v1alpha1

package
v0.17.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 28, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

+groupName=policy.kubevault.com

Index

Constants

View Source
const (
	ResourceKindVaultPolicy = "VaultPolicy"
	ResourceVaultPolicy     = "vaultpolicy"
	ResourceVaultPolicies   = "vaultpolicies"
)
View Source
const (
	ResourceKindVaultPolicyBinding = "VaultPolicyBinding"
	ResourceVaultPolicyBinding     = "vaultpolicybinding"
	ResourceVaultPolicyBindings    = "vaultpolicybindings"
)

Variables

View Source
var (
	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: policy.GroupName, Version: "v1alpha1"}

Functions

func Kind added in v0.8.0

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type AppRoleSubjectRef

type AppRoleSubjectRef struct {
	// Specifies the path where approle auth is enabled
	// default : approle
	// +optional
	Path string `json:"path,omitempty"`

	// RoleName is the Name of the AppRole
	// This defaults to following format: k8s.${cluster}.${metadata.namespace}.${metadata.name}
	RoleName string `json:"roleName,omitempty"`

	// Require secret_id to be presented when logging in using this AppRole.
	BindSecretID bool `json:"bindSecretID"`

	// List of CIDR blocks; if set, specifies blocks of IP addresses which can perform the login operation.
	SecretIDBoundCidrs []string `json:"secretIdBoundCidrs,omitempty"`

	// Number of times any particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. A value of zero will allow unlimited uses.
	SecretIDNumUses int64 `json:"secretIdNumUses,omitempty"`

	// Duration in either an integer number of seconds (3600) or an integer time unit (60m) after which any SecretID expires.
	SecretIDTTL string `json:"secretIdTTL,omitempty"`

	// If set, the secret IDs generated using this role will be cluster local. This can only be set during role creation and once set, it can't be reset later.
	EnableLocalSecretIDs bool `json:"enableLocalSecretIds,omitempty"`

	// The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	TokenTTL int64 `json:"tokenTTL,omitempty"`

	// The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
	TokenMaxTTL int64 `json:"tokenMaxTTL,omitempty"`

	// List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies []string `json:"tokenPolicies,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	TokenBoundCidrs []string `json:"tokenBoundCidrs,omitempty"`

	// If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	TokenExplicitMaxTTL int64 `json:"tokenExplicitMaxTTL,omitempty"`

	// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy,omitempty"`

	// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses int64 `json:"tokenNumUses,omitempty"`

	// The period, if any, to set on the token.
	TokenPeriod int64 `json:"tokenPeriod,omitempty"`

	// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	TokenType string `json:"tokenType,omitempty"`
}

More info: https://www.vaultproject.io/api-docs/auth/approle#create-update-approle

func (*AppRoleSubjectRef) DeepCopy

func (in *AppRoleSubjectRef) DeepCopy() *AppRoleSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRoleSubjectRef.

func (*AppRoleSubjectRef) DeepCopyInto

func (in *AppRoleSubjectRef) DeepCopyInto(out *AppRoleSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCSubjectRef added in v0.8.0

type JWTOIDCSubjectRef struct {
	// Specifies the path where jwt/oidc auth is enabled
	Path string `json:"path"`

	// Name of the role.
	// This defaults to following format: k8s.${cluster}.${metadata.namespace}.${metadata.name}
	Name string `json:"name,omitempty"`

	// List of aud claims to match against. Any match is sufficient. Required for "jwt" roles, optional for "oidc" roles.
	BoundAudiences []string `json:"boundAudiences,omitempty"`

	// The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login. The claim value must be a string.
	UserClaim string `json:"userClaim"`

	// If set, requires that the sub claim matches this value.
	BoundSubject string `json:"boundSubject,omitempty"`

	// If set, a map of claims/values to match against. The expected value may be a single string or a list of strings. The interpretation of the bound claim values is configured with bound_claims_type.
	BoundClaims map[string]string `json:"boundClaims,omitempty"`

	// Configures the interpretation of the bound_claims values. If "string" (the default), the values will treated as string literals and must match exactly. If set to "glob", the values will be interpreted as globs, with * matching any number of characters.
	BoundClaimsType string `json:"boundClaimsType,omitempty"`

	// The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.
	GroupClaim string `json:"groupClaim,omitempty"`

	// If set, a map of claims (keys) to be copied to specified metadata fields (values).
	ClaimMappings map[string]string `json:"claimMappings,omitempty"`

	// If set, a list of OIDC scopes to be used with an OIDC role. The standard scope "openid" is automatically included and need not be specified.
	OIDCScopes []string `json:"oidcScopes,omitempty"`

	// The list of allowed values for redirect_uri during OIDC logins.
	AllowedRedirectUris []string `json:"allowedRedirectUris"`

	VerboseOIDCLogging bool `json:"verboseOidcLogging,omitempty"`

	// The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	TokenTTL int64 `json:"tokenTTL,omitempty"`

	// The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
	TokenMaxTTL int64 `json:"tokenMaxTTL,omitempty"`

	// List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies []string `json:"tokenPolicies,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	TokenBoundCidrs []string `json:"tokenBoundCidrs,omitempty"`

	// If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	TokenExplicitMaxTTL int64 `json:"tokenExplicitMaxTTL,omitempty"`

	// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy,omitempty"`

	// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses int64 `json:"tokenNumUses,omitempty"`

	// The period, if any, to set on the token.
	TokenPeriod int64 `json:"tokenPeriod,omitempty"`

	// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	TokenType string `json:"tokenType,omitempty"`
}

More info: https://www.vaultproject.io/api-docs/auth/jwt#create-role

func (*JWTOIDCSubjectRef) DeepCopy added in v0.8.0

func (in *JWTOIDCSubjectRef) DeepCopy() *JWTOIDCSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCSubjectRef.

func (*JWTOIDCSubjectRef) DeepCopyInto added in v0.8.0

func (in *JWTOIDCSubjectRef) DeepCopyInto(out *JWTOIDCSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSubjectRef

type KubernetesSubjectRef struct {
	// Specifies the path where kubernetes auth is enabled
	// default : kubernetes
	// +optional
	Path string `json:"path,omitempty"`

	// Name of the role
	Name string `json:"name,omitempty"`

	// Specifies the names of the service account to bind with policy
	ServiceAccountNames []string `json:"serviceAccountNames"`

	// Specifies the namespaces of the service account
	ServiceAccountNamespaces []string `json:"serviceAccountNamespaces"`

	// Specifies the TTL period of tokens issued using this role in seconds.
	// +optional
	TTL string `json:"ttl,omitempty"`

	// Specifies the maximum allowed lifetime of tokens issued in seconds using this role.
	// +optional
	MaxTTL string `json:"maxTTL,omitempty"`

	// If set, indicates that the token generated using this role should never expire.
	// The token should be renewed within the duration specified by this value.
	// At each renewal, the token's TTL will be set to the value of this parameter.
	// +optional
	Period string `json:"period,omitempty"`
}

More info: https://www.vaultproject.io/api/auth/kubernetes/index.html#create-role

func (*KubernetesSubjectRef) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSubjectRef.

func (*KubernetesSubjectRef) DeepCopyInto

func (in *KubernetesSubjectRef) DeepCopyInto(out *KubernetesSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LdapGroupSubjectRef

type LdapGroupSubjectRef struct {
	// Specifies the path where ldap groups auth is enabled
	// default : ldap/groups
	// +optional
	Path string `json:"path,omitempty"`

	// The name of the LDAP group
	Name string `json:"name"`

	// List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	Policies []string `json:"policies,omitempty"`
}

More info: https://www.vaultproject.io/api-docs/auth/ldap#create-update-ldap-group

func (*LdapGroupSubjectRef) DeepCopy

func (in *LdapGroupSubjectRef) DeepCopy() *LdapGroupSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LdapGroupSubjectRef.

func (*LdapGroupSubjectRef) DeepCopyInto

func (in *LdapGroupSubjectRef) DeepCopyInto(out *LdapGroupSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LdapUserSubjectRef

type LdapUserSubjectRef struct {
	// Specifies the path where ldap groups auth is enabled
	// default : ldap/users
	// +optional
	Path string `json:"path,omitempty"`

	// The username of the LDAP user
	Username string `json:"username"`

	// List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	Policies []string `json:"policies,omitempty"`

	// List of groups associated to the user.
	Groups []string `json:"groups,omitempty"`
}

More info: https://www.vaultproject.io/api-docs/auth/ldap#create-update-ldap-user

func (*LdapUserSubjectRef) DeepCopy

func (in *LdapUserSubjectRef) DeepCopy() *LdapUserSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LdapUserSubjectRef.

func (*LdapUserSubjectRef) DeepCopyInto

func (in *LdapUserSubjectRef) DeepCopyInto(out *LdapUserSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyBindingPhase

type PolicyBindingPhase string

+kubebuilder:validation:Enum=Success;Failed

const (
	PolicyBindingSuccess PolicyBindingPhase = "Success"
	PolicyBindingFailed  PolicyBindingPhase = "Failed"
)

type PolicyIdentifier

type PolicyIdentifier struct {
	// Name is a Vault server policy name. This name should be returned by `vault read sys/policy` command.
	// More info: https://www.vaultproject.io/docs/concepts/policies.html#listing-policies
	Name string `json:"name,omitempty"`

	// Ref is name of a VaultPolicy crd object. Actual vault policy name is spec.vaultRoleName field.
	// More info: https://www.vaultproject.io/docs/concepts/policies.html#listing-policies
	Ref string `json:"ref,omitempty"`
}

func (*PolicyIdentifier) DeepCopy

func (in *PolicyIdentifier) DeepCopy() *PolicyIdentifier

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyIdentifier.

func (*PolicyIdentifier) DeepCopyInto

func (in *PolicyIdentifier) DeepCopyInto(out *PolicyIdentifier)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyPhase

type PolicyPhase string

+kubebuilder:validation:Enum=Success;Failed

const (
	PolicySuccess PolicyPhase = "Success"
	PolicyFailed  PolicyPhase = "Failed"
)

type ServiceAccountReference

type ServiceAccountReference struct {
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

ServiceAccountReference contains name and namespace of the service account

func (*ServiceAccountReference) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountReference.

func (*ServiceAccountReference) DeepCopyInto

func (in *ServiceAccountReference) DeepCopyInto(out *ServiceAccountReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SubjectRef

type SubjectRef struct {
	// Kubernetes refers to Vault users who are authenticated via Kubernetes auth method
	// More info: https://www.vaultproject.io/docs/auth/kubernetes.html#configuration
	Kubernetes *KubernetesSubjectRef `json:"kubernetes,omitempty"`
	// More info: https://www.vaultproject.io/docs/auth/approle#configuration
	AppRole *AppRoleSubjectRef `json:"appRole,omitempty"`
	// More info: https://www.vaultproject.io/api-docs/auth/ldap#configure-ldap
	LdapGroup *LdapGroupSubjectRef `json:"ldapGroup,omitempty"`
	LdapUser  *LdapUserSubjectRef  `json:"ldapUser,omitempty"`
	// More info: https://www.vaultproject.io/api-docs/auth/jwt#configure
	JWT  *JWTOIDCSubjectRef `json:"jwt,omitempty"`
	OIDC *JWTOIDCSubjectRef `json:"oidc,omitempty"`
}

func (*SubjectRef) DeepCopy

func (in *SubjectRef) DeepCopy() *SubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectRef.

func (*SubjectRef) DeepCopyInto

func (in *SubjectRef) DeepCopyInto(out *SubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPolicy

type VaultPolicy struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              VaultPolicySpec   `json:"spec,omitempty"`
	Status            VaultPolicyStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=vaultpolicies,singular=vaultpolicy,shortName=vp,categories={vault,policy,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.phase" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (VaultPolicy) CustomResourceDefinition

func (_ VaultPolicy) CustomResourceDefinition() *apiextensions.CustomResourceDefinition

func (*VaultPolicy) DeepCopy

func (in *VaultPolicy) DeepCopy() *VaultPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicy.

func (*VaultPolicy) DeepCopyInto

func (in *VaultPolicy) DeepCopyInto(out *VaultPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultPolicy) DeepCopyObject

func (in *VaultPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (VaultPolicy) GetKey

func (v VaultPolicy) GetKey() string

func (VaultPolicy) IsValid

func (v VaultPolicy) IsValid() error

func (VaultPolicy) OffshootLabels

func (v VaultPolicy) OffshootLabels() map[string]string

func (VaultPolicy) OffshootSelectors

func (v VaultPolicy) OffshootSelectors() map[string]string

func (VaultPolicy) PolicyName

func (v VaultPolicy) PolicyName() string

type VaultPolicyBinding

type VaultPolicyBinding struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              VaultPolicyBindingSpec   `json:"spec,omitempty"`
	Status            VaultPolicyBindingStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=vaultpolicybindings,singular=vaultpolicybinding,shortName=vpb,categories={vault,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.phase" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (VaultPolicyBinding) CustomResourceDefinition

func (_ VaultPolicyBinding) CustomResourceDefinition() *apiextensions.CustomResourceDefinition

func (*VaultPolicyBinding) DeepCopy

func (in *VaultPolicyBinding) DeepCopy() *VaultPolicyBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyBinding.

func (*VaultPolicyBinding) DeepCopyInto

func (in *VaultPolicyBinding) DeepCopyInto(out *VaultPolicyBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultPolicyBinding) DeepCopyObject

func (in *VaultPolicyBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (VaultPolicyBinding) GeneratePath

func (v VaultPolicyBinding) GeneratePath(name, path, subPath string) string

func (VaultPolicyBinding) GeneratePayload

func (v VaultPolicyBinding) GeneratePayload(i interface{}) (map[string]interface{}, error)

func (VaultPolicyBinding) GetKey

func (v VaultPolicyBinding) GetKey() string

func (VaultPolicyBinding) IsValid

func (v VaultPolicyBinding) IsValid() error

func (VaultPolicyBinding) OffshootLabels

func (v VaultPolicyBinding) OffshootLabels() map[string]string

func (VaultPolicyBinding) OffshootSelectors

func (v VaultPolicyBinding) OffshootSelectors() map[string]string

func (VaultPolicyBinding) PolicyBindingName

func (v VaultPolicyBinding) PolicyBindingName() string

func (*VaultPolicyBinding) SetDefaults

func (v *VaultPolicyBinding) SetDefaults()

type VaultPolicyBindingList

type VaultPolicyBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultPolicyBinding `json:"items,omitempty"`
}

func (*VaultPolicyBindingList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyBindingList.

func (*VaultPolicyBindingList) DeepCopyInto

func (in *VaultPolicyBindingList) DeepCopyInto(out *VaultPolicyBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultPolicyBindingList) DeepCopyObject

func (in *VaultPolicyBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultPolicyBindingSpec

type VaultPolicyBindingSpec struct {
	// VaultRef is the name of a AppBinding referencing to a Vault Server
	VaultRef core.LocalObjectReference `json:"vaultRef"`

	// VaultRoleName is the role name which will be bound of the policies
	// This defaults to following format: k8s.${cluster}.${metadata.namespace}.${metadata.name}
	// xref: https://www.vaultproject.io/api/auth/kubernetes/index.html#create-role
	// +optional
	VaultRoleName string `json:"vaultRoleName,omitempty"`

	// Policies is a list of Vault policy identifiers.
	Policies []PolicyIdentifier `json:"policies"`

	// SubjectRef refers to Vault users who will be granted policies.
	SubjectRef `json:"subjectRef"`
}

links: https://www.vaultproject.io/api/auth/kubernetes/index.html#parameters-1

func (*VaultPolicyBindingSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyBindingSpec.

func (*VaultPolicyBindingSpec) DeepCopyInto

func (in *VaultPolicyBindingSpec) DeepCopyInto(out *VaultPolicyBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPolicyBindingStatus

type VaultPolicyBindingStatus struct {
	// ObservedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Phase indicates whether successfully bind the policy to service account in vault or not or in progress
	// +optional
	Phase PolicyBindingPhase `json:"phase,omitempty"`

	// Represents the latest available observations of a VaultPolicyBinding.
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*VaultPolicyBindingStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyBindingStatus.

func (*VaultPolicyBindingStatus) DeepCopyInto

func (in *VaultPolicyBindingStatus) DeepCopyInto(out *VaultPolicyBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPolicyList

type VaultPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultPolicy `json:"items,omitempty"`
}

func (*VaultPolicyList) DeepCopy

func (in *VaultPolicyList) DeepCopy() *VaultPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyList.

func (*VaultPolicyList) DeepCopyInto

func (in *VaultPolicyList) DeepCopyInto(out *VaultPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultPolicyList) DeepCopyObject

func (in *VaultPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultPolicySpec

type VaultPolicySpec struct {
	// VaultRef is the name of a AppBinding referencing to a Vault Server
	VaultRef core.LocalObjectReference `json:"vaultRef"`

	// VaultPolicyName is the policy name set inside Vault.
	// This defaults to following format: k8s.${cluster}.${metadata.namespace}.${metadata.name}
	// +optional
	VaultPolicyName string `json:"vaultPolicyName,omitempty"`

	// PolicyDocument specifies a vault policy in hcl format.
	// For example:
	// path "secret/*" {
	//   capabilities = ["create", "read", "update", "delete", "list"]
	// }
	// +optional
	PolicyDocument string `json:"policyDocument,omitempty"`

	// Policy specifies a vault policy in json format.
	// +optional
	// +kubebuilder:validation:EmbeddedResource
	// +kubebuilder:pruning:PreserveUnknownFields
	Policy *runtime.RawExtension `json:"policy,omitempty"`
}

More info: https://www.vaultproject.io/docs/concepts/policies.html

func (*VaultPolicySpec) DeepCopy

func (in *VaultPolicySpec) DeepCopy() *VaultPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicySpec.

func (*VaultPolicySpec) DeepCopyInto

func (in *VaultPolicySpec) DeepCopyInto(out *VaultPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPolicyStatus

type VaultPolicyStatus struct {
	// ObservedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Phase indicates whether the policy successfully applied in vault or not or in progress
	// +optional
	Phase PolicyPhase `json:"phase,omitempty"`

	// Represents the latest available observations of a VaultPolicy.
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*VaultPolicyStatus) DeepCopy

func (in *VaultPolicyStatus) DeepCopy() *VaultPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyStatus.

func (*VaultPolicyStatus) DeepCopyInto

func (in *VaultPolicyStatus) DeepCopyInto(out *VaultPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL