

func (*VaultCertificateAuthorityRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityRef.

func (*VaultCertificateAuthorityRef) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateAuthoritySettings

type VaultCertificateAuthoritySettings struct {
	// SubjectAlternativeNames sets subject alternative names extensions for
	// the certificate.
	// +optional
	SubjectAlternativeNames []string `json:"subjectAlternativeNames,omitempty"`

	// IPSans sets the IP subject alternative names extension for the
	// certificate.
	// +optional
	IPSans []string `json:"ipSans,omitempty"`

	// URISans sets URI subject alternative names extension for the
	// certificate.
	// +optional
	URISans []string `json:"uriSans,omitempty"`

	// OtherSans sets subject alternative names extension that do not fall into
	// the other categories for the certificate.
	// +optional
	OtherSans []string `json:"otherSans,omitempty"`

	// TTL sets the validity period of the CA certificate.
	// +required
	// +kubebuilder:validation:Required
	TTL metav1.Duration `json:"ttl,omitempty"`

	// KeyType sets the key algorithm of the CA certificate. Can be either rsa
	// or ec.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:=rsa;ec
	// +kubebuilder:default:=rsa
	KeyType pki.KeyType `json:"keyType"`

	// KeyBits sets the size of the key of the certificate authority. The
	// KeyBits value provided must be a valid value for the configured KeyType.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:=224;256;384;521;2048;3072;4096
	// +kubebuilder:default:=2048
	KeyBits pki.KeyBits `json:"keyBits"`

	// ExcludeCNFromSans configures if the common name set in the subject should
	// be excluded from the subject alternative names extension.
	// +optional
	ExcludeCNFromSans bool `json:"excludeCNFromSans,omitempty"`

	// PermittedDNSDomains configures an allow list of domains for which
	// certificates can be issued using the certificate authority.
	// +optional
	PermittedDNSDomains []string `json:"permittedDNSDomains,omitempty"`

	// Exported configures if the CA should be generated in exported mode.
	// If this is set to true then the private key of the CA can be bound to
	// and accessed by applications. If it is set to false then the private key
	// will be inaccessible. Defaults to false. This setting can not be changed
	// after the PKI is created.
	// +optional
	Exported bool `json:"exported,omitempty"`
}

func (*VaultCertificateAuthoritySettings) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthoritySettings.

func (*VaultCertificateAuthoritySettings) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateAuthoritySpec

type VaultCertificateAuthoritySpec struct {
	// Plugin configures the plugin backend used for this engine. Defaults to pki.
	// +optional
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Default:=pki
	Plugin string `json:"plugin,omitempty"`

	// Issuer implicitly defines whether the CA is an intermediate or a root CA.
	// If left empty the CA is assumed to be a root CA and will be self-signed.
	// Otherwise, the configured name is a reference to the parent CAs Kubernetes
	// object.
	// +optional
	Issuer string `json:"issuer,omitempty"`

	// Import can be used to import an already existing certificate.
	// +optional
	Import *VaultCertificateAuthorityImport `json:"import,omitempty"`

	// Subject configures the subject fields of the Certificate Authority
	// It is recommended to set a least one field im the Subject section
	// +optional
	Subject VaultCertificateAuthoritySubject `json:"subject,omitempty"`

	// Tuning can be used to tune the PKI Secret Engine in Vault
	// +optional
	Tuning VaultCertificateAuthorityTuning `json:"tuning,omitempty"`

	// Settings configures the key pair of the Certificate Authority
	Settings VaultCertificateAuthoritySettings `json:"settings,omitempty"`

	// DeleteProtection configures that the secret should not be able to be deleted.
	// Defaults to false.
	// +optional
	DeleteProtection bool `json:"deleteProtection"`
}

VaultCertificateAuthoritySpec defines the desired state of VaultCertificateAuthority.

func (*VaultCertificateAuthoritySpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthoritySpec.

func (*VaultCertificateAuthoritySpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateAuthorityStatus

type VaultCertificateAuthorityStatus struct {
	Conditions []metav1.Condition `json:"conditions"`
}

VaultCertificateAuthorityStatus defines the observed state of VaultCertificateAuthority.

func (*VaultCertificateAuthorityStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityStatus.

func (*VaultCertificateAuthorityStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateAuthoritySubject

type VaultCertificateAuthoritySubject struct {
	// CommonName sets the CN (common name) field in the certificate subject
	// +optional
	CommonName string `json:"commonName,omitempty"`

	// Organization sets the organization (O) field in the certificate's subject.
	// +optional
	Organization []string `json:"organization,omitempty"`

	// OrganizationalUnit sets the OU (organizational unit) field in the
	// certificate's subject.
	// +optional
	OrganizationalUnit []string `json:"ou,omitempty"`

	// Country sets the C (country) field in the certificate's subject.
	// +optional
	Country []string `json:"country,omitempty"`

	// Locality sets the L (locality) field in the certificate's subject.
	// +optional
	Locality []string `json:"locality,omitempty"`

	// Province sets the ST (province) field in the certificate's subject.
	// +optional
	Province []string `json:"province,omitempty"`

	// StreetAddress sets the street address field in the certificate's subject.
	// +optional
	StreetAddress []string `json:"streetAddress,omitempty"`

	// PostalCode sets the postal code field in the certificate's subject.
	// +optional
	PostalCode []string `json:"postalCode,omitempty"`
}

func (*VaultCertificateAuthoritySubject) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthoritySubject.

func (*VaultCertificateAuthoritySubject) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateAuthorityTuning

type VaultCertificateAuthorityTuning struct {
	// DefaultLeaseTTL sets the default validity of certificates issued by the
	// PKI secret engine.
	// +optional
	DefaultLeaseTTL metav1.Duration `json:"defaultLeaseTTL,omitempty"`

	// MaxLeaseTTL sets the maximum validity of any certificate issued by the
	// PKI secret engine.
	// +optional
	MaxLeaseTTL metav1.Duration `json:"maxLeaseTTL,omitempty"`

	// Description sets the description of the PKI secret engine in Vault.
	// +optional
	Description string `json:"description,omitempty"`
}

func (*VaultCertificateAuthorityTuning) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityTuning.

func (*VaultCertificateAuthorityTuning) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateFieldType

type VaultCertificateFieldType string
const (
	// VaultBindingCertificateFieldTypeCertChain is the field type for binding
	// the cert chain of a certificate.
	VaultBindingCertificateFieldTypeCertChain VaultCertificateFieldType = "cert_chain"

	// VaultBindingCertificateFieldTypeFullCertChain is the field type for
	// binding the full cert chain (including root) of a certificate.
	VaultBindingCertificateFieldTypeFullCertChain VaultCertificateFieldType = "full_cert_chain"

	// VaultBindingCertificateFieldTypePrivateKey is the field type for binding
	// the private key of a certificate.
	VaultBindingCertificateFieldTypePrivateKey VaultCertificateFieldType = "private_key"

	// VaultBindingCertificateFieldTypeCertificate is the field type for
	// binding the public part a certificate.
	VaultBindingCertificateFieldTypeCertificate VaultCertificateFieldType = "certificate"
)

type VaultCertificateRef

type VaultCertificateRef struct {
	Name         string                              `json:"name,omitempty"`
	EnginePath   string                              `json:"enginePath,omitempty"`
	RoleName     string                              `json:"roleName,omitempty"`
	Capabilities []VaultBindingCertificateCapability `json:"capabilities,omitempty"`
}

func (*VaultCertificateRef) DeepCopy

func (in *VaultCertificateRef) DeepCopy() *VaultCertificateRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRef.

func (*VaultCertificateRef) DeepCopyInto

func (in *VaultCertificateRef) DeepCopyInto(out *VaultCertificateRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateRole

type VaultCertificateRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultCertificateRoleSpec   `json:"spec,omitempty"`
	Status VaultCertificateRoleStatus `json:"status,omitempty"`
}

VaultCertificateRole is the Schema for the VaultCertificateRole API.

func (*VaultCertificateRole) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRole.

func (*VaultCertificateRole) DeepCopyInto

func (in *VaultCertificateRole) DeepCopyInto(out *VaultCertificateRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultCertificateRole) DeepCopyObject

func (in *VaultCertificateRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultCertificateRole) GetRoleName

func (in *VaultCertificateRole) GetRoleName() (string, error)

func (*VaultCertificateRole) GetSettings

func (in *VaultCertificateRole) GetSettings() (*pki.RoleSettings, error)

func (*VaultCertificateRole) GetSubject

func (in *VaultCertificateRole) GetSubject() (*pki.SubjectSettings, error)

type VaultCertificateRoleList

type VaultCertificateRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultCertificateRole `json:"items"`
}

VaultCertificateRoleList contains a list of VaultCertificateRole.

func (*VaultCertificateRoleList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleList.

func (*VaultCertificateRoleList) DeepCopyInto

func (in *VaultCertificateRoleList) DeepCopyInto(out *VaultCertificateRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultCertificateRoleList) DeepCopyObject

func (in *VaultCertificateRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultCertificateRoleSettings

type VaultCertificateRoleSettings struct {
	// TTL configures the validity of the certificate.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#ttl.
	// +required
	// +kubebuilder:validation:Required
	TTL metav1.Duration `json:"ttl,omitempty"`

	// MaxTTL configures the maximum validity of the certificate.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#max_ttl.
	// +optional
	MaxTTL metav1.Duration `json:"maxTTL,omitempty"`

	// AllowLocalhost configures if the certificate is valid for localhost.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_localhost.
	// +optional
	AllowLocalhost bool `json:"allowLocalhost,omitempty"`

	// AllowedDomains configures a list of domains for which this certificate can be issued.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allowed_domains.
	// +optional
	AllowedDomains []string `json:"allowedDomains,omitempty"`

	// AllowedDomainsTemplate configures if the list of allowed domains can make used of templates.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allowed_domains_template.
	// +optional
	AllowedDomainsTemplate bool `json:"allowedDomainsTemplate,omitempty"`

	// AllowBareDomains configures if certificates can be issued for bare domains.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_bare_domains.
	// +optional
	AllowBareDomains bool `json:"allowBareDomains,omitempty"`

	// AllowSubdomains configures if certificates can be issued for subdomains.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_subdomains.
	// +optional
	AllowSubdomains bool `json:"allowSubdomains,omitempty"`

	// AllowGlobDomains configures if certificates can be issued for wildcard domains.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_glob_domains.
	// +optional
	AllowGlobDomains bool `json:"allowGlobDomains,omitempty"`

	// AllowAnyName configures if certificates can be issued for any common name.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_any_name.
	// +optional
	AllowAnyName bool `json:"allowAnyName,omitempty"`

	// EnforceHostNames configures if host names should be enforced.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#enforce_hostnames.
	// +optional
	EnforceHostNames bool `json:"enforceHostNames,omitempty"`

	// AllowIPSans configures if certificates with IP subject alternative names
	// can be issued.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_ip_sans.
	// +optional
	AllowIPSans bool `json:"allowIPSans,omitempty"`

	// AllowedURISans configures an allow list of URI subject alternative names
	// for which certificates can be issued.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allowed_uri_sans.
	//	+optional
	AllowedURISans []string `json:"allowedURISans,omitempty"`

	// AllowedOtherSans configures an allow list of other subject alternative
	// names for which certificates can be issued.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#allowed_other_sans.
	// +optional
	AllowedOtherSans []string `json:"allowedOtherSans,omitempty"`

	// ServerFlag configures if issued certificates should have the server flag
	// set.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#server_flag.
	// +optional
	ServerFlag bool `json:"serverFlag,omitempty"`

	// ClientFlag configures if issued certificates should have the client flag
	// set.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#client_flag.
	// +optional
	ClientFlag bool `json:"clientFlag,omitempty"`

	// CodeSigningFlag configures if issued certificates should have the code
	// signing flag set.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#code_signing_flag.
	// +optional
	CodeSigningFlag bool `json:"codeSigningFlag,omitempty"`

	// EmailProtectionFlag configures if issued certificates should have the
	// email protection flag set.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#email_protection_flag.
	// +optional
	EmailProtectionFlag bool `json:"emailProtectionFlag,omitempty"`

	// KeyType sets the key algorithm of the CA certificate.
	// Can be either rsa, ec or any if either type and any bit size should be
	// supported. ED25519 is not supported yet.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#key_type-3.
	// +optional
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:=rsa;ec;any
	// +kubebuilder:default:=any
	KeyType pki.KeyType `json:"keyType"`

	// KeyBits sets the size of the key of the certificate authority.
	// Ignored in signing operations when KeyType is `any`.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#key_bits-3.
	// +optional
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:=224;256;384;521;2048;3072;4096
	KeyBits pki.KeyBits `json:"keyBits,omitempty"`

	// KeyUsage configures a list of usages issued certificate should allow.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#key_usage-1.
	// +optional
	KeyUsage []pki.KeyUsage `json:"keyUsage,omitempty"`

	// ExtendedKeyUsage configures a list of extended key usages issued
	// certificate should allow.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#ext_key_usage-1.
	// +optional
	ExtendedKeyUsage []pki.ExtendedKeyUsage `json:"extKeyUsage,omitempty"`

	// ExtendedKeyUsageOIDS configures a list of key usage OIDs issued
	// certificate should allow.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#ext_key_usage_oids-1.
	// +optional
	ExtendedKeyUsageOIDS []string `json:"extKeyUsageOIDS,omitempty"`

	// UseCSRCommonName configures if the common name from a CSR should be set
	// in issued certificate.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#use_csr_common_name.
	// +optional
	UseCSRCommonName bool `json:"useCSRCommonName,omitempty"`

	// UseCSRSans configures if the subject alternative names from a CSR should
	// be included in issued certificates.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#use_csr_sans.
	// +optional
	UseCSRSans bool `json:"useCSRSans,omitempty"`

	// RequireCommonName configures if setting a common name is required when
	// issuing certificates.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#require_cn.
	// +optional
	RequireCommonName bool `json:"requireCN,omitempty"`

	// PolicyIdentifiers configures a list of policy OIDs which should be set
	// on issued certificates.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#policy_identifiers.
	// +optional
	PolicyIdentifiers []string `json:"policyIdentifiers,omitempty"`

	// BasicConstraintsValidForNonCA configures if basic constraints should be
	// valid when issuing non-ca certificates.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#basic_constraints_valid_for_non_ca.
	// +optional
	BasicConstraintsValidForNonCA bool `json:"basicConstraintsValidForNonCA,omitempty"`

	// NotBeforeDuration configures a delay which has to elapse for any issued
	// certificate to become valid.
	// Additional information: https://www.vaultproject.io/api-docs/secret/pki#not_before_duration-2.
	// +optional
	NotBeforeDuration metav1.Duration `json:"notBeforeDuration,omitempty"`
}

func (*VaultCertificateRoleSettings) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleSettings.

func (*VaultCertificateRoleSettings) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateRoleSpec

type VaultCertificateRoleSpec struct {
	// Issuer specifies the certificate authority used to issue the certificate.
	Issuer string `json:"issuer,omitempty"`

	// Subject configures the subject fields of the Certificate.
	Subject VaultCertificateRoleSubject `json:"subject,omitempty"`

	// Settings configures the settings of the certificate.
	Settings VaultCertificateRoleSettings `json:"settings,omitempty"`
}

VaultCertificateRoleSpec defines the desired state of VaultCertificateRole.

func (*VaultCertificateRoleSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleSpec.

func (*VaultCertificateRoleSpec) DeepCopyInto

func (in *VaultCertificateRoleSpec) DeepCopyInto(out *VaultCertificateRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateRoleStatus

type VaultCertificateRoleStatus struct {
	Conditions []metav1.Condition `json:"conditions"`
}

VaultCertificateRoleStatus defines the observed state of VaultCertificateRole.

func (*VaultCertificateRoleStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleStatus.

func (*VaultCertificateRoleStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateRoleSubject

type VaultCertificateRoleSubject struct {
	// Organization sets the organization (O) field in the certificate subject.
	// +optional
	Organization []string `json:"organization,omitempty"`

	// OrganizationalUnit sets the organizational unit (OU) field in the certificate subject.
	// +optional
	OrganizationalUnit []string `json:"ou,omitempty"`

	// Country sets the country field (C) in the certificate subject.
	// +optional
	Country []string `json:"country,omitempty"`

	// Locality sets the locality field (L) in the certificate subject.
	// +optional
	Locality []string `json:"locality,omitempty"`

	// Province sets the state or province field (ST) in the certificate subject.
	// +optional
	Province []string `json:"province,omitempty"`

	// StreetAddress sets the street address field in the certificate subject.
	// +optional
	StreetAddress []string `json:"streetAddress,omitempty"`

	// PostalCode sets the postal code field in the certificate subject.
	// +optional
	PostalCode []string `json:"postalCode,omitempty"`
}

func (*VaultCertificateRoleSubject) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleSubject.

func (*VaultCertificateRoleSubject) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultCertificateTemplate

type VaultCertificateTemplate struct {
	// Alias is the name of this certificate template.
	// +optional
	// +kubebuilder:validation:Optional
	Alias string `json:"alias,omitempty"`

	// CertificateRole is the name of the VaultCertificateRole to be used for issuing
	// this certificate.
	// +required
	// +kubebuilder:validation:Required
	CertificateRole string `json:"certificateRole"`

	// CommonName is the CN (common name) of the issued certificate.
	// +optional
	// +kubebuilder:validation:Optional
	CommonName string `json:"commonName,omitempty"`

	// DNSSans is a list of DNS subject alternative names requested for this
	// certificate.
	// +optional
	// +kubebuilder:validation:Optional
	DNSSans []string `json:"dnsSans,omitempty"`

	// OtherSans is a list of custom OID/UTF-8 subject alternative names
	// requested for this certificate.
	// Expected Format: `<oid>;<type>:<value>`
	// +optional
	// +kubebuilder:validation:Optional
	OtherSans []string `json:"otherSans,omitempty"`

	// IPSans is a list of IP subject alternative names requested for this
	// certificate.
	// +optional
	// +kubebuilder:validation:Optional
	IPSans []string `json:"ipSans,omitempty"`

	// AlternativeNames is a list of URI subject alternative names requested
	// for this certificate.
	// +optional
	// +kubebuilder:validation:Optional
	URISans []string `json:"uriSans,omitempty"`

	// TTL is the Time-To-Live requested for this certificate.
	// +optional
	// +kubebuilder:validation:Optional
	TTL metav1.Duration `json:"ttl,omitempty"`

	// ExcludeCNFromSans toggles if the common name should be excluded from the
	// subject alternative names of the certificate.
	// +optional
	// +kubebuilder:validation:Optional
	ExcludeCNFromSans bool `json:"excludeCNFromSans,omitempty"`
}

func (*VaultCertificateTemplate) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateTemplate.

func (*VaultCertificateTemplate) DeepCopyInto

func (in *VaultCertificateTemplate) DeepCopyInto(out *VaultCertificateTemplate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultClientConfig

type VaultClientConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultClientConfigSpec   `json:"spec,omitempty"`
	Status VaultClientConfigStatus `json:"status,omitempty"`
}

VaultClientConfig is the Schema for the vaultclientconfigs API.

func (*VaultClientConfig) DeepCopy

func (in *VaultClientConfig) DeepCopy() *VaultClientConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientConfig.

func (*VaultClientConfig) DeepCopyInto

func (in *VaultClientConfig) DeepCopyInto(out *VaultClientConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultClientConfig) DeepCopyObject

func (in *VaultClientConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultClientConfigList

type VaultClientConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultClientConfig `json:"items"`
}

VaultClientConfigList contains a list of VaultClientConfig.

func (*VaultClientConfigList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientConfigList.

func (*VaultClientConfigList) DeepCopyInto

func (in *VaultClientConfigList) DeepCopyInto(out *VaultClientConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultClientConfigList) DeepCopyObject

func (in *VaultClientConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultClientConfigSpec

type VaultClientConfigSpec struct {
	Address                string                          `json:"address,omitempty"`
	Role                   string                          `json:"role,omitempty"`
	CACerts                []string                        `json:"caCerts,omitempty"`
	AuthMountPath          string                          `json:"authMountPath,omitempty"`
	CertificateAuthorities []*VaultCertificateAuthorityRef `json:"certificateAuthorities,omitempty"`
	KvSecrets              []*VaultKVSecretRef             `json:"kvSecrets,omitempty"`
	Certificates           []*VaultCertificateRef          `json:"certificates,omitempty"`
	TransitKeys            []*VaultTransitKeyRef           `json:"transitKeys,omitempty"`
	Templates              VaultBindingAgentConfig         `json:"templates,omitempty"`
}

VaultClientConfigSpec defines the desired state of VaultClientConfig.

func (*VaultClientConfigSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientConfigSpec.

func (*VaultClientConfigSpec) DeepCopyInto

func (in *VaultClientConfigSpec) DeepCopyInto(out *VaultClientConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultClientConfigStatus

type VaultClientConfigStatus struct {
	Conditions []metav1.Condition `json:"conditions"`
}

VaultClientConfigStatus defines the observed state of VaultClientConfig.

func (*VaultClientConfigStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientConfigStatus.

func (*VaultClientConfigStatus) DeepCopyInto

func (in *VaultClientConfigStatus) DeepCopyInto(out *VaultClientConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVSecret

type VaultKVSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultKVSecretSpec   `json:"spec,omitempty"`
	Status VaultKVSecretStatus `json:"status,omitempty"`
}

VaultKVSecret is the Schema for the vaultkvsecrets API.

func (*VaultKVSecret) DeepCopy

func (in *VaultKVSecret) DeepCopy() *VaultKVSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecret.

func (*VaultKVSecret) DeepCopyInto

func (in *VaultKVSecret) DeepCopyInto(out *VaultKVSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultKVSecret) DeepCopyObject

func (in *VaultKVSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultKVSecret) GetSecretPath

func (r *VaultKVSecret) GetSecretPath() (string, error)

func (*VaultKVSecret) SetupWebhookWithManager

func (r *VaultKVSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultKVSecret) ValidateCreate

func (r *VaultKVSecret) ValidateCreate() (warnings admission.Warnings, err error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*VaultKVSecret) ValidateDelete

func (r *VaultKVSecret) ValidateDelete() (warnings admission.Warnings, err error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*VaultKVSecret) ValidateUpdate

func (r *VaultKVSecret) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type VaultKVSecretEngine

type VaultKVSecretEngine struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultKVSecretEngineSpec   `json:"spec,omitempty"`
	Status VaultKVSecretEngineStatus `json:"status,omitempty"`
}

VaultKVSecretEngine is the Schema for the vaultkvsecretengines API.

func (*VaultKVSecretEngine) DeepCopy

func (in *VaultKVSecretEngine) DeepCopy() *VaultKVSecretEngine

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretEngine.

func (*VaultKVSecretEngine) DeepCopyInto

func (in *VaultKVSecretEngine) DeepCopyInto(out *VaultKVSecretEngine)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultKVSecretEngine) DeepCopyObject

func (in *VaultKVSecretEngine) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultKVSecretEngine) GetKvEngineConfig

func (r *VaultKVSecretEngine) GetKvEngineConfig() (*kvengine.Config, error)

func (*VaultKVSecretEngine) GetMountPath

func (r *VaultKVSecretEngine) GetMountPath() (string, error)

func (*VaultKVSecretEngine) SetupWebhookWithManager

func (r *VaultKVSecretEngine) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultKVSecretEngine) ValidateCreate

func (r *VaultKVSecretEngine) ValidateCreate() (warnings admission.Warnings, err error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*VaultKVSecretEngine) ValidateDelete

func (r *VaultKVSecretEngine) ValidateDelete() (warnings admission.Warnings, err error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*VaultKVSecretEngine) ValidateUpdate

func (r *VaultKVSecretEngine) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type VaultKVSecretEngineList

type VaultKVSecretEngineList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultKVSecretEngine `json:"items"`
}

VaultKVSecretEngineList contains a list of VaultKVSecretEngine +kubebuilder:object:root=true

func (*VaultKVSecretEngineList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretEngineList.

func (*VaultKVSecretEngineList) DeepCopyInto

func (in *VaultKVSecretEngineList) DeepCopyInto(out *VaultKVSecretEngineList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultKVSecretEngineList) DeepCopyObject

func (in *VaultKVSecretEngineList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultKVSecretEngineSpec

type VaultKVSecretEngineSpec struct {

	// MaxVersions configures the maximum number of secret versions to keep
	MaxVersions int `json:"maxVersions"`

	// DeleteProtection configures that the secret engine should not be able to be deleted.
	// Defaults to false.
	// +optional
	DeleteProtection bool `json:"deleteProtection"`
}

VaultKVSecretEngineSpec defines the desired state of VaultKVSecretEngine.

func (*VaultKVSecretEngineSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretEngineSpec.

func (*VaultKVSecretEngineSpec) DeepCopyInto

func (in *VaultKVSecretEngineSpec) DeepCopyInto(out *VaultKVSecretEngineSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVSecretEngineStatus

type VaultKVSecretEngineStatus struct {
	Conditions []metav1.Condition `json:"conditions"`
}

VaultKVSecretEngineStatus defines the observed state of VaultKVSecretEngine.

func (*VaultKVSecretEngineStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretEngineStatus.

func (*VaultKVSecretEngineStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVSecretField

type VaultKVSecretField struct {
	// CipherText represents a value which has been encrypted by Heists managed
	// Transit Engine.
	// +optional
	// +kubebuilder:validation:Optional
	CipherText EncryptedValue `json:"ciphertext,omitempty"`

	// AutoGenerated configures that the secret should have an autogenerated value.
	// Must be set to false when using a custom stringValue or custom cipherText.
	// Defaults to true.
	// +optional
	// +kubebuilder:validation:Optional
	AutoGenerated bool `json:"autoGenerated,omitempty"`

	// AutoGeneratedLength can be used in combination with AutoGenerated.
	// It optionally configures the length of the autogenerated secret, the default
	// is 64 character.
	// +optional
	// +kubebuilder:validation:Optional
	AutoGeneratedLength int `json:"autoGeneratedLength,omitempty"`
}

VaultKVSecretField defines the desired state of a field in a VaultKVSecret.

func (*VaultKVSecretField) DeepCopy

func (in *VaultKVSecretField) DeepCopy() *VaultKVSecretField

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretField.

func (*VaultKVSecretField) DeepCopyInto

func (in *VaultKVSecretField) DeepCopyInto(out *VaultKVSecretField)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVSecretList

type VaultKVSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultKVSecret `json:"items"`
}

VaultKVSecretList contains a list of VaultKVSecret. +kubebuilder:object:root=true

func (*VaultKVSecretList) DeepCopy

func (in *VaultKVSecretList) DeepCopy() *VaultKVSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretList.

func (*VaultKVSecretList) DeepCopyInto

func (in *VaultKVSecretList) DeepCopyInto(out *VaultKVSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultKVSecretList) DeepCopyObject

func (in *VaultKVSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultKVSecretRef

type VaultKVSecretRef struct {
	Name         string                     `json:"name,omitempty"`
	EnginePath   string                     `json:"enginePath,omitempty"`
	SecretPath   string                     `json:"secretPath,omitempty"`
	Capabilities []VaultBindingKVCapability `json:"capabilities,omitempty"`
}

func (*VaultKVSecretRef) DeepCopy

func (in *VaultKVSecretRef) DeepCopy() *VaultKVSecretRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretRef.

func (*VaultKVSecretRef) DeepCopyInto

func (in *VaultKVSecretRef) DeepCopyInto(out *VaultKVSecretRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVSecretSpec

type VaultKVSecretSpec struct {

	// Engine configures the secret storage engine in which the secret should
	// be stored.
	// +required
	// +kubebuilder:validation:Required
	Engine string `json:"engine"`

	// Path configures the relative path of the Secret inside its secret engine.
	// +optional
	// +kubebuilder:validation:Optional
	Path string `json:"path,omitempty"`

	// Fields is a map of fields stored in the Secret.
	// +optional
	// +kubebuilder:validation:Optional
	Fields map[string]*VaultKVSecretField `json:"fields,omitempty"`

	// DeleteProtection configures that the secret should not be able to be deleted.
	// Defaults to false.
	// +optional
	// +kubebuilder:validation:Optional
	DeleteProtection bool `json:"deleteProtection,omitempty"`
}

VaultKVSecretSpec defines the desired secret's fields and the secret's config.

func (*VaultKVSecretSpec) DeepCopy

func (in *VaultKVSecretSpec) DeepCopy() *VaultKVSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretSpec.

func (*VaultKVSecretSpec) DeepCopyInto

func (in *VaultKVSecretSpec) DeepCopyInto(out *VaultKVSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultKVSecretStatus

type VaultKVSecretStatus struct {
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// ReadOnlyPolicyName is the name of the read-only policy created for this
	// secret.
	// +optional
	ReadOnlyPolicyName string `json:"policyName,omitempty"`

	// Engine is the name of the engine used to store this secret.
	// +optional
	Engine string `json:"engine,omitempty"`

	// Path is the relative path this secret inside its engine.
	// +optional
	Path string `json:"path,omitempty"`

	// Fields is a map of field names to cipher text for all fields currently.
	// stored in Vault
	// +optional
	Fields map[string]string `json:"fields,omitempty"`
}

VaultKVSecretStatus defines the observed state of VaultKVSecret.

func (*VaultKVSecretStatus) DeepCopy

func (in *VaultKVSecretStatus) DeepCopy() *VaultKVSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretStatus.

func (*VaultKVSecretStatus) DeepCopyInto

func (in *VaultKVSecretStatus) DeepCopyInto(out *VaultKVSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncCertificate

type VaultSyncCertificate struct {
	// Name is the name of the VaultCertificateAuthority which should be
	// synced.
	// +required
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Fields is a list of fields which should be synced from the
	// VaultCertificateAuthority.
	// +required
	// +kubebuilder:validation:Required
	Fields []VaultSyncCertificateField `json:"fields"`

	// CommonName is the CN (common name) of the issued certificate.
	// +required
	// +kubebuilder:validation:Required
	CommonName string `json:"commonName"`

	// AlternativeNames is a list of SANs (subject alternative names) requested
	// for this certificate. These will be set as an extension in the
	// certificate.
	// +optional
	// +kubebuilder:validation:Optional
	AlternativeNames []string `json:"alternativeNames,omitempty"`

	// ExcludeCNFromSans disables automatically adding the common name to the
	// SAN list.
	// +optional
	// +kubebuilder:validation:Optional
	ExcludeCNFromSans bool `json:"excludeCNFromSans,omitempty"`
}

VaultSyncCertificate configures syncing of values from a VaultCertificateRole.

func (*VaultSyncCertificate) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificate.

func (*VaultSyncCertificate) DeepCopyInto

func (in *VaultSyncCertificate) DeepCopyInto(out *VaultSyncCertificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncCertificateAuthority

type VaultSyncCertificateAuthority struct {
	// Name is the name of the VaultCertificateAuthority which should be
	// synced.
	// +required
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Fields is a list of fields which should be synced from the
	// VaultCertificateAuthority.
	// +required
	// +kubebuilder:validation:Required
	Fields []VaultSyncCertificateField `json:"fields,omitempty"`
}

VaultSyncCertificateAuthority configures syncing of values from a VaultCertificateAuthority.

func (*VaultSyncCertificateAuthority) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificateAuthority.

func (*VaultSyncCertificateAuthority) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncCertificateAuthoritySource

type VaultSyncCertificateAuthoritySource struct {
	// Name is the name of the VaultCertificateAuthority which should be synced.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name,omitempty"`

	// Field is the field of the certificate authority which should be synced.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:=certificate;private_key;cert_chain;full_cert_chain
	Field VaultCertificateFieldType `json:"field,omitempty"`
}

func (*VaultSyncCertificateAuthoritySource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificateAuthoritySource.

func (*VaultSyncCertificateAuthoritySource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncCertificateField

type VaultSyncCertificateField struct {
	// Type is the name of the field which should be bound. Possible values are
	// defined in VaultCertificateFieldType.
	// +kubebuilder:validation:Enum:=certificate;private_key;cert_chain;full_cert_chain
	// +kubebuilder:default:=certificate
	Type VaultCertificateFieldType `json:"field"`

	// Key is the secret key used to store the value.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Key string `json:"key"`
}

VaultSyncCertificateField configures syncing of values from a certificate.

func (*VaultSyncCertificateField) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificateField.

func (*VaultSyncCertificateField) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncCertificateSource

type VaultSyncCertificateSource struct {
	// Name is the name of the certificate template used to issue the
	// certificate which should be synced.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name,omitempty"`

	// Field is the field of the certificate which should be synced.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:=certificate;private_key;cert_chain;full_cert_chain
	Field VaultCertificateFieldType `json:"field,omitempty"`
}

func (*VaultSyncCertificateSource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificateSource.

func (*VaultSyncCertificateSource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncKVSecretSource

type VaultSyncKVSecretSource struct {
	// Name is the name of the VaultKVSecret which should be synced.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name,omitempty"`

	// Field specifies a single field of the VaultKVSecret which should be synced.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Field string `json:"field,omitempty"`
}

func (*VaultSyncKVSecretSource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncKVSecretSource.

func (*VaultSyncKVSecretSource) DeepCopyInto

func (in *VaultSyncKVSecretSource) DeepCopyInto(out *VaultSyncKVSecretSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncKvSecret

type VaultSyncKvSecret struct {
	// Name is the name of the VaultKVSecret.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Name string `json:"name,omitempty"`

	// Field is the name of the field in the VaultKVSecret.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Field string `json:"field,omitempty"`

	// Key is the secret key used to store the value.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinLength=1
	Key string `json:"key,omitempty"`
}

func (*VaultSyncKvSecret) DeepCopy

func (in *VaultSyncKvSecret) DeepCopy() *VaultSyncKvSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncKvSecret.

func (*VaultSyncKvSecret) DeepCopyInto

func (in *VaultSyncKvSecret) DeepCopyInto(out *VaultSyncKvSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncSecret

type VaultSyncSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultSyncSecretSpec   `json:"spec,omitempty"`
	Status VaultSyncSecretStatus `json:"status,omitempty"`
}

VaultSyncSecret is the Schema for the vaultsyncsecrets API.

func (*VaultSyncSecret) DeepCopy

func (in *VaultSyncSecret) DeepCopy() *VaultSyncSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecret.

func (*VaultSyncSecret) DeepCopyInto

func (in *VaultSyncSecret) DeepCopyInto(out *VaultSyncSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSyncSecret) DeepCopyObject

func (in *VaultSyncSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultSyncSecret) SetupWebhookWithManager

func (r *VaultSyncSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultSyncSecret) ValidateCreate

func (r *VaultSyncSecret) ValidateCreate() (warnings admission.Warnings, err error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*VaultSyncSecret) ValidateDelete

func (r *VaultSyncSecret) ValidateDelete() (warnings admission.Warnings, err error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*VaultSyncSecret) ValidateUpdate

func (r *VaultSyncSecret) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type VaultSyncSecretList

type VaultSyncSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultSyncSecret `json:"items"`
}

VaultSyncSecretList contains a list of VaultSyncSecret.

func (*VaultSyncSecretList) DeepCopy

func (in *VaultSyncSecretList) DeepCopy() *VaultSyncSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretList.

func (*VaultSyncSecretList) DeepCopyInto

func (in *VaultSyncSecretList) DeepCopyInto(out *VaultSyncSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSyncSecretList) DeepCopyObject

func (in *VaultSyncSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultSyncSecretSource

type VaultSyncSecretSource struct {
	// CipherText represents a value which has been encrypted by Heists managed
	// Transit Engine.
	// +optional
	// +kubebuilder:validation:Optional
	CipherText EncryptedValue `json:"cipherText,omitempty"`

	// CertificateAuthority configures a VaultCertificateAuthority from which a
	// field should be synced.
	// +optional
	// +kubebuilder:validation:Optional
	CertificateAuthority *VaultSyncCertificateAuthoritySource `json:"certificateAuthority,omitempty"`

	// Certificate configures a VaultCertificateRole from which a field should be
	// synced.
	// +optional
	// +kubebuilder:validation:Optional
	Certificate *VaultSyncCertificateSource `json:"certificate,omitempty"`

	// KVSecret configures a VaultKVSecret from which a field should be synced
	// +optional
	// +kubebuilder:validation:Optional
	KVSecret *VaultSyncKVSecretSource `json:"kvSecret,omitempty"`
}

func (*VaultSyncSecretSource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretSource.

func (*VaultSyncSecretSource) DeepCopyInto

func (in *VaultSyncSecretSource) DeepCopyInto(out *VaultSyncSecretSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncSecretSpec

type VaultSyncSecretSpec struct {
	// Target configures the secret you want to sync values to.
	// +required
	// +kubebuilder:validation:Required
	Target VaultSyncSecretTarget `json:"target,omitempty"`

	// CertificateTemplates configures settings for certificates which may be
	// issued.
	// +optional
	// +kubebuilder:validation:Optional
	CertificateTemplates []VaultCertificateTemplate `json:"certificateTemplates,omitempty"`

	// Data is a map of values which should be synced to the Target Kubernetes
	// Secret.
	// +required
	// +kubebuilder:validation:Required
	Data map[string]VaultSyncSecretSource `json:"data,omitempty"`
}

func (*VaultSyncSecretSpec) DeepCopy

func (in *VaultSyncSecretSpec) DeepCopy() *VaultSyncSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretSpec.

func (*VaultSyncSecretSpec) DeepCopyInto

func (in *VaultSyncSecretSpec) DeepCopyInto(out *VaultSyncSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncSecretStatus

type VaultSyncSecretStatus struct {
	Conditions []metav1.Condition `json:"conditions"`

	AppliedSpec VaultSyncSecretSpec `json:"appliedSpec,omitempty"`
}

VaultSyncSecretStatus defines the observed state of VaultSyncSecret.

func (*VaultSyncSecretStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretStatus.

func (*VaultSyncSecretStatus) DeepCopyInto

func (in *VaultSyncSecretStatus) DeepCopyInto(out *VaultSyncSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSyncSecretTarget

type VaultSyncSecretTarget struct {
	// Name is the name of the secret resource you want to create.
	// +optional
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=253
	Name string `json:"name,omitempty"`

	// Namespace is the namespace the secret should be created in.
	// +optional
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:MaxLength=63
	Namespace string `json:"namespace,omitempty"`

	// Type is the type of secret which should be created.
	// +optional
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:=Opaque;kubernetes.io/dockercfg;kubernetes.io/dockerconfigjson;kubernetes.io/basic-auth;kubernetes.io/ssh-auth;kubernetes.io/tls
	Type v1.SecretType `json:"type,omitempty"`

	// AdditionalLabels is a map of labels added to the secret.
	// +optional
	// +kubebuilder:validation:Optional
	AdditionalLabels map[string]string `json:"additionalLabels,omitempty"`

	// AdditionalAnnotations is a map of annotations added to the secret.
	// +optional
	// +kubebuilder:validation:Optional
	AdditionalAnnotations map[string]string `json:"additionalAnnotations,omitempty"`
}

VaultSyncSecretTarget defines the desired state of VaultSyncSecret.

func (*VaultSyncSecretTarget) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretTarget.

func (*VaultSyncSecretTarget) DeepCopyInto

func (in *VaultSyncSecretTarget) DeepCopyInto(out *VaultSyncSecretTarget)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultTransitEngine

type VaultTransitEngine struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultTransitEngineSpec   `json:"spec,omitempty"`
	Status VaultTransitEngineStatus `json:"status,omitempty"`
}

VaultTransitEngine is the Schema for the vaulttransitengines API.

func (*VaultTransitEngine) DeepCopy

func (in *VaultTransitEngine) DeepCopy() *VaultTransitEngine

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitEngine.

func (*VaultTransitEngine) DeepCopyInto

func (in *VaultTransitEngine) DeepCopyInto(out *VaultTransitEngine)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultTransitEngine) DeepCopyObject

func (in *VaultTransitEngine) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultTransitEngine) GetMountPath

func (r *VaultTransitEngine) GetMountPath() (string, error)

func (*VaultTransitEngine) GetPluginName

func (r *VaultTransitEngine) GetPluginName() (string, error)

func (*VaultTransitEngine) GetTransitEngineConfig

func (r *VaultTransitEngine) GetTransitEngineConfig() (*transit.EngineConfig, error)

func (*VaultTransitEngine) SetupWebhookWithManager

func (r *VaultTransitEngine) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultTransitEngine) ValidateCreate

func (r *VaultTransitEngine) ValidateCreate() (warnings admission.Warnings, err error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*VaultTransitEngine) ValidateDelete

func (r *VaultTransitEngine) ValidateDelete() (warnings admission.Warnings, err error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*VaultTransitEngine) ValidateUpdate

func (r *VaultTransitEngine) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type VaultTransitEngineList

type VaultTransitEngineList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultTransitEngine `json:"items"`
}

VaultTransitEngineList contains a list of VaultTransitEngine.

func (*VaultTransitEngineList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitEngineList.

func (*VaultTransitEngineList) DeepCopyInto

func (in *VaultTransitEngineList) DeepCopyInto(out *VaultTransitEngineList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultTransitEngineList) DeepCopyObject

func (in *VaultTransitEngineList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultTransitEngineSpec

type VaultTransitEngineSpec struct {
	// Plugin configures the plugin backend used for this engine. Defaults to transit.
	// https://www.vaultproject.io/docs/upgrading/plugins#overriding-built-in-plugins
	// +optional
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Default:=transit
	Plugin string `json:"plugin,omitempty"`
}

VaultTransitEngineSpec defines the desired state of VaultTransitEngine.

func (*VaultTransitEngineSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitEngineSpec.

func (*VaultTransitEngineSpec) DeepCopyInto

func (in *VaultTransitEngineSpec) DeepCopyInto(out *VaultTransitEngineSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultTransitEngineStatus

type VaultTransitEngineStatus struct {
	Conditions []metav1.Condition `json:"conditions"`
}

VaultTransitEngineStatus defines the observed state of VaultTransitEngine.

func (*VaultTransitEngineStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitEngineStatus.

func (*VaultTransitEngineStatus) DeepCopyInto

func (in *VaultTransitEngineStatus) DeepCopyInto(out *VaultTransitEngineStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultTransitKey

type VaultTransitKey struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultTransitKeySpec   `json:"spec,omitempty"`
	Status VaultTransitKeyStatus `json:"status,omitempty"`
}

VaultTransitKey is the Schema for the vaulttransitengines API.

func (*VaultTransitKey) DeepCopy

func (in *VaultTransitKey) DeepCopy() *VaultTransitKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKey.

func (*VaultTransitKey) DeepCopyInto

func (in *VaultTransitKey) DeepCopyInto(out *VaultTransitKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultTransitKey) DeepCopyObject

func (in *VaultTransitKey) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultTransitKey) GetTransitKeyConfig

func (r *VaultTransitKey) GetTransitKeyConfig() (*transit.KeyConfig, error)

func (*VaultTransitKey) GetTransitKeyName

func (r *VaultTransitKey) GetTransitKeyName() (string, error)

func (*VaultTransitKey) GetTransitKeyType

func (r *VaultTransitKey) GetTransitKeyType() (transit.KeyType, error)

func (*VaultTransitKey) SetupWebhookWithManager

func (r *VaultTransitKey) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultTransitKey) ValidateCreate

func (r *VaultTransitKey) ValidateCreate() (warnings admission.Warnings, err error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type.

func (*VaultTransitKey) ValidateDelete

func (r *VaultTransitKey) ValidateDelete() (warnings admission.Warnings, err error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type.

func (*VaultTransitKey) ValidateUpdate

func (r *VaultTransitKey) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.

type VaultTransitKeyList

type VaultTransitKeyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultTransitKey `json:"items"`
}

VaultTransitKeyList contains a list of VaultTransitKey.

func (*VaultTransitKeyList) DeepCopy

func (in *VaultTransitKeyList) DeepCopy() *VaultTransitKeyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKeyList.

func (*VaultTransitKeyList) DeepCopyInto

func (in *VaultTransitKeyList) DeepCopyInto(out *VaultTransitKeyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultTransitKeyList) DeepCopyObject

func (in *VaultTransitKeyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultTransitKeyRef

type VaultTransitKeyRef struct {
	Name         string                             `json:"name,omitempty"`
	EnginePath   string                             `json:"enginePath,omitempty"`
	KeyName      string                             `json:"keyName,omitempty"`
	Capabilities []VaultBindingTransitKeyCapability `json:"capabilities,omitempty"`
}

func (*VaultTransitKeyRef) DeepCopy

func (in *VaultTransitKeyRef) DeepCopy() *VaultTransitKeyRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKeyRef.

func (*VaultTransitKeyRef) DeepCopyInto

func (in *VaultTransitKeyRef) DeepCopyInto(out *VaultTransitKeyRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultTransitKeySpec

type VaultTransitKeySpec struct {
	// Engine configures the used transit engine.
	// +required
	// +kubebuilder:validation:Required
	Engine string `json:"engine"`

	// Type configures the transit key type. Must be a vault supported key type.
	// Additional information: https://www.vaultproject.io/api/secret/transit#type.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:=aes128-gcm96;aes256-gcm96;chacha20-poly1305;ed25519;ecdsa-p256;ecdsa-p384;ecdsa-p521;rsa-2048;rsa-3072;rsa-4096
	Type transit.KeyType `json:"type"`

	// MinimumDecryptionVersion specifies the minimum version of the key that can be used to decrypt the ciphertext.
	// Adjusting this as part of a key rotation policy can prevent old copies of ciphertext from being
	// decrypted, should they fall into the wrong hands. For signatures, this value controls the minimum
	// version of signature that can be verified against. For HMACs, this controls the minimum version
	// of a key allowed to be used as the key for verification.
	// +optional
	// +kubebuilder:validation:Optional
	MinimumDecryptionVersion int `json:"minimumDecryptionVersion,omitempty"`

	// MinimumEncryptionVersion Specifies the minimum version of the key that can be used to encrypt
	// plaintext, sign payloads, or generate HMACs. Must be 0 (which will use the latest version) or
	// a value greater or equal to min_decryption_version.
	// +optional
	// +kubebuilder:validation:Optional
	MinimumEncryptionVersion int `json:"minimumEncryptionVersion,omitempty"`

	// Exportable enables keys to be exportable. This allows for all the valid keys in the key
	// ring to be exported. Once set, this cannot be disabled.
	// +optional
	// +kubebuilder:validation:Optional
	Exportable bool `json:"exportable,omitempty"`

	// AllowPlaintextBackup enables taking backups of named key in the
	// plaintext format. Once set, this cannot be disabled.
	// +optional
	// +kubebuilder:validation:Optional
	AllowPlaintextBackup bool `json:"allowPlaintextBackup,omitempty"`

	// DeleteProtection configures that the secret should not be able to be deleted.
	// Defaults to false.
	// +optional
	// +kubebuilder:validation:Optional
	DeleteProtection bool `json:"deleteProtection,omitempty"`
}

VaultTransitKeySpec defines the desired state of VaultTransitKey.

func (*VaultTransitKeySpec) DeepCopy

func (in *VaultTransitKeySpec) DeepCopy() *VaultTransitKeySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKeySpec.

func (*VaultTransitKeySpec) DeepCopyInto

func (in *VaultTransitKeySpec) DeepCopyInto(out *VaultTransitKeySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultTransitKeyStatus

type VaultTransitKeyStatus struct {
	Conditions []metav1.Condition `json:"conditions,omitempty"`

	// AppliedSpec contains more information about the current state of the
	// VaultTransitKey object.
	// +optional
	AppliedSpec VaultTransitKeySpec `json:"appliedSpec,omitempty"`
}

VaultTransitKeyStatus defines the observed state of VaultTransitKey.

func (*VaultTransitKeyStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKeyStatus.

func (*VaultTransitKeyStatus) DeepCopyInto

func (in *VaultTransitKeyStatus) DeepCopyInto(out *VaultTransitKeyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL