Documentation ¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the vault v1alpha1 API group +kubebuilder:object:generate=true +groupName=heist.youniqx.com
Index ¶
- Variables
- func Component() operator.Component
- type ConditionReason
- type ConditionType
- type ConditionsWrapper
- type EncryptedValue
- type VaultBinding
- func (in *VaultBinding) DeepCopy() *VaultBinding
- func (in *VaultBinding) DeepCopyInto(out *VaultBinding)
- func (in *VaultBinding) DeepCopyObject() runtime.Object
- func (r *VaultBinding) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *VaultBinding) ValidateCreate() error
- func (r *VaultBinding) ValidateDelete() error
- func (r *VaultBinding) ValidateUpdate(old runtime.Object) error
- type VaultBindingAgentConfig
- type VaultBindingCertificate
- type VaultBindingCertificateAuthority
- type VaultBindingCertificateAuthorityCapability
- type VaultBindingCertificateCapability
- type VaultBindingHeistCapability
- type VaultBindingKV
- type VaultBindingKVCapability
- type VaultBindingList
- type VaultBindingSpec
- type VaultBindingStatus
- type VaultBindingSubject
- type VaultBindingTransitKey
- type VaultBindingTransitKeyCapability
- type VaultBindingValueTemplate
- type VaultCertificateAuthority
- func (in *VaultCertificateAuthority) DeepCopy() *VaultCertificateAuthority
- func (in *VaultCertificateAuthority) DeepCopyInto(out *VaultCertificateAuthority)
- func (in *VaultCertificateAuthority) DeepCopyObject() runtime.Object
- func (in *VaultCertificateAuthority) GetMountPath() (string, error)
- func (in *VaultCertificateAuthority) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (in *VaultCertificateAuthority) ValidateCreate() error
- func (in *VaultCertificateAuthority) ValidateDelete() error
- func (in *VaultCertificateAuthority) ValidateUpdate(old runtime.Object) error
- type VaultCertificateAuthorityImport
- type VaultCertificateAuthorityKVSecretRef
- type VaultCertificateAuthorityList
- type VaultCertificateAuthorityRef
- type VaultCertificateAuthoritySettings
- type VaultCertificateAuthoritySpec
- type VaultCertificateAuthorityStatus
- type VaultCertificateAuthoritySubject
- type VaultCertificateAuthorityTuning
- type VaultCertificateFieldType
- type VaultCertificateRef
- type VaultCertificateRole
- func (in *VaultCertificateRole) DeepCopy() *VaultCertificateRole
- func (in *VaultCertificateRole) DeepCopyInto(out *VaultCertificateRole)
- func (in *VaultCertificateRole) DeepCopyObject() runtime.Object
- func (in *VaultCertificateRole) GetRoleName() (string, error)
- func (in *VaultCertificateRole) GetSettings() (*pki.RoleSettings, error)
- func (in *VaultCertificateRole) GetSubject() (*pki.SubjectSettings, error)
- type VaultCertificateRoleList
- type VaultCertificateRoleSettings
- type VaultCertificateRoleSpec
- type VaultCertificateRoleStatus
- type VaultCertificateRoleSubject
- type VaultCertificateTemplate
- type VaultClientConfig
- type VaultClientConfigList
- type VaultClientConfigSpec
- type VaultClientConfigStatus
- type VaultKVSecret
- func (in *VaultKVSecret) DeepCopy() *VaultKVSecret
- func (in *VaultKVSecret) DeepCopyInto(out *VaultKVSecret)
- func (in *VaultKVSecret) DeepCopyObject() runtime.Object
- func (r *VaultKVSecret) GetSecretPath() (string, error)
- func (r *VaultKVSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *VaultKVSecret) ValidateCreate() error
- func (r *VaultKVSecret) ValidateDelete() error
- func (r *VaultKVSecret) ValidateUpdate(old runtime.Object) error
- type VaultKVSecretEngine
- func (in *VaultKVSecretEngine) DeepCopy() *VaultKVSecretEngine
- func (in *VaultKVSecretEngine) DeepCopyInto(out *VaultKVSecretEngine)
- func (in *VaultKVSecretEngine) DeepCopyObject() runtime.Object
- func (r *VaultKVSecretEngine) GetKvEngineConfig() (*kvengine.Config, error)
- func (r *VaultKVSecretEngine) GetMountPath() (string, error)
- func (r *VaultKVSecretEngine) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *VaultKVSecretEngine) ValidateCreate() error
- func (r *VaultKVSecretEngine) ValidateDelete() error
- func (r *VaultKVSecretEngine) ValidateUpdate(old runtime.Object) error
- type VaultKVSecretEngineList
- type VaultKVSecretEngineSpec
- type VaultKVSecretEngineStatus
- type VaultKVSecretField
- type VaultKVSecretList
- type VaultKVSecretRef
- type VaultKVSecretSpec
- type VaultKVSecretStatus
- type VaultSyncCertificate
- type VaultSyncCertificateAuthority
- type VaultSyncCertificateAuthoritySource
- type VaultSyncCertificateField
- type VaultSyncCertificateSource
- type VaultSyncKVSecretSource
- type VaultSyncKvSecret
- type VaultSyncSecret
- func (in *VaultSyncSecret) DeepCopy() *VaultSyncSecret
- func (in *VaultSyncSecret) DeepCopyInto(out *VaultSyncSecret)
- func (in *VaultSyncSecret) DeepCopyObject() runtime.Object
- func (r *VaultSyncSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *VaultSyncSecret) ValidateCreate() error
- func (r *VaultSyncSecret) ValidateDelete() error
- func (r *VaultSyncSecret) ValidateUpdate(old runtime.Object) error
- type VaultSyncSecretList
- type VaultSyncSecretSource
- type VaultSyncSecretSpec
- type VaultSyncSecretStatus
- type VaultSyncSecretTarget
- type VaultTransitEngine
- func (in *VaultTransitEngine) DeepCopy() *VaultTransitEngine
- func (in *VaultTransitEngine) DeepCopyInto(out *VaultTransitEngine)
- func (in *VaultTransitEngine) DeepCopyObject() runtime.Object
- func (r *VaultTransitEngine) GetMountPath() (string, error)
- func (r *VaultTransitEngine) GetPluginName() (string, error)
- func (r *VaultTransitEngine) GetTransitEngineConfig() (*transit.EngineConfig, error)
- func (r *VaultTransitEngine) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *VaultTransitEngine) ValidateCreate() error
- func (r *VaultTransitEngine) ValidateDelete() error
- func (r *VaultTransitEngine) ValidateUpdate(old runtime.Object) error
- type VaultTransitEngineList
- type VaultTransitEngineSpec
- type VaultTransitEngineStatus
- type VaultTransitKey
- func (in *VaultTransitKey) DeepCopy() *VaultTransitKey
- func (in *VaultTransitKey) DeepCopyInto(out *VaultTransitKey)
- func (in *VaultTransitKey) DeepCopyObject() runtime.Object
- func (r *VaultTransitKey) GetTransitKeyConfig() (*transit.KeyConfig, error)
- func (r *VaultTransitKey) GetTransitKeyName() (string, error)
- func (r *VaultTransitKey) GetTransitKeyType() (transit.KeyType, error)
- func (r *VaultTransitKey) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *VaultTransitKey) ValidateCreate() error
- func (r *VaultTransitKey) ValidateDelete() error
- func (r *VaultTransitKey) ValidateUpdate(old runtime.Object) error
- type VaultTransitKeyList
- type VaultTransitKeyRef
- type VaultTransitKeySpec
- type VaultTransitKeyStatus
Constants ¶
This section is empty.
Variables ¶
var ( // SchemeGroupVersion is used to register these objects. SchemeGroupVersion = schema.GroupVersion{Group: "heist.youniqx.com", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var Conditions = &ConditionsWrapper{ Reasons: &ConditionReason{ Provisioned: "provisioned", Terminating: "terminating", ErrorVault: "vault_error", Initializing: "initializing", ErrorConfig: "config_error", ErrorKubernetes: "kubernetes_error", }, Types: &ConditionType{ Provisioned: "Provisioned", Active: "Active", }, }
Functions ¶
Types ¶
type ConditionReason ¶
type ConditionReason struct { Provisioned string Terminating string ErrorVault string Initializing string ErrorConfig string ErrorKubernetes string }
func (*ConditionReason) DeepCopy ¶
func (in *ConditionReason) DeepCopy() *ConditionReason
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionReason.
func (*ConditionReason) DeepCopyInto ¶
func (in *ConditionReason) DeepCopyInto(out *ConditionReason)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConditionType ¶
func (*ConditionType) DeepCopy ¶
func (in *ConditionType) DeepCopy() *ConditionType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionType.
func (*ConditionType) DeepCopyInto ¶
func (in *ConditionType) DeepCopyInto(out *ConditionType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConditionsWrapper ¶
type ConditionsWrapper struct { Reasons *ConditionReason Types *ConditionType }
func (*ConditionsWrapper) DeepCopy ¶
func (in *ConditionsWrapper) DeepCopy() *ConditionsWrapper
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionsWrapper.
func (*ConditionsWrapper) DeepCopyInto ¶
func (in *ConditionsWrapper) DeepCopyInto(out *ConditionsWrapper)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EncryptedValue ¶
type EncryptedValue string
EncryptedValue represents a value that has been encrypted by Heists managed Transit Engine. +optional +kubebuilder:validation:Optional +kubebuilder:validation:Pattern:=`^vault:([a-z0-9]+):(.+)$`
type VaultBinding ¶
type VaultBinding struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultBindingSpec `json:"spec,omitempty"` Status VaultBindingStatus `json:"status,omitempty"` }
VaultBinding is the Schema for the VaultBindings API.
func (*VaultBinding) DeepCopy ¶
func (in *VaultBinding) DeepCopy() *VaultBinding
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBinding.
func (*VaultBinding) DeepCopyInto ¶
func (in *VaultBinding) DeepCopyInto(out *VaultBinding)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultBinding) DeepCopyObject ¶
func (in *VaultBinding) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultBinding) SetupWebhookWithManager ¶
func (r *VaultBinding) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*VaultBinding) ValidateCreate ¶
func (r *VaultBinding) ValidateCreate() error
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*VaultBinding) ValidateDelete ¶
func (r *VaultBinding) ValidateDelete() error
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*VaultBinding) ValidateUpdate ¶
func (r *VaultBinding) ValidateUpdate(old runtime.Object) error
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type VaultBindingAgentConfig ¶
type VaultBindingAgentConfig struct { // CertificateTemplates is a list of certificate templates to be used when issuing // certificates in the agent. // +optional // +kubebuilder:validation:Optional CertificateTemplates []VaultCertificateTemplate `json:"certificateTemplates,omitempty"` // Templates is a list of files to be populated in relevant pods by the // Heist agent. // +optional // +kubebuilder:validation:Optional Templates []VaultBindingValueTemplate `json:"templates,omitempty"` }
func (*VaultBindingAgentConfig) DeepCopy ¶
func (in *VaultBindingAgentConfig) DeepCopy() *VaultBindingAgentConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingAgentConfig.
func (*VaultBindingAgentConfig) DeepCopyInto ¶
func (in *VaultBindingAgentConfig) DeepCopyInto(out *VaultBindingAgentConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultBindingCertificate ¶
type VaultBindingCertificate struct { // Name is the name of the VaultCertificateRole. // +required // +kubebuilder:validation:Required Name string `json:"name"` // Capabilities is a list of Vault capabilities for which access is granted. // If not otherwise set then the "issue" capability will be granted by // default. // +optional // +kubebuilder:validation:Optional Capabilities []VaultBindingCertificateCapability `json:"capabilities,omitempty"` }
func (*VaultBindingCertificate) DeepCopy ¶
func (in *VaultBindingCertificate) DeepCopy() *VaultBindingCertificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingCertificate.
func (*VaultBindingCertificate) DeepCopyInto ¶
func (in *VaultBindingCertificate) DeepCopyInto(out *VaultBindingCertificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultBindingCertificateAuthority ¶
type VaultBindingCertificateAuthority struct { // Name is the name of the VaultCertificateAuthority Kubernetes object. It // is expected to be in the same namespace as the binding. // +required // +kubebuilder:validation:Required Name string `json:"name,omitempty"` // Capabilities is a list of Vault capabilities for which access is granted. // If not otherwise set then the "read_public" capability will be granted // by default. // +optional // +kubebuilder:validation:Optional Capabilities []VaultBindingCertificateAuthorityCapability `json:"capabilities,omitempty"` }
func (*VaultBindingCertificateAuthority) DeepCopy ¶
func (in *VaultBindingCertificateAuthority) DeepCopy() *VaultBindingCertificateAuthority
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingCertificateAuthority.
func (*VaultBindingCertificateAuthority) DeepCopyInto ¶
func (in *VaultBindingCertificateAuthority) DeepCopyInto(out *VaultBindingCertificateAuthority)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultBindingCertificateAuthorityCapability ¶
type VaultBindingCertificateAuthorityCapability string
VaultBindingCertificateAuthorityCapability represents Vault capabilities for VaultCertificateAuthority objects which can be granted to a subject. The "read_public" capability is granted by default +kubebuilder:validation:Enum:=read_public;read_private
const ( VaultBindingCertificateAuthorityCapabilityReadPublic VaultBindingCertificateAuthorityCapability = "read_public" VaultBindingCertificateAuthorityCapabilityReadPrivate VaultBindingCertificateAuthorityCapability = "read_private" )
type VaultBindingCertificateCapability ¶
type VaultBindingCertificateCapability string
VaultBindingCertificateCapability represents capabilities for VaultCertificateRole objects which can be granted to a subject. The "issue" capability is granted by default +kubebuilder:validation:Enum:=issue;sign_csr;sign_verbatim
const ( // VaultBindingCertificateCapabilityIssue allows the bound ServiceAccount to // issue a new certificate based on the provided configuration. This // capability is the minimum requirement when issuing a certificate with a // VaultBinding. If no Capability is configured, the // VaultBindingCertificateCapabilityIssue will be added automatically. VaultBindingCertificateCapabilityIssue VaultBindingCertificateCapability = "issue" // VaultBindingCertificateCapabilitySignCSR allows the bound ServiceAccount // to be able to sign user provided CSRs, using the fields as configured in // the VaultCertificateAuthority. VaultBindingCertificateCapabilitySignCSR VaultBindingCertificateCapability = "sign_csr" // VaultBindingCertificateCapabilitySignVerbatim allows the bound // ServiceAccount to be able to sign user provided CSRs, using the // fields provided by the CSRs. Generally speaking it is safer to use the // capability VaultBindingCertificateCapabilitySignCSR, since it performs // validation before issuing the certificate. VaultBindingCertificateCapabilitySignVerbatim VaultBindingCertificateCapability = "sign_verbatim" )
type VaultBindingHeistCapability ¶
type VaultBindingHeistCapability string
VaultBindingHeistCapability represents general capabilities which can be granted to a subject. +kubebuilder:validation:Enum:=encrypt
const ( // VaultBindingHeistCapabilityEncrypt allows the service account to use the // default managed transit engine `managed.encrypt` to encrypt values. VaultBindingHeistCapabilityEncrypt VaultBindingHeistCapability = "encrypt" )
type VaultBindingKV ¶
type VaultBindingKV struct { // Name is the name of the VaultKVSecret. // +required // +kubebuilder:validation:Required Name string `json:"name,omitempty"` // Capabilities is a list of granted capabilities for the specified KV // secret in Vault. // If not otherwise set then the "read" capability is granted by default // https://www.vaultproject.io/docs/concepts/policies#capabilities, however, // currently Heist only supports "read". // +optional // +kubebuilder:validation:Optional Capabilities []VaultBindingKVCapability `json:"capabilities,omitempty"` }
func (*VaultBindingKV) DeepCopy ¶
func (in *VaultBindingKV) DeepCopy() *VaultBindingKV
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingKV.
func (*VaultBindingKV) DeepCopyInto ¶
func (in *VaultBindingKV) DeepCopyInto(out *VaultBindingKV)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultBindingKVCapability ¶
type VaultBindingKVCapability string
VaultBindingKVCapability represents capabilities for VaultKVSecret objects which can be granted to a subject. The "read" capability is granted by default. +kubebuilder:validation:Enum:=read
const (
VaultBindingKVCapabilityRead VaultBindingKVCapability = "read"
)
type VaultBindingList ¶
type VaultBindingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultBinding `json:"items"` }
VaultBindingList contains a list of VaultBinding.
func (*VaultBindingList) DeepCopy ¶
func (in *VaultBindingList) DeepCopy() *VaultBindingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingList.
func (*VaultBindingList) DeepCopyInto ¶
func (in *VaultBindingList) DeepCopyInto(out *VaultBindingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultBindingList) DeepCopyObject ¶
func (in *VaultBindingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultBindingSpec ¶
type VaultBindingSpec struct { // Subject configures the service account to which access is granted. // +required // +kubebuilder:validation:Required Subject VaultBindingSubject `json:"subject,omitempty"` // Capabilities configures general Vault capabilities for which access is // granted. // +optional // +kubebuilder:validation:Optional Capabilities []VaultBindingHeistCapability `json:"capabilities,omitempty"` // KVSecrets is a list of kv secrets to which access is granted. // +optional // +kubebuilder:validation:Optional KVSecrets []VaultBindingKV `json:"kvSecrets,omitempty"` // CertificateAuthorities is a list of certificate authorities to which // access is granted. // +optional // +kubebuilder:validation:Optional CertificateAuthorities []VaultBindingCertificateAuthority `json:"certificateAuthorities,omitempty"` // CertificateRoles is a list of certificate roles for which access // is granted. // +optional // +kubebuilder:validation:Optional CertificateRoles []VaultBindingCertificate `json:"certificateRoles,omitempty"` // TransitKeys is a list of transit keys and capabilities for which access // is granted. // +optional // +kubebuilder:validation:Optional TransitKeys []VaultBindingTransitKey `json:"transitKeys,omitempty"` // Agent can be used to configure the Heist agent sidecar. // +optional // +kubebuilder:validation:Optional Agent VaultBindingAgentConfig `json:"agent,omitempty"` }
func (*VaultBindingSpec) DeepCopy ¶
func (in *VaultBindingSpec) DeepCopy() *VaultBindingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingSpec.
func (*VaultBindingSpec) DeepCopyInto ¶
func (in *VaultBindingSpec) DeepCopyInto(out *VaultBindingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultBindingStatus ¶
type VaultBindingStatus struct { Conditions []metav1.Condition `json:"conditions"` AppliedSpec VaultBindingSpec `json:"appliedSpec,omitempty"` }
VaultBindingStatus defines the observed state of VaultBinding.
func (*VaultBindingStatus) DeepCopy ¶
func (in *VaultBindingStatus) DeepCopy() *VaultBindingStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingStatus.
func (*VaultBindingStatus) DeepCopyInto ¶
func (in *VaultBindingStatus) DeepCopyInto(out *VaultBindingStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultBindingSubject ¶
type VaultBindingSubject struct { // Name is the name of the service account you want to grant access to the // referenced secrets. // +required // +kubebuilder:validation:Required Name string `json:"name"` }
VaultBindingSubject defines the desired service account for the VaultBinding.
func (*VaultBindingSubject) DeepCopy ¶
func (in *VaultBindingSubject) DeepCopy() *VaultBindingSubject
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingSubject.
func (*VaultBindingSubject) DeepCopyInto ¶
func (in *VaultBindingSubject) DeepCopyInto(out *VaultBindingSubject)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultBindingTransitKey ¶
type VaultBindingTransitKey struct { // Name is the name of the VaultTransitKey. // +required // +kubebuilder:validation:Required Name string `json:"name"` // Capabilities is a list of Vault capabilities for which access is granted. // +optional // +kubebuilder:validation:Optional Capabilities []VaultBindingTransitKeyCapability `json:"capabilities,omitempty"` }
func (*VaultBindingTransitKey) DeepCopy ¶
func (in *VaultBindingTransitKey) DeepCopy() *VaultBindingTransitKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingTransitKey.
func (*VaultBindingTransitKey) DeepCopyInto ¶
func (in *VaultBindingTransitKey) DeepCopyInto(out *VaultBindingTransitKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultBindingTransitKeyCapability ¶
type VaultBindingTransitKeyCapability string
VaultBindingTransitKeyCapability represents capabilities for VaultTransitKey objects which can be granted to a subject. +kubebuilder:validation:Enum:=encrypt;decrypt;datakey;rewrap;sign;hmac;verify;read
const ( // VaultBindingTransitKeyCapabilityEncrypt allows the service account to use // the transit engine to encrypt data. VaultBindingTransitKeyCapabilityEncrypt VaultBindingTransitKeyCapability = "encrypt" // VaultBindingTransitKeyCapabilityDecrypt allows the service account to use // the transit engine to decrypt data. VaultBindingTransitKeyCapabilityDecrypt VaultBindingTransitKeyCapability = "decrypt" // VaultBindingTransitKeyCapabilityDatakey allows the service account to use // the transit engine to use a datakey that can be used for offline de- and // encryption. The datakey is NOT the transit key used when encrypting or // decrypting values with the API. Vault provides an example // [Use Case](https://learn.hashicorp.com/tutorials/vault/eaas-transit#generate-data-key) // with a tutorial on how to use datakeys. VaultBindingTransitKeyCapabilityDatakey VaultBindingTransitKeyCapability = "datakey" // VaultBindingTransitKeyCapabilityRewrap allows the service account to use // the transit engine to rewrap an already encrypted secret with the latest // version of the encryption key. VaultBindingTransitKeyCapabilityRewrap VaultBindingTransitKeyCapability = "rewrap" // VaultBindingTransitKeyCapabilitySign allows the service account to use // the transit engine to sign data. VaultBindingTransitKeyCapabilitySign VaultBindingTransitKeyCapability = "sign" // VaultBindingTransitKeyCapabilityHmac allows the service account to use // the transit engine to generate a digest of the provided data and key. VaultBindingTransitKeyCapabilityHmac VaultBindingTransitKeyCapability = "hmac" // VaultBindingTransitKeyCapabilityVerify allows the service account to use // the transit engine to verify signed data. VaultBindingTransitKeyCapabilityVerify VaultBindingTransitKeyCapability = "verify" // VaultBindingTransitKeyCapabilityRead allows the service account to use // the transit engine to retrieve information about the transit key. The // transit key itself is not exposed via the API. VaultBindingTransitKeyCapabilityRead VaultBindingTransitKeyCapability = "read" )
type VaultBindingValueTemplate ¶
type VaultBindingValueTemplate struct { // Path is the desired output path for this value. Relative paths are // interpreted to be relative to the default Heist secret directory // /heist/secrets. The path must be in a shared directory, where the Heist // Agent and application container have access. // +required // +kubebuilder:validation:Required Path string `json:"path,omitempty"` // Mode is the desired file mode of the output file. 0640 is the default. // The agent is the owner of the file, owner permissions will always be // read + write and cannot be modified this way. Must be specified as octal. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Pattern:=`^[0][0-7]{3}$` Mode string `json:"mode,omitempty"` // Template is the template for this value. // The template supports [sprig](https://masterminds.github.io/sprig/) // template functions and can access all bound secrets and associated // capabilities with additional template functions: // - `kvSecret "<name>" "<field>"`: retrieves the value of field "<field>" // from a KV secret with name "<name>". // - `caField "<name>" "<field>"`: retrieves the value of field "<field>" // from CA "<name>". Supported values for "<field>" are defined in // VaultCertificateFieldType. // - `certField "<name>" "<field>"`: retrieves the value of field "<field>" // from certificate template "<name>". Supported values for "<field>" // are defined in VaultCertificateFieldType. // +required // +kubebuilder:validation:Required Template string `json:"template,omitempty"` }
func (*VaultBindingValueTemplate) DeepCopy ¶
func (in *VaultBindingValueTemplate) DeepCopy() *VaultBindingValueTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultBindingValueTemplate.
func (*VaultBindingValueTemplate) DeepCopyInto ¶
func (in *VaultBindingValueTemplate) DeepCopyInto(out *VaultBindingValueTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAuthority ¶
type VaultCertificateAuthority struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultCertificateAuthoritySpec `json:"spec,omitempty"` Status VaultCertificateAuthorityStatus `json:"status,omitempty"` }
VaultCertificateAuthority is the Schema for the VaultCertificateAuthorities API.
func (*VaultCertificateAuthority) DeepCopy ¶
func (in *VaultCertificateAuthority) DeepCopy() *VaultCertificateAuthority
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthority.
func (*VaultCertificateAuthority) DeepCopyInto ¶
func (in *VaultCertificateAuthority) DeepCopyInto(out *VaultCertificateAuthority)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultCertificateAuthority) DeepCopyObject ¶
func (in *VaultCertificateAuthority) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultCertificateAuthority) GetMountPath ¶
func (in *VaultCertificateAuthority) GetMountPath() (string, error)
func (*VaultCertificateAuthority) SetupWebhookWithManager ¶
func (in *VaultCertificateAuthority) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*VaultCertificateAuthority) ValidateCreate ¶
func (in *VaultCertificateAuthority) ValidateCreate() error
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*VaultCertificateAuthority) ValidateDelete ¶
func (in *VaultCertificateAuthority) ValidateDelete() error
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*VaultCertificateAuthority) ValidateUpdate ¶
func (in *VaultCertificateAuthority) ValidateUpdate(old runtime.Object) error
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type VaultCertificateAuthorityImport ¶
type VaultCertificateAuthorityImport struct { // Certificate contains the certificate matching the private key that should // be imported. Can be either encrypted, or plain text. Certificate string `json:"certificate,omitempty"` // PrivateKey is the private key that should be imported. The private key // must be encrypted with the default Heist transit engine to ensure no // secrets are stored in plaintext as a Kubernetes object. PrivateKey string `json:"privateKey,omitempty"` }
func (*VaultCertificateAuthorityImport) DeepCopy ¶
func (in *VaultCertificateAuthorityImport) DeepCopy() *VaultCertificateAuthorityImport
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityImport.
func (*VaultCertificateAuthorityImport) DeepCopyInto ¶
func (in *VaultCertificateAuthorityImport) DeepCopyInto(out *VaultCertificateAuthorityImport)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAuthorityKVSecretRef ¶
type VaultCertificateAuthorityKVSecretRef struct { EnginePath string `json:"enginePath,omitempty"` PublicSecretPath string `json:"publicSecret,omitempty"` PrivateSecretPath string `json:"privateSecret,omitempty"` }
func (*VaultCertificateAuthorityKVSecretRef) DeepCopy ¶
func (in *VaultCertificateAuthorityKVSecretRef) DeepCopy() *VaultCertificateAuthorityKVSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityKVSecretRef.
func (*VaultCertificateAuthorityKVSecretRef) DeepCopyInto ¶
func (in *VaultCertificateAuthorityKVSecretRef) DeepCopyInto(out *VaultCertificateAuthorityKVSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAuthorityList ¶
type VaultCertificateAuthorityList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultCertificateAuthority `json:"items,omitempty"` }
VaultCertificateAuthorityList contains a list of VaultCertificateAuthority.
func (*VaultCertificateAuthorityList) DeepCopy ¶
func (in *VaultCertificateAuthorityList) DeepCopy() *VaultCertificateAuthorityList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityList.
func (*VaultCertificateAuthorityList) DeepCopyInto ¶
func (in *VaultCertificateAuthorityList) DeepCopyInto(out *VaultCertificateAuthorityList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultCertificateAuthorityList) DeepCopyObject ¶
func (in *VaultCertificateAuthorityList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultCertificateAuthorityRef ¶
type VaultCertificateAuthorityRef struct { Name string `json:"name,omitempty"` EnginePath string `json:"enginePath,omitempty"` KVSecrets VaultCertificateAuthorityKVSecretRef `json:"kvSecrets,omitempty"` Capabilities []VaultBindingCertificateAuthorityCapability `json:"capabilities,omitempty"` }
func (*VaultCertificateAuthorityRef) DeepCopy ¶
func (in *VaultCertificateAuthorityRef) DeepCopy() *VaultCertificateAuthorityRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityRef.
func (*VaultCertificateAuthorityRef) DeepCopyInto ¶
func (in *VaultCertificateAuthorityRef) DeepCopyInto(out *VaultCertificateAuthorityRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAuthoritySettings ¶
type VaultCertificateAuthoritySettings struct { // SubjectAlternativeNames sets subject alternative names extensions for // the certificate. // +optional SubjectAlternativeNames []string `json:"subjectAlternativeNames,omitempty"` // IPSans sets the IP subject alternative names extension for the // certificate. // +optional IPSans []string `json:"ipSans,omitempty"` // URISans sets URI subject alternative names extension for the // certificate. // +optional URISans []string `json:"uriSans,omitempty"` // OtherSans sets subject alternative names extension that do not fall into // the other categories for the certificate. // +optional OtherSans []string `json:"otherSans,omitempty"` // TTL sets the validity period of the CA certificate. // +required // +kubebuilder:validation:Required TTL metav1.Duration `json:"ttl,omitempty"` // KeyType sets the key algorithm of the CA certificate. Can be either rsa // or ec. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Enum:=rsa;ec // +kubebuilder:default:=rsa KeyType pki.KeyType `json:"keyType"` // KeyBits sets the size of the key of the certificate authority. The // KeyBits value provided must be a valid value for the configured KeyType. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Enum:=224;256;384;521;2048;3072;4096 // +kubebuilder:default:=2048 KeyBits pki.KeyBits `json:"keyBits"` // ExcludeCNFromSans configures if the common name set in the subject should // be excluded from the subject alternative names extension. // +optional ExcludeCNFromSans bool `json:"excludeCNFromSans,omitempty"` // PermittedDNSDomains configures an allow list of domains for which // certificates can be issued using the certificate authority. // +optional PermittedDNSDomains []string `json:"permittedDNSDomains,omitempty"` // Exported configures if the CA should be generated in exported mode. // If this is set to true then the private key of the CA can be bound to // and accessed by applications. If it is set to false then the private key // will be inaccessible. Defaults to false. This setting can not be changed // after the PKI is created. // +optional Exported bool `json:"exported,omitempty"` }
func (*VaultCertificateAuthoritySettings) DeepCopy ¶
func (in *VaultCertificateAuthoritySettings) DeepCopy() *VaultCertificateAuthoritySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthoritySettings.
func (*VaultCertificateAuthoritySettings) DeepCopyInto ¶
func (in *VaultCertificateAuthoritySettings) DeepCopyInto(out *VaultCertificateAuthoritySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAuthoritySpec ¶
type VaultCertificateAuthoritySpec struct { // Plugin configures the plugin backend used for this engine. Defaults to pki. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Default:=pki Plugin string `json:"plugin,omitempty"` // Issuer implicitly defines whether the CA is an intermediate or a root CA. // If left empty the CA is assumed to be a root CA and will be self-signed. // Otherwise, the configured name is a reference to the parent CAs Kubernetes // object. // +optional Issuer string `json:"issuer,omitempty"` // Import can be used to import an already existing certificate. // +optional Import *VaultCertificateAuthorityImport `json:"import,omitempty"` // Subject configures the subject fields of the Certificate Authority // It is recommended to set a least one field im the Subject section // +optional Subject VaultCertificateAuthoritySubject `json:"subject,omitempty"` // Tuning can be used to tune the PKI Secret Engine in Vault // +optional Tuning VaultCertificateAuthorityTuning `json:"tuning,omitempty"` // Settings configures the key pair of the Certificate Authority Settings VaultCertificateAuthoritySettings `json:"settings,omitempty"` // DeleteProtection configures that the secret should not be able to be deleted. // Defaults to false. // +optional DeleteProtection bool `json:"deleteProtection"` }
VaultCertificateAuthoritySpec defines the desired state of VaultCertificateAuthority.
func (*VaultCertificateAuthoritySpec) DeepCopy ¶
func (in *VaultCertificateAuthoritySpec) DeepCopy() *VaultCertificateAuthoritySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthoritySpec.
func (*VaultCertificateAuthoritySpec) DeepCopyInto ¶
func (in *VaultCertificateAuthoritySpec) DeepCopyInto(out *VaultCertificateAuthoritySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAuthorityStatus ¶
VaultCertificateAuthorityStatus defines the observed state of VaultCertificateAuthority.
func (*VaultCertificateAuthorityStatus) DeepCopy ¶
func (in *VaultCertificateAuthorityStatus) DeepCopy() *VaultCertificateAuthorityStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityStatus.
func (*VaultCertificateAuthorityStatus) DeepCopyInto ¶
func (in *VaultCertificateAuthorityStatus) DeepCopyInto(out *VaultCertificateAuthorityStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAuthoritySubject ¶
type VaultCertificateAuthoritySubject struct { // CommonName sets the CN (common name) field in the certificate subject // +optional CommonName string `json:"commonName,omitempty"` // Organization sets the organization (O) field in the certificate's subject. // +optional Organization []string `json:"organization,omitempty"` // OrganizationalUnit sets the OU (organizational unit) field in the // certificate's subject. // +optional OrganizationalUnit []string `json:"ou,omitempty"` // Country sets the C (country) field in the certificate's subject. // +optional Country []string `json:"country,omitempty"` // Locality sets the L (locality) field in the certificate's subject. // +optional Locality []string `json:"locality,omitempty"` // Province sets the ST (province) field in the certificate's subject. // +optional Province []string `json:"province,omitempty"` // StreetAddress sets the street address field in the certificate's subject. // +optional StreetAddress []string `json:"streetAddress,omitempty"` // PostalCode sets the postal code field in the certificate's subject. // +optional PostalCode []string `json:"postalCode,omitempty"` }
func (*VaultCertificateAuthoritySubject) DeepCopy ¶
func (in *VaultCertificateAuthoritySubject) DeepCopy() *VaultCertificateAuthoritySubject
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthoritySubject.
func (*VaultCertificateAuthoritySubject) DeepCopyInto ¶
func (in *VaultCertificateAuthoritySubject) DeepCopyInto(out *VaultCertificateAuthoritySubject)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateAuthorityTuning ¶
type VaultCertificateAuthorityTuning struct { // DefaultLeaseTTL sets the default validity of certificates issued by the // PKI secret engine. // +optional DefaultLeaseTTL metav1.Duration `json:"defaultLeaseTTL,omitempty"` // MaxLeaseTTL sets the maximum validity of any certificate issued by the // PKI secret engine. // +optional MaxLeaseTTL metav1.Duration `json:"maxLeaseTTL,omitempty"` // Description sets the description of the PKI secret engine in Vault. // +optional Description string `json:"description,omitempty"` }
func (*VaultCertificateAuthorityTuning) DeepCopy ¶
func (in *VaultCertificateAuthorityTuning) DeepCopy() *VaultCertificateAuthorityTuning
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateAuthorityTuning.
func (*VaultCertificateAuthorityTuning) DeepCopyInto ¶
func (in *VaultCertificateAuthorityTuning) DeepCopyInto(out *VaultCertificateAuthorityTuning)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateFieldType ¶
type VaultCertificateFieldType string
const ( // VaultBindingCertificateFieldTypeCertChain is the field type for binding // the cert chain of a certificate. VaultBindingCertificateFieldTypeCertChain VaultCertificateFieldType = "cert_chain" // VaultBindingCertificateFieldTypeFullCertChain is the field type for // binding the full cert chain (including root) of a certificate. VaultBindingCertificateFieldTypeFullCertChain VaultCertificateFieldType = "full_cert_chain" // VaultBindingCertificateFieldTypePrivateKey is the field type for binding // the private key of a certificate. VaultBindingCertificateFieldTypePrivateKey VaultCertificateFieldType = "private_key" // VaultBindingCertificateFieldTypeCertificate is the field type for // binding the public part a certificate. VaultBindingCertificateFieldTypeCertificate VaultCertificateFieldType = "certificate" )
type VaultCertificateRef ¶
type VaultCertificateRef struct { Name string `json:"name,omitempty"` EnginePath string `json:"enginePath,omitempty"` RoleName string `json:"roleName,omitempty"` Capabilities []VaultBindingCertificateCapability `json:"capabilities,omitempty"` }
func (*VaultCertificateRef) DeepCopy ¶
func (in *VaultCertificateRef) DeepCopy() *VaultCertificateRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRef.
func (*VaultCertificateRef) DeepCopyInto ¶
func (in *VaultCertificateRef) DeepCopyInto(out *VaultCertificateRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateRole ¶
type VaultCertificateRole struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultCertificateRoleSpec `json:"spec,omitempty"` Status VaultCertificateRoleStatus `json:"status,omitempty"` }
VaultCertificateRole is the Schema for the VaultCertificateRole API.
func (*VaultCertificateRole) DeepCopy ¶
func (in *VaultCertificateRole) DeepCopy() *VaultCertificateRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRole.
func (*VaultCertificateRole) DeepCopyInto ¶
func (in *VaultCertificateRole) DeepCopyInto(out *VaultCertificateRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultCertificateRole) DeepCopyObject ¶
func (in *VaultCertificateRole) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultCertificateRole) GetRoleName ¶
func (in *VaultCertificateRole) GetRoleName() (string, error)
func (*VaultCertificateRole) GetSettings ¶
func (in *VaultCertificateRole) GetSettings() (*pki.RoleSettings, error)
func (*VaultCertificateRole) GetSubject ¶
func (in *VaultCertificateRole) GetSubject() (*pki.SubjectSettings, error)
type VaultCertificateRoleList ¶
type VaultCertificateRoleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultCertificateRole `json:"items"` }
VaultCertificateRoleList contains a list of VaultCertificateRole.
func (*VaultCertificateRoleList) DeepCopy ¶
func (in *VaultCertificateRoleList) DeepCopy() *VaultCertificateRoleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleList.
func (*VaultCertificateRoleList) DeepCopyInto ¶
func (in *VaultCertificateRoleList) DeepCopyInto(out *VaultCertificateRoleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultCertificateRoleList) DeepCopyObject ¶
func (in *VaultCertificateRoleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultCertificateRoleSettings ¶
type VaultCertificateRoleSettings struct { // TTL configures the validity of the certificate. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#ttl. // +required // +kubebuilder:validation:Required TTL metav1.Duration `json:"ttl,omitempty"` // MaxTTL configures the maximum validity of the certificate. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#max_ttl. // +optional MaxTTL metav1.Duration `json:"maxTTL,omitempty"` // AllowLocalhost configures if the certificate is valid for localhost. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_localhost. // +optional AllowLocalhost bool `json:"allowLocalhost,omitempty"` // AllowedDomains configures a list of domains for which this certificate can be issued. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allowed_domains. // +optional AllowedDomains []string `json:"allowedDomains,omitempty"` // AllowedDomainsTemplate configures if the list of allowed domains can make used of templates. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allowed_domains_template. // +optional AllowedDomainsTemplate bool `json:"allowedDomainsTemplate,omitempty"` // AllowBareDomains configures if certificates can be issued for bare domains. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_bare_domains. // +optional AllowBareDomains bool `json:"allowBareDomains,omitempty"` // AllowSubdomains configures if certificates can be issued for subdomains. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_subdomains. // +optional AllowSubdomains bool `json:"allowSubdomains,omitempty"` // AllowGlobDomains configures if certificates can be issued for wildcard domains. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_glob_domains. // +optional AllowGlobDomains bool `json:"allowGlobDomains,omitempty"` // AllowAnyName configures if certificates can be issued for any common name. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_any_name. // +optional AllowAnyName bool `json:"allowAnyName,omitempty"` // EnforceHostNames configures if host names should be enforced. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#enforce_hostnames. // +optional EnforceHostNames bool `json:"enforceHostNames,omitempty"` // AllowIPSans configures if certificates with IP subject alternative names // can be issued. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allow_ip_sans. // +optional AllowIPSans bool `json:"allowIPSans,omitempty"` // AllowedURISans configures an allow list of URI subject alternative names // for which certificates can be issued. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allowed_uri_sans. // +optional AllowedURISans []string `json:"allowedURISans,omitempty"` // AllowedOtherSans configures an allow list of other subject alternative // names for which certificates can be issued. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#allowed_other_sans. // +optional AllowedOtherSans []string `json:"allowedOtherSans,omitempty"` // ServerFlag configures if issued certificates should have the server flag // set. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#server_flag. // +optional ServerFlag bool `json:"serverFlag,omitempty"` // ClientFlag configures if issued certificates should have the client flag // set. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#client_flag. // +optional ClientFlag bool `json:"clientFlag,omitempty"` // CodeSigningFlag configures if issued certificates should have the code // signing flag set. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#code_signing_flag. // +optional CodeSigningFlag bool `json:"codeSigningFlag,omitempty"` // EmailProtectionFlag configures if issued certificates should have the // email protection flag set. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#email_protection_flag. // +optional EmailProtectionFlag bool `json:"emailProtectionFlag,omitempty"` // KeyType sets the key algorithm of the CA certificate. // Can be either rsa, ec or any if either type and any bit size should be // supported. ED25519 is not supported yet. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#key_type-3. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum:=rsa;ec;any // +kubebuilder:default:=any KeyType pki.KeyType `json:"keyType"` // KeyBits sets the size of the key of the certificate authority. // Ignored in signing operations when KeyType is `any`. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#key_bits-3. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum:=224;256;384;521;2048;3072;4096 KeyBits pki.KeyBits `json:"keyBits,omitempty"` // KeyUsage configures a list of usages issued certificate should allow. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#key_usage-1. // +optional KeyUsage []pki.KeyUsage `json:"keyUsage,omitempty"` // ExtendedKeyUsage configures a list of extended key usages issued // certificate should allow. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#ext_key_usage-1. // +optional ExtendedKeyUsage []pki.ExtendedKeyUsage `json:"extKeyUsage,omitempty"` // ExtendedKeyUsageOIDS configures a list of key usage OIDs issued // certificate should allow. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#ext_key_usage_oids-1. // +optional ExtendedKeyUsageOIDS []string `json:"extKeyUsageOIDS,omitempty"` // UseCSRCommonName configures if the common name from a CSR should be set // in issued certificate. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#use_csr_common_name. // +optional UseCSRCommonName bool `json:"useCSRCommonName,omitempty"` // UseCSRSans configures if the subject alternative names from a CSR should // be included in issued certificates. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#use_csr_sans. // +optional UseCSRSans bool `json:"useCSRSans,omitempty"` // RequireCommonName configures if setting a common name is required when // issuing certificates. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#require_cn. // +optional RequireCommonName bool `json:"requireCN,omitempty"` // PolicyIdentifiers configures a list of policy OIDs which should be set // on issued certificates. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#policy_identifiers. // +optional PolicyIdentifiers []string `json:"policyIdentifiers,omitempty"` // BasicConstraintsValidForNonCA configures if basic constraints should be // valid when issuing non-ca certificates. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#basic_constraints_valid_for_non_ca. // +optional BasicConstraintsValidForNonCA bool `json:"basicConstraintsValidForNonCA,omitempty"` // NotBeforeDuration configures a delay which has to elapse for any issued // certificate to become valid. // Additional information: https://www.vaultproject.io/api-docs/secret/pki#not_before_duration-2. // +optional NotBeforeDuration metav1.Duration `json:"notBeforeDuration,omitempty"` }
func (*VaultCertificateRoleSettings) DeepCopy ¶
func (in *VaultCertificateRoleSettings) DeepCopy() *VaultCertificateRoleSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleSettings.
func (*VaultCertificateRoleSettings) DeepCopyInto ¶
func (in *VaultCertificateRoleSettings) DeepCopyInto(out *VaultCertificateRoleSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateRoleSpec ¶
type VaultCertificateRoleSpec struct { // Issuer specifies the certificate authority used to issue the certificate. Issuer string `json:"issuer,omitempty"` // Subject configures the subject fields of the Certificate. Subject VaultCertificateRoleSubject `json:"subject,omitempty"` // Settings configures the settings of the certificate. Settings VaultCertificateRoleSettings `json:"settings,omitempty"` }
VaultCertificateRoleSpec defines the desired state of VaultCertificateRole.
func (*VaultCertificateRoleSpec) DeepCopy ¶
func (in *VaultCertificateRoleSpec) DeepCopy() *VaultCertificateRoleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleSpec.
func (*VaultCertificateRoleSpec) DeepCopyInto ¶
func (in *VaultCertificateRoleSpec) DeepCopyInto(out *VaultCertificateRoleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateRoleStatus ¶
VaultCertificateRoleStatus defines the observed state of VaultCertificateRole.
func (*VaultCertificateRoleStatus) DeepCopy ¶
func (in *VaultCertificateRoleStatus) DeepCopy() *VaultCertificateRoleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleStatus.
func (*VaultCertificateRoleStatus) DeepCopyInto ¶
func (in *VaultCertificateRoleStatus) DeepCopyInto(out *VaultCertificateRoleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateRoleSubject ¶
type VaultCertificateRoleSubject struct { // Organization sets the organization (O) field in the certificate subject. // +optional Organization []string `json:"organization,omitempty"` // OrganizationalUnit sets the organizational unit (OU) field in the certificate subject. // +optional OrganizationalUnit []string `json:"ou,omitempty"` // Country sets the country field (C) in the certificate subject. // +optional Country []string `json:"country,omitempty"` // Locality sets the locality field (L) in the certificate subject. // +optional Locality []string `json:"locality,omitempty"` // Province sets the state or province field (ST) in the certificate subject. // +optional Province []string `json:"province,omitempty"` // StreetAddress sets the street address field in the certificate subject. // +optional StreetAddress []string `json:"streetAddress,omitempty"` // PostalCode sets the postal code field in the certificate subject. // +optional PostalCode []string `json:"postalCode,omitempty"` }
func (*VaultCertificateRoleSubject) DeepCopy ¶
func (in *VaultCertificateRoleSubject) DeepCopy() *VaultCertificateRoleSubject
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateRoleSubject.
func (*VaultCertificateRoleSubject) DeepCopyInto ¶
func (in *VaultCertificateRoleSubject) DeepCopyInto(out *VaultCertificateRoleSubject)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultCertificateTemplate ¶
type VaultCertificateTemplate struct { // Alias is the name of this certificate template. // +optional // +kubebuilder:validation:Optional Alias string `json:"alias,omitempty"` // CertificateRole is the name of the VaultCertificateRole to be used for issuing // this certificate. // +required // +kubebuilder:validation:Required CertificateRole string `json:"certificateRole"` // CommonName is the CN (common name) of the issued certificate. // +optional // +kubebuilder:validation:Optional CommonName string `json:"commonName,omitempty"` // DNSSans is a list of DNS subject alternative names requested for this // certificate. // +optional // +kubebuilder:validation:Optional DNSSans []string `json:"dnsSans,omitempty"` // OtherSans is a list of custom OID/UTF-8 subject alternative names // requested for this certificate. // Expected Format: `<oid>;<type>:<value>` // +optional // +kubebuilder:validation:Optional OtherSans []string `json:"otherSans,omitempty"` // IPSans is a list of IP subject alternative names requested for this // certificate. // +optional // +kubebuilder:validation:Optional IPSans []string `json:"ipSans,omitempty"` // AlternativeNames is a list of URI subject alternative names requested // for this certificate. // +optional // +kubebuilder:validation:Optional URISans []string `json:"uriSans,omitempty"` // TTL is the Time-To-Live requested for this certificate. // +optional // +kubebuilder:validation:Optional TTL metav1.Duration `json:"ttl,omitempty"` // ExcludeCNFromSans toggles if the common name should be excluded from the // subject alternative names of the certificate. // +optional // +kubebuilder:validation:Optional ExcludeCNFromSans bool `json:"excludeCNFromSans,omitempty"` }
func (*VaultCertificateTemplate) DeepCopy ¶
func (in *VaultCertificateTemplate) DeepCopy() *VaultCertificateTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultCertificateTemplate.
func (*VaultCertificateTemplate) DeepCopyInto ¶
func (in *VaultCertificateTemplate) DeepCopyInto(out *VaultCertificateTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultClientConfig ¶
type VaultClientConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultClientConfigSpec `json:"spec,omitempty"` Status VaultClientConfigStatus `json:"status,omitempty"` }
VaultClientConfig is the Schema for the vaultclientconfigs API.
func (*VaultClientConfig) DeepCopy ¶
func (in *VaultClientConfig) DeepCopy() *VaultClientConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientConfig.
func (*VaultClientConfig) DeepCopyInto ¶
func (in *VaultClientConfig) DeepCopyInto(out *VaultClientConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultClientConfig) DeepCopyObject ¶
func (in *VaultClientConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultClientConfigList ¶
type VaultClientConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultClientConfig `json:"items"` }
VaultClientConfigList contains a list of VaultClientConfig.
func (*VaultClientConfigList) DeepCopy ¶
func (in *VaultClientConfigList) DeepCopy() *VaultClientConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientConfigList.
func (*VaultClientConfigList) DeepCopyInto ¶
func (in *VaultClientConfigList) DeepCopyInto(out *VaultClientConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultClientConfigList) DeepCopyObject ¶
func (in *VaultClientConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultClientConfigSpec ¶
type VaultClientConfigSpec struct { Address string `json:"address,omitempty"` Role string `json:"role,omitempty"` CACerts []string `json:"caCerts,omitempty"` AuthMountPath string `json:"authMountPath,omitempty"` CertificateAuthorities []*VaultCertificateAuthorityRef `json:"certificateAuthorities,omitempty"` KvSecrets []*VaultKVSecretRef `json:"kvSecrets,omitempty"` Certificates []*VaultCertificateRef `json:"certificates,omitempty"` TransitKeys []*VaultTransitKeyRef `json:"transitKeys,omitempty"` Templates VaultBindingAgentConfig `json:"templates,omitempty"` }
VaultClientConfigSpec defines the desired state of VaultClientConfig.
func (*VaultClientConfigSpec) DeepCopy ¶
func (in *VaultClientConfigSpec) DeepCopy() *VaultClientConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientConfigSpec.
func (*VaultClientConfigSpec) DeepCopyInto ¶
func (in *VaultClientConfigSpec) DeepCopyInto(out *VaultClientConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultClientConfigStatus ¶
VaultClientConfigStatus defines the observed state of VaultClientConfig.
func (*VaultClientConfigStatus) DeepCopy ¶
func (in *VaultClientConfigStatus) DeepCopy() *VaultClientConfigStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultClientConfigStatus.
func (*VaultClientConfigStatus) DeepCopyInto ¶
func (in *VaultClientConfigStatus) DeepCopyInto(out *VaultClientConfigStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVSecret ¶
type VaultKVSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultKVSecretSpec `json:"spec,omitempty"` Status VaultKVSecretStatus `json:"status,omitempty"` }
VaultKVSecret is the Schema for the vaultkvsecrets API.
func (*VaultKVSecret) DeepCopy ¶
func (in *VaultKVSecret) DeepCopy() *VaultKVSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecret.
func (*VaultKVSecret) DeepCopyInto ¶
func (in *VaultKVSecret) DeepCopyInto(out *VaultKVSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultKVSecret) DeepCopyObject ¶
func (in *VaultKVSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultKVSecret) GetSecretPath ¶
func (r *VaultKVSecret) GetSecretPath() (string, error)
func (*VaultKVSecret) SetupWebhookWithManager ¶
func (r *VaultKVSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*VaultKVSecret) ValidateCreate ¶
func (r *VaultKVSecret) ValidateCreate() error
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*VaultKVSecret) ValidateDelete ¶
func (r *VaultKVSecret) ValidateDelete() error
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*VaultKVSecret) ValidateUpdate ¶
func (r *VaultKVSecret) ValidateUpdate(old runtime.Object) error
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type VaultKVSecretEngine ¶
type VaultKVSecretEngine struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultKVSecretEngineSpec `json:"spec,omitempty"` Status VaultKVSecretEngineStatus `json:"status,omitempty"` }
VaultKVSecretEngine is the Schema for the vaultkvsecretengines API.
func (*VaultKVSecretEngine) DeepCopy ¶
func (in *VaultKVSecretEngine) DeepCopy() *VaultKVSecretEngine
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretEngine.
func (*VaultKVSecretEngine) DeepCopyInto ¶
func (in *VaultKVSecretEngine) DeepCopyInto(out *VaultKVSecretEngine)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultKVSecretEngine) DeepCopyObject ¶
func (in *VaultKVSecretEngine) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultKVSecretEngine) GetKvEngineConfig ¶
func (r *VaultKVSecretEngine) GetKvEngineConfig() (*kvengine.Config, error)
func (*VaultKVSecretEngine) GetMountPath ¶
func (r *VaultKVSecretEngine) GetMountPath() (string, error)
func (*VaultKVSecretEngine) SetupWebhookWithManager ¶
func (r *VaultKVSecretEngine) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*VaultKVSecretEngine) ValidateCreate ¶
func (r *VaultKVSecretEngine) ValidateCreate() error
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*VaultKVSecretEngine) ValidateDelete ¶
func (r *VaultKVSecretEngine) ValidateDelete() error
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*VaultKVSecretEngine) ValidateUpdate ¶
func (r *VaultKVSecretEngine) ValidateUpdate(old runtime.Object) error
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type VaultKVSecretEngineList ¶
type VaultKVSecretEngineList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultKVSecretEngine `json:"items"` }
VaultKVSecretEngineList contains a list of VaultKVSecretEngine +kubebuilder:object:root=true
func (*VaultKVSecretEngineList) DeepCopy ¶
func (in *VaultKVSecretEngineList) DeepCopy() *VaultKVSecretEngineList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretEngineList.
func (*VaultKVSecretEngineList) DeepCopyInto ¶
func (in *VaultKVSecretEngineList) DeepCopyInto(out *VaultKVSecretEngineList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultKVSecretEngineList) DeepCopyObject ¶
func (in *VaultKVSecretEngineList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultKVSecretEngineSpec ¶
type VaultKVSecretEngineSpec struct { // MaxVersions configures the maximum number of secret versions to keep MaxVersions int `json:"maxVersions"` // DeleteProtection configures that the secret engine should not be able to be deleted. // Defaults to false. // +optional DeleteProtection bool `json:"deleteProtection"` }
VaultKVSecretEngineSpec defines the desired state of VaultKVSecretEngine.
func (*VaultKVSecretEngineSpec) DeepCopy ¶
func (in *VaultKVSecretEngineSpec) DeepCopy() *VaultKVSecretEngineSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretEngineSpec.
func (*VaultKVSecretEngineSpec) DeepCopyInto ¶
func (in *VaultKVSecretEngineSpec) DeepCopyInto(out *VaultKVSecretEngineSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVSecretEngineStatus ¶
VaultKVSecretEngineStatus defines the observed state of VaultKVSecretEngine.
func (*VaultKVSecretEngineStatus) DeepCopy ¶
func (in *VaultKVSecretEngineStatus) DeepCopy() *VaultKVSecretEngineStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretEngineStatus.
func (*VaultKVSecretEngineStatus) DeepCopyInto ¶
func (in *VaultKVSecretEngineStatus) DeepCopyInto(out *VaultKVSecretEngineStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVSecretField ¶
type VaultKVSecretField struct { // CipherText represents a value which has been encrypted by Heists managed // Transit Engine. // +optional // +kubebuilder:validation:Optional CipherText EncryptedValue `json:"ciphertext,omitempty"` // AutoGenerated configures that the secret should have an autogenerated value. // Must be set to false when using a custom stringValue or custom cipherText. // Defaults to true. // +optional // +kubebuilder:validation:Optional AutoGenerated bool `json:"autoGenerated,omitempty"` // AutoGeneratedLength can be used in combination with AutoGenerated. // It optionally configures the length of the autogenerated secret, the default // is 64 character. // +optional // +kubebuilder:validation:Optional AutoGeneratedLength int `json:"autoGeneratedLength,omitempty"` }
VaultKVSecretField defines the desired state of a field in a VaultKVSecret.
func (*VaultKVSecretField) DeepCopy ¶
func (in *VaultKVSecretField) DeepCopy() *VaultKVSecretField
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretField.
func (*VaultKVSecretField) DeepCopyInto ¶
func (in *VaultKVSecretField) DeepCopyInto(out *VaultKVSecretField)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVSecretList ¶
type VaultKVSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultKVSecret `json:"items"` }
VaultKVSecretList contains a list of VaultKVSecret. +kubebuilder:object:root=true
func (*VaultKVSecretList) DeepCopy ¶
func (in *VaultKVSecretList) DeepCopy() *VaultKVSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretList.
func (*VaultKVSecretList) DeepCopyInto ¶
func (in *VaultKVSecretList) DeepCopyInto(out *VaultKVSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultKVSecretList) DeepCopyObject ¶
func (in *VaultKVSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultKVSecretRef ¶
type VaultKVSecretRef struct { Name string `json:"name,omitempty"` EnginePath string `json:"enginePath,omitempty"` SecretPath string `json:"secretPath,omitempty"` Capabilities []VaultBindingKVCapability `json:"capabilities,omitempty"` }
func (*VaultKVSecretRef) DeepCopy ¶
func (in *VaultKVSecretRef) DeepCopy() *VaultKVSecretRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretRef.
func (*VaultKVSecretRef) DeepCopyInto ¶
func (in *VaultKVSecretRef) DeepCopyInto(out *VaultKVSecretRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVSecretSpec ¶
type VaultKVSecretSpec struct { // Engine configures the secret storage engine in which the secret should // be stored. // +required // +kubebuilder:validation:Required Engine string `json:"engine"` // Path configures the relative path of the Secret inside its secret engine. // +optional // +kubebuilder:validation:Optional Path string `json:"path,omitempty"` // Fields is a map of fields stored in the Secret. // +optional // +kubebuilder:validation:Optional Fields map[string]*VaultKVSecretField `json:"fields,omitempty"` // DeleteProtection configures that the secret should not be able to be deleted. // Defaults to false. // +optional // +kubebuilder:validation:Optional DeleteProtection bool `json:"deleteProtection,omitempty"` }
VaultKVSecretSpec defines the desired secret's fields and the secret's config.
func (*VaultKVSecretSpec) DeepCopy ¶
func (in *VaultKVSecretSpec) DeepCopy() *VaultKVSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretSpec.
func (*VaultKVSecretSpec) DeepCopyInto ¶
func (in *VaultKVSecretSpec) DeepCopyInto(out *VaultKVSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultKVSecretStatus ¶
type VaultKVSecretStatus struct { Conditions []metav1.Condition `json:"conditions,omitempty"` // ReadOnlyPolicyName is the name of the read-only policy created for this // secret. // +optional ReadOnlyPolicyName string `json:"policyName,omitempty"` // Engine is the name of the engine used to store this secret. // +optional Engine string `json:"engine,omitempty"` // Path is the relative path this secret inside its engine. // +optional Path string `json:"path,omitempty"` // Fields is a map of field names to cipher text for all fields currently. // stored in Vault // +optional Fields map[string]string `json:"fields,omitempty"` }
VaultKVSecretStatus defines the observed state of VaultKVSecret.
func (*VaultKVSecretStatus) DeepCopy ¶
func (in *VaultKVSecretStatus) DeepCopy() *VaultKVSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultKVSecretStatus.
func (*VaultKVSecretStatus) DeepCopyInto ¶
func (in *VaultKVSecretStatus) DeepCopyInto(out *VaultKVSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncCertificate ¶
type VaultSyncCertificate struct { // Name is the name of the VaultCertificateAuthority which should be // synced. // +required // +kubebuilder:validation:Required Name string `json:"name"` // Fields is a list of fields which should be synced from the // VaultCertificateAuthority. // +required // +kubebuilder:validation:Required Fields []VaultSyncCertificateField `json:"fields"` // CommonName is the CN (common name) of the issued certificate. // +required // +kubebuilder:validation:Required CommonName string `json:"commonName"` // AlternativeNames is a list of SANs (subject alternative names) requested // for this certificate. These will be set as an extension in the // certificate. // +optional // +kubebuilder:validation:Optional AlternativeNames []string `json:"alternativeNames,omitempty"` // ExcludeCNFromSans disables automatically adding the common name to the // SAN list. // +optional // +kubebuilder:validation:Optional ExcludeCNFromSans bool `json:"excludeCNFromSans,omitempty"` }
VaultSyncCertificate configures syncing of values from a VaultCertificateRole.
func (*VaultSyncCertificate) DeepCopy ¶
func (in *VaultSyncCertificate) DeepCopy() *VaultSyncCertificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificate.
func (*VaultSyncCertificate) DeepCopyInto ¶
func (in *VaultSyncCertificate) DeepCopyInto(out *VaultSyncCertificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncCertificateAuthority ¶
type VaultSyncCertificateAuthority struct { // Name is the name of the VaultCertificateAuthority which should be // synced. // +required // +kubebuilder:validation:Required Name string `json:"name"` // Fields is a list of fields which should be synced from the // VaultCertificateAuthority. // +required // +kubebuilder:validation:Required Fields []VaultSyncCertificateField `json:"fields,omitempty"` }
VaultSyncCertificateAuthority configures syncing of values from a VaultCertificateAuthority.
func (*VaultSyncCertificateAuthority) DeepCopy ¶
func (in *VaultSyncCertificateAuthority) DeepCopy() *VaultSyncCertificateAuthority
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificateAuthority.
func (*VaultSyncCertificateAuthority) DeepCopyInto ¶
func (in *VaultSyncCertificateAuthority) DeepCopyInto(out *VaultSyncCertificateAuthority)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncCertificateAuthoritySource ¶
type VaultSyncCertificateAuthoritySource struct { // Name is the name of the VaultCertificateAuthority which should be synced. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Name string `json:"name,omitempty"` // Field is the field of the certificate authority which should be synced. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Enum:=certificate;private_key;cert_chain;full_cert_chain Field VaultCertificateFieldType `json:"field,omitempty"` }
func (*VaultSyncCertificateAuthoritySource) DeepCopy ¶
func (in *VaultSyncCertificateAuthoritySource) DeepCopy() *VaultSyncCertificateAuthoritySource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificateAuthoritySource.
func (*VaultSyncCertificateAuthoritySource) DeepCopyInto ¶
func (in *VaultSyncCertificateAuthoritySource) DeepCopyInto(out *VaultSyncCertificateAuthoritySource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncCertificateField ¶
type VaultSyncCertificateField struct { // Type is the name of the field which should be bound. Possible values are // defined in VaultCertificateFieldType. // +kubebuilder:validation:Enum:=certificate;private_key;cert_chain;full_cert_chain // +kubebuilder:default:=certificate Type VaultCertificateFieldType `json:"field"` // Key is the secret key used to store the value. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Key string `json:"key"` }
VaultSyncCertificateField configures syncing of values from a certificate.
func (*VaultSyncCertificateField) DeepCopy ¶
func (in *VaultSyncCertificateField) DeepCopy() *VaultSyncCertificateField
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificateField.
func (*VaultSyncCertificateField) DeepCopyInto ¶
func (in *VaultSyncCertificateField) DeepCopyInto(out *VaultSyncCertificateField)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncCertificateSource ¶
type VaultSyncCertificateSource struct { // Name is the name of the certificate template used to issue the // certificate which should be synced. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Name string `json:"name,omitempty"` // Field is the field of the certificate which should be synced. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Enum:=certificate;private_key;cert_chain;full_cert_chain Field VaultCertificateFieldType `json:"field,omitempty"` }
func (*VaultSyncCertificateSource) DeepCopy ¶
func (in *VaultSyncCertificateSource) DeepCopy() *VaultSyncCertificateSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncCertificateSource.
func (*VaultSyncCertificateSource) DeepCopyInto ¶
func (in *VaultSyncCertificateSource) DeepCopyInto(out *VaultSyncCertificateSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncKVSecretSource ¶
type VaultSyncKVSecretSource struct { // Name is the name of the VaultKVSecret which should be synced. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Name string `json:"name,omitempty"` // Field specifies a single field of the VaultKVSecret which should be synced. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Field string `json:"field,omitempty"` }
func (*VaultSyncKVSecretSource) DeepCopy ¶
func (in *VaultSyncKVSecretSource) DeepCopy() *VaultSyncKVSecretSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncKVSecretSource.
func (*VaultSyncKVSecretSource) DeepCopyInto ¶
func (in *VaultSyncKVSecretSource) DeepCopyInto(out *VaultSyncKVSecretSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncKvSecret ¶
type VaultSyncKvSecret struct { // Name is the name of the VaultKVSecret. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Name string `json:"name,omitempty"` // Field is the name of the field in the VaultKVSecret. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Field string `json:"field,omitempty"` // Key is the secret key used to store the value. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 Key string `json:"key,omitempty"` }
func (*VaultSyncKvSecret) DeepCopy ¶
func (in *VaultSyncKvSecret) DeepCopy() *VaultSyncKvSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncKvSecret.
func (*VaultSyncKvSecret) DeepCopyInto ¶
func (in *VaultSyncKvSecret) DeepCopyInto(out *VaultSyncKvSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncSecret ¶
type VaultSyncSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultSyncSecretSpec `json:"spec,omitempty"` Status VaultSyncSecretStatus `json:"status,omitempty"` }
VaultSyncSecret is the Schema for the vaultsyncsecrets API.
func (*VaultSyncSecret) DeepCopy ¶
func (in *VaultSyncSecret) DeepCopy() *VaultSyncSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecret.
func (*VaultSyncSecret) DeepCopyInto ¶
func (in *VaultSyncSecret) DeepCopyInto(out *VaultSyncSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultSyncSecret) DeepCopyObject ¶
func (in *VaultSyncSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultSyncSecret) SetupWebhookWithManager ¶
func (r *VaultSyncSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*VaultSyncSecret) ValidateCreate ¶
func (r *VaultSyncSecret) ValidateCreate() error
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*VaultSyncSecret) ValidateDelete ¶
func (r *VaultSyncSecret) ValidateDelete() error
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*VaultSyncSecret) ValidateUpdate ¶
func (r *VaultSyncSecret) ValidateUpdate(old runtime.Object) error
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type VaultSyncSecretList ¶
type VaultSyncSecretList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultSyncSecret `json:"items"` }
VaultSyncSecretList contains a list of VaultSyncSecret.
func (*VaultSyncSecretList) DeepCopy ¶
func (in *VaultSyncSecretList) DeepCopy() *VaultSyncSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretList.
func (*VaultSyncSecretList) DeepCopyInto ¶
func (in *VaultSyncSecretList) DeepCopyInto(out *VaultSyncSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultSyncSecretList) DeepCopyObject ¶
func (in *VaultSyncSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultSyncSecretSource ¶
type VaultSyncSecretSource struct { // CipherText represents a value which has been encrypted by Heists managed // Transit Engine. // +optional // +kubebuilder:validation:Optional CipherText EncryptedValue `json:"cipherText,omitempty"` // CertificateAuthority configures a VaultCertificateAuthority from which a // field should be synced. // +optional // +kubebuilder:validation:Optional CertificateAuthority *VaultSyncCertificateAuthoritySource `json:"certificateAuthority,omitempty"` // Certificate configures a VaultCertificateRole from which a field should be // synced. // +optional // +kubebuilder:validation:Optional Certificate *VaultSyncCertificateSource `json:"certificate,omitempty"` // KVSecret configures a VaultKVSecret from which a field should be synced // +optional // +kubebuilder:validation:Optional KVSecret *VaultSyncKVSecretSource `json:"kvSecret,omitempty"` }
func (*VaultSyncSecretSource) DeepCopy ¶
func (in *VaultSyncSecretSource) DeepCopy() *VaultSyncSecretSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretSource.
func (*VaultSyncSecretSource) DeepCopyInto ¶
func (in *VaultSyncSecretSource) DeepCopyInto(out *VaultSyncSecretSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncSecretSpec ¶
type VaultSyncSecretSpec struct { // Target configures the secret you want to sync values to. // +required // +kubebuilder:validation:Required Target VaultSyncSecretTarget `json:"target,omitempty"` // CertificateTemplates configures settings for certificates which may be // issued. // +optional // +kubebuilder:validation:Optional CertificateTemplates []VaultCertificateTemplate `json:"certificateTemplates,omitempty"` // Data is a map of values which should be synced to the Target Kubernetes // Secret. // +required // +kubebuilder:validation:Required Data map[string]VaultSyncSecretSource `json:"data,omitempty"` }
func (*VaultSyncSecretSpec) DeepCopy ¶
func (in *VaultSyncSecretSpec) DeepCopy() *VaultSyncSecretSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretSpec.
func (*VaultSyncSecretSpec) DeepCopyInto ¶
func (in *VaultSyncSecretSpec) DeepCopyInto(out *VaultSyncSecretSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncSecretStatus ¶
type VaultSyncSecretStatus struct { Conditions []metav1.Condition `json:"conditions"` AppliedSpec VaultSyncSecretSpec `json:"appliedSpec,omitempty"` }
VaultSyncSecretStatus defines the observed state of VaultSyncSecret.
func (*VaultSyncSecretStatus) DeepCopy ¶
func (in *VaultSyncSecretStatus) DeepCopy() *VaultSyncSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretStatus.
func (*VaultSyncSecretStatus) DeepCopyInto ¶
func (in *VaultSyncSecretStatus) DeepCopyInto(out *VaultSyncSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultSyncSecretTarget ¶
type VaultSyncSecretTarget struct { // Name is the name of the secret resource you want to create. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:MaxLength=253 Name string `json:"name,omitempty"` // Namespace is the namespace the secret should be created in. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:MaxLength=63 Namespace string `json:"namespace,omitempty"` // Type is the type of secret which should be created. // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum:=Opaque;kubernetes.io/dockercfg;kubernetes.io/dockerconfigjson;kubernetes.io/basic-auth;kubernetes.io/ssh-auth;kubernetes.io/tls Type v1.SecretType `json:"type,omitempty"` // AdditionalLabels is a map of labels added to the secret. // +optional // +kubebuilder:validation:Optional AdditionalLabels map[string]string `json:"additionalLabels,omitempty"` // AdditionalAnnotations is a map of annotations added to the secret. // +optional // +kubebuilder:validation:Optional AdditionalAnnotations map[string]string `json:"additionalAnnotations,omitempty"` }
VaultSyncSecretTarget defines the desired state of VaultSyncSecret.
func (*VaultSyncSecretTarget) DeepCopy ¶
func (in *VaultSyncSecretTarget) DeepCopy() *VaultSyncSecretTarget
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSyncSecretTarget.
func (*VaultSyncSecretTarget) DeepCopyInto ¶
func (in *VaultSyncSecretTarget) DeepCopyInto(out *VaultSyncSecretTarget)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultTransitEngine ¶
type VaultTransitEngine struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultTransitEngineSpec `json:"spec,omitempty"` Status VaultTransitEngineStatus `json:"status,omitempty"` }
VaultTransitEngine is the Schema for the vaulttransitengines API.
func (*VaultTransitEngine) DeepCopy ¶
func (in *VaultTransitEngine) DeepCopy() *VaultTransitEngine
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitEngine.
func (*VaultTransitEngine) DeepCopyInto ¶
func (in *VaultTransitEngine) DeepCopyInto(out *VaultTransitEngine)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultTransitEngine) DeepCopyObject ¶
func (in *VaultTransitEngine) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultTransitEngine) GetMountPath ¶
func (r *VaultTransitEngine) GetMountPath() (string, error)
func (*VaultTransitEngine) GetPluginName ¶
func (r *VaultTransitEngine) GetPluginName() (string, error)
func (*VaultTransitEngine) GetTransitEngineConfig ¶
func (r *VaultTransitEngine) GetTransitEngineConfig() (*transit.EngineConfig, error)
func (*VaultTransitEngine) SetupWebhookWithManager ¶
func (r *VaultTransitEngine) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*VaultTransitEngine) ValidateCreate ¶
func (r *VaultTransitEngine) ValidateCreate() error
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*VaultTransitEngine) ValidateDelete ¶
func (r *VaultTransitEngine) ValidateDelete() error
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*VaultTransitEngine) ValidateUpdate ¶
func (r *VaultTransitEngine) ValidateUpdate(old runtime.Object) error
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type VaultTransitEngineList ¶
type VaultTransitEngineList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultTransitEngine `json:"items"` }
VaultTransitEngineList contains a list of VaultTransitEngine.
func (*VaultTransitEngineList) DeepCopy ¶
func (in *VaultTransitEngineList) DeepCopy() *VaultTransitEngineList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitEngineList.
func (*VaultTransitEngineList) DeepCopyInto ¶
func (in *VaultTransitEngineList) DeepCopyInto(out *VaultTransitEngineList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultTransitEngineList) DeepCopyObject ¶
func (in *VaultTransitEngineList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultTransitEngineSpec ¶
type VaultTransitEngineSpec struct { // Plugin configures the plugin backend used for this engine. Defaults to transit. // https://www.vaultproject.io/docs/upgrading/plugins#overriding-built-in-plugins // +optional // +kubebuilder:validation:Optional // +kubebuilder:validation:Default:=transit Plugin string `json:"plugin,omitempty"` }
VaultTransitEngineSpec defines the desired state of VaultTransitEngine.
func (*VaultTransitEngineSpec) DeepCopy ¶
func (in *VaultTransitEngineSpec) DeepCopy() *VaultTransitEngineSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitEngineSpec.
func (*VaultTransitEngineSpec) DeepCopyInto ¶
func (in *VaultTransitEngineSpec) DeepCopyInto(out *VaultTransitEngineSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultTransitEngineStatus ¶
VaultTransitEngineStatus defines the observed state of VaultTransitEngine.
func (*VaultTransitEngineStatus) DeepCopy ¶
func (in *VaultTransitEngineStatus) DeepCopy() *VaultTransitEngineStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitEngineStatus.
func (*VaultTransitEngineStatus) DeepCopyInto ¶
func (in *VaultTransitEngineStatus) DeepCopyInto(out *VaultTransitEngineStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultTransitKey ¶
type VaultTransitKey struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec VaultTransitKeySpec `json:"spec,omitempty"` Status VaultTransitKeyStatus `json:"status,omitempty"` }
VaultTransitKey is the Schema for the vaulttransitengines API.
func (*VaultTransitKey) DeepCopy ¶
func (in *VaultTransitKey) DeepCopy() *VaultTransitKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKey.
func (*VaultTransitKey) DeepCopyInto ¶
func (in *VaultTransitKey) DeepCopyInto(out *VaultTransitKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultTransitKey) DeepCopyObject ¶
func (in *VaultTransitKey) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*VaultTransitKey) GetTransitKeyConfig ¶
func (r *VaultTransitKey) GetTransitKeyConfig() (*transit.KeyConfig, error)
func (*VaultTransitKey) GetTransitKeyName ¶
func (r *VaultTransitKey) GetTransitKeyName() (string, error)
func (*VaultTransitKey) GetTransitKeyType ¶
func (r *VaultTransitKey) GetTransitKeyType() (transit.KeyType, error)
func (*VaultTransitKey) SetupWebhookWithManager ¶
func (r *VaultTransitKey) SetupWebhookWithManager(mgr ctrl.Manager) error
func (*VaultTransitKey) ValidateCreate ¶
func (r *VaultTransitKey) ValidateCreate() error
ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
func (*VaultTransitKey) ValidateDelete ¶
func (r *VaultTransitKey) ValidateDelete() error
ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
func (*VaultTransitKey) ValidateUpdate ¶
func (r *VaultTransitKey) ValidateUpdate(old runtime.Object) error
ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
type VaultTransitKeyList ¶
type VaultTransitKeyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []VaultTransitKey `json:"items"` }
VaultTransitKeyList contains a list of VaultTransitKey.
func (*VaultTransitKeyList) DeepCopy ¶
func (in *VaultTransitKeyList) DeepCopy() *VaultTransitKeyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKeyList.
func (*VaultTransitKeyList) DeepCopyInto ¶
func (in *VaultTransitKeyList) DeepCopyInto(out *VaultTransitKeyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VaultTransitKeyList) DeepCopyObject ¶
func (in *VaultTransitKeyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VaultTransitKeyRef ¶
type VaultTransitKeyRef struct { Name string `json:"name,omitempty"` EnginePath string `json:"enginePath,omitempty"` KeyName string `json:"keyName,omitempty"` Capabilities []VaultBindingTransitKeyCapability `json:"capabilities,omitempty"` }
func (*VaultTransitKeyRef) DeepCopy ¶
func (in *VaultTransitKeyRef) DeepCopy() *VaultTransitKeyRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKeyRef.
func (*VaultTransitKeyRef) DeepCopyInto ¶
func (in *VaultTransitKeyRef) DeepCopyInto(out *VaultTransitKeyRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultTransitKeySpec ¶
type VaultTransitKeySpec struct { // Engine configures the used transit engine. // +required // +kubebuilder:validation:Required Engine string `json:"engine"` // Type configures the transit key type. Must be a vault supported key type. // Additional information: https://www.vaultproject.io/api/secret/transit#type. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Enum:=aes128-gcm96;aes256-gcm96;chacha20-poly1305;ed25519;ecdsa-p256;ecdsa-p384;ecdsa-p521;rsa-2048;rsa-3072;rsa-4096 Type transit.KeyType `json:"type"` // MinimumDecryptionVersion specifies the minimum version of the key that can be used to decrypt the ciphertext. // Adjusting this as part of a key rotation policy can prevent old copies of ciphertext from being // decrypted, should they fall into the wrong hands. For signatures, this value controls the minimum // version of signature that can be verified against. For HMACs, this controls the minimum version // of a key allowed to be used as the key for verification. // +optional // +kubebuilder:validation:Optional MinimumDecryptionVersion int `json:"minimumDecryptionVersion,omitempty"` // MinimumEncryptionVersion Specifies the minimum version of the key that can be used to encrypt // plaintext, sign payloads, or generate HMACs. Must be 0 (which will use the latest version) or // a value greater or equal to min_decryption_version. // +optional // +kubebuilder:validation:Optional MinimumEncryptionVersion int `json:"minimumEncryptionVersion,omitempty"` // Exportable enables keys to be exportable. This allows for all the valid keys in the key // ring to be exported. Once set, this cannot be disabled. // +optional // +kubebuilder:validation:Optional Exportable bool `json:"exportable,omitempty"` // AllowPlaintextBackup enables taking backups of named key in the // plaintext format. Once set, this cannot be disabled. // +optional // +kubebuilder:validation:Optional AllowPlaintextBackup bool `json:"allowPlaintextBackup,omitempty"` // DeleteProtection configures that the secret should not be able to be deleted. // Defaults to false. // +optional // +kubebuilder:validation:Optional DeleteProtection bool `json:"deleteProtection,omitempty"` }
VaultTransitKeySpec defines the desired state of VaultTransitKey.
func (*VaultTransitKeySpec) DeepCopy ¶
func (in *VaultTransitKeySpec) DeepCopy() *VaultTransitKeySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKeySpec.
func (*VaultTransitKeySpec) DeepCopyInto ¶
func (in *VaultTransitKeySpec) DeepCopyInto(out *VaultTransitKeySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultTransitKeyStatus ¶
type VaultTransitKeyStatus struct { Conditions []metav1.Condition `json:"conditions,omitempty"` // AppliedSpec contains more information about the current state of the // VaultTransitKey object. // +optional AppliedSpec VaultTransitKeySpec `json:"appliedSpec,omitempty"` }
VaultTransitKeyStatus defines the observed state of VaultTransitKey.
func (*VaultTransitKeyStatus) DeepCopy ¶
func (in *VaultTransitKeyStatus) DeepCopy() *VaultTransitKeyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTransitKeyStatus.
func (*VaultTransitKeyStatus) DeepCopyInto ¶
func (in *VaultTransitKeyStatus) DeepCopyInto(out *VaultTransitKeyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- component.go
- conditions.go
- groupversion_info.go
- vaultbinding_types.go
- vaultbinding_webhook.go
- vaultcertificateauthority_types.go
- vaultcertificateauthority_vault.go
- vaultcertificateauthority_webhook.go
- vaultcertificaterole_types.go
- vaultcertificaterole_vault.go
- vaultclientconfig_types.go
- vaultkvsecret_types.go
- vaultkvsecret_vault.go
- vaultkvsecret_webhook.go
- vaultkvsecretengine_types.go
- vaultkvsecretengine_vault.go
- vaultkvsecretengine_webhook.go
- vaultsyncsecret_types.go
- vaultsyncsecret_webhook.go
- vaulttransitengine_types.go
- vaulttransitengine_vault.go
- vaulttransitengine_webhook.go
- vaulttransitkey_types.go
- vaulttransitkey_vault.go
- vaulttransitkey_webhook.go
- zz_generated.deepcopy.go