Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the k8s v1alpha1 API group +k8s:deepcopy-gen=package,register +k8s:openapi-gen=true +groupName=k8s.amaiz.com
Index ¶
- Constants
- Variables
- func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition
- type AWSCredentials
- type AWSKMS
- type Curve25519
- type EncryptedSecret
- type EncryptedSecretList
- type EncryptedSecretStatus
- type EncryptionConfigRef
- type GCPKMS
- type SecretEncryptionConfig
- type SecretEncryptionConfigList
- type SecretEncryptionProvider
- type SecretEncryptionStatus
- type SecretKeySelector
Constants ¶
const ( // Curve25519MaxKeyCount is a maximum number of Curve25519 key pairs. // It is limited to the maximum size of the Kubernetes Secret. Curve25519MaxKeyCount = corev1.MaxSecretSize / 32 // Curve25519keyStorePublicKeysMapKey is used to store the public keys in the keystore map Curve25519keyStorePublicKeysMapKey = "publicKeys" // Curve25519keyStorePrivateKeysMapKey is used to store the primary public key in the keystore map Curve25519keyStorePrivateKeysMapKey = "privateKeys" // Curve25519keyStoreCheckSumAnnotationKey is the annotation key to store the hash of the keystore Curve25519keyStoreCheckSumAnnotationKey = "keyStoreCheckSum" )
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "k8s.amaiz.com", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} )
Functions ¶
func GetOpenAPIDefinitions ¶ added in v0.0.2
func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition
Types ¶
type AWSCredentials ¶ added in v0.0.4
type AWSCredentials struct {
// AWS Access key ID
AccessKeyID SecretKeySelector `json:"accessKeyID"`
// AWS Secret Access Key
SecretAccessKey SecretKeySelector `json:"secretAccessKey"`
}
AWSCredentials defines a reference to the AWS Access key ID and Secret Access Key in a Secret collocated in the same namespace
func (*AWSCredentials) DeepCopy ¶ added in v0.0.4
func (in *AWSCredentials) DeepCopy() *AWSCredentials
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSCredentials.
func (*AWSCredentials) DeepCopyInto ¶ added in v0.0.4
func (in *AWSCredentials) DeepCopyInto(out *AWSCredentials)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSKMS ¶ added in v0.0.4
type AWSKMS struct {
// A unique identifier for the customer master key (CMK).
//
// To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name,
// or alias ARN. When using an alias name, prefix it with "alias/". To specify
// a CMK in a different AWS account, you must use the key ARN or alias ARN.
//
// For example:
//
// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
//
// * Alias name: alias/ExampleAlias
//
// * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
//
// To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To
// get the alias name and alias ARN, use ListAliases.
//
// KeyId is a required field
KeyID string `json:"keyID"`
// The region to send requests to. This parameter is required and must
// be configured globally or on a per-client basis unless otherwise
// noted. A full list of regions is found in the "Regions and Endpoints"
// document.
//
// See http://docs.aws.amazon.com/general/latest/gr/rande.html for AWS
// Regions and Endpoints.
Region string `json:"region,omitempty"`
// List of references to the AWS Access key IDs and Secret Access Keys
Credentials []AWSCredentials `json:"credentials"`
}
AWSKMS defines all the parameters needed for encryption via AWS KMS.
func (*AWSKMS) DeepCopy ¶ added in v0.0.4
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSKMS.
func (*AWSKMS) DeepCopyInto ¶ added in v0.0.4
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Curve25519 ¶
type Curve25519 struct {
// Reference to a secret containing a key store with Curve25519 key pairs
KeyStore corev1.LocalObjectReference `json:"keyStore"`
// Key rotation schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
RotationSchedule string `json:"rotationSchedule,omitempty"`
}
Curve25519 represents a Curve25519 keyring.
func (*Curve25519) DeepCopy ¶
func (in *Curve25519) DeepCopy() *Curve25519
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Curve25519.
func (*Curve25519) DeepCopyInto ¶
func (in *Curve25519) DeepCopyInto(out *Curve25519)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EncryptedSecret ¶
type EncryptedSecret struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// Data contains the secret data. Each key must consist of alphanumeric
// characters, '-', '_' or '.'. The serialized form of the secret data is a
// base64 encoded string, representing the arbitrary (possibly non-string)
// data value here. Described in https://tools.ietf.org/html/rfc4648#section-4
Data map[string][]byte `json:"data,omitempty"`
// Used to facilitate programmatic handling of secret data.
Type corev1.SecretType `json:"type,omitempty"`
// EncryptionConfigRef holds a reference to the SecretEncryptionConfig
EncryptionConfigRef EncryptionConfigRef `json:"encryptionConfigRef"`
Status *EncryptedSecretStatus `json:"status,omitempty"`
}
EncryptedSecret is the Schema for the encryptedsecrets API +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Decrypted",type="boolean",JSONPath=".status.decrypted",description="Indicates whether the secret has been successfully decrypted and created"
func (*EncryptedSecret) DeepCopy ¶
func (in *EncryptedSecret) DeepCopy() *EncryptedSecret
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptedSecret.
func (*EncryptedSecret) DeepCopyInto ¶
func (in *EncryptedSecret) DeepCopyInto(out *EncryptedSecret)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EncryptedSecret) DeepCopyObject ¶
func (in *EncryptedSecret) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EncryptedSecretList ¶
type EncryptedSecretList struct {
metav1.TypeMeta `json:",inline"`
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
metav1.ListMeta `json:"metadata,omitempty"`
Items []EncryptedSecret `json:"items"`
}
EncryptedSecretList contains a list of EncryptedSecrets +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*EncryptedSecretList) DeepCopy ¶
func (in *EncryptedSecretList) DeepCopy() *EncryptedSecretList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptedSecretList.
func (*EncryptedSecretList) DeepCopyInto ¶
func (in *EncryptedSecretList) DeepCopyInto(out *EncryptedSecretList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EncryptedSecretList) DeepCopyObject ¶
func (in *EncryptedSecretList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EncryptedSecretStatus ¶
type EncryptedSecretStatus struct {
// Decrypted is set to true once the Secret is fully decrypted and created.
Decrypted bool `json:"decrypted,omitempty"`
// FailedToDecrypt holds the map of Secret.Data keys which could not be decrypted.
// Since different keys can be encrypted using different providers,
// failing to decrypt a single value should not block creating the decrypted
// Secret resource. Thus every EncryptedSecret is decrypted and created on
// the best effort basis.
FailedToDecrypt map[string]string `json:"failedToDecrypt,omitempty"`
}
EncryptedSecretStatus defines the observed state of EncryptedSecret
func (*EncryptedSecretStatus) DeepCopy ¶
func (in *EncryptedSecretStatus) DeepCopy() *EncryptedSecretStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptedSecretStatus.
func (*EncryptedSecretStatus) DeepCopyInto ¶
func (in *EncryptedSecretStatus) DeepCopyInto(out *EncryptedSecretStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EncryptionConfigRef ¶
type EncryptionConfigRef struct {
// Name is the name of SecretEncryptionConfig being referenced
Name string `json:"name"`
}
EncryptionConfigRef contains information that points to the SecretEncryptionConfig being used for encryption/decryption
func (*EncryptionConfigRef) DeepCopy ¶
func (in *EncryptionConfigRef) DeepCopy() *EncryptionConfigRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfigRef.
func (*EncryptionConfigRef) DeepCopyInto ¶
func (in *EncryptionConfigRef) DeepCopyInto(out *EncryptionConfigRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GCPKMS ¶
type GCPKMS struct {
// GCP project ID, see https://cloud.google.com/kms/docs/object-hierarchy#project
// +kubebuilder:validation:Pattern=^[a-z]([a-z0-9-]+)?[a-z0-9]?$
ProjectID string `json:"projectID"`
// KMS location ID, see https://cloud.google.com/kms/docs/object-hierarchy#location
// +kubebuilder:validation:Pattern=^[\w-]{1,63}$
LocationID string `json:"locationID"`
// Key ring resource ID, see https://cloud.google.com/kms/docs/object-hierarchy#key_ring
// +kubebuilder:validation:Pattern=^[\w-]{1,63}$
KeyRingID string `json:"keyRingID"`
// Key resource ID, see https://cloud.google.com/kms/docs/object-hierarchy#key
// +kubebuilder:validation:Pattern=^[\w-]{1,63}$
CryptoKeyID string `json:"cryptoKeyID"`
// Key version resource ID (needed for asymmetric decryption), see https://cloud.google.com/kms/docs/object-hierarchy#key_version
// +kubebuilder:validation:Minimum=1
CryptoKeyVersion int `json:"cryptoKeyVersion,omitempty"`
// List of references to keys of Secrets containing GCP credential files, see https://cloud.google.com/iam/docs/creating-managing-service-account-keys
Credentials []SecretKeySelector `json:"credentials"`
}
GCPKMS defines all the parameters needed for encryption via GCP KMS.
func (*GCPKMS) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPKMS.
func (*GCPKMS) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretEncryptionConfig ¶
type SecretEncryptionConfig struct {
metav1.TypeMeta `json:",inline"`
// Standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// Providers is the list of encryption providers to be used.
// The first one is the primary provider that will be used for encryption.
// +kubebuilder:validation:Minimum=1
Providers []SecretEncryptionProvider `json:"providers"`
// Status contains the information about public keys of the primary encryption
// provider (if applicable), observed state of the configuration, etc.
Status SecretEncryptionStatus `json:"status,omitempty"`
}
SecretEncryptionConfig is the Schema for the secretencryptionconfigs API +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:subresource:status
func (*SecretEncryptionConfig) DeepCopy ¶
func (in *SecretEncryptionConfig) DeepCopy() *SecretEncryptionConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEncryptionConfig.
func (*SecretEncryptionConfig) DeepCopyInto ¶
func (in *SecretEncryptionConfig) DeepCopyInto(out *SecretEncryptionConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretEncryptionConfig) DeepCopyObject ¶
func (in *SecretEncryptionConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecretEncryptionConfigList ¶
type SecretEncryptionConfigList struct {
metav1.TypeMeta `json:",inline"`
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
metav1.ListMeta `json:"metadata,omitempty"`
Items []SecretEncryptionConfig `json:"items"`
}
SecretEncryptionConfigList contains a list of SecretEncryptionConfigs +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*SecretEncryptionConfigList) DeepCopy ¶
func (in *SecretEncryptionConfigList) DeepCopy() *SecretEncryptionConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEncryptionConfigList.
func (*SecretEncryptionConfigList) DeepCopyInto ¶
func (in *SecretEncryptionConfigList) DeepCopyInto(out *SecretEncryptionConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretEncryptionConfigList) DeepCopyObject ¶
func (in *SecretEncryptionConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecretEncryptionProvider ¶
type SecretEncryptionProvider struct {
// Name is the name of the provider to be used.
// +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Name string `json:"name"`
// Curve25519 defines the configuration of the local Curve25519 provider
Curve25519 *Curve25519 `json:"curve25519,omitempty"`
// GCPKMS defines the configuration of the GCP KMS provider
GCPKMS *GCPKMS `json:"gcpkms,omitempty"`
// AWSKMS defines the configuration of the AWS KMS provider
AWSKMS *AWSKMS `json:"awskms,omitempty"`
}
SecretEncryptionProvider defines the desired state of SecretEncryptionConfig.
func (*SecretEncryptionProvider) DeepCopy ¶
func (in *SecretEncryptionProvider) DeepCopy() *SecretEncryptionProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEncryptionProvider.
func (*SecretEncryptionProvider) DeepCopyInto ¶
func (in *SecretEncryptionProvider) DeepCopyInto(out *SecretEncryptionProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretEncryptionStatus ¶
type SecretEncryptionStatus struct {
// PublicKey is the current primary PublicKey used for encryption
PublicKey string `json:"publicKey,omitempty"`
}
SecretEncryptionStatus defines the observed state of SecretEncryptionConfig.
func (*SecretEncryptionStatus) DeepCopy ¶
func (in *SecretEncryptionStatus) DeepCopy() *SecretEncryptionStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEncryptionStatus.
func (*SecretEncryptionStatus) DeepCopyInto ¶
func (in *SecretEncryptionStatus) DeepCopyInto(out *SecretEncryptionStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretKeySelector ¶
type SecretKeySelector struct {
// Selects a key of a Secret in the same namespace
SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef"`
}
SecretKeySelector defines a reference to the specific key in a Secret collocated in the same namespace
func (*SecretKeySelector) DeepCopy ¶
func (in *SecretKeySelector) DeepCopy() *SecretKeySelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.
func (*SecretKeySelector) DeepCopyInto ¶
func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files