v1alpha1

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2021 License: Apache-2.0 Imports: 29 Imported by: 3

Documentation

Overview

+groupName=kubevault.com

Index

Constants

View Source
const (
	VaultServerContainerName   = "vault"
	VaultUnsealerContainerName = "unsealer"
	VaultExporterContainerName = "exporter"
)
View Source
const (
	ResourceKindVaultServer = "VaultServer"
	ResourceVaultServer     = "vaultserver"
	ResourceVaultServers    = "vaultservers"
)

Variables

View Source
var (
	ErrInvalidLengthGenerated        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowGenerated          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: kubevault.GroupName, Version: "v1alpha1"}

Functions

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type AllowedSecretEngines added in v0.5.0

type AllowedSecretEngines struct {
	// Namespaces indicates namespaces from which Secret Engines may be attached to this
	// Listener. This is restricted to the namespace of this VaultServer by default.
	//
	// +optional
	// +kubebuilder:default={from: Same}
	Namespaces *SecretEngineNamespaces `json:"namespaces,omitempty" protobuf:"bytes,1,opt,name=namespaces"`

	// SecretEngines specifies the types of Secret Engines that are allowed to bind
	// to this VaultServer. When unspecified or empty, all types of Secret Engines
	// are allowed.
	//
	// +optional
	SecretEngines []SecretEngineType `json:"secretEngines,omitempty" protobuf:"bytes,2,rep,name=secretEngines,casttype=SecretEngineType"`
}

AllowedSecretEngines defines which Secret Engines may be attached to this Listener.

func (*AllowedSecretEngines) DeepCopy added in v0.5.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedSecretEngines.

func (*AllowedSecretEngines) DeepCopyInto added in v0.5.0

func (in *AllowedSecretEngines) DeepCopyInto(out *AllowedSecretEngines)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AllowedSecretEngines) Descriptor added in v0.5.0

func (*AllowedSecretEngines) Descriptor() ([]byte, []int)

func (*AllowedSecretEngines) Marshal added in v0.5.0

func (m *AllowedSecretEngines) Marshal() (dAtA []byte, err error)

func (*AllowedSecretEngines) MarshalTo added in v0.5.0

func (m *AllowedSecretEngines) MarshalTo(dAtA []byte) (int, error)

func (*AllowedSecretEngines) MarshalToSizedBuffer added in v0.5.0

func (m *AllowedSecretEngines) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AllowedSecretEngines) ProtoMessage added in v0.5.0

func (*AllowedSecretEngines) ProtoMessage()

func (*AllowedSecretEngines) Reset added in v0.5.0

func (m *AllowedSecretEngines) Reset()

func (*AllowedSecretEngines) Size added in v0.5.0

func (m *AllowedSecretEngines) Size() (n int)

func (*AllowedSecretEngines) String added in v0.5.0

func (this *AllowedSecretEngines) String() string

func (*AllowedSecretEngines) Unmarshal added in v0.5.0

func (m *AllowedSecretEngines) Unmarshal(dAtA []byte) error

func (*AllowedSecretEngines) XXX_DiscardUnknown added in v0.5.0

func (m *AllowedSecretEngines) XXX_DiscardUnknown()

func (*AllowedSecretEngines) XXX_Marshal added in v0.5.0

func (m *AllowedSecretEngines) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AllowedSecretEngines) XXX_Merge added in v0.5.0

func (m *AllowedSecretEngines) XXX_Merge(src proto.Message)

func (*AllowedSecretEngines) XXX_Size added in v0.5.0

func (m *AllowedSecretEngines) XXX_Size() int

func (*AllowedSecretEngines) XXX_Unmarshal added in v0.5.0

func (m *AllowedSecretEngines) XXX_Unmarshal(b []byte) error

type AuthConfig

type AuthConfig struct {
	// The default lease duration, specified as a string duration like "5s" or "30m".
	// +optional
	DefaultLeaseTTL string `json:"defaultLeaseTTL,omitempty" protobuf:"bytes,1,opt,name=defaultLeaseTTL"`

	// The maximum lease duration, specified as a string duration like "5s" or "30m".
	// +optional
	MaxLeaseTTL string `json:"maxLeaseTTL,omitempty" protobuf:"bytes,2,opt,name=maxLeaseTTL"`

	// The name of the plugin in the plugin catalog to use.
	// +optional
	PluginName string `json:"pluginName,omitempty" protobuf:"bytes,3,opt,name=pluginName"`

	// List of keys that will not be HMAC'd by audit devices in the request data object.
	// +optional
	AuditNonHMACRequestKeys []string `json:"auditNonHMACRequestKeys,omitempty" protobuf:"bytes,4,rep,name=auditNonHMACRequestKeys"`

	// List of keys that will not be HMAC'd by audit devices in the response data object.
	// +optional
	AuditNonHMACResponseKeys []string `json:"auditNonHMACResponseKeys,omitempty" protobuf:"bytes,5,rep,name=auditNonHMACResponseKeys"`

	// Speficies whether to show this mount in the UI-specific listing endpoint.
	// +optional
	ListingVisibility string `json:"listingVisibility,omitempty" protobuf:"bytes,6,opt,name=listingVisibility"`

	// List of headers to whitelist and pass from the request to the backend.
	// +optional
	PassthroughRequestHeaders []string `json:"passthroughRequestHeaders,omitempty" protobuf:"bytes,7,rep,name=passthroughRequestHeaders"`
}

func (*AuthConfig) DeepCopy

func (in *AuthConfig) DeepCopy() *AuthConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfig.

func (*AuthConfig) DeepCopyInto

func (in *AuthConfig) DeepCopyInto(out *AuthConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthConfig) Descriptor

func (*AuthConfig) Descriptor() ([]byte, []int)

func (*AuthConfig) Marshal

func (m *AuthConfig) Marshal() (dAtA []byte, err error)

func (*AuthConfig) MarshalTo

func (m *AuthConfig) MarshalTo(dAtA []byte) (int, error)

func (*AuthConfig) MarshalToSizedBuffer

func (m *AuthConfig) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AuthConfig) ProtoMessage

func (*AuthConfig) ProtoMessage()

func (*AuthConfig) Reset

func (m *AuthConfig) Reset()

func (*AuthConfig) Size

func (m *AuthConfig) Size() (n int)

func (*AuthConfig) String

func (this *AuthConfig) String() string

func (*AuthConfig) Unmarshal

func (m *AuthConfig) Unmarshal(dAtA []byte) error

func (*AuthConfig) XXX_DiscardUnknown

func (m *AuthConfig) XXX_DiscardUnknown()

func (*AuthConfig) XXX_Marshal

func (m *AuthConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthConfig) XXX_Merge

func (m *AuthConfig) XXX_Merge(src proto.Message)

func (*AuthConfig) XXX_Size

func (m *AuthConfig) XXX_Size() int

func (*AuthConfig) XXX_Unmarshal

func (m *AuthConfig) XXX_Unmarshal(b []byte) error

type AuthMethod

type AuthMethod struct {
	//  Specifies the name of the authentication method type, such as "github" or "token".
	Type string `json:"type" protobuf:"bytes,1,opt,name=type"`

	// Specifies the path in which to enable the auth method.
	// Default value is the same as the 'type'
	Path string `json:"path" protobuf:"bytes,2,opt,name=path"`

	// Specifies a human-friendly description of the auth method.
	// +optional
	Description string `json:"description,omitempty" protobuf:"bytes,3,opt,name=description"`

	// Specifies configuration options for this auth method.
	// +optional
	Config *AuthConfig `json:"config,omitempty" protobuf:"bytes,4,opt,name=config"`

	// Specifies the name of the auth plugin to use based from the name in the plugin catalog.
	// Applies only to plugin methods.
	// +optional
	PluginName string `json:"pluginName,omitempty" protobuf:"bytes,5,opt,name=pluginName"`

	// Specifies if the auth method is a local only. Local auth methods are not replicated nor (if a secondary) removed by replication.
	// +optional
	Local bool `json:"local,omitempty" protobuf:"varint,6,opt,name=local"`
}

AuthMethod contains the information to enable vault auth method links: https://www.vaultproject.io/api/system/auth.html

func (*AuthMethod) DeepCopy

func (in *AuthMethod) DeepCopy() *AuthMethod

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthMethod.

func (*AuthMethod) DeepCopyInto

func (in *AuthMethod) DeepCopyInto(out *AuthMethod)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthMethod) Descriptor

func (*AuthMethod) Descriptor() ([]byte, []int)

func (*AuthMethod) Marshal

func (m *AuthMethod) Marshal() (dAtA []byte, err error)

func (*AuthMethod) MarshalTo

func (m *AuthMethod) MarshalTo(dAtA []byte) (int, error)

func (*AuthMethod) MarshalToSizedBuffer

func (m *AuthMethod) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AuthMethod) ProtoMessage

func (*AuthMethod) ProtoMessage()

func (*AuthMethod) Reset

func (m *AuthMethod) Reset()

func (*AuthMethod) Size

func (m *AuthMethod) Size() (n int)

func (*AuthMethod) String

func (this *AuthMethod) String() string

func (*AuthMethod) Unmarshal

func (m *AuthMethod) Unmarshal(dAtA []byte) error

func (*AuthMethod) XXX_DiscardUnknown

func (m *AuthMethod) XXX_DiscardUnknown()

func (*AuthMethod) XXX_Marshal

func (m *AuthMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthMethod) XXX_Merge

func (m *AuthMethod) XXX_Merge(src proto.Message)

func (*AuthMethod) XXX_Size

func (m *AuthMethod) XXX_Size() int

func (*AuthMethod) XXX_Unmarshal

func (m *AuthMethod) XXX_Unmarshal(b []byte) error

type AuthMethodEnableDisableStatus

type AuthMethodEnableDisableStatus string

+kubebuilder:validation:Enum=EnableSucceeded;EnableFailed;DisableSucceeded;DisableFailed

const (
	AuthMethodEnableSucceeded  AuthMethodEnableDisableStatus = "EnableSucceeded"
	AuthMethodEnableFailed     AuthMethodEnableDisableStatus = "EnableFailed"
	AuthMethodDisableSucceeded AuthMethodEnableDisableStatus = "DisableSucceeded"
	AuthMethodDisableFailed    AuthMethodEnableDisableStatus = "DisableFailed"
)

type AuthMethodStatus

type AuthMethodStatus struct {
	//  Specifies the name of the authentication method type, such as "github" or "token".
	Type string `json:"type" protobuf:"bytes,1,opt,name=type"`

	// Specifies the path in which to enable the auth method.
	Path string `json:"path" protobuf:"bytes,2,opt,name=path"`

	// Specifies whether auth method is enabled or not
	Status AuthMethodEnableDisableStatus `json:"status" protobuf:"bytes,3,opt,name=status,casttype=AuthMethodEnableDisableStatus"`

	// Specifies the reason why failed to enable auth method
	// +optional
	Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"`
}

AuthMethodStatus specifies the status of the auth method maintained by the auth method controller

func (*AuthMethodStatus) DeepCopy

func (in *AuthMethodStatus) DeepCopy() *AuthMethodStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthMethodStatus.

func (*AuthMethodStatus) DeepCopyInto

func (in *AuthMethodStatus) DeepCopyInto(out *AuthMethodStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthMethodStatus) Descriptor

func (*AuthMethodStatus) Descriptor() ([]byte, []int)

func (*AuthMethodStatus) Marshal

func (m *AuthMethodStatus) Marshal() (dAtA []byte, err error)

func (*AuthMethodStatus) MarshalTo

func (m *AuthMethodStatus) MarshalTo(dAtA []byte) (int, error)

func (*AuthMethodStatus) MarshalToSizedBuffer

func (m *AuthMethodStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AuthMethodStatus) ProtoMessage

func (*AuthMethodStatus) ProtoMessage()

func (*AuthMethodStatus) Reset

func (m *AuthMethodStatus) Reset()

func (*AuthMethodStatus) Size

func (m *AuthMethodStatus) Size() (n int)

func (*AuthMethodStatus) String

func (this *AuthMethodStatus) String() string

func (*AuthMethodStatus) Unmarshal

func (m *AuthMethodStatus) Unmarshal(dAtA []byte) error

func (*AuthMethodStatus) XXX_DiscardUnknown

func (m *AuthMethodStatus) XXX_DiscardUnknown()

func (*AuthMethodStatus) XXX_Marshal

func (m *AuthMethodStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AuthMethodStatus) XXX_Merge

func (m *AuthMethodStatus) XXX_Merge(src proto.Message)

func (*AuthMethodStatus) XXX_Size

func (m *AuthMethodStatus) XXX_Size() int

func (*AuthMethodStatus) XXX_Unmarshal

func (m *AuthMethodStatus) XXX_Unmarshal(b []byte) error

type AuthMethodType

type AuthMethodType string

+kubebuilder:validation:Enum=kubernetes;aws;gcp;userpass;cert;azure

const (
	AuthTypeKubernetes AuthMethodType = "kubernetes"
	AuthTypeAws        AuthMethodType = "aws"
	AuthTypeGcp        AuthMethodType = "gcp"
	AuthTypeUserPass   AuthMethodType = "userpass"
	AuthTypeCert       AuthMethodType = "cert"
	AuthTypeAzure      AuthMethodType = "azure"
)

type AwsKmsSsmSpec

type AwsKmsSsmSpec struct {
	// The ID or ARN of the AWS KMS key to encrypt values
	KmsKeyID string `json:"kmsKeyID" protobuf:"bytes,1,opt,name=kmsKeyID"`

	// +optional
	// An optional Key prefix for SSM Parameter store
	SsmKeyPrefix string `json:"ssmKeyPrefix,omitempty" protobuf:"bytes,2,opt,name=ssmKeyPrefix"`

	Region string `json:"region,omitempty" protobuf:"bytes,3,opt,name=region"`

	// Specifies the secret name containing AWS access key and AWS secret key
	// secret data:
	//  - access_key:<value>
	//  - secret_key:<value>
	// +optional
	CredentialSecret string `json:"credentialSecret,omitempty" protobuf:"bytes,4,opt,name=credentialSecret"`

	// Used to make AWS KMS requests. This is useful,
	// for example, when connecting to KMS over a VPC Endpoint.
	// If not set, Vault will use the default API endpoint for your region.
	Endpoint string `json:"endpoint,omitempty" protobuf:"bytes,5,opt,name=endpoint"`
}

AwsKmsSsmSpec contain the fields that required to unseal vault using aws kms ssm

func (*AwsKmsSsmSpec) DeepCopy

func (in *AwsKmsSsmSpec) DeepCopy() *AwsKmsSsmSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsKmsSsmSpec.

func (*AwsKmsSsmSpec) DeepCopyInto

func (in *AwsKmsSsmSpec) DeepCopyInto(out *AwsKmsSsmSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AwsKmsSsmSpec) Descriptor

func (*AwsKmsSsmSpec) Descriptor() ([]byte, []int)

func (*AwsKmsSsmSpec) Marshal

func (m *AwsKmsSsmSpec) Marshal() (dAtA []byte, err error)

func (*AwsKmsSsmSpec) MarshalTo

func (m *AwsKmsSsmSpec) MarshalTo(dAtA []byte) (int, error)

func (*AwsKmsSsmSpec) MarshalToSizedBuffer

func (m *AwsKmsSsmSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AwsKmsSsmSpec) ProtoMessage

func (*AwsKmsSsmSpec) ProtoMessage()

func (*AwsKmsSsmSpec) Reset

func (m *AwsKmsSsmSpec) Reset()

func (*AwsKmsSsmSpec) Size

func (m *AwsKmsSsmSpec) Size() (n int)

func (*AwsKmsSsmSpec) String

func (this *AwsKmsSsmSpec) String() string

func (*AwsKmsSsmSpec) Unmarshal

func (m *AwsKmsSsmSpec) Unmarshal(dAtA []byte) error

func (*AwsKmsSsmSpec) XXX_DiscardUnknown

func (m *AwsKmsSsmSpec) XXX_DiscardUnknown()

func (*AwsKmsSsmSpec) XXX_Marshal

func (m *AwsKmsSsmSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AwsKmsSsmSpec) XXX_Merge

func (m *AwsKmsSsmSpec) XXX_Merge(src proto.Message)

func (*AwsKmsSsmSpec) XXX_Size

func (m *AwsKmsSsmSpec) XXX_Size() int

func (*AwsKmsSsmSpec) XXX_Unmarshal

func (m *AwsKmsSsmSpec) XXX_Unmarshal(b []byte) error

type AzureKeyVault

type AzureKeyVault struct {
	// Azure key vault url, for example https://myvault.vault.azure.net
	VaultBaseURL string `json:"vaultBaseURL" protobuf:"bytes,1,opt,name=vaultBaseURL"`

	// The cloud environment identifier
	// default: "AZUREPUBLICCLOUD"
	// +optional
	Cloud string `json:"cloud,omitempty" protobuf:"bytes,2,opt,name=cloud"`

	// The AAD Tenant ID
	TenantID string `json:"tenantID" protobuf:"bytes,3,opt,name=tenantID"`

	// Specifies the name of secret containing client cert and client cert password
	// secret data:
	//  - client-cert:<value>
	// 	- client-cert-password: <value>
	// +optional
	ClientCertSecret string `json:"clientCertSecret,omitempty" protobuf:"bytes,4,opt,name=clientCertSecret"`

	// Specifies the name of secret containing client id and client secret of AAD application
	// secret data:
	//  - client-id:<value>
	//  - client-secret:<value>
	// +optional
	AADClientSecret string `json:"aadClientSecret,omitempty" protobuf:"bytes,5,opt,name=aadClientSecret"`

	// Use managed service identity for the virtual machine
	// +optional
	UseManagedIdentity bool `json:"useManagedIdentity,omitempty" protobuf:"varint,6,opt,name=useManagedIdentity"`
}

AzureKeyVault contain the fields that required to unseal vault using azure key vault

func (*AzureKeyVault) DeepCopy

func (in *AzureKeyVault) DeepCopy() *AzureKeyVault

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKeyVault.

func (*AzureKeyVault) DeepCopyInto

func (in *AzureKeyVault) DeepCopyInto(out *AzureKeyVault)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureKeyVault) Descriptor

func (*AzureKeyVault) Descriptor() ([]byte, []int)

func (*AzureKeyVault) Marshal

func (m *AzureKeyVault) Marshal() (dAtA []byte, err error)

func (*AzureKeyVault) MarshalTo

func (m *AzureKeyVault) MarshalTo(dAtA []byte) (int, error)

func (*AzureKeyVault) MarshalToSizedBuffer

func (m *AzureKeyVault) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AzureKeyVault) ProtoMessage

func (*AzureKeyVault) ProtoMessage()

func (*AzureKeyVault) Reset

func (m *AzureKeyVault) Reset()

func (*AzureKeyVault) Size

func (m *AzureKeyVault) Size() (n int)

func (*AzureKeyVault) String

func (this *AzureKeyVault) String() string

func (*AzureKeyVault) Unmarshal

func (m *AzureKeyVault) Unmarshal(dAtA []byte) error

func (*AzureKeyVault) XXX_DiscardUnknown

func (m *AzureKeyVault) XXX_DiscardUnknown()

func (*AzureKeyVault) XXX_Marshal

func (m *AzureKeyVault) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureKeyVault) XXX_Merge

func (m *AzureKeyVault) XXX_Merge(src proto.Message)

func (*AzureKeyVault) XXX_Size

func (m *AzureKeyVault) XXX_Size() int

func (*AzureKeyVault) XXX_Unmarshal

func (m *AzureKeyVault) XXX_Unmarshal(b []byte) error

type AzureSpec

type AzureSpec struct {
	// Specifies the Azure Storage account name.
	AccountName string `json:"accountName" protobuf:"bytes,1,opt,name=accountName"`

	// Specifies the secret containing Azure Storage account key.
	// secret data:
	//  - account_key:<value>
	AccountKeySecret string `json:"accountKeySecret" protobuf:"bytes,2,opt,name=accountKeySecret"`

	// Specifies the Azure Storage Blob container name.
	Container string `json:"container" protobuf:"bytes,3,opt,name=container"`

	//  Specifies the maximum number of concurrent operations to take place.
	// +optional
	MaxParallel int64 `json:"maxParallel,omitempty" protobuf:"varint,4,opt,name=maxParallel"`
}

vault doc: https://www.vaultproject.io/docs/configuration/storage/azure.html

AzureSpec defines configuration to set up Google Cloud Storage as backend storage in vault

func (*AzureSpec) DeepCopy

func (in *AzureSpec) DeepCopy() *AzureSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureSpec.

func (*AzureSpec) DeepCopyInto

func (in *AzureSpec) DeepCopyInto(out *AzureSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AzureSpec) Descriptor

func (*AzureSpec) Descriptor() ([]byte, []int)

func (*AzureSpec) Marshal

func (m *AzureSpec) Marshal() (dAtA []byte, err error)

func (*AzureSpec) MarshalTo

func (m *AzureSpec) MarshalTo(dAtA []byte) (int, error)

func (*AzureSpec) MarshalToSizedBuffer

func (m *AzureSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*AzureSpec) ProtoMessage

func (*AzureSpec) ProtoMessage()

func (*AzureSpec) Reset

func (m *AzureSpec) Reset()

func (*AzureSpec) Size

func (m *AzureSpec) Size() (n int)

func (*AzureSpec) String

func (this *AzureSpec) String() string

func (*AzureSpec) Unmarshal

func (m *AzureSpec) Unmarshal(dAtA []byte) error

func (*AzureSpec) XXX_DiscardUnknown

func (m *AzureSpec) XXX_DiscardUnknown()

func (*AzureSpec) XXX_Marshal

func (m *AzureSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureSpec) XXX_Merge

func (m *AzureSpec) XXX_Merge(src proto.Message)

func (*AzureSpec) XXX_Size

func (m *AzureSpec) XXX_Size() int

func (*AzureSpec) XXX_Unmarshal

func (m *AzureSpec) XXX_Unmarshal(b []byte) error

type BackendStorageSpec

type BackendStorageSpec struct {
	// ref: https://www.vaultproject.io/docs/configuration/storage/in-memory.html
	// +optional
	Inmem *InmemSpec `json:"inmem,omitempty" protobuf:"bytes,1,opt,name=inmem"`

	// +optional
	Etcd *EtcdSpec `json:"etcd,omitempty" protobuf:"bytes,2,opt,name=etcd"`

	// +optional
	Gcs *GcsSpec `json:"gcs,omitempty" protobuf:"bytes,3,opt,name=gcs"`

	// +optional
	S3 *S3Spec `json:"s3,omitempty" protobuf:"bytes,4,opt,name=s3"`

	// +optional
	Azure *AzureSpec `json:"azure,omitempty" protobuf:"bytes,5,opt,name=azure"`

	// +optional
	PostgreSQL *PostgreSQLSpec `json:"postgresql,omitempty" protobuf:"bytes,6,opt,name=postgresql"`

	// +optional
	MySQL *MySQLSpec `json:"mysql,omitempty" protobuf:"bytes,7,opt,name=mysql"`

	// +optional
	File *FileSpec `json:"file,omitempty" protobuf:"bytes,8,opt,name=file"`

	// +optional
	DynamoDB *DynamoDBSpec `json:"dynamodb,omitempty" protobuf:"bytes,9,opt,name=dynamodb"`

	// +optional
	Swift *SwiftSpec `json:"swift,omitempty" protobuf:"bytes,10,opt,name=swift"`

	// +optional
	Consul *ConsulSpec `json:"consul,omitempty" protobuf:"bytes,11,opt,name=consul"`

	// +optional
	Raft *RaftSpec `json:"raft,omitempty" protobuf:"bytes,12,opt,name=raft"`
}

TODO : set defaults and validation BackendStorageSpec defines storage backend configuration of vault

func (*BackendStorageSpec) DeepCopy

func (in *BackendStorageSpec) DeepCopy() *BackendStorageSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendStorageSpec.

func (*BackendStorageSpec) DeepCopyInto

func (in *BackendStorageSpec) DeepCopyInto(out *BackendStorageSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BackendStorageSpec) Descriptor

func (*BackendStorageSpec) Descriptor() ([]byte, []int)

func (*BackendStorageSpec) GetBackendType

func (vsb *BackendStorageSpec) GetBackendType() (VaultServerBackend, error)

func (*BackendStorageSpec) Marshal

func (m *BackendStorageSpec) Marshal() (dAtA []byte, err error)

func (*BackendStorageSpec) MarshalTo

func (m *BackendStorageSpec) MarshalTo(dAtA []byte) (int, error)

func (*BackendStorageSpec) MarshalToSizedBuffer

func (m *BackendStorageSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*BackendStorageSpec) ProtoMessage

func (*BackendStorageSpec) ProtoMessage()

func (*BackendStorageSpec) Reset

func (m *BackendStorageSpec) Reset()

func (*BackendStorageSpec) Size

func (m *BackendStorageSpec) Size() (n int)

func (*BackendStorageSpec) String

func (this *BackendStorageSpec) String() string

func (*BackendStorageSpec) Unmarshal

func (m *BackendStorageSpec) Unmarshal(dAtA []byte) error

func (*BackendStorageSpec) XXX_DiscardUnknown

func (m *BackendStorageSpec) XXX_DiscardUnknown()

func (*BackendStorageSpec) XXX_Marshal

func (m *BackendStorageSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BackendStorageSpec) XXX_Merge

func (m *BackendStorageSpec) XXX_Merge(src proto.Message)

func (*BackendStorageSpec) XXX_Size

func (m *BackendStorageSpec) XXX_Size() int

func (*BackendStorageSpec) XXX_Unmarshal

func (m *BackendStorageSpec) XXX_Unmarshal(b []byte) error

type ConsulSpec

type ConsulSpec struct {
	// Specifies the address of the Consul agent to communicate with.
	// This can be an IP address, DNS record, or unix socket.
	// +optional
	Address string `json:"address,omitempty" protobuf:"bytes,1,opt,name=address"`

	// Specifies the check interval used to send health check information
	// back to Consul.
	// This is specified using a label suffix like "30s" or "1h".
	// +optional
	CheckTimeout string `json:"checkTimeout,omitempty" protobuf:"bytes,2,opt,name=checkTimeout"`

	// Specifies the Consul consistency mode.
	// Possible values are "default" or "strong".
	// +optional
	ConsistencyMode string `json:"consistencyMode,omitempty" protobuf:"bytes,3,opt,name=consistencyMode"`

	// Specifies whether Vault should register itself with Consul.
	// Possible values are "true" or "false"
	// +optional
	DisableRegistration string `json:"disableRegistration,omitempty" protobuf:"bytes,4,opt,name=disableRegistration"`

	// Specifies the maximum number of concurrent requests to Consul.
	// +optional
	MaxParallel string `json:"maxParallel,omitempty" protobuf:"bytes,5,opt,name=maxParallel"`

	// Specifies the path in Consul's key-value store
	// where Vault data will be stored.
	// +optional
	Path string `json:"path,omitempty" protobuf:"bytes,6,opt,name=path"`

	// Specifies the scheme to use when communicating with Consul.
	// This can be set to "http" or "https".
	// +optional
	Scheme string `json:"scheme,omitempty" protobuf:"bytes,7,opt,name=scheme"`

	// Specifies the name of the service to register in Consul.
	// +optional
	Service string `json:"service,omitempty" protobuf:"bytes,8,opt,name=service"`

	// Specifies a comma-separated list of tags
	// to attach to the service registration in Consul.
	// +optional
	ServiceTags string `json:"serviceTags,omitempty" protobuf:"bytes,9,opt,name=serviceTags"`

	// Specifies a service-specific address to set on the service registration
	// in Consul.
	// If unset, Vault will use what it knows to be the HA redirect address
	// - which is usually desirable.
	// Setting this parameter to "" will tell Consul to leverage the configuration
	// of the node the service is registered on dynamically.
	// +optional
	ServiceAddress string `json:"serviceAddress,omitempty" protobuf:"bytes,10,opt,name=serviceAddress"`

	// Specifies the secret name that contains ACL token with permission
	// to read and write from the path in Consul's key-value store.
	// secret data:
	//  - aclToken:<value>
	// +optional
	ACLTokenSecretName string `json:"aclTokenSecretName,omitempty" protobuf:"bytes,11,opt,name=aclTokenSecretName"`

	// Specifies the minimum allowed session TTL.
	// Consul server has a lower limit of 10s on the session TTL by default.
	// +optional
	SessionTTL string `json:"sessionTTL,omitempty" protobuf:"bytes,12,opt,name=sessionTTL"`

	// Specifies the wait time before a lock lock acquisition is made.
	// This affects the minimum time it takes to cancel a lock acquisition.
	// +optional
	LockWaitTime string `json:"lockWaitTime,omitempty" protobuf:"bytes,13,opt,name=lockWaitTime"`

	// Specifies the secret name that contains tls_ca_file, tls_cert_file and tls_key_file
	// for consul communication
	// Secret data:
	//  - ca.crt
	//  - client.crt
	//  - client.key
	// +optional
	TLSSecretName string `json:"tlsSecretName,omitempty" protobuf:"bytes,14,opt,name=tlsSecretName"`

	// Specifies the minimum TLS version to use.
	// Accepted values are "tls10", "tls11" or "tls12".
	// +optional
	TLSMinVersion string `json:"tlsMinVersion,omitempty" protobuf:"bytes,15,opt,name=tlsMinVersion"`

	// Specifies if the TLS host verification should be disabled.
	// It is highly discouraged that you disable this option.
	// +optional
	TLSSkipVerify bool `json:"tlsSkipVerify,omitempty" protobuf:"varint,16,opt,name=tlsSkipVerify"`
}

ref: https://www.vaultproject.io/docs/configuration/storage/consul.html

ConsulSpec defines the configuration to set up consul as backend storage in vault

func (*ConsulSpec) DeepCopy

func (in *ConsulSpec) DeepCopy() *ConsulSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsulSpec.

func (*ConsulSpec) DeepCopyInto

func (in *ConsulSpec) DeepCopyInto(out *ConsulSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ConsulSpec) Descriptor

func (*ConsulSpec) Descriptor() ([]byte, []int)

func (*ConsulSpec) Marshal

func (m *ConsulSpec) Marshal() (dAtA []byte, err error)

func (*ConsulSpec) MarshalTo

func (m *ConsulSpec) MarshalTo(dAtA []byte) (int, error)

func (*ConsulSpec) MarshalToSizedBuffer

func (m *ConsulSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ConsulSpec) ProtoMessage

func (*ConsulSpec) ProtoMessage()

func (*ConsulSpec) Reset

func (m *ConsulSpec) Reset()

func (*ConsulSpec) Size

func (m *ConsulSpec) Size() (n int)

func (*ConsulSpec) String

func (this *ConsulSpec) String() string

func (*ConsulSpec) Unmarshal

func (m *ConsulSpec) Unmarshal(dAtA []byte) error

func (*ConsulSpec) XXX_DiscardUnknown

func (m *ConsulSpec) XXX_DiscardUnknown()

func (*ConsulSpec) XXX_Marshal

func (m *ConsulSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ConsulSpec) XXX_Merge

func (m *ConsulSpec) XXX_Merge(src proto.Message)

func (*ConsulSpec) XXX_Size

func (m *ConsulSpec) XXX_Size() int

func (*ConsulSpec) XXX_Unmarshal

func (m *ConsulSpec) XXX_Unmarshal(b []byte) error

type DynamoDBSpec

type DynamoDBSpec struct {
	// Specifies an alternative, AWS compatible, DynamoDB endpoint.
	// +optional
	Endpoint string `json:"endpoint,omitempty" protobuf:"bytes,1,opt,name=endpoint"`

	// Specifies the AWS region
	// +optional
	Region string `json:"region,omitempty" protobuf:"bytes,2,opt,name=region"`

	// Specifies whether this backend should be used to run Vault in high availability mode.
	// +optional
	HaEnabled bool `json:"haEnabled,omitempty" protobuf:"varint,3,opt,name=haEnabled"`

	// Specifies the maximum number of reads consumed per second on the table
	// +optional
	ReadCapacity int64 `json:"readCapacity,omitempty" protobuf:"varint,4,opt,name=readCapacity"`

	// Specifies the maximum number of writes performed per second on the table.
	// +optional
	WriteCapacity int64 `json:"writeCapacity,omitempty" protobuf:"varint,5,opt,name=writeCapacity"`

	// Specifies the name of the DynamoDB table in which to store Vault data.
	// If the specified table does not yet exist, it will be created during initialization.
	// default: vault-dynamodb-backend
	// +optional
	Table string `json:"table,omitempty" protobuf:"bytes,6,opt,name=table"`

	// Specifies the secret name containing AWS access key and AWS secret key
	// secret data:
	//  - access_key=<value>
	//  - secret_key=<value>
	// +optional
	CredentialSecret string `json:"credentialSecret,omitempty" protobuf:"bytes,7,opt,name=credentialSecret"`

	// Specifies the secret name containing AWS session token
	// secret data:
	//  - session_token:<value>
	// +optional
	SessionTokenSecret string `json:"sessionTokenSecret,omitempty" protobuf:"bytes,8,opt,name=sessionTokenSecret"`

	// Specifies the maximum number of parallel operations to take place.
	// +optional
	MaxParallel int64 `json:"maxParallel,omitempty" protobuf:"varint,9,opt,name=maxParallel"`
}

vault doc: https://www.vaultproject.io/docs/configuration/storage/dynamodb.html

DynamoDBSpec defines configuration to set up DynamoDB Storage as backend storage in vault

func (*DynamoDBSpec) DeepCopy

func (in *DynamoDBSpec) DeepCopy() *DynamoDBSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamoDBSpec.

func (*DynamoDBSpec) DeepCopyInto

func (in *DynamoDBSpec) DeepCopyInto(out *DynamoDBSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DynamoDBSpec) Descriptor

func (*DynamoDBSpec) Descriptor() ([]byte, []int)

func (*DynamoDBSpec) Marshal

func (m *DynamoDBSpec) Marshal() (dAtA []byte, err error)

func (*DynamoDBSpec) MarshalTo

func (m *DynamoDBSpec) MarshalTo(dAtA []byte) (int, error)

func (*DynamoDBSpec) MarshalToSizedBuffer

func (m *DynamoDBSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*DynamoDBSpec) ProtoMessage

func (*DynamoDBSpec) ProtoMessage()

func (*DynamoDBSpec) Reset

func (m *DynamoDBSpec) Reset()

func (*DynamoDBSpec) Size

func (m *DynamoDBSpec) Size() (n int)

func (*DynamoDBSpec) String

func (this *DynamoDBSpec) String() string

func (*DynamoDBSpec) Unmarshal

func (m *DynamoDBSpec) Unmarshal(dAtA []byte) error

func (*DynamoDBSpec) XXX_DiscardUnknown

func (m *DynamoDBSpec) XXX_DiscardUnknown()

func (*DynamoDBSpec) XXX_Marshal

func (m *DynamoDBSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DynamoDBSpec) XXX_Merge

func (m *DynamoDBSpec) XXX_Merge(src proto.Message)

func (*DynamoDBSpec) XXX_Size

func (m *DynamoDBSpec) XXX_Size() int

func (*DynamoDBSpec) XXX_Unmarshal

func (m *DynamoDBSpec) XXX_Unmarshal(b []byte) error

type EtcdSpec

type EtcdSpec struct {
	// Specifies the addresses of the etcd instances
	Address string `json:"address" protobuf:"bytes,1,opt,name=address"`

	// Specifies the version of the API to communicate with etcd
	// +optional
	EtcdApi string `json:"etcdApi,omitempty" protobuf:"bytes,2,opt,name=etcdApi"`

	// Specifies if high availability should be enabled
	// +optional
	HAEnable bool `json:"haEnable,omitempty" protobuf:"varint,3,opt,name=haEnable"`

	// Specifies the path in etcd where vault data will be stored
	// +optional
	Path string `json:"path,omitempty" protobuf:"bytes,4,opt,name=path"`

	// Specifies whether to sync list of available etcd services on startup
	// +optional
	Sync bool `json:"sync,omitempty" protobuf:"varint,5,opt,name=sync"`

	// Specifies the domain name to query for SRV records describing cluster endpoints
	// +optional
	DiscoverySrv string `json:"discoverySrv,omitempty" protobuf:"bytes,6,opt,name=discoverySrv"`

	// Specifies the secret name that contain username and password to use when authenticating with the etcd server
	// secret data:
	//  - username:<value>
	//  - password:<value>
	// +optional
	CredentialSecretName string `json:"credentialSecretName,omitempty" protobuf:"bytes,7,opt,name=credentialSecretName"`

	// Specifies the secret name that contains tls_ca_file, tls_cert_file and tls_key_file for etcd communication
	// secret data:
	//  - ca.crt
	//  - client.crt
	//  - client.key
	// +optional
	TLSSecretName string `json:"tlsSecretName,omitempty" protobuf:"bytes,8,opt,name=tlsSecretName"`
}

TODO : set defaults and validation vault doc: https://www.vaultproject.io/docs/configuration/storage/etcd.html

EtcdSpec defines configuration to set up etcd as backend storage in vault

func (*EtcdSpec) DeepCopy

func (in *EtcdSpec) DeepCopy() *EtcdSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdSpec.

func (*EtcdSpec) DeepCopyInto

func (in *EtcdSpec) DeepCopyInto(out *EtcdSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EtcdSpec) Descriptor

func (*EtcdSpec) Descriptor() ([]byte, []int)

func (*EtcdSpec) Marshal

func (m *EtcdSpec) Marshal() (dAtA []byte, err error)

func (*EtcdSpec) MarshalTo

func (m *EtcdSpec) MarshalTo(dAtA []byte) (int, error)

func (*EtcdSpec) MarshalToSizedBuffer

func (m *EtcdSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*EtcdSpec) ProtoMessage

func (*EtcdSpec) ProtoMessage()

func (*EtcdSpec) Reset

func (m *EtcdSpec) Reset()

func (*EtcdSpec) Size

func (m *EtcdSpec) Size() (n int)

func (*EtcdSpec) String

func (this *EtcdSpec) String() string

func (*EtcdSpec) Unmarshal

func (m *EtcdSpec) Unmarshal(dAtA []byte) error

func (*EtcdSpec) XXX_DiscardUnknown

func (m *EtcdSpec) XXX_DiscardUnknown()

func (*EtcdSpec) XXX_Marshal

func (m *EtcdSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EtcdSpec) XXX_Merge

func (m *EtcdSpec) XXX_Merge(src proto.Message)

func (*EtcdSpec) XXX_Size

func (m *EtcdSpec) XXX_Size() int

func (*EtcdSpec) XXX_Unmarshal

func (m *EtcdSpec) XXX_Unmarshal(b []byte) error

type FileSpec

type FileSpec struct {
	// The absolute path on disk to the directory where the data will be stored.
	// If the directory does not exist, Vault will create it.
	Path string `json:"path" protobuf:"bytes,1,opt,name=path"`

	// volumeClaimTemplate is a claim that pods are allowed to reference.
	// The VaultServer controller is responsible for deploying the claim
	// and update the volumeMounts in the Vault server container in the template.
	VolumeClaimTemplate ofst.PersistentVolumeClaim `json:"volumeClaimTemplate" protobuf:"bytes,2,opt,name=volumeClaimTemplate"`
}

vault doc: https://www.vaultproject.io/docs/configuration/storage/filesystem.html

FileSpec defines configuration to set up File system Storage as backend storage in vault

func (*FileSpec) DeepCopy

func (in *FileSpec) DeepCopy() *FileSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileSpec.

func (*FileSpec) DeepCopyInto

func (in *FileSpec) DeepCopyInto(out *FileSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FileSpec) Descriptor

func (*FileSpec) Descriptor() ([]byte, []int)

func (*FileSpec) Marshal

func (m *FileSpec) Marshal() (dAtA []byte, err error)

func (*FileSpec) MarshalTo

func (m *FileSpec) MarshalTo(dAtA []byte) (int, error)

func (*FileSpec) MarshalToSizedBuffer

func (m *FileSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*FileSpec) ProtoMessage

func (*FileSpec) ProtoMessage()

func (*FileSpec) Reset

func (m *FileSpec) Reset()

func (*FileSpec) Size

func (m *FileSpec) Size() (n int)

func (*FileSpec) String

func (this *FileSpec) String() string

func (*FileSpec) Unmarshal

func (m *FileSpec) Unmarshal(dAtA []byte) error

func (*FileSpec) XXX_DiscardUnknown

func (m *FileSpec) XXX_DiscardUnknown()

func (*FileSpec) XXX_Marshal

func (m *FileSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*FileSpec) XXX_Merge

func (m *FileSpec) XXX_Merge(src proto.Message)

func (*FileSpec) XXX_Size

func (m *FileSpec) XXX_Size() int

func (*FileSpec) XXX_Unmarshal

func (m *FileSpec) XXX_Unmarshal(b []byte) error

type FromNamespaces added in v0.5.0

type FromNamespaces string

FromNamespaces specifies namespace from which Secret Engines may be attached to a VaultServer.

+kubebuilder:validation:Enum=All;Selector;Same

const (
	// Secret Engines in all namespaces may be attached to this VaultServer.
	NamespacesFromAll FromNamespaces = "All"
	// Only Secret Engines in namespaces selected by the selector may be attached to
	// this VaultServer.
	NamespacesFromSelector FromNamespaces = "Selector"
	// Only Secret Engines in the same namespace as the VaultServer may be attached to this
	// VaultServer.
	NamespacesFromSame FromNamespaces = "Same"
)

type GcsSpec

type GcsSpec struct {
	// Specifies the name of the bucket to use for storage.
	Bucket string `json:"bucket" protobuf:"bytes,1,opt,name=bucket"`

	// Specifies the maximum size (in kilobytes) to send in a single request. If set to 0,
	// it will attempt to send the whole object at once, but will not retry any failures.
	// +optional
	ChunkSize string `json:"chunkSize,omitempty" protobuf:"bytes,2,opt,name=chunkSize"`

	//  Specifies the maximum number of parallel operations to take place.
	// +optional
	MaxParallel int64 `json:"maxParallel,omitempty" protobuf:"varint,3,opt,name=maxParallel"`

	// Specifies if high availability mode is enabled.
	// +optional
	HAEnabled bool `json:"haEnabled,omitempty" protobuf:"varint,4,opt,name=haEnabled"`

	// Secret containing Google application credential
	// secret data:
	//  - sa.json:<value>
	// +optional
	CredentialSecret string `json:"credentialSecret,omitempty" protobuf:"bytes,5,opt,name=credentialSecret"`
}

vault doc: https://www.vaultproject.io/docs/configuration/storage/google-cloud-storage.html

GcsSpec defines configuration to set up Google Cloud Storage as backend storage in vault

func (*GcsSpec) DeepCopy

func (in *GcsSpec) DeepCopy() *GcsSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcsSpec.

func (*GcsSpec) DeepCopyInto

func (in *GcsSpec) DeepCopyInto(out *GcsSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GcsSpec) Descriptor

func (*GcsSpec) Descriptor() ([]byte, []int)

func (*GcsSpec) Marshal

func (m *GcsSpec) Marshal() (dAtA []byte, err error)

func (*GcsSpec) MarshalTo

func (m *GcsSpec) MarshalTo(dAtA []byte) (int, error)

func (*GcsSpec) MarshalToSizedBuffer

func (m *GcsSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GcsSpec) ProtoMessage

func (*GcsSpec) ProtoMessage()

func (*GcsSpec) Reset

func (m *GcsSpec) Reset()

func (*GcsSpec) Size

func (m *GcsSpec) Size() (n int)

func (*GcsSpec) String

func (this *GcsSpec) String() string

func (*GcsSpec) Unmarshal

func (m *GcsSpec) Unmarshal(dAtA []byte) error

func (*GcsSpec) XXX_DiscardUnknown

func (m *GcsSpec) XXX_DiscardUnknown()

func (*GcsSpec) XXX_Marshal

func (m *GcsSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GcsSpec) XXX_Merge

func (m *GcsSpec) XXX_Merge(src proto.Message)

func (*GcsSpec) XXX_Size

func (m *GcsSpec) XXX_Size() int

func (*GcsSpec) XXX_Unmarshal

func (m *GcsSpec) XXX_Unmarshal(b []byte) error

type GoogleKmsGcsSpec

type GoogleKmsGcsSpec struct {
	// The name of the Google Cloud KMS crypto key to use
	KmsCryptoKey string `json:"kmsCryptoKey" protobuf:"bytes,1,opt,name=kmsCryptoKey"`

	// The name of the Google Cloud KMS key ring to use
	KmsKeyRing string `json:"kmsKeyRing" protobuf:"bytes,2,opt,name=kmsKeyRing"`

	// The Google Cloud KMS location to use (eg. 'global', 'europe-west1')
	KmsLocation string `json:"kmsLocation" protobuf:"bytes,3,opt,name=kmsLocation"`

	// The Google Cloud KMS project to use
	KmsProject string `json:"kmsProject" protobuf:"bytes,4,opt,name=kmsProject"`

	// The name of the Google Cloud Storage bucket to store values in
	Bucket string `json:"bucket" protobuf:"bytes,5,opt,name=bucket"`

	// Secret containing Google application credential
	// secret data:
	//  - sa.json:<value>
	// +optional
	CredentialSecret string `json:"credentialSecret,omitempty" protobuf:"bytes,6,opt,name=credentialSecret"`
}

GoogleKmsGcsSpec contain the fields that required to unseal vault using google kms

func (*GoogleKmsGcsSpec) DeepCopy

func (in *GoogleKmsGcsSpec) DeepCopy() *GoogleKmsGcsSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GoogleKmsGcsSpec.

func (*GoogleKmsGcsSpec) DeepCopyInto

func (in *GoogleKmsGcsSpec) DeepCopyInto(out *GoogleKmsGcsSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GoogleKmsGcsSpec) Descriptor

func (*GoogleKmsGcsSpec) Descriptor() ([]byte, []int)

func (*GoogleKmsGcsSpec) Marshal

func (m *GoogleKmsGcsSpec) Marshal() (dAtA []byte, err error)

func (*GoogleKmsGcsSpec) MarshalTo

func (m *GoogleKmsGcsSpec) MarshalTo(dAtA []byte) (int, error)

func (*GoogleKmsGcsSpec) MarshalToSizedBuffer

func (m *GoogleKmsGcsSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*GoogleKmsGcsSpec) ProtoMessage

func (*GoogleKmsGcsSpec) ProtoMessage()

func (*GoogleKmsGcsSpec) Reset

func (m *GoogleKmsGcsSpec) Reset()

func (*GoogleKmsGcsSpec) Size

func (m *GoogleKmsGcsSpec) Size() (n int)

func (*GoogleKmsGcsSpec) String

func (this *GoogleKmsGcsSpec) String() string

func (*GoogleKmsGcsSpec) Unmarshal

func (m *GoogleKmsGcsSpec) Unmarshal(dAtA []byte) error

func (*GoogleKmsGcsSpec) XXX_DiscardUnknown

func (m *GoogleKmsGcsSpec) XXX_DiscardUnknown()

func (*GoogleKmsGcsSpec) XXX_Marshal

func (m *GoogleKmsGcsSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GoogleKmsGcsSpec) XXX_Merge

func (m *GoogleKmsGcsSpec) XXX_Merge(src proto.Message)

func (*GoogleKmsGcsSpec) XXX_Size

func (m *GoogleKmsGcsSpec) XXX_Size() int

func (*GoogleKmsGcsSpec) XXX_Unmarshal

func (m *GoogleKmsGcsSpec) XXX_Unmarshal(b []byte) error

type InmemSpec

type InmemSpec struct {
}

ref: https://www.vaultproject.io/docs/configuration/storage/in-memory.html

func (*InmemSpec) DeepCopy

func (in *InmemSpec) DeepCopy() *InmemSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InmemSpec.

func (*InmemSpec) DeepCopyInto

func (in *InmemSpec) DeepCopyInto(out *InmemSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*InmemSpec) Descriptor

func (*InmemSpec) Descriptor() ([]byte, []int)

func (*InmemSpec) Marshal

func (m *InmemSpec) Marshal() (dAtA []byte, err error)

func (*InmemSpec) MarshalTo

func (m *InmemSpec) MarshalTo(dAtA []byte) (int, error)

func (*InmemSpec) MarshalToSizedBuffer

func (m *InmemSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*InmemSpec) ProtoMessage

func (*InmemSpec) ProtoMessage()

func (*InmemSpec) Reset

func (m *InmemSpec) Reset()

func (*InmemSpec) Size

func (m *InmemSpec) Size() (n int)

func (*InmemSpec) String

func (this *InmemSpec) String() string

func (*InmemSpec) Unmarshal

func (m *InmemSpec) Unmarshal(dAtA []byte) error

func (*InmemSpec) XXX_DiscardUnknown

func (m *InmemSpec) XXX_DiscardUnknown()

func (*InmemSpec) XXX_Marshal

func (m *InmemSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*InmemSpec) XXX_Merge

func (m *InmemSpec) XXX_Merge(src proto.Message)

func (*InmemSpec) XXX_Size

func (m *InmemSpec) XXX_Size() int

func (*InmemSpec) XXX_Unmarshal

func (m *InmemSpec) XXX_Unmarshal(b []byte) error

type KubernetesSecretSpec

type KubernetesSecretSpec struct {
	SecretName string `json:"secretName" protobuf:"bytes,1,opt,name=secretName"`
}

KubernetesSecretSpec contain the fields that required to unseal using kubernetes secret

func (*KubernetesSecretSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretSpec.

func (*KubernetesSecretSpec) DeepCopyInto

func (in *KubernetesSecretSpec) DeepCopyInto(out *KubernetesSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretSpec) Descriptor

func (*KubernetesSecretSpec) Descriptor() ([]byte, []int)

func (*KubernetesSecretSpec) Marshal

func (m *KubernetesSecretSpec) Marshal() (dAtA []byte, err error)

func (*KubernetesSecretSpec) MarshalTo

func (m *KubernetesSecretSpec) MarshalTo(dAtA []byte) (int, error)

func (*KubernetesSecretSpec) MarshalToSizedBuffer

func (m *KubernetesSecretSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*KubernetesSecretSpec) ProtoMessage

func (*KubernetesSecretSpec) ProtoMessage()

func (*KubernetesSecretSpec) Reset

func (m *KubernetesSecretSpec) Reset()

func (*KubernetesSecretSpec) Size

func (m *KubernetesSecretSpec) Size() (n int)

func (*KubernetesSecretSpec) String

func (this *KubernetesSecretSpec) String() string

func (*KubernetesSecretSpec) Unmarshal

func (m *KubernetesSecretSpec) Unmarshal(dAtA []byte) error

func (*KubernetesSecretSpec) XXX_DiscardUnknown

func (m *KubernetesSecretSpec) XXX_DiscardUnknown()

func (*KubernetesSecretSpec) XXX_Marshal

func (m *KubernetesSecretSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KubernetesSecretSpec) XXX_Merge

func (m *KubernetesSecretSpec) XXX_Merge(src proto.Message)

func (*KubernetesSecretSpec) XXX_Size

func (m *KubernetesSecretSpec) XXX_Size() int

func (*KubernetesSecretSpec) XXX_Unmarshal

func (m *KubernetesSecretSpec) XXX_Unmarshal(b []byte) error

type ModeSpec

type ModeSpec struct {
	// +optional
	KubernetesSecret *KubernetesSecretSpec `json:"kubernetesSecret,omitempty" protobuf:"bytes,1,opt,name=kubernetesSecret"`

	// +optional
	GoogleKmsGcs *GoogleKmsGcsSpec `json:"googleKmsGcs,omitempty" protobuf:"bytes,2,opt,name=googleKmsGcs"`

	// +optional
	AwsKmsSsm *AwsKmsSsmSpec `json:"awsKmsSsm,omitempty" protobuf:"bytes,3,opt,name=awsKmsSsm"`

	// +optional
	AzureKeyVault *AzureKeyVault `json:"azureKeyVault,omitempty" protobuf:"bytes,4,opt,name=azureKeyVault"`
}

ModeSpec contain unseal mechanism

func (*ModeSpec) DeepCopy

func (in *ModeSpec) DeepCopy() *ModeSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModeSpec.

func (*ModeSpec) DeepCopyInto

func (in *ModeSpec) DeepCopyInto(out *ModeSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ModeSpec) Descriptor

func (*ModeSpec) Descriptor() ([]byte, []int)

func (*ModeSpec) Marshal

func (m *ModeSpec) Marshal() (dAtA []byte, err error)

func (*ModeSpec) MarshalTo

func (m *ModeSpec) MarshalTo(dAtA []byte) (int, error)

func (*ModeSpec) MarshalToSizedBuffer

func (m *ModeSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*ModeSpec) ProtoMessage

func (*ModeSpec) ProtoMessage()

func (*ModeSpec) Reset

func (m *ModeSpec) Reset()

func (*ModeSpec) Size

func (m *ModeSpec) Size() (n int)

func (*ModeSpec) String

func (this *ModeSpec) String() string

func (*ModeSpec) Unmarshal

func (m *ModeSpec) Unmarshal(dAtA []byte) error

func (*ModeSpec) XXX_DiscardUnknown

func (m *ModeSpec) XXX_DiscardUnknown()

func (*ModeSpec) XXX_Marshal

func (m *ModeSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ModeSpec) XXX_Merge

func (m *ModeSpec) XXX_Merge(src proto.Message)

func (*ModeSpec) XXX_Size

func (m *ModeSpec) XXX_Size() int

func (*ModeSpec) XXX_Unmarshal

func (m *ModeSpec) XXX_Unmarshal(b []byte) error

type MySQLSpec

type MySQLSpec struct {
	// Specifies the address of the MySQL host.
	// +optional
	Address string `json:"address" protobuf:"bytes,1,opt,name=address"`

	// Specifies the name of the database. If the database does not exist, Vault will attempt to create it.
	// +optional
	Database string `json:"database,omitempty" protobuf:"bytes,2,opt,name=database"`

	// Specifies the name of the table. If the table does not exist, Vault will attempt to create it.
	// +optional
	Table string `json:"table,omitempty" protobuf:"bytes,3,opt,name=table"`

	// Specifies the MySQL username and password to connect to the database
	// secret data:
	//  - username=<value>
	//  - password=<value>
	UserCredentialSecret string `json:"userCredentialSecret" protobuf:"bytes,4,opt,name=userCredentialSecret"`

	// Specifies the name of the secret containing the CA certificate to connect using TLS.
	// secret data:
	//  - tls_ca_file=<ca_cert>
	// +optional
	TLSCASecret string `json:"tlsCASecret,omitempty" protobuf:"bytes,5,opt,name=tlsCASecret"`

	//  Specifies the maximum number of concurrent requests to take place.
	// +optional
	MaxParallel int64 `json:"maxParallel,omitempty" protobuf:"varint,6,opt,name=maxParallel"`
}

vault doc: https://www.vaultproject.io/docs/configuration/storage/mysql.html

MySQLSpec defines configuration to set up MySQL Storage as backend storage in vault

func (*MySQLSpec) DeepCopy

func (in *MySQLSpec) DeepCopy() *MySQLSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MySQLSpec.

func (*MySQLSpec) DeepCopyInto

func (in *MySQLSpec) DeepCopyInto(out *MySQLSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MySQLSpec) Descriptor

func (*MySQLSpec) Descriptor() ([]byte, []int)

func (*MySQLSpec) Marshal

func (m *MySQLSpec) Marshal() (dAtA []byte, err error)

func (*MySQLSpec) MarshalTo

func (m *MySQLSpec) MarshalTo(dAtA []byte) (int, error)

func (*MySQLSpec) MarshalToSizedBuffer

func (m *MySQLSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*MySQLSpec) ProtoMessage

func (*MySQLSpec) ProtoMessage()

func (*MySQLSpec) Reset

func (m *MySQLSpec) Reset()

func (*MySQLSpec) Size

func (m *MySQLSpec) Size() (n int)

func (*MySQLSpec) String

func (this *MySQLSpec) String() string

func (*MySQLSpec) Unmarshal

func (m *MySQLSpec) Unmarshal(dAtA []byte) error

func (*MySQLSpec) XXX_DiscardUnknown

func (m *MySQLSpec) XXX_DiscardUnknown()

func (*MySQLSpec) XXX_Marshal

func (m *MySQLSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MySQLSpec) XXX_Merge

func (m *MySQLSpec) XXX_Merge(src proto.Message)

func (*MySQLSpec) XXX_Size

func (m *MySQLSpec) XXX_Size() int

func (*MySQLSpec) XXX_Unmarshal

func (m *MySQLSpec) XXX_Unmarshal(b []byte) error

type NamedServiceTemplateSpec

type NamedServiceTemplateSpec struct {
	// Alias represents the identifier of the service.
	Alias ServiceAlias `json:"alias" protobuf:"bytes,1,opt,name=alias"`

	// ServiceTemplate is an optional configuration for a service used to expose VaultServer
	// +optional
	ofst.ServiceTemplateSpec `json:",inline,omitempty" protobuf:"bytes,2,opt,name=serviceTemplateSpec"`
}

func (*NamedServiceTemplateSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedServiceTemplateSpec.

func (*NamedServiceTemplateSpec) DeepCopyInto

func (in *NamedServiceTemplateSpec) DeepCopyInto(out *NamedServiceTemplateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NamedServiceTemplateSpec) Descriptor

func (*NamedServiceTemplateSpec) Descriptor() ([]byte, []int)

func (*NamedServiceTemplateSpec) Marshal

func (m *NamedServiceTemplateSpec) Marshal() (dAtA []byte, err error)

func (*NamedServiceTemplateSpec) MarshalTo

func (m *NamedServiceTemplateSpec) MarshalTo(dAtA []byte) (int, error)

func (*NamedServiceTemplateSpec) MarshalToSizedBuffer

func (m *NamedServiceTemplateSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*NamedServiceTemplateSpec) ProtoMessage

func (*NamedServiceTemplateSpec) ProtoMessage()

func (*NamedServiceTemplateSpec) Reset

func (m *NamedServiceTemplateSpec) Reset()

func (*NamedServiceTemplateSpec) Size

func (m *NamedServiceTemplateSpec) Size() (n int)

func (*NamedServiceTemplateSpec) String

func (this *NamedServiceTemplateSpec) String() string

func (*NamedServiceTemplateSpec) Unmarshal

func (m *NamedServiceTemplateSpec) Unmarshal(dAtA []byte) error

func (*NamedServiceTemplateSpec) XXX_DiscardUnknown

func (m *NamedServiceTemplateSpec) XXX_DiscardUnknown()

func (*NamedServiceTemplateSpec) XXX_Marshal

func (m *NamedServiceTemplateSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NamedServiceTemplateSpec) XXX_Merge

func (m *NamedServiceTemplateSpec) XXX_Merge(src proto.Message)

func (*NamedServiceTemplateSpec) XXX_Size

func (m *NamedServiceTemplateSpec) XXX_Size() int

func (*NamedServiceTemplateSpec) XXX_Unmarshal

func (m *NamedServiceTemplateSpec) XXX_Unmarshal(b []byte) error

type PostgreSQLSpec

type PostgreSQLSpec struct {
	//Specifies the name of the secret containing the connection string to use to authenticate and connect to PostgreSQL.
	// A full list of supported parameters can be found in the pq library documentation(https://godoc.org/github.com/lib/pq#hdr-Connection_String_Parameters).
	// secret data:
	//  - connection_url:<data>
	ConnectionURLSecret string `json:"connectionURLSecret" protobuf:"bytes,1,opt,name=connectionURLSecret"`

	// Specifies the name of the table in which to write Vault data.
	// This table must already exist (Vault will not attempt to create it).
	// +optional
	Table string `json:"table,omitempty" protobuf:"bytes,2,opt,name=table"`

	//  Specifies the maximum number of concurrent requests to take place.
	// +optional
	MaxParallel int64 `json:"maxParallel,omitempty" protobuf:"varint,3,opt,name=maxParallel"`
}

vault doc: https://www.vaultproject.io/docs/configuration/storage/postgresql.html

PostgreSQLSpec defines configuration to set up PostgreSQL storage as backend storage in vault

func (*PostgreSQLSpec) DeepCopy

func (in *PostgreSQLSpec) DeepCopy() *PostgreSQLSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgreSQLSpec.

func (*PostgreSQLSpec) DeepCopyInto

func (in *PostgreSQLSpec) DeepCopyInto(out *PostgreSQLSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PostgreSQLSpec) Descriptor

func (*PostgreSQLSpec) Descriptor() ([]byte, []int)

func (*PostgreSQLSpec) Marshal

func (m *PostgreSQLSpec) Marshal() (dAtA []byte, err error)

func (*PostgreSQLSpec) MarshalTo

func (m *PostgreSQLSpec) MarshalTo(dAtA []byte) (int, error)

func (*PostgreSQLSpec) MarshalToSizedBuffer

func (m *PostgreSQLSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*PostgreSQLSpec) ProtoMessage

func (*PostgreSQLSpec) ProtoMessage()

func (*PostgreSQLSpec) Reset

func (m *PostgreSQLSpec) Reset()

func (*PostgreSQLSpec) Size

func (m *PostgreSQLSpec) Size() (n int)

func (*PostgreSQLSpec) String

func (this *PostgreSQLSpec) String() string

func (*PostgreSQLSpec) Unmarshal

func (m *PostgreSQLSpec) Unmarshal(dAtA []byte) error

func (*PostgreSQLSpec) XXX_DiscardUnknown

func (m *PostgreSQLSpec) XXX_DiscardUnknown()

func (*PostgreSQLSpec) XXX_Marshal

func (m *PostgreSQLSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PostgreSQLSpec) XXX_Merge

func (m *PostgreSQLSpec) XXX_Merge(src proto.Message)

func (*PostgreSQLSpec) XXX_Size

func (m *PostgreSQLSpec) XXX_Size() int

func (*PostgreSQLSpec) XXX_Unmarshal

func (m *PostgreSQLSpec) XXX_Unmarshal(b []byte) error

type RaftSpec

type RaftSpec struct {
	// Path (string: "") specifies the filesystem path where the vault data gets stored.
	// This value can be overridden by setting the VAULT_RAFT_PATH environment variable.
	// default: ""
	// +optional
	Path string `json:"path,omitempty" protobuf:"bytes,1,opt,name=path"`

	// An integer multiplier used by servers to scale key Raft timing parameters.
	// Tuning this affects the time it takes Vault to detect leader failures and to perform leader elections,
	// at the expense of requiring more network and CPU resources for better performance.
	// default: 0
	// +optional
	PerformanceMultiplier int64 `json:"performanceMultiplier,omitempty" protobuf:"bytes,3,opt,name=performanceMultiplier"`

	// This controls how many log entries are left in the log store on disk after a snapshot is made.
	// default: 10000
	// +optional
	TrailingLogs *int64 `json:"trailingLogs,omitempty" protobuf:"bytes,4,opt,name=trailingLogs"`

	// This controls the minimum number of raft commit entries between snapshots that are saved to disk.
	// default: 8192
	// +optional
	SnapshotThreshold *int64 `json:"snapshotThreshold,omitempty" protobuf:"bytes,5,opt,name=snapshotThreshold"`

	// This configures the maximum number of bytes for a raft entry. It applies to both Put operations and transactions.
	// default: 1048576
	// +optional
	MaxEntrySize *int64 `json:"maxEntrySize,omitempty" protobuf:"bytes,7,opt,name=maxEntrySize"`

	// This is the interval after which autopilot will pick up any state changes.
	// default: ""
	// +optional
	AutopilotReconcileInterval string `json:"autopilotReconcileInterval,omitempty" protobuf:"bytes,8,opt,name=autoPilotReconcileInterval"`

	// Storage to specify how storage shall be used.
	Storage *core.PersistentVolumeClaimSpec `json:"storage,omitempty" protobuf:"bytes,9,opt,name=storage"`
}

RaftSpec defines the configuration for the Raft integrated storage. https://www.vaultproject.io/docs/configuration/storage/raft

func (*RaftSpec) DeepCopy

func (in *RaftSpec) DeepCopy() *RaftSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RaftSpec.

func (*RaftSpec) DeepCopyInto

func (in *RaftSpec) DeepCopyInto(out *RaftSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RaftSpec) Descriptor

func (*RaftSpec) Descriptor() ([]byte, []int)

func (*RaftSpec) Marshal

func (m *RaftSpec) Marshal() (dAtA []byte, err error)

func (*RaftSpec) MarshalTo

func (m *RaftSpec) MarshalTo(dAtA []byte) (int, error)

func (*RaftSpec) MarshalToSizedBuffer

func (m *RaftSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*RaftSpec) ProtoMessage

func (*RaftSpec) ProtoMessage()

func (*RaftSpec) Reset

func (m *RaftSpec) Reset()

func (*RaftSpec) Size

func (m *RaftSpec) Size() (n int)

func (*RaftSpec) String

func (this *RaftSpec) String() string

func (*RaftSpec) Unmarshal

func (m *RaftSpec) Unmarshal(dAtA []byte) error

func (*RaftSpec) XXX_DiscardUnknown

func (m *RaftSpec) XXX_DiscardUnknown()

func (*RaftSpec) XXX_Marshal

func (m *RaftSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RaftSpec) XXX_Merge

func (m *RaftSpec) XXX_Merge(src proto.Message)

func (*RaftSpec) XXX_Size

func (m *RaftSpec) XXX_Size() int

func (*RaftSpec) XXX_Unmarshal

func (m *RaftSpec) XXX_Unmarshal(b []byte) error

type S3Spec

type S3Spec struct {
	// Specifies the name of the bucket to use for storage.
	Bucket string `json:"bucket" protobuf:"bytes,1,opt,name=bucket"`

	// Specifies an alternative, AWS compatible, S3 endpoint.
	// +optional
	Endpoint string `json:"endpoint,omitempty" protobuf:"bytes,2,opt,name=endpoint"`

	// Specifies the AWS region
	// +optional
	Region string `json:"region,omitempty" protobuf:"bytes,3,opt,name=region"`

	// Specifies the secret name containing AWS access key and AWS secret key
	// secret data:
	//  - access_key=<value>
	//  - secret_key=<value>
	// +optional
	CredentialSecret string `json:"credentialSecret,omitempty" protobuf:"bytes,4,opt,name=credentialSecret"`

	// Specifies the secret name containing AWS session token
	// secret data:
	//  - session_token:<value>
	// +optional
	SessionTokenSecret string `json:"sessionTokenSecret,omitempty" protobuf:"bytes,5,opt,name=sessionTokenSecret"`

	// Specifies the maximum number of parallel operations to take place.
	// +optional
	MaxParallel int64 `json:"maxParallel,omitempty" protobuf:"varint,6,opt,name=maxParallel"`

	// Specifies whether to use host bucket style domains with the configured endpoint.
	// +optional
	ForcePathStyle bool `json:"forcePathStyle,omitempty" protobuf:"varint,7,opt,name=forcePathStyle"`

	// Specifies if SSL should be used for the endpoint connection
	// +optional
	DisableSSL bool `json:"disableSSL,omitempty" protobuf:"varint,8,opt,name=disableSSL"`
}

vault doc: https://www.vaultproject.io/docs/configuration/storage/s3.html

S3Spec defines configuration to set up Amazon S3 Storage as backend storage in vault

func (*S3Spec) DeepCopy

func (in *S3Spec) DeepCopy() *S3Spec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S3Spec.

func (*S3Spec) DeepCopyInto

func (in *S3Spec) DeepCopyInto(out *S3Spec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*S3Spec) Descriptor

func (*S3Spec) Descriptor() ([]byte, []int)

func (*S3Spec) Marshal

func (m *S3Spec) Marshal() (dAtA []byte, err error)

func (*S3Spec) MarshalTo

func (m *S3Spec) MarshalTo(dAtA []byte) (int, error)

func (*S3Spec) MarshalToSizedBuffer

func (m *S3Spec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*S3Spec) ProtoMessage

func (*S3Spec) ProtoMessage()

func (*S3Spec) Reset

func (m *S3Spec) Reset()

func (*S3Spec) Size

func (m *S3Spec) Size() (n int)

func (*S3Spec) String

func (this *S3Spec) String() string

func (*S3Spec) Unmarshal

func (m *S3Spec) Unmarshal(dAtA []byte) error

func (*S3Spec) XXX_DiscardUnknown

func (m *S3Spec) XXX_DiscardUnknown()

func (*S3Spec) XXX_Marshal

func (m *S3Spec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*S3Spec) XXX_Merge

func (m *S3Spec) XXX_Merge(src proto.Message)

func (*S3Spec) XXX_Size

func (m *S3Spec) XXX_Size() int

func (*S3Spec) XXX_Unmarshal

func (m *S3Spec) XXX_Unmarshal(b []byte) error

type SecretEngineNamespaces added in v0.5.0

type SecretEngineNamespaces struct {
	// From indicates where Secret Engines will be selected for this VaultServer. Possible
	// values are:
	// * All: Secret Engines in all namespaces may be used by this VaultServer.
	// * Selector: Secret Engines in namespaces selected by the selector may be used by
	//   this VaultServer.
	// * Same: Only Secret Engines in the same namespace may be used by this VaultServer.
	//
	// +optional
	// +kubebuilder:default=Same
	From *FromNamespaces `json:"from,omitempty" protobuf:"bytes,1,opt,name=from,casttype=FromNamespaces"`

	// Selector must be specified when From is set to "Selector". In that case,
	// only Secret Engines in Namespaces matching this Selector will be selected by this
	// VaultServer. This field is ignored for other values of "From".
	//
	// +optional
	Selector *metav1.LabelSelector `json:"selector,omitempty" protobuf:"bytes,2,opt,name=selector"`
}

SecretEngineNamespaces indicate which namespaces Secret Engines should be selected from.

func (*SecretEngineNamespaces) DeepCopy added in v0.5.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineNamespaces.

func (*SecretEngineNamespaces) DeepCopyInto added in v0.5.0

func (in *SecretEngineNamespaces) DeepCopyInto(out *SecretEngineNamespaces)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretEngineNamespaces) Descriptor added in v0.5.0

func (*SecretEngineNamespaces) Descriptor() ([]byte, []int)

func (*SecretEngineNamespaces) Marshal added in v0.5.0

func (m *SecretEngineNamespaces) Marshal() (dAtA []byte, err error)

func (*SecretEngineNamespaces) MarshalTo added in v0.5.0

func (m *SecretEngineNamespaces) MarshalTo(dAtA []byte) (int, error)

func (*SecretEngineNamespaces) MarshalToSizedBuffer added in v0.5.0

func (m *SecretEngineNamespaces) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SecretEngineNamespaces) ProtoMessage added in v0.5.0

func (*SecretEngineNamespaces) ProtoMessage()

func (*SecretEngineNamespaces) Reset added in v0.5.0

func (m *SecretEngineNamespaces) Reset()

func (*SecretEngineNamespaces) Size added in v0.5.0

func (m *SecretEngineNamespaces) Size() (n int)

func (*SecretEngineNamespaces) String added in v0.5.0

func (this *SecretEngineNamespaces) String() string

func (*SecretEngineNamespaces) Unmarshal added in v0.5.0

func (m *SecretEngineNamespaces) Unmarshal(dAtA []byte) error

func (*SecretEngineNamespaces) XXX_DiscardUnknown added in v0.5.0

func (m *SecretEngineNamespaces) XXX_DiscardUnknown()

func (*SecretEngineNamespaces) XXX_Marshal added in v0.5.0

func (m *SecretEngineNamespaces) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SecretEngineNamespaces) XXX_Merge added in v0.5.0

func (m *SecretEngineNamespaces) XXX_Merge(src proto.Message)

func (*SecretEngineNamespaces) XXX_Size added in v0.5.0

func (m *SecretEngineNamespaces) XXX_Size() int

func (*SecretEngineNamespaces) XXX_Unmarshal added in v0.5.0

func (m *SecretEngineNamespaces) XXX_Unmarshal(b []byte) error

type SecretEngineType added in v0.5.0

type SecretEngineType string

+kubebuilder:validation:Enum=kv;pki;aws;azure;gcp;postgres;mongodb;mysql;elasticsearch

const (
	SecretEngineTypeKV            SecretEngineType = "kv"
	SecretEngineTypePKI           SecretEngineType = "pki"
	SecretEngineTypeAWS           SecretEngineType = "aws"
	SecretEngineTypeAzure         SecretEngineType = "azure"
	SecretEngineTypeGCP           SecretEngineType = "gcp"
	SecretEngineTypePostgres      SecretEngineType = "postgres"
	SecretEngineTypeMongoDB       SecretEngineType = "mongodb"
	SecretEngineTypeMySQL         SecretEngineType = "mysql"
	SecretEngineTypeElasticsearch SecretEngineType = "elasticsearch"
)

type ServiceAlias

type ServiceAlias string

+kubebuilder:validation:Enum=internal;vault;stats

const (
	VaultServerServiceInternal ServiceAlias = "internal"
	VaultServerServiceVault    ServiceAlias = "vault"
	VaultServerServiceStats    ServiceAlias = "stats"
)

type SwiftSpec

type SwiftSpec struct {
	// Specifies the OpenStack authentication endpoint.
	AuthURL string `json:"authURL" protobuf:"bytes,1,opt,name=authURL"`

	// Specifies the name of the Swift container.
	Container string `json:"container" protobuf:"bytes,2,opt,name=container"`

	// Specifies the name of the secret containing the OpenStack account/username and password
	// secret data:
	//  - username=<value>
	//  - password=<value>
	CredentialSecret string `json:"credentialSecret" protobuf:"bytes,3,opt,name=credentialSecret"`

	// Specifies the name of the tenant. If left blank, this will default to the default tenant of the username.
	// +optional
	Tenant string `json:"tenant,omitempty" protobuf:"bytes,4,opt,name=tenant"`

	// Specifies the name of the region.
	// +optional
	Region string `json:"region,omitempty" protobuf:"bytes,5,opt,name=region"`

	// Specifies the id of the tenant.
	// +optional
	TenantID string `json:"tenantID,omitempty" protobuf:"bytes,6,opt,name=tenantID"`

	// Specifies the name of the user domain.
	// +optional
	Domain string `json:"domain,omitempty" protobuf:"bytes,7,opt,name=domain"`

	// Specifies the name of the project's domain.
	// +optional
	ProjectDomain string `json:"projectDomain,omitempty" protobuf:"bytes,8,opt,name=projectDomain"`

	// Specifies the id of the trust.
	// +optional
	TrustID string `json:"trustID,omitempty" protobuf:"bytes,9,opt,name=trustID"`

	// Specifies storage URL from alternate authentication.
	// +optional
	StorageURL string `json:"storageURL,omitempty" protobuf:"bytes,10,opt,name=storageURL"`

	// Specifies secret containing auth token from alternate authentication.
	// secret data:
	//  - auth_token=<value>
	// +optional
	AuthTokenSecret string `json:"authTokenSecret,omitempty" protobuf:"bytes,11,opt,name=authTokenSecret"`

	//  Specifies the maximum number of concurrent requests to take place.
	// +optional
	MaxParallel int64 `json:"maxParallel,omitempty" protobuf:"varint,12,opt,name=maxParallel"`
}

vault doc: https://www.vaultproject.io/docs/configuration/storage/swift.html

SwiftSpec defines configuration to set up Swift Storage as backend storage in vault

func (*SwiftSpec) DeepCopy

func (in *SwiftSpec) DeepCopy() *SwiftSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SwiftSpec.

func (*SwiftSpec) DeepCopyInto

func (in *SwiftSpec) DeepCopyInto(out *SwiftSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SwiftSpec) Descriptor

func (*SwiftSpec) Descriptor() ([]byte, []int)

func (*SwiftSpec) Marshal

func (m *SwiftSpec) Marshal() (dAtA []byte, err error)

func (*SwiftSpec) MarshalTo

func (m *SwiftSpec) MarshalTo(dAtA []byte) (int, error)

func (*SwiftSpec) MarshalToSizedBuffer

func (m *SwiftSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*SwiftSpec) ProtoMessage

func (*SwiftSpec) ProtoMessage()

func (*SwiftSpec) Reset

func (m *SwiftSpec) Reset()

func (*SwiftSpec) Size

func (m *SwiftSpec) Size() (n int)

func (*SwiftSpec) String

func (this *SwiftSpec) String() string

func (*SwiftSpec) Unmarshal

func (m *SwiftSpec) Unmarshal(dAtA []byte) error

func (*SwiftSpec) XXX_DiscardUnknown

func (m *SwiftSpec) XXX_DiscardUnknown()

func (*SwiftSpec) XXX_Marshal

func (m *SwiftSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*SwiftSpec) XXX_Merge

func (m *SwiftSpec) XXX_Merge(src proto.Message)

func (*SwiftSpec) XXX_Size

func (m *SwiftSpec) XXX_Size() int

func (*SwiftSpec) XXX_Unmarshal

func (m *SwiftSpec) XXX_Unmarshal(b []byte) error

type TLSPolicy

type TLSPolicy struct {
	// TLSSecret is the secret containing TLS certs used by each vault node
	// for the communication between the vault server and its clients.
	// The secret should contain three files:
	// 	- tls.crt
	// 	- tls.key
	//
	// The server certificate must allow the following wildcard domains:
	// 	- localhost
	// 	- *.<namespace>.pod
	// 	- <vaultServer-name>.<namespace>.svc
	TLSSecret string `json:"tlsSecret" protobuf:"bytes,1,opt,name=tlsSecret"`

	// CABundle is a PEM encoded CA bundle which will be used to validate the serving certificate.
	// +optional
	CABundle []byte `json:"caBundle,omitempty" protobuf:"bytes,2,opt,name=caBundle"`
}

TLSPolicy defines the TLS policy of the vault nodes If this is not set, operator will auto-gen TLS assets and secrets.

func (*TLSPolicy) DeepCopy

func (in *TLSPolicy) DeepCopy() *TLSPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSPolicy.

func (*TLSPolicy) DeepCopyInto

func (in *TLSPolicy) DeepCopyInto(out *TLSPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TLSPolicy) Descriptor

func (*TLSPolicy) Descriptor() ([]byte, []int)

func (*TLSPolicy) Marshal

func (m *TLSPolicy) Marshal() (dAtA []byte, err error)

func (*TLSPolicy) MarshalTo

func (m *TLSPolicy) MarshalTo(dAtA []byte) (int, error)

func (*TLSPolicy) MarshalToSizedBuffer

func (m *TLSPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*TLSPolicy) ProtoMessage

func (*TLSPolicy) ProtoMessage()

func (*TLSPolicy) Reset

func (m *TLSPolicy) Reset()

func (*TLSPolicy) Size

func (m *TLSPolicy) Size() (n int)

func (*TLSPolicy) String

func (this *TLSPolicy) String() string

func (*TLSPolicy) Unmarshal

func (m *TLSPolicy) Unmarshal(dAtA []byte) error

func (*TLSPolicy) XXX_DiscardUnknown

func (m *TLSPolicy) XXX_DiscardUnknown()

func (*TLSPolicy) XXX_Marshal

func (m *TLSPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*TLSPolicy) XXX_Merge

func (m *TLSPolicy) XXX_Merge(src proto.Message)

func (*TLSPolicy) XXX_Size

func (m *TLSPolicy) XXX_Size() int

func (*TLSPolicy) XXX_Unmarshal

func (m *TLSPolicy) XXX_Unmarshal(b []byte) error

type TerminationPolicy

type TerminationPolicy string

+kubebuilder:validation:Enum=Halt;Delete;WipeOut;DoNotTerminate

const (
	// Deletes VaultServer pods, service but leave the PVCs and stash backup data intact.
	TerminationPolicyHalt TerminationPolicy = "Halt"
	// Deletes VaultServer pods, service, pvcs but leave the stash backup data intact.
	TerminationPolicyDelete TerminationPolicy = "Delete"
	// Deletes VaultServer pods, service, pvcs and stash backup data.
	TerminationPolicyWipeOut TerminationPolicy = "WipeOut"
	// Rejects attempt to delete VaultServer using ValidationWebhook.
	TerminationPolicyDoNotTerminate TerminationPolicy = "DoNotTerminate"
)

type UnsealerSpec

type UnsealerSpec struct {
	// Total count of secret shares that exist
	// +optional
	SecretShares int64 `json:"secretShares,omitempty" protobuf:"varint,1,opt,name=secretShares"`

	// Minimum required secret shares to unseal
	// +optional
	SecretThreshold int64 `json:"secretThreshold,omitempty" protobuf:"varint,2,opt,name=secretThreshold"`

	// How often to attempt to unseal the vault instance
	// +optional
	RetryPeriodSeconds time.Duration `json:"retryPeriodSeconds,omitempty" protobuf:"varint,3,opt,name=retryPeriodSeconds,casttype=time.Duration"`

	// overwrite existing unseal keys and root tokens, possibly dangerous!
	// +optional
	OverwriteExisting bool `json:"overwriteExisting,omitempty" protobuf:"varint,4,opt,name=overwriteExisting"`

	// should the root token be stored in the key store (default true)
	// +optional
	StoreRootToken bool `json:"storeRootToken,omitempty" protobuf:"varint,5,opt,name=storeRootToken"`

	// mode contains unseal mechanism
	// +optional
	Mode ModeSpec `json:"mode,omitempty" protobuf:"bytes,6,opt,name=mode"`
}

UnsealerSpec contain the configuration for auto vault initialize/unseal

func (*UnsealerSpec) DeepCopy

func (in *UnsealerSpec) DeepCopy() *UnsealerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnsealerSpec.

func (*UnsealerSpec) DeepCopyInto

func (in *UnsealerSpec) DeepCopyInto(out *UnsealerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*UnsealerSpec) Descriptor

func (*UnsealerSpec) Descriptor() ([]byte, []int)

func (*UnsealerSpec) Marshal

func (m *UnsealerSpec) Marshal() (dAtA []byte, err error)

func (*UnsealerSpec) MarshalTo

func (m *UnsealerSpec) MarshalTo(dAtA []byte) (int, error)

func (*UnsealerSpec) MarshalToSizedBuffer

func (m *UnsealerSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*UnsealerSpec) ProtoMessage

func (*UnsealerSpec) ProtoMessage()

func (*UnsealerSpec) Reset

func (m *UnsealerSpec) Reset()

func (*UnsealerSpec) Size

func (m *UnsealerSpec) Size() (n int)

func (*UnsealerSpec) String

func (this *UnsealerSpec) String() string

func (*UnsealerSpec) Unmarshal

func (m *UnsealerSpec) Unmarshal(dAtA []byte) error

func (*UnsealerSpec) XXX_DiscardUnknown

func (m *UnsealerSpec) XXX_DiscardUnknown()

func (*UnsealerSpec) XXX_Marshal

func (m *UnsealerSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*UnsealerSpec) XXX_Merge

func (m *UnsealerSpec) XXX_Merge(src proto.Message)

func (*UnsealerSpec) XXX_Size

func (m *UnsealerSpec) XXX_Size() int

func (*UnsealerSpec) XXX_Unmarshal

func (m *UnsealerSpec) XXX_Unmarshal(b []byte) error

type VaultCertificateAlias

type VaultCertificateAlias string

+kubebuilder:validation:Enum=ca;server;client;storage

const (
	VaultCACert      VaultCertificateAlias = "ca"
	VaultServerCert  VaultCertificateAlias = "server"
	VaultClientCert  VaultCertificateAlias = "client"
	VaultStorageCert VaultCertificateAlias = "storage"
)

type VaultServer

type VaultServer struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
	Spec              VaultServerSpec   `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
	Status            VaultServerStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=vaultservers,singular=vaultserver,shortName=vs,categories={vault,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Replicas",type="string",JSONPath=".spec.replicas" +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".spec.version" +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.phase" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (VaultServer) AppBindingName

func (v VaultServer) AppBindingName() string

func (*VaultServer) CertificateMountPath

func (v *VaultServer) CertificateMountPath(alias VaultCertificateAlias) string

func (VaultServer) ConfigSecretName

func (v VaultServer) ConfigSecretName() string

func (VaultServer) CustomResourceDefinition

func (_ VaultServer) CustomResourceDefinition() *apiextensions.CustomResourceDefinition

func (*VaultServer) DeepCopy

func (in *VaultServer) DeepCopy() *VaultServer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServer.

func (*VaultServer) DeepCopyInto

func (in *VaultServer) DeepCopyInto(out *VaultServer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultServer) DeepCopyObject

func (in *VaultServer) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultServer) DefaultCertSecretName

func (vs *VaultServer) DefaultCertSecretName(alias string) string

Returns the default certificate secret name for given alias.

func (*VaultServer) Descriptor

func (*VaultServer) Descriptor() ([]byte, []int)

func (*VaultServer) GetCertSecretName

func (vs *VaultServer) GetCertSecretName(alias string) string

Returns certificate secret name for given alias if exists, otherwise returns the default certificate secret name.

func (*VaultServer) GetCertificateCN

func (vs *VaultServer) GetCertificateCN(alias VaultCertificateAlias) string

func (VaultServer) GetKey

func (v VaultServer) GetKey() string

func (*VaultServer) GetServiceTemplate

func (vs *VaultServer) GetServiceTemplate(alias ServiceAlias) ofst.ServiceTemplateSpec

GetServiceTemplate returns a pointer to the desired serviceTemplate referred by "alias". Otherwise, it returns nil.

func (VaultServer) IsValid

func (v VaultServer) IsValid() error

func (*VaultServer) Marshal

func (m *VaultServer) Marshal() (dAtA []byte, err error)

func (*VaultServer) MarshalTo

func (m *VaultServer) MarshalTo(dAtA []byte) (int, error)

func (*VaultServer) MarshalToSizedBuffer

func (m *VaultServer) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (VaultServer) OffshootLabels

func (v VaultServer) OffshootLabels() map[string]string

func (VaultServer) OffshootName

func (v VaultServer) OffshootName() string

func (VaultServer) OffshootSelectors

func (v VaultServer) OffshootSelectors() map[string]string

func (VaultServer) PolicyNameForAuthMethodController

func (v VaultServer) PolicyNameForAuthMethodController() string

func (VaultServer) PolicyNameForPolicyController

func (v VaultServer) PolicyNameForPolicyController() string

func (*VaultServer) ProtoMessage

func (*VaultServer) ProtoMessage()

func (*VaultServer) ReplicasAreReady

func (v *VaultServer) ReplicasAreReady(lister appslister.StatefulSetLister) (bool, string, error)

func (*VaultServer) Reset

func (m *VaultServer) Reset()

func (VaultServer) ResourceFQN

func (_ VaultServer) ResourceFQN() string

func (*VaultServer) Scheme

func (vs *VaultServer) Scheme() string

func (VaultServer) ServiceAccountForTokenReviewer

func (v VaultServer) ServiceAccountForTokenReviewer() string

func (VaultServer) ServiceAccountName

func (v VaultServer) ServiceAccountName() string

func (VaultServer) ServiceName

func (v VaultServer) ServiceName(alias ServiceAlias) string

func (*VaultServer) Size

func (m *VaultServer) Size() (n int)

func (VaultServer) StatsLabels

func (v VaultServer) StatsLabels() map[string]string

func (VaultServer) StatsService

func (v VaultServer) StatsService() mona.StatsAccessor

func (VaultServer) StatsServiceName

func (v VaultServer) StatsServiceName() string

func (*VaultServer) String

func (this *VaultServer) String() string

func (VaultServer) TLSSecretName

func (v VaultServer) TLSSecretName() string

func (*VaultServer) Unmarshal

func (m *VaultServer) Unmarshal(dAtA []byte) error

func (*VaultServer) XXX_DiscardUnknown

func (m *VaultServer) XXX_DiscardUnknown()

func (*VaultServer) XXX_Marshal

func (m *VaultServer) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VaultServer) XXX_Merge

func (m *VaultServer) XXX_Merge(src proto.Message)

func (*VaultServer) XXX_Size

func (m *VaultServer) XXX_Size() int

func (*VaultServer) XXX_Unmarshal

func (m *VaultServer) XXX_Unmarshal(b []byte) error

type VaultServerBackend

type VaultServerBackend string

+kubebuilder:validation:Enum=inmem;etcd;gcs;s3;azure;postgresql;mysql;file;dynamodb;swift;consul;raft

const (
	VaultServerInmem      VaultServerBackend = "inmem"
	VaultServerEtcd       VaultServerBackend = "etcd"
	VaultServerGcs        VaultServerBackend = "gcs"
	VaultServerS3         VaultServerBackend = "s3"
	VaultServerAzure      VaultServerBackend = "azure"
	VaultServerPostgreSQL VaultServerBackend = "postgresql"
	VaultServerMySQL      VaultServerBackend = "mysql"
	VaultServerFile       VaultServerBackend = "file"
	VaultServerDynamoDB   VaultServerBackend = "dynamodb"
	VaultServerSwift      VaultServerBackend = "swift"
	VaultServerConsul     VaultServerBackend = "consul"
	VaultServerRaft       VaultServerBackend = "raft"
)

type VaultServerList

type VaultServerList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
	Items           []VaultServer `json:"items,omitempty" protobuf:"bytes,2,rep,name=items"`
}

func (*VaultServerList) DeepCopy

func (in *VaultServerList) DeepCopy() *VaultServerList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServerList.

func (*VaultServerList) DeepCopyInto

func (in *VaultServerList) DeepCopyInto(out *VaultServerList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultServerList) DeepCopyObject

func (in *VaultServerList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultServerList) Descriptor

func (*VaultServerList) Descriptor() ([]byte, []int)

func (*VaultServerList) Marshal

func (m *VaultServerList) Marshal() (dAtA []byte, err error)

func (*VaultServerList) MarshalTo

func (m *VaultServerList) MarshalTo(dAtA []byte) (int, error)

func (*VaultServerList) MarshalToSizedBuffer

func (m *VaultServerList) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*VaultServerList) ProtoMessage

func (*VaultServerList) ProtoMessage()

func (*VaultServerList) Reset

func (m *VaultServerList) Reset()

func (*VaultServerList) Size

func (m *VaultServerList) Size() (n int)

func (*VaultServerList) String

func (this *VaultServerList) String() string

func (*VaultServerList) Unmarshal

func (m *VaultServerList) Unmarshal(dAtA []byte) error

func (*VaultServerList) XXX_DiscardUnknown

func (m *VaultServerList) XXX_DiscardUnknown()

func (*VaultServerList) XXX_Marshal

func (m *VaultServerList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VaultServerList) XXX_Merge

func (m *VaultServerList) XXX_Merge(src proto.Message)

func (*VaultServerList) XXX_Size

func (m *VaultServerList) XXX_Size() int

func (*VaultServerList) XXX_Unmarshal

func (m *VaultServerList) XXX_Unmarshal(b []byte) error

type VaultServerPhase

type VaultServerPhase string

+kubebuilder:validation:Enum=Initializing;Unsealing;Sealed;Ready;NotReady;Critical

const (
	// used for VaultServer that are Initializing
	VaultServerPhaseInitializing VaultServerPhase = "Initializing"
	// used for VaultServer that are Unsealing
	VaultServerPhaseUnsealing VaultServerPhase = "Unsealing"
	// used for VaultServer that are sealed
	VaultServerPhaseSealed VaultServerPhase = "Sealed"
	// used for VaultServer that are Ready
	VaultServerPhaseReady VaultServerPhase = "Ready"
	// used for VaultServer that are NotReady
	VaultServerPhaseNotReady VaultServerPhase = "NotReady"
	// used for VaultServer that are Critical
	VaultServerPhaseCritical VaultServerPhase = "Critical"
)

type VaultServerSpec

type VaultServerSpec struct {
	// Version of VaultServer to be deployed.
	Version string `json:"version" protobuf:"bytes,1,opt,name=version"`

	// Number of instances to deploy for a VaultServer.
	Replicas *int32 `json:"replicas,omitempty" protobuf:"varint,2,opt,name=replicas"`

	// ConfigSecret is an optional field to provide extra configuration for vault.
	// This secret contain extra config for vault
	// File name should be 'vault.hcl'.
	// If specified, this file will be appended to the controller configuration file.
	// +optional
	ConfigSecret *core.LocalObjectReference `json:"configSecret,omitempty" protobuf:"bytes,3,opt,name=configSecret"`

	// DataSources is a list of Configmaps/Secrets in the same namespace as the VaultServer
	// object, which shall be mounted into the VaultServer Pods.
	// The data are mounted into /etc/vault/data/<name>.
	// The first data will be named as "data-0", second one will be named as "data-1" and so on.
	// +optional
	DataSources []core.VolumeSource `json:"dataSources,omitempty" protobuf:"bytes,4,rep,name=dataSources"`

	// TLS policy of vault nodes
	// +optional
	TLS *kmapi.TLSConfig `json:"tls,omitempty" protobuf:"bytes,5,opt,name=tls"`

	// backend storage configuration for vault
	Backend BackendStorageSpec `json:"backend" protobuf:"bytes,6,opt,name=backend"`

	// Unsealer configuration for vault
	// +optional
	Unsealer *UnsealerSpec `json:"unsealer,omitempty" protobuf:"bytes,7,opt,name=unsealer"`

	// Specifies the list of auth methods to enable
	// +optional
	AuthMethods []AuthMethod `json:"authMethods,omitempty" protobuf:"bytes,8,rep,name=authMethods"`

	// Monitor is used monitor database instance
	// +optional
	Monitor *mona.AgentSpec `json:"monitor,omitempty" protobuf:"bytes,9,opt,name=monitor"`

	// PodTemplate is an optional configuration for pods used to run vault
	// +optional
	PodTemplate ofst.PodTemplateSpec `json:"podTemplate,omitempty" protobuf:"bytes,10,opt,name=podTemplate"`

	// ServiceTemplates is an optional configuration for services used to expose database
	// +optional
	ServiceTemplates []NamedServiceTemplateSpec `json:"serviceTemplates,omitempty" protobuf:"bytes,11,rep,name=serviceTemplates"`

	// Indicates that the vault server is halted and all offshoot Kubernetes resources except PVCs are deleted.
	// +optional
	Halted bool `json:"halted,omitempty" protobuf:"varint,12,opt,name=halted"`

	// TerminationPolicy controls the delete operation for vault server
	// +optional
	TerminationPolicy TerminationPolicy `json:"terminationPolicy,omitempty" protobuf:"bytes,13,opt,name=terminationPolicy,casttype=TerminationPolicy"`

	// AllowedSecretEngines defines the types of Secret Engines that MAY be attached to a
	// Listener and the trusted namespaces where those Route resources MAY be
	// present.
	//
	// Although a client request may match multiple route rules, only one rule
	// may ultimately receive the request. Matching precedence MUST be
	// determined in order of the following criteria:
	//
	// * The most specific match as defined by the Route type.
	// * The oldest Route based on creation timestamp. For example, a Route with
	//   a creation timestamp of "2020-09-08 01:02:03" is given precedence over
	//   a Route with a creation timestamp of "2020-09-08 01:02:04".
	// * If everything else is equivalent, the Route appearing first in
	//   alphabetical order (namespace/name) should be given precedence. For
	//   example, foo/bar is given precedence over foo/baz.
	//
	// All valid rules within a Route attached to this Listener should be
	// implemented. Invalid Route rules can be ignored (sometimes that will mean
	// the full Route). If a Route rule transitions from valid to invalid,
	// support for that Route rule should be dropped to ensure consistency. For
	// example, even if a filter specified by a Route rule is invalid, the rest
	// of the rules within that Route should still be supported.
	//
	// Support: Core
	// +kubebuilder:default={namespaces:{from: Same}}
	// +optional
	AllowedSecretEngines *AllowedSecretEngines `json:"allowedSecretEngines,omitempty" protobuf:"bytes,14,opt,name=allowedSecretEngines"`
}

func (*VaultServerSpec) DeepCopy

func (in *VaultServerSpec) DeepCopy() *VaultServerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServerSpec.

func (*VaultServerSpec) DeepCopyInto

func (in *VaultServerSpec) DeepCopyInto(out *VaultServerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultServerSpec) Descriptor

func (*VaultServerSpec) Descriptor() ([]byte, []int)

func (*VaultServerSpec) Marshal

func (m *VaultServerSpec) Marshal() (dAtA []byte, err error)

func (*VaultServerSpec) MarshalTo

func (m *VaultServerSpec) MarshalTo(dAtA []byte) (int, error)

func (*VaultServerSpec) MarshalToSizedBuffer

func (m *VaultServerSpec) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*VaultServerSpec) ProtoMessage

func (*VaultServerSpec) ProtoMessage()

func (*VaultServerSpec) Reset

func (m *VaultServerSpec) Reset()

func (*VaultServerSpec) Size

func (m *VaultServerSpec) Size() (n int)

func (*VaultServerSpec) String

func (this *VaultServerSpec) String() string

func (*VaultServerSpec) Unmarshal

func (m *VaultServerSpec) Unmarshal(dAtA []byte) error

func (*VaultServerSpec) XXX_DiscardUnknown

func (m *VaultServerSpec) XXX_DiscardUnknown()

func (*VaultServerSpec) XXX_Marshal

func (m *VaultServerSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VaultServerSpec) XXX_Merge

func (m *VaultServerSpec) XXX_Merge(src proto.Message)

func (*VaultServerSpec) XXX_Size

func (m *VaultServerSpec) XXX_Size() int

func (*VaultServerSpec) XXX_Unmarshal

func (m *VaultServerSpec) XXX_Unmarshal(b []byte) error

type VaultServerStatus

type VaultServerStatus struct {
	// ObservedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,1,opt,name=observedGeneration"`

	// Phase indicates the state this Vault server jumps in.
	// +optional
	Phase VaultServerPhase `json:"phase,omitempty" protobuf:"bytes,2,opt,name=phase,casttype=vaultServerPhase"`

	// Initialized indicates if the Vault service is initialized.
	// +optional
	Initialized bool `json:"initialized,omitempty" protobuf:"varint,3,opt,name=initialized"`

	// ServiceName is the LB service for accessing vault nodes.
	// +optional
	ServiceName string `json:"serviceName,omitempty" protobuf:"bytes,4,opt,name=serviceName"`

	// ClientPort is the port for vault client to access.
	// It's the same on client LB service and vault nodes.
	// +optional
	ClientPort int64 `json:"clientPort,omitempty" protobuf:"varint,5,opt,name=clientPort"`

	// VaultStatus is the set of Vault node specific statuses: Active, Standby, and Sealed
	// +optional
	VaultStatus VaultStatus `json:"vaultStatus,omitempty" protobuf:"bytes,6,opt,name=vaultStatus"`

	// PodNames of updated Vault nodes. Updated means the Vault container image version
	// matches the spec's version.
	// +optional
	UpdatedNodes []string `json:"updatedNodes,omitempty" protobuf:"bytes,7,rep,name=updatedNodes"`

	// Represents the latest available observations of a VaultServer current state.
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty" protobuf:"bytes,8,rep,name=conditions"`

	// Status of the vault auth methods
	// +optional
	AuthMethodStatus []AuthMethodStatus `json:"authMethodStatus,omitempty" protobuf:"bytes,9,rep,name=authMethodStatus"`
}

func (*VaultServerStatus) DeepCopy

func (in *VaultServerStatus) DeepCopy() *VaultServerStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultServerStatus.

func (*VaultServerStatus) DeepCopyInto

func (in *VaultServerStatus) DeepCopyInto(out *VaultServerStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultServerStatus) Descriptor

func (*VaultServerStatus) Descriptor() ([]byte, []int)

func (*VaultServerStatus) Marshal

func (m *VaultServerStatus) Marshal() (dAtA []byte, err error)

func (*VaultServerStatus) MarshalTo

func (m *VaultServerStatus) MarshalTo(dAtA []byte) (int, error)

func (*VaultServerStatus) MarshalToSizedBuffer

func (m *VaultServerStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*VaultServerStatus) ProtoMessage

func (*VaultServerStatus) ProtoMessage()

func (*VaultServerStatus) Reset

func (m *VaultServerStatus) Reset()

func (*VaultServerStatus) Size

func (m *VaultServerStatus) Size() (n int)

func (*VaultServerStatus) String

func (this *VaultServerStatus) String() string

func (*VaultServerStatus) Unmarshal

func (m *VaultServerStatus) Unmarshal(dAtA []byte) error

func (*VaultServerStatus) XXX_DiscardUnknown

func (m *VaultServerStatus) XXX_DiscardUnknown()

func (*VaultServerStatus) XXX_Marshal

func (m *VaultServerStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VaultServerStatus) XXX_Merge

func (m *VaultServerStatus) XXX_Merge(src proto.Message)

func (*VaultServerStatus) XXX_Size

func (m *VaultServerStatus) XXX_Size() int

func (*VaultServerStatus) XXX_Unmarshal

func (m *VaultServerStatus) XXX_Unmarshal(b []byte) error

type VaultStatus

type VaultStatus struct {
	// PodName of the active Vault node. Active node is unsealed.
	// Only active node can serve requests.
	// Vault service only points to the active node.
	// +optional
	Active string `json:"active,omitempty" protobuf:"bytes,1,opt,name=active"`

	// PodNames of the standby Vault nodes. Standby nodes are unsealed.
	// Standby nodes do not process requests, and instead redirect to the active Vault.
	// +optional
	Standby []string `json:"standby,omitempty" protobuf:"bytes,2,rep,name=standby"`

	// PodNames of Sealed Vault nodes. Sealed nodes MUST be unsealed to
	// become standby or leader.
	// +optional
	Sealed []string `json:"sealed,omitempty" protobuf:"bytes,3,rep,name=sealed"`

	// PodNames of Unsealed Vault nodes.
	// +optional
	Unsealed []string `json:"unsealed,omitempty" protobuf:"bytes,4,rep,name=unsealed"`
}

func (*VaultStatus) DeepCopy

func (in *VaultStatus) DeepCopy() *VaultStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultStatus.

func (*VaultStatus) DeepCopyInto

func (in *VaultStatus) DeepCopyInto(out *VaultStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultStatus) Descriptor

func (*VaultStatus) Descriptor() ([]byte, []int)

func (*VaultStatus) Marshal

func (m *VaultStatus) Marshal() (dAtA []byte, err error)

func (*VaultStatus) MarshalTo

func (m *VaultStatus) MarshalTo(dAtA []byte) (int, error)

func (*VaultStatus) MarshalToSizedBuffer

func (m *VaultStatus) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*VaultStatus) ProtoMessage

func (*VaultStatus) ProtoMessage()

func (*VaultStatus) Reset

func (m *VaultStatus) Reset()

func (*VaultStatus) Size

func (m *VaultStatus) Size() (n int)

func (*VaultStatus) String

func (this *VaultStatus) String() string

func (*VaultStatus) Unmarshal

func (m *VaultStatus) Unmarshal(dAtA []byte) error

func (*VaultStatus) XXX_DiscardUnknown

func (m *VaultStatus) XXX_DiscardUnknown()

func (*VaultStatus) XXX_Marshal

func (m *VaultStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VaultStatus) XXX_Merge

func (m *VaultStatus) XXX_Merge(src proto.Message)

func (*VaultStatus) XXX_Size

func (m *VaultStatus) XXX_Size() int

func (*VaultStatus) XXX_Unmarshal

func (m *VaultStatus) XXX_Unmarshal(b []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL