v1alpha1

package

v0.8.25 Latest Latest Go to latest Published: Dec 4, 2023 License: Apache-2.0 Imports: 31 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/redhat-cop/vault-config-operator

Links

Open Source Insights

Documentation ¶

Overview ¶

Package v1alpha1 contains API Schema definitions for the redhatcop v1alpha1 API group +kubebuilder:object:generate=true +groupName=redhatcop.redhat.io

Index ¶

Constants
Variables
type AuthEngineMount
- func (in *AuthEngineMount) DeepCopy() *AuthEngineMount
- func (in *AuthEngineMount) DeepCopyInto(out *AuthEngineMount)
- func (in *AuthEngineMount) DeepCopyObject() runtime.Object
- func (r *AuthEngineMount) Default()
- func (m *AuthEngineMount) GetConditions() []metav1.Condition
- func (d *AuthEngineMount) GetEngineListPath() string
- func (d *AuthEngineMount) GetEngineTunePath() string
- func (d *AuthEngineMount) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *AuthEngineMount) GetPath() string
- func (d *AuthEngineMount) GetPayload() map[string]interface{}
- func (d *AuthEngineMount) GetTunePayload() map[string]interface{}
- func (d *AuthEngineMount) GetVaultConnection() *vaultutils.VaultConnection
- func (d *AuthEngineMount) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *AuthEngineMount) IsInitialized() bool
- func (d *AuthEngineMount) IsValid() (bool, error)
- func (d *AuthEngineMount) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *AuthEngineMount) PrepareTLSConfig(context context.Context, object client.Object) error
- func (d *AuthEngineMount) SetAccessor(accessor string)
- func (m *AuthEngineMount) SetConditions(conditions []metav1.Condition)
- func (r *AuthEngineMount) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *AuthEngineMount) ValidateCreate() (admission.Warnings, error)
- func (r *AuthEngineMount) ValidateDelete() (admission.Warnings, error)
- func (r *AuthEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type AuthEngineMountList
- func (in *AuthEngineMountList) DeepCopy() *AuthEngineMountList
- func (in *AuthEngineMountList) DeepCopyInto(out *AuthEngineMountList)
- func (in *AuthEngineMountList) DeepCopyObject() runtime.Object
type AuthEngineMountSpec
- func (in *AuthEngineMountSpec) DeepCopy() *AuthEngineMountSpec
- func (in *AuthEngineMountSpec) DeepCopyInto(out *AuthEngineMountSpec)
type AuthEngineMountStatus
- func (in *AuthEngineMountStatus) DeepCopy() *AuthEngineMountStatus
- func (in *AuthEngineMountStatus) DeepCopyInto(out *AuthEngineMountStatus)
type AuthMount
- func (in *AuthMount) DeepCopy() *AuthMount
- func (in *AuthMount) DeepCopyInto(out *AuthMount)
type AuthMountConfig
- func (in *AuthMountConfig) DeepCopy() *AuthMountConfig
- func (in *AuthMountConfig) DeepCopyInto(out *AuthMountConfig)
type DBSEConfig
- func (in *DBSEConfig) DeepCopy() *DBSEConfig
- func (in *DBSEConfig) DeepCopyInto(out *DBSEConfig)
type DBSERole
- func (in *DBSERole) DeepCopy() *DBSERole
- func (in *DBSERole) DeepCopyInto(out *DBSERole)
type DBSEStaticRole
- func (in *DBSEStaticRole) DeepCopy() *DBSEStaticRole
- func (in *DBSEStaticRole) DeepCopyInto(out *DBSEStaticRole)
type DatabaseSecretEngineConfig
- func (in *DatabaseSecretEngineConfig) DeepCopy() *DatabaseSecretEngineConfig
- func (in *DatabaseSecretEngineConfig) DeepCopyInto(out *DatabaseSecretEngineConfig)
- func (in *DatabaseSecretEngineConfig) DeepCopyObject() runtime.Object
- func (r *DatabaseSecretEngineConfig) Default()
- func (m *DatabaseSecretEngineConfig) GetConditions() []metav1.Condition
- func (d *DatabaseSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *DatabaseSecretEngineConfig) GetPath() string
- func (d *DatabaseSecretEngineConfig) GetPayload() map[string]interface{}
- func (d *DatabaseSecretEngineConfig) GetRootPasswordRotationPath() string
- func (d *DatabaseSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (d *DatabaseSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *DatabaseSecretEngineConfig) IsInitialized() bool
- func (r *DatabaseSecretEngineConfig) IsValid() (bool, error)
- func (d *DatabaseSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *DatabaseSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (d *DatabaseSecretEngineConfig) RotateRootPassword(ctx context.Context) error
- func (m *DatabaseSecretEngineConfig) SetConditions(conditions []metav1.Condition)
- func (m *DatabaseSecretEngineConfig) SetUsernameAndPassword(username string, password string)
- func (r *DatabaseSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *DatabaseSecretEngineConfig) ValidateCreate() (admission.Warnings, error)
- func (r *DatabaseSecretEngineConfig) ValidateDelete() (admission.Warnings, error)
- func (r *DatabaseSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type DatabaseSecretEngineConfigList
- func (in *DatabaseSecretEngineConfigList) DeepCopy() *DatabaseSecretEngineConfigList
- func (in *DatabaseSecretEngineConfigList) DeepCopyInto(out *DatabaseSecretEngineConfigList)
- func (in *DatabaseSecretEngineConfigList) DeepCopyObject() runtime.Object
type DatabaseSecretEngineConfigSpec
- func (in *DatabaseSecretEngineConfigSpec) DeepCopy() *DatabaseSecretEngineConfigSpec
- func (in *DatabaseSecretEngineConfigSpec) DeepCopyInto(out *DatabaseSecretEngineConfigSpec)
type DatabaseSecretEngineConfigStatus
- func (in *DatabaseSecretEngineConfigStatus) DeepCopy() *DatabaseSecretEngineConfigStatus
- func (in *DatabaseSecretEngineConfigStatus) DeepCopyInto(out *DatabaseSecretEngineConfigStatus)
type DatabaseSecretEngineRole
- func (in *DatabaseSecretEngineRole) DeepCopy() *DatabaseSecretEngineRole
- func (in *DatabaseSecretEngineRole) DeepCopyInto(out *DatabaseSecretEngineRole)
- func (in *DatabaseSecretEngineRole) DeepCopyObject() runtime.Object
- func (r *DatabaseSecretEngineRole) Default()
- func (m *DatabaseSecretEngineRole) GetConditions() []metav1.Condition
- func (d *DatabaseSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *DatabaseSecretEngineRole) GetPath() string
- func (d *DatabaseSecretEngineRole) GetPayload() map[string]interface{}
- func (d *DatabaseSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection
- func (d *DatabaseSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *DatabaseSecretEngineRole) IsInitialized() bool
- func (r *DatabaseSecretEngineRole) IsValid() (bool, error)
- func (d *DatabaseSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *DatabaseSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *DatabaseSecretEngineRole) SetConditions(conditions []metav1.Condition)
- func (r *DatabaseSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *DatabaseSecretEngineRole) ValidateCreate() (admission.Warnings, error)
- func (r *DatabaseSecretEngineRole) ValidateDelete() (admission.Warnings, error)
- func (r *DatabaseSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type DatabaseSecretEngineRoleList
- func (in *DatabaseSecretEngineRoleList) DeepCopy() *DatabaseSecretEngineRoleList
- func (in *DatabaseSecretEngineRoleList) DeepCopyInto(out *DatabaseSecretEngineRoleList)
- func (in *DatabaseSecretEngineRoleList) DeepCopyObject() runtime.Object
type DatabaseSecretEngineRoleSpec
- func (in *DatabaseSecretEngineRoleSpec) DeepCopy() *DatabaseSecretEngineRoleSpec
- func (in *DatabaseSecretEngineRoleSpec) DeepCopyInto(out *DatabaseSecretEngineRoleSpec)
type DatabaseSecretEngineRoleStatus
- func (in *DatabaseSecretEngineRoleStatus) DeepCopy() *DatabaseSecretEngineRoleStatus
- func (in *DatabaseSecretEngineRoleStatus) DeepCopyInto(out *DatabaseSecretEngineRoleStatus)
type DatabaseSecretEngineStaticRole
- func (in *DatabaseSecretEngineStaticRole) DeepCopy() *DatabaseSecretEngineStaticRole
- func (in *DatabaseSecretEngineStaticRole) DeepCopyInto(out *DatabaseSecretEngineStaticRole)
- func (in *DatabaseSecretEngineStaticRole) DeepCopyObject() runtime.Object
- func (r *DatabaseSecretEngineStaticRole) Default()
- func (m *DatabaseSecretEngineStaticRole) GetConditions() []metav1.Condition
- func (d *DatabaseSecretEngineStaticRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *DatabaseSecretEngineStaticRole) GetPath() string
- func (d *DatabaseSecretEngineStaticRole) GetPayload() map[string]interface{}
- func (d *DatabaseSecretEngineStaticRole) GetVaultConnection() *vaultutils.VaultConnection
- func (d *DatabaseSecretEngineStaticRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *DatabaseSecretEngineStaticRole) IsInitialized() bool
- func (r *DatabaseSecretEngineStaticRole) IsValid() (bool, error)
- func (d *DatabaseSecretEngineStaticRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *DatabaseSecretEngineStaticRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *DatabaseSecretEngineStaticRole) SetConditions(conditions []metav1.Condition)
- func (r *DatabaseSecretEngineStaticRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *DatabaseSecretEngineStaticRole) ValidateCreate() (admission.Warnings, error)
- func (r *DatabaseSecretEngineStaticRole) ValidateDelete() (admission.Warnings, error)
- func (r *DatabaseSecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type DatabaseSecretEngineStaticRoleList
- func (in *DatabaseSecretEngineStaticRoleList) DeepCopy() *DatabaseSecretEngineStaticRoleList
- func (in *DatabaseSecretEngineStaticRoleList) DeepCopyInto(out *DatabaseSecretEngineStaticRoleList)
- func (in *DatabaseSecretEngineStaticRoleList) DeepCopyObject() runtime.Object
type DatabaseSecretEngineStaticRoleSpec
- func (in *DatabaseSecretEngineStaticRoleSpec) DeepCopy() *DatabaseSecretEngineStaticRoleSpec
- func (in *DatabaseSecretEngineStaticRoleSpec) DeepCopyInto(out *DatabaseSecretEngineStaticRoleSpec)
type DatabaseSecretEngineStaticRoleStatus
- func (in *DatabaseSecretEngineStaticRoleStatus) DeepCopy() *DatabaseSecretEngineStaticRoleStatus
- func (in *DatabaseSecretEngineStaticRoleStatus) DeepCopyInto(out *DatabaseSecretEngineStaticRoleStatus)
type GHConfig
- func (in *GHConfig) DeepCopy() *GHConfig
- func (in *GHConfig) DeepCopyInto(out *GHConfig)
type GitHubSecretEngineConfig
- func (in *GitHubSecretEngineConfig) DeepCopy() *GitHubSecretEngineConfig
- func (in *GitHubSecretEngineConfig) DeepCopyInto(out *GitHubSecretEngineConfig)
- func (in *GitHubSecretEngineConfig) DeepCopyObject() runtime.Object
- func (r *GitHubSecretEngineConfig) Default()
- func (m *GitHubSecretEngineConfig) GetConditions() []metav1.Condition
- func (d *GitHubSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *GitHubSecretEngineConfig) GetPath() string
- func (d *GitHubSecretEngineConfig) GetPayload() map[string]interface{}
- func (d *GitHubSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (d *GitHubSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *GitHubSecretEngineConfig) IsInitialized() bool
- func (r *GitHubSecretEngineConfig) IsValid() (bool, error)
- func (d *GitHubSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *GitHubSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *GitHubSecretEngineConfig) SetConditions(conditions []metav1.Condition)
- func (r *GitHubSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *GitHubSecretEngineConfig) ValidateCreate() (admission.Warnings, error)
- func (r *GitHubSecretEngineConfig) ValidateDelete() (admission.Warnings, error)
- func (r *GitHubSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type GitHubSecretEngineConfigList
- func (in *GitHubSecretEngineConfigList) DeepCopy() *GitHubSecretEngineConfigList
- func (in *GitHubSecretEngineConfigList) DeepCopyInto(out *GitHubSecretEngineConfigList)
- func (in *GitHubSecretEngineConfigList) DeepCopyObject() runtime.Object
type GitHubSecretEngineConfigSpec
- func (in *GitHubSecretEngineConfigSpec) DeepCopy() *GitHubSecretEngineConfigSpec
- func (in *GitHubSecretEngineConfigSpec) DeepCopyInto(out *GitHubSecretEngineConfigSpec)
type GitHubSecretEngineConfigStatus
- func (in *GitHubSecretEngineConfigStatus) DeepCopy() *GitHubSecretEngineConfigStatus
- func (in *GitHubSecretEngineConfigStatus) DeepCopyInto(out *GitHubSecretEngineConfigStatus)
type GitHubSecretEngineRole
- func (in *GitHubSecretEngineRole) DeepCopy() *GitHubSecretEngineRole
- func (in *GitHubSecretEngineRole) DeepCopyInto(out *GitHubSecretEngineRole)
- func (in *GitHubSecretEngineRole) DeepCopyObject() runtime.Object
- func (r *GitHubSecretEngineRole) Default()
- func (m *GitHubSecretEngineRole) GetConditions() []metav1.Condition
- func (d *GitHubSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *GitHubSecretEngineRole) GetPath() string
- func (d *GitHubSecretEngineRole) GetPayload() map[string]interface{}
- func (d *GitHubSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection
- func (d *GitHubSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *GitHubSecretEngineRole) IsInitialized() bool
- func (r *GitHubSecretEngineRole) IsValid() (bool, error)
- func (d *GitHubSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *GitHubSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *GitHubSecretEngineRole) SetConditions(conditions []metav1.Condition)
- func (r *GitHubSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *GitHubSecretEngineRole) ValidateCreate() (admission.Warnings, error)
- func (r *GitHubSecretEngineRole) ValidateDelete() (admission.Warnings, error)
- func (r *GitHubSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type GitHubSecretEngineRoleList
- func (in *GitHubSecretEngineRoleList) DeepCopy() *GitHubSecretEngineRoleList
- func (in *GitHubSecretEngineRoleList) DeepCopyInto(out *GitHubSecretEngineRoleList)
- func (in *GitHubSecretEngineRoleList) DeepCopyObject() runtime.Object
type GitHubSecretEngineRoleSpec
- func (in *GitHubSecretEngineRoleSpec) DeepCopy() *GitHubSecretEngineRoleSpec
- func (in *GitHubSecretEngineRoleSpec) DeepCopyInto(out *GitHubSecretEngineRoleSpec)
type GitHubSecretEngineRoleStatus
- func (in *GitHubSecretEngineRoleStatus) DeepCopy() *GitHubSecretEngineRoleStatus
- func (in *GitHubSecretEngineRoleStatus) DeepCopyInto(out *GitHubSecretEngineRoleStatus)
type Group
- func (in *Group) DeepCopy() *Group
- func (in *Group) DeepCopyInto(out *Group)
- func (in *Group) DeepCopyObject() runtime.Object
- func (r *Group) Default()
- func (m *Group) GetConditions() []metav1.Condition
- func (d *Group) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *Group) GetPath() string
- func (d *Group) GetPayload() map[string]interface{}
- func (d *Group) GetVaultConnection() *vaultutils.VaultConnection
- func (d *Group) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *Group) IsInitialized() bool
- func (r *Group) IsValid() (bool, error)
- func (d *Group) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *Group) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *Group) SetConditions(conditions []metav1.Condition)
- func (r *Group) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *Group) ValidateCreate() (admission.Warnings, error)
- func (r *Group) ValidateDelete() (admission.Warnings, error)
- func (r *Group) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type GroupAlias
- func (in *GroupAlias) DeepCopy() *GroupAlias
- func (in *GroupAlias) DeepCopyInto(out *GroupAlias)
- func (in *GroupAlias) DeepCopyObject() runtime.Object
- func (r *GroupAlias) Default()
- func (m *GroupAlias) GetConditions() []metav1.Condition
- func (d *GroupAlias) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *GroupAlias) GetPath() string
- func (d *GroupAlias) GetPayload() map[string]interface{}
- func (d *GroupAlias) GetVaultConnection() *vaultutils.VaultConnection
- func (d *GroupAlias) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *GroupAlias) IsInitialized() bool
- func (r *GroupAlias) IsValid() (bool, error)
- func (d *GroupAlias) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *GroupAlias) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *GroupAlias) SetConditions(conditions []metav1.Condition)
- func (r *GroupAlias) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *GroupAlias) ValidateCreate() (admission.Warnings, error)
- func (r *GroupAlias) ValidateDelete() (admission.Warnings, error)
- func (r *GroupAlias) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type GroupAliasConfig
- func (in *GroupAliasConfig) DeepCopy() *GroupAliasConfig
- func (in *GroupAliasConfig) DeepCopyInto(out *GroupAliasConfig)
type GroupAliasList
- func (in *GroupAliasList) DeepCopy() *GroupAliasList
- func (in *GroupAliasList) DeepCopyInto(out *GroupAliasList)
- func (in *GroupAliasList) DeepCopyObject() runtime.Object
type GroupAliasSpec
- func (in *GroupAliasSpec) DeepCopy() *GroupAliasSpec
- func (in *GroupAliasSpec) DeepCopyInto(out *GroupAliasSpec)
type GroupAliasStatus
- func (in *GroupAliasStatus) DeepCopy() *GroupAliasStatus
- func (in *GroupAliasStatus) DeepCopyInto(out *GroupAliasStatus)
type GroupConfig
- func (in *GroupConfig) DeepCopy() *GroupConfig
- func (in *GroupConfig) DeepCopyInto(out *GroupConfig)
type GroupList
- func (in *GroupList) DeepCopy() *GroupList
- func (in *GroupList) DeepCopyInto(out *GroupList)
- func (in *GroupList) DeepCopyObject() runtime.Object
type GroupSpec
- func (in *GroupSpec) DeepCopy() *GroupSpec
- func (in *GroupSpec) DeepCopyInto(out *GroupSpec)
type GroupStatus
- func (in *GroupStatus) DeepCopy() *GroupStatus
- func (in *GroupStatus) DeepCopyInto(out *GroupStatus)
type JWTOIDCAuthEngineConfig
- func (in *JWTOIDCAuthEngineConfig) DeepCopy() *JWTOIDCAuthEngineConfig
- func (in *JWTOIDCAuthEngineConfig) DeepCopyInto(out *JWTOIDCAuthEngineConfig)
- func (in *JWTOIDCAuthEngineConfig) DeepCopyObject() runtime.Object
- func (r *JWTOIDCAuthEngineConfig) Default()
- func (r *JWTOIDCAuthEngineConfig) GetConditions() []metav1.Condition
- func (r *JWTOIDCAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (r *JWTOIDCAuthEngineConfig) GetPath() string
- func (r *JWTOIDCAuthEngineConfig) GetPayload() map[string]interface{}
- func (d *JWTOIDCAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (r *JWTOIDCAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (r *JWTOIDCAuthEngineConfig) IsInitialized() bool
- func (r *JWTOIDCAuthEngineConfig) IsValid() (bool, error)
- func (r *JWTOIDCAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (r *JWTOIDCAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (r *JWTOIDCAuthEngineConfig) SetConditions(conditions []metav1.Condition)
- func (r *JWTOIDCAuthEngineConfig) SetUsernameAndPassword(OIDCClientID string, OIDCClientSecret string)
- func (r *JWTOIDCAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *JWTOIDCAuthEngineConfig) ValidateCreate() (admission.Warnings, error)
- func (r *JWTOIDCAuthEngineConfig) ValidateDelete() (admission.Warnings, error)
- func (r *JWTOIDCAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type JWTOIDCAuthEngineConfigList
- func (in *JWTOIDCAuthEngineConfigList) DeepCopy() *JWTOIDCAuthEngineConfigList
- func (in *JWTOIDCAuthEngineConfigList) DeepCopyInto(out *JWTOIDCAuthEngineConfigList)
- func (in *JWTOIDCAuthEngineConfigList) DeepCopyObject() runtime.Object
type JWTOIDCAuthEngineConfigSpec
- func (in *JWTOIDCAuthEngineConfigSpec) DeepCopy() *JWTOIDCAuthEngineConfigSpec
- func (in *JWTOIDCAuthEngineConfigSpec) DeepCopyInto(out *JWTOIDCAuthEngineConfigSpec)
type JWTOIDCAuthEngineConfigStatus
- func (in *JWTOIDCAuthEngineConfigStatus) DeepCopy() *JWTOIDCAuthEngineConfigStatus
- func (in *JWTOIDCAuthEngineConfigStatus) DeepCopyInto(out *JWTOIDCAuthEngineConfigStatus)
type JWTOIDCAuthEngineRole
- func (in *JWTOIDCAuthEngineRole) DeepCopy() *JWTOIDCAuthEngineRole
- func (in *JWTOIDCAuthEngineRole) DeepCopyInto(out *JWTOIDCAuthEngineRole)
- func (in *JWTOIDCAuthEngineRole) DeepCopyObject() runtime.Object
- func (r *JWTOIDCAuthEngineRole) Default()
- func (r *JWTOIDCAuthEngineRole) GetConditions() []metav1.Condition
- func (r *JWTOIDCAuthEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (r *JWTOIDCAuthEngineRole) GetPath() string
- func (r *JWTOIDCAuthEngineRole) GetPayload() map[string]interface{}
- func (d *JWTOIDCAuthEngineRole) GetVaultConnection() *vaultutils.VaultConnection
- func (r *JWTOIDCAuthEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (r *JWTOIDCAuthEngineRole) IsInitialized() bool
- func (r *JWTOIDCAuthEngineRole) IsValid() (bool, error)
- func (d *JWTOIDCAuthEngineRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *JWTOIDCAuthEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (r *JWTOIDCAuthEngineRole) SetConditions(conditions []metav1.Condition)
- func (r *JWTOIDCAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *JWTOIDCAuthEngineRole) ValidateCreate() (admission.Warnings, error)
- func (r *JWTOIDCAuthEngineRole) ValidateDelete() (admission.Warnings, error)
- func (r *JWTOIDCAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type JWTOIDCAuthEngineRoleList
- func (in *JWTOIDCAuthEngineRoleList) DeepCopy() *JWTOIDCAuthEngineRoleList
- func (in *JWTOIDCAuthEngineRoleList) DeepCopyInto(out *JWTOIDCAuthEngineRoleList)
- func (in *JWTOIDCAuthEngineRoleList) DeepCopyObject() runtime.Object
type JWTOIDCAuthEngineRoleSpec
- func (in *JWTOIDCAuthEngineRoleSpec) DeepCopy() *JWTOIDCAuthEngineRoleSpec
- func (in *JWTOIDCAuthEngineRoleSpec) DeepCopyInto(out *JWTOIDCAuthEngineRoleSpec)
type JWTOIDCAuthEngineRoleStatus
- func (in *JWTOIDCAuthEngineRoleStatus) DeepCopy() *JWTOIDCAuthEngineRoleStatus
- func (in *JWTOIDCAuthEngineRoleStatus) DeepCopyInto(out *JWTOIDCAuthEngineRoleStatus)
type JWTOIDCConfig
- func (in *JWTOIDCConfig) DeepCopy() *JWTOIDCConfig
- func (in *JWTOIDCConfig) DeepCopyInto(out *JWTOIDCConfig)
type JWTOIDCRole
- func (in *JWTOIDCRole) DeepCopy() *JWTOIDCRole
- func (in *JWTOIDCRole) DeepCopyInto(out *JWTOIDCRole)
type KAECConfig
- func (in *KAECConfig) DeepCopy() *KAECConfig
- func (in *KAECConfig) DeepCopyInto(out *KAECConfig)
type KubeSEConfig
- func (in *KubeSEConfig) DeepCopy() *KubeSEConfig
- func (in *KubeSEConfig) DeepCopyInto(out *KubeSEConfig)
type KubeSERole
- func (in *KubeSERole) DeepCopy() *KubeSERole
- func (in *KubeSERole) DeepCopyInto(out *KubeSERole)
type KubernetesAuthEngineConfig
- func (in *KubernetesAuthEngineConfig) DeepCopy() *KubernetesAuthEngineConfig
- func (in *KubernetesAuthEngineConfig) DeepCopyInto(out *KubernetesAuthEngineConfig)
- func (in *KubernetesAuthEngineConfig) DeepCopyObject() runtime.Object
- func (r *KubernetesAuthEngineConfig) Default()
- func (m *KubernetesAuthEngineConfig) GetConditions() []metav1.Condition
- func (d *KubernetesAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *KubernetesAuthEngineConfig) GetPath() string
- func (d *KubernetesAuthEngineConfig) GetPayload() map[string]interface{}
- func (d *KubernetesAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (d *KubernetesAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *KubernetesAuthEngineConfig) IsInitialized() bool
- func (r *KubernetesAuthEngineConfig) IsValid() (bool, error)
- func (d *KubernetesAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *KubernetesAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *KubernetesAuthEngineConfig) SetConditions(conditions []metav1.Condition)
- func (r *KubernetesAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *KubernetesAuthEngineConfig) ValidateCreate() (admission.Warnings, error)
- func (r *KubernetesAuthEngineConfig) ValidateDelete() (admission.Warnings, error)
- func (r *KubernetesAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type KubernetesAuthEngineConfigList
- func (in *KubernetesAuthEngineConfigList) DeepCopy() *KubernetesAuthEngineConfigList
- func (in *KubernetesAuthEngineConfigList) DeepCopyInto(out *KubernetesAuthEngineConfigList)
- func (in *KubernetesAuthEngineConfigList) DeepCopyObject() runtime.Object
type KubernetesAuthEngineConfigSpec
- func (in *KubernetesAuthEngineConfigSpec) DeepCopy() *KubernetesAuthEngineConfigSpec
- func (in *KubernetesAuthEngineConfigSpec) DeepCopyInto(out *KubernetesAuthEngineConfigSpec)
type KubernetesAuthEngineConfigStatus
- func (in *KubernetesAuthEngineConfigStatus) DeepCopy() *KubernetesAuthEngineConfigStatus
- func (in *KubernetesAuthEngineConfigStatus) DeepCopyInto(out *KubernetesAuthEngineConfigStatus)
type KubernetesAuthEngineRole
- func (in *KubernetesAuthEngineRole) DeepCopy() *KubernetesAuthEngineRole
- func (in *KubernetesAuthEngineRole) DeepCopyInto(out *KubernetesAuthEngineRole)
- func (in *KubernetesAuthEngineRole) DeepCopyObject() runtime.Object
- func (r *KubernetesAuthEngineRole) Default()
- func (m *KubernetesAuthEngineRole) GetConditions() []metav1.Condition
- func (d *KubernetesAuthEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *KubernetesAuthEngineRole) GetPath() string
- func (d *KubernetesAuthEngineRole) GetPayload() map[string]interface{}
- func (d *KubernetesAuthEngineRole) GetVaultConnection() *vaultutils.VaultConnection
- func (d *KubernetesAuthEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *KubernetesAuthEngineRole) IsInitialized() bool
- func (r *KubernetesAuthEngineRole) IsValid() (bool, error)
- func (d *KubernetesAuthEngineRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *KubernetesAuthEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *KubernetesAuthEngineRole) SetConditions(conditions []metav1.Condition)
- func (m *KubernetesAuthEngineRole) SetInternalNamespaces(namespaces []string)
- func (r *KubernetesAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *KubernetesAuthEngineRole) ValidateCreate() (admission.Warnings, error)
- func (r *KubernetesAuthEngineRole) ValidateDelete() (admission.Warnings, error)
- func (r *KubernetesAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type KubernetesAuthEngineRoleList
- func (in *KubernetesAuthEngineRoleList) DeepCopy() *KubernetesAuthEngineRoleList
- func (in *KubernetesAuthEngineRoleList) DeepCopyInto(out *KubernetesAuthEngineRoleList)
- func (in *KubernetesAuthEngineRoleList) DeepCopyObject() runtime.Object
type KubernetesAuthEngineRoleSpec
- func (in *KubernetesAuthEngineRoleSpec) DeepCopy() *KubernetesAuthEngineRoleSpec
- func (in *KubernetesAuthEngineRoleSpec) DeepCopyInto(out *KubernetesAuthEngineRoleSpec)
type KubernetesAuthEngineRoleStatus
- func (in *KubernetesAuthEngineRoleStatus) DeepCopy() *KubernetesAuthEngineRoleStatus
- func (in *KubernetesAuthEngineRoleStatus) DeepCopyInto(out *KubernetesAuthEngineRoleStatus)
type KubernetesSecretEngineConfig
- func (in *KubernetesSecretEngineConfig) DeepCopy() *KubernetesSecretEngineConfig
- func (in *KubernetesSecretEngineConfig) DeepCopyInto(out *KubernetesSecretEngineConfig)
- func (in *KubernetesSecretEngineConfig) DeepCopyObject() runtime.Object
- func (r *KubernetesSecretEngineConfig) Default()
- func (m *KubernetesSecretEngineConfig) GetConditions() []metav1.Condition
- func (d *KubernetesSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *KubernetesSecretEngineConfig) GetPath() string
- func (d *KubernetesSecretEngineConfig) GetPayload() map[string]interface{}
- func (d *KubernetesSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (d *KubernetesSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *KubernetesSecretEngineConfig) IsInitialized() bool
- func (r *KubernetesSecretEngineConfig) IsValid() (bool, error)
- func (d *KubernetesSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *KubernetesSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *KubernetesSecretEngineConfig) SetConditions(conditions []metav1.Condition)
- func (r *KubernetesSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *KubernetesSecretEngineConfig) ValidateCreate() (admission.Warnings, error)
- func (r *KubernetesSecretEngineConfig) ValidateDelete() (admission.Warnings, error)
- func (r *KubernetesSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type KubernetesSecretEngineConfigList
- func (in *KubernetesSecretEngineConfigList) DeepCopy() *KubernetesSecretEngineConfigList
- func (in *KubernetesSecretEngineConfigList) DeepCopyInto(out *KubernetesSecretEngineConfigList)
- func (in *KubernetesSecretEngineConfigList) DeepCopyObject() runtime.Object
type KubernetesSecretEngineConfigSpec
- func (in *KubernetesSecretEngineConfigSpec) DeepCopy() *KubernetesSecretEngineConfigSpec
- func (in *KubernetesSecretEngineConfigSpec) DeepCopyInto(out *KubernetesSecretEngineConfigSpec)
type KubernetesSecretEngineConfigStatus
- func (in *KubernetesSecretEngineConfigStatus) DeepCopy() *KubernetesSecretEngineConfigStatus
- func (in *KubernetesSecretEngineConfigStatus) DeepCopyInto(out *KubernetesSecretEngineConfigStatus)
type KubernetesSecretEngineRole
- func (in *KubernetesSecretEngineRole) DeepCopy() *KubernetesSecretEngineRole
- func (in *KubernetesSecretEngineRole) DeepCopyInto(out *KubernetesSecretEngineRole)
- func (in *KubernetesSecretEngineRole) DeepCopyObject() runtime.Object
- func (r *KubernetesSecretEngineRole) Default()
- func (m *KubernetesSecretEngineRole) GetConditions() []metav1.Condition
- func (d *KubernetesSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *KubernetesSecretEngineRole) GetPath() string
- func (d *KubernetesSecretEngineRole) GetPayload() map[string]interface{}
- func (d *KubernetesSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection
- func (d *KubernetesSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *KubernetesSecretEngineRole) IsInitialized() bool
- func (r *KubernetesSecretEngineRole) IsValid() (bool, error)
- func (d *KubernetesSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *KubernetesSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *KubernetesSecretEngineRole) SetConditions(conditions []metav1.Condition)
- func (r *KubernetesSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *KubernetesSecretEngineRole) ValidateCreate() (admission.Warnings, error)
- func (r *KubernetesSecretEngineRole) ValidateDelete() (admission.Warnings, error)
- func (r *KubernetesSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type KubernetesSecretEngineRoleList
- func (in *KubernetesSecretEngineRoleList) DeepCopy() *KubernetesSecretEngineRoleList
- func (in *KubernetesSecretEngineRoleList) DeepCopyInto(out *KubernetesSecretEngineRoleList)
- func (in *KubernetesSecretEngineRoleList) DeepCopyObject() runtime.Object
type KubernetesSecretEngineRoleSpec
- func (in *KubernetesSecretEngineRoleSpec) DeepCopy() *KubernetesSecretEngineRoleSpec
- func (in *KubernetesSecretEngineRoleSpec) DeepCopyInto(out *KubernetesSecretEngineRoleSpec)
type KubernetesSecretEngineRoleStatus
- func (in *KubernetesSecretEngineRoleStatus) DeepCopy() *KubernetesSecretEngineRoleStatus
- func (in *KubernetesSecretEngineRoleStatus) DeepCopyInto(out *KubernetesSecretEngineRoleStatus)
type LDAPAuthEngineConfig
- func (in *LDAPAuthEngineConfig) DeepCopy() *LDAPAuthEngineConfig
- func (in *LDAPAuthEngineConfig) DeepCopyInto(out *LDAPAuthEngineConfig)
- func (in *LDAPAuthEngineConfig) DeepCopyObject() runtime.Object
- func (r *LDAPAuthEngineConfig) Default()
- func (m *LDAPAuthEngineConfig) GetConditions() []metav1.Condition
- func (d *LDAPAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *LDAPAuthEngineConfig) GetPath() string
- func (d *LDAPAuthEngineConfig) GetPayload() map[string]interface{}
- func (d *LDAPAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (d *LDAPAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *LDAPAuthEngineConfig) IsInitialized() bool
- func (r *LDAPAuthEngineConfig) IsValid() (bool, error)
- func (d *LDAPAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *LDAPAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *LDAPAuthEngineConfig) SetConditions(conditions []metav1.Condition)
- func (m *LDAPAuthEngineConfig) SetUsernameAndPassword(bindDN string, bindPass string)
- func (r *LDAPAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *LDAPAuthEngineConfig) ValidateCreate() (admission.Warnings, error)
- func (r *LDAPAuthEngineConfig) ValidateDelete() (admission.Warnings, error)
- func (r *LDAPAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type LDAPAuthEngineConfigList
- func (in *LDAPAuthEngineConfigList) DeepCopy() *LDAPAuthEngineConfigList
- func (in *LDAPAuthEngineConfigList) DeepCopyInto(out *LDAPAuthEngineConfigList)
- func (in *LDAPAuthEngineConfigList) DeepCopyObject() runtime.Object
type LDAPAuthEngineConfigSpec
- func (in *LDAPAuthEngineConfigSpec) DeepCopy() *LDAPAuthEngineConfigSpec
- func (in *LDAPAuthEngineConfigSpec) DeepCopyInto(out *LDAPAuthEngineConfigSpec)
type LDAPAuthEngineConfigStatus
- func (in *LDAPAuthEngineConfigStatus) DeepCopy() *LDAPAuthEngineConfigStatus
- func (in *LDAPAuthEngineConfigStatus) DeepCopyInto(out *LDAPAuthEngineConfigStatus)
type LDAPAuthEngineGroup
- func (in *LDAPAuthEngineGroup) DeepCopy() *LDAPAuthEngineGroup
- func (in *LDAPAuthEngineGroup) DeepCopyInto(out *LDAPAuthEngineGroup)
- func (in *LDAPAuthEngineGroup) DeepCopyObject() runtime.Object
- func (r *LDAPAuthEngineGroup) Default()
- func (m *LDAPAuthEngineGroup) GetConditions() []metav1.Condition
- func (d *LDAPAuthEngineGroup) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *LDAPAuthEngineGroup) GetPath() string
- func (d *LDAPAuthEngineGroup) GetPayload() map[string]interface{}
- func (d *LDAPAuthEngineGroup) GetVaultConnection() *vaultutils.VaultConnection
- func (d *LDAPAuthEngineGroup) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *LDAPAuthEngineGroup) IsInitialized() bool
- func (r *LDAPAuthEngineGroup) IsValid() (bool, error)
- func (d *LDAPAuthEngineGroup) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *LDAPAuthEngineGroup) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *LDAPAuthEngineGroup) SetConditions(conditions []metav1.Condition)
- func (r *LDAPAuthEngineGroup) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *LDAPAuthEngineGroup) ValidateCreate() (admission.Warnings, error)
- func (r *LDAPAuthEngineGroup) ValidateDelete() (admission.Warnings, error)
- func (r *LDAPAuthEngineGroup) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type LDAPAuthEngineGroupList
- func (in *LDAPAuthEngineGroupList) DeepCopy() *LDAPAuthEngineGroupList
- func (in *LDAPAuthEngineGroupList) DeepCopyInto(out *LDAPAuthEngineGroupList)
- func (in *LDAPAuthEngineGroupList) DeepCopyObject() runtime.Object
type LDAPAuthEngineGroupSpec
- func (in *LDAPAuthEngineGroupSpec) DeepCopy() *LDAPAuthEngineGroupSpec
- func (in *LDAPAuthEngineGroupSpec) DeepCopyInto(out *LDAPAuthEngineGroupSpec)
type LDAPAuthEngineGroupStatus
- func (in *LDAPAuthEngineGroupStatus) DeepCopy() *LDAPAuthEngineGroupStatus
- func (in *LDAPAuthEngineGroupStatus) DeepCopyInto(out *LDAPAuthEngineGroupStatus)
type LDAPConfig
- func (in *LDAPConfig) DeepCopy() *LDAPConfig
- func (in *LDAPConfig) DeepCopyInto(out *LDAPConfig)
type Mount
- func (in *Mount) DeepCopy() *Mount
- func (in *Mount) DeepCopyInto(out *Mount)
type MountConfig
- func (in *MountConfig) DeepCopy() *MountConfig
- func (in *MountConfig) DeepCopyInto(out *MountConfig)
type NamespaceType
type PKICommon
- func (in *PKICommon) DeepCopy() *PKICommon
- func (in *PKICommon) DeepCopyInto(out *PKICommon)
type PKIConfig
- func (in *PKIConfig) DeepCopy() *PKIConfig
- func (in *PKIConfig) DeepCopyInto(out *PKIConfig)
type PKIConfigCRL
- func (in *PKIConfigCRL) DeepCopy() *PKIConfigCRL
- func (in *PKIConfigCRL) DeepCopyInto(out *PKIConfigCRL)
type PKIConfigUrls
- func (in *PKIConfigUrls) DeepCopy() *PKIConfigUrls
- func (in *PKIConfigUrls) DeepCopyInto(out *PKIConfigUrls)
type PKIIntermediate
- func (in *PKIIntermediate) DeepCopy() *PKIIntermediate
- func (in *PKIIntermediate) DeepCopyInto(out *PKIIntermediate)
type PKIRole
- func (in *PKIRole) DeepCopy() *PKIRole
- func (in *PKIRole) DeepCopyInto(out *PKIRole)
type PKISecretEngineConfig
- func (p *PKISecretEngineConfig) CreateExported(context context.Context, secret *vault.Secret) (bool, error)
- func (in *PKISecretEngineConfig) DeepCopy() *PKISecretEngineConfig
- func (in *PKISecretEngineConfig) DeepCopyInto(out *PKISecretEngineConfig)
- func (in *PKISecretEngineConfig) DeepCopyObject() runtime.Object
- func (r *PKISecretEngineConfig) Default()
- func (m *PKISecretEngineConfig) GetConditions() []metav1.Condition
- func (p *PKISecretEngineConfig) GetConfigCrlPath() string
- func (p *PKISecretEngineConfig) GetConfigCrlPayload() map[string]interface{}
- func (p *PKISecretEngineConfig) GetConfigUrlsPath() string
- func (p *PKISecretEngineConfig) GetConfigUrlsPayload() map[string]interface{}
- func (p *PKISecretEngineConfig) GetDeletePath() string
- func (p *PKISecretEngineConfig) GetExportedPayload(data map[string]interface{}) map[string]string
- func (p *PKISecretEngineConfig) GetGeneratePath() string
- func (p *PKISecretEngineConfig) GetGeneratedStatus() bool
- func (p *PKISecretEngineConfig) GetIntermediateSetSignedPath() string
- func (p *PKISecretEngineConfig) GetIntermediateSetSignedPayload() map[string]interface{}
- func (d *PKISecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (p *PKISecretEngineConfig) GetPath() string
- func (p *PKISecretEngineConfig) GetPayload() map[string]interface{}
- func (p *PKISecretEngineConfig) GetSignIntermediatePath() string
- func (p *PKISecretEngineConfig) GetSignIntermediatePayload() map[string]interface{}
- func (p *PKISecretEngineConfig) GetSignedStatus() bool
- func (d *PKISecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (p *PKISecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (p *PKISecretEngineConfig) IsInitialized() bool
- func (p *PKISecretEngineConfig) IsValid() (bool, error)
- func (p *PKISecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (p *PKISecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *PKISecretEngineConfig) SetConditions(conditions []metav1.Condition)
- func (p *PKISecretEngineConfig) SetExportedStatus(status bool)
- func (p *PKISecretEngineConfig) SetGeneratedStatus(status bool)
- func (p *PKISecretEngineConfig) SetIntermediate(context context.Context) error
- func (p *PKISecretEngineConfig) SetSignedStatus(status bool)
- func (r *PKISecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *PKISecretEngineConfig) ValidateCreate() (admission.Warnings, error)
- func (r *PKISecretEngineConfig) ValidateDelete() (admission.Warnings, error)
- func (r *PKISecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type PKISecretEngineConfigList
- func (in *PKISecretEngineConfigList) DeepCopy() *PKISecretEngineConfigList
- func (in *PKISecretEngineConfigList) DeepCopyInto(out *PKISecretEngineConfigList)
- func (in *PKISecretEngineConfigList) DeepCopyObject() runtime.Object
type PKISecretEngineConfigSpec
- func (in *PKISecretEngineConfigSpec) DeepCopy() *PKISecretEngineConfigSpec
- func (in *PKISecretEngineConfigSpec) DeepCopyInto(out *PKISecretEngineConfigSpec)
type PKISecretEngineConfigStatus
- func (in *PKISecretEngineConfigStatus) DeepCopy() *PKISecretEngineConfigStatus
- func (in *PKISecretEngineConfigStatus) DeepCopyInto(out *PKISecretEngineConfigStatus)
type PKISecretEngineRole
- func (in *PKISecretEngineRole) DeepCopy() *PKISecretEngineRole
- func (in *PKISecretEngineRole) DeepCopyInto(out *PKISecretEngineRole)
- func (in *PKISecretEngineRole) DeepCopyObject() runtime.Object
- func (r *PKISecretEngineRole) Default()
- func (m *PKISecretEngineRole) GetConditions() []metav1.Condition
- func (d *PKISecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *PKISecretEngineRole) GetPath() string
- func (d *PKISecretEngineRole) GetPayload() map[string]interface{}
- func (d *PKISecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection
- func (d *PKISecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *PKISecretEngineRole) IsInitialized() bool
- func (r *PKISecretEngineRole) IsValid() (bool, error)
- func (d *PKISecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (p *PKISecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *PKISecretEngineRole) SetConditions(conditions []metav1.Condition)
- func (r *PKISecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *PKISecretEngineRole) ValidateCreate() (admission.Warnings, error)
- func (r *PKISecretEngineRole) ValidateDelete() (admission.Warnings, error)
- func (r *PKISecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type PKISecretEngineRoleList
- func (in *PKISecretEngineRoleList) DeepCopy() *PKISecretEngineRoleList
- func (in *PKISecretEngineRoleList) DeepCopyInto(out *PKISecretEngineRoleList)
- func (in *PKISecretEngineRoleList) DeepCopyObject() runtime.Object
type PKISecretEngineRoleSpec
- func (in *PKISecretEngineRoleSpec) DeepCopy() *PKISecretEngineRoleSpec
- func (in *PKISecretEngineRoleSpec) DeepCopyInto(out *PKISecretEngineRoleSpec)
type PKISecretEngineRoleStatus
- func (in *PKISecretEngineRoleStatus) DeepCopy() *PKISecretEngineRoleStatus
- func (in *PKISecretEngineRoleStatus) DeepCopyInto(out *PKISecretEngineRoleStatus)
type PKIType
- func (in *PKIType) DeepCopy() *PKIType
- func (in *PKIType) DeepCopyInto(out *PKIType)
type PasswordCredentialConfig
- func (in *PasswordCredentialConfig) DeepCopy() *PasswordCredentialConfig
- func (in *PasswordCredentialConfig) DeepCopyInto(out *PasswordCredentialConfig)
type PasswordPolicy
- func (in *PasswordPolicy) DeepCopy() *PasswordPolicy
- func (in *PasswordPolicy) DeepCopyInto(out *PasswordPolicy)
- func (in *PasswordPolicy) DeepCopyObject() runtime.Object
- func (r *PasswordPolicy) Default()
- func (m *PasswordPolicy) GetConditions() []metav1.Condition
- func (d *PasswordPolicy) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *PasswordPolicy) GetPath() string
- func (d *PasswordPolicy) GetPayload() map[string]interface{}
- func (d *PasswordPolicy) GetVaultConnection() *vaultutils.VaultConnection
- func (d *PasswordPolicy) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *PasswordPolicy) IsInitialized() bool
- func (r *PasswordPolicy) IsValid() (bool, error)
- func (d *PasswordPolicy) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *PasswordPolicy) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *PasswordPolicy) SetConditions(conditions []metav1.Condition)
- func (r *PasswordPolicy) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *PasswordPolicy) ValidateCreate() (admission.Warnings, error)
- func (r *PasswordPolicy) ValidateDelete() (admission.Warnings, error)
- func (r *PasswordPolicy) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type PasswordPolicyFormat
- func (in *PasswordPolicyFormat) DeepCopy() *PasswordPolicyFormat
- func (in *PasswordPolicyFormat) DeepCopyInto(out *PasswordPolicyFormat)
type PasswordPolicyList
- func (in *PasswordPolicyList) DeepCopy() *PasswordPolicyList
- func (in *PasswordPolicyList) DeepCopyInto(out *PasswordPolicyList)
- func (in *PasswordPolicyList) DeepCopyObject() runtime.Object
type PasswordPolicyRule
- func (in *PasswordPolicyRule) DeepCopy() *PasswordPolicyRule
- func (in *PasswordPolicyRule) DeepCopyInto(out *PasswordPolicyRule)
type PasswordPolicySpec
- func (in *PasswordPolicySpec) DeepCopy() *PasswordPolicySpec
- func (in *PasswordPolicySpec) DeepCopyInto(out *PasswordPolicySpec)
type PasswordPolicyStatus
- func (in *PasswordPolicyStatus) DeepCopy() *PasswordPolicyStatus
- func (in *PasswordPolicyStatus) DeepCopyInto(out *PasswordPolicyStatus)
type Permission
type PermissionSet
- func (in *PermissionSet) DeepCopy() *PermissionSet
- func (in *PermissionSet) DeepCopyInto(out *PermissionSet)
type Policy
- func (in *Policy) DeepCopy() *Policy
- func (in *Policy) DeepCopyInto(out *Policy)
- func (in *Policy) DeepCopyObject() runtime.Object
- func (r *Policy) Default()
- func (m *Policy) GetConditions() []metav1.Condition
- func (d *Policy) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *Policy) GetPath() string
- func (d *Policy) GetPayload() map[string]interface{}
- func (d *Policy) GetVaultConnection() *vaultutils.VaultConnection
- func (d *Policy) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *Policy) IsInitialized() bool
- func (r *Policy) IsValid() (bool, error)
- func (d *Policy) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *Policy) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *Policy) SetConditions(conditions []metav1.Condition)
- func (r *Policy) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *Policy) ValidateCreate() (admission.Warnings, error)
- func (r *Policy) ValidateDelete() (admission.Warnings, error)
- func (r *Policy) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type PolicyList
- func (in *PolicyList) DeepCopy() *PolicyList
- func (in *PolicyList) DeepCopyInto(out *PolicyList)
- func (in *PolicyList) DeepCopyObject() runtime.Object
type PolicySpec
- func (in *PolicySpec) DeepCopy() *PolicySpec
- func (in *PolicySpec) DeepCopyInto(out *PolicySpec)
type PolicyStatus
- func (in *PolicyStatus) DeepCopy() *PolicyStatus
- func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)
type QuayBaseRole
- func (in *QuayBaseRole) DeepCopy() *QuayBaseRole
- func (in *QuayBaseRole) DeepCopyInto(out *QuayBaseRole)
type QuayConfig
- func (in *QuayConfig) DeepCopy() *QuayConfig
- func (in *QuayConfig) DeepCopyInto(out *QuayConfig)
type QuayRole
- func (in *QuayRole) DeepCopy() *QuayRole
- func (in *QuayRole) DeepCopyInto(out *QuayRole)
type QuaySecretEngineConfig
- func (in *QuaySecretEngineConfig) DeepCopy() *QuaySecretEngineConfig
- func (in *QuaySecretEngineConfig) DeepCopyInto(out *QuaySecretEngineConfig)
- func (in *QuaySecretEngineConfig) DeepCopyObject() runtime.Object
- func (r *QuaySecretEngineConfig) Default()
- func (q *QuaySecretEngineConfig) GetConditions() []metav1.Condition
- func (d *QuaySecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (q *QuaySecretEngineConfig) GetPath() string
- func (q *QuaySecretEngineConfig) GetPayload() map[string]interface{}
- func (d *QuaySecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (q *QuaySecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (q *QuaySecretEngineConfig) IsInitialized() bool
- func (q *QuaySecretEngineConfig) IsValid() (bool, error)
- func (q *QuaySecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (q *QuaySecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (q *QuaySecretEngineConfig) SetConditions(conditions []metav1.Condition)
- func (q *QuaySecretEngineConfig) SetToken(token string)
- func (r *QuaySecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *QuaySecretEngineConfig) ValidateCreate() (admission.Warnings, error)
- func (r *QuaySecretEngineConfig) ValidateDelete() (admission.Warnings, error)
- func (r *QuaySecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type QuaySecretEngineConfigList
- func (in *QuaySecretEngineConfigList) DeepCopy() *QuaySecretEngineConfigList
- func (in *QuaySecretEngineConfigList) DeepCopyInto(out *QuaySecretEngineConfigList)
- func (in *QuaySecretEngineConfigList) DeepCopyObject() runtime.Object
type QuaySecretEngineConfigSpec
- func (in *QuaySecretEngineConfigSpec) DeepCopy() *QuaySecretEngineConfigSpec
- func (in *QuaySecretEngineConfigSpec) DeepCopyInto(out *QuaySecretEngineConfigSpec)
type QuaySecretEngineConfigStatus
- func (in *QuaySecretEngineConfigStatus) DeepCopy() *QuaySecretEngineConfigStatus
- func (in *QuaySecretEngineConfigStatus) DeepCopyInto(out *QuaySecretEngineConfigStatus)
type QuaySecretEngineRole
- func (in *QuaySecretEngineRole) DeepCopy() *QuaySecretEngineRole
- func (in *QuaySecretEngineRole) DeepCopyInto(out *QuaySecretEngineRole)
- func (in *QuaySecretEngineRole) DeepCopyObject() runtime.Object
- func (r *QuaySecretEngineRole) Default()
- func (q *QuaySecretEngineRole) GetConditions() []metav1.Condition
- func (d *QuaySecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *QuaySecretEngineRole) GetPath() string
- func (q *QuaySecretEngineRole) GetPayload() map[string]interface{}
- func (d *QuaySecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection
- func (q *QuaySecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (q *QuaySecretEngineRole) IsInitialized() bool
- func (q *QuaySecretEngineRole) IsValid() (bool, error)
- func (q *QuaySecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (q *QuaySecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (q *QuaySecretEngineRole) SetConditions(conditions []metav1.Condition)
- func (r *QuaySecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *QuaySecretEngineRole) ValidateCreate() (admission.Warnings, error)
- func (r *QuaySecretEngineRole) ValidateDelete() (admission.Warnings, error)
- func (r *QuaySecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type QuaySecretEngineRoleList
- func (in *QuaySecretEngineRoleList) DeepCopy() *QuaySecretEngineRoleList
- func (in *QuaySecretEngineRoleList) DeepCopyInto(out *QuaySecretEngineRoleList)
- func (in *QuaySecretEngineRoleList) DeepCopyObject() runtime.Object
type QuaySecretEngineRoleSpec
- func (in *QuaySecretEngineRoleSpec) DeepCopy() *QuaySecretEngineRoleSpec
- func (in *QuaySecretEngineRoleSpec) DeepCopyInto(out *QuaySecretEngineRoleSpec)
type QuaySecretEngineRoleStatus
- func (in *QuaySecretEngineRoleStatus) DeepCopy() *QuaySecretEngineRoleStatus
- func (in *QuaySecretEngineRoleStatus) DeepCopyInto(out *QuaySecretEngineRoleStatus)
type QuaySecretEngineStaticRole
- func (in *QuaySecretEngineStaticRole) DeepCopy() *QuaySecretEngineStaticRole
- func (in *QuaySecretEngineStaticRole) DeepCopyInto(out *QuaySecretEngineStaticRole)
- func (in *QuaySecretEngineStaticRole) DeepCopyObject() runtime.Object
- func (r *QuaySecretEngineStaticRole) Default()
- func (q *QuaySecretEngineStaticRole) GetConditions() []metav1.Condition
- func (d *QuaySecretEngineStaticRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *QuaySecretEngineStaticRole) GetPath() string
- func (q *QuaySecretEngineStaticRole) GetPayload() map[string]interface{}
- func (d *QuaySecretEngineStaticRole) GetVaultConnection() *vaultutils.VaultConnection
- func (q *QuaySecretEngineStaticRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (q *QuaySecretEngineStaticRole) IsInitialized() bool
- func (q *QuaySecretEngineStaticRole) IsValid() (bool, error)
- func (q *QuaySecretEngineStaticRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (q *QuaySecretEngineStaticRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (q *QuaySecretEngineStaticRole) SetConditions(conditions []metav1.Condition)
- func (r *QuaySecretEngineStaticRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *QuaySecretEngineStaticRole) ValidateCreate() (admission.Warnings, error)
- func (r *QuaySecretEngineStaticRole) ValidateDelete() (admission.Warnings, error)
- func (r *QuaySecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type QuaySecretEngineStaticRoleList
- func (in *QuaySecretEngineStaticRoleList) DeepCopy() *QuaySecretEngineStaticRoleList
- func (in *QuaySecretEngineStaticRoleList) DeepCopyInto(out *QuaySecretEngineStaticRoleList)
- func (in *QuaySecretEngineStaticRoleList) DeepCopyObject() runtime.Object
type QuaySecretEngineStaticRoleSpec
- func (in *QuaySecretEngineStaticRoleSpec) DeepCopy() *QuaySecretEngineStaticRoleSpec
- func (in *QuaySecretEngineStaticRoleSpec) DeepCopyInto(out *QuaySecretEngineStaticRoleSpec)
type QuaySecretEngineStaticRoleStatus
- func (in *QuaySecretEngineStaticRoleStatus) DeepCopy() *QuaySecretEngineStaticRoleStatus
- func (in *QuaySecretEngineStaticRoleStatus) DeepCopyInto(out *QuaySecretEngineStaticRoleStatus)
type RMQSEConfig
- func (in *RMQSEConfig) DeepCopy() *RMQSEConfig
- func (in *RMQSEConfig) DeepCopyInto(out *RMQSEConfig)
type RMQSERole
- func (in *RMQSERole) DeepCopy() *RMQSERole
- func (in *RMQSERole) DeepCopyInto(out *RMQSERole)
type RSAPrivateKeyCredentialConfig
- func (in *RSAPrivateKeyCredentialConfig) DeepCopy() *RSAPrivateKeyCredentialConfig
- func (in *RSAPrivateKeyCredentialConfig) DeepCopyInto(out *RSAPrivateKeyCredentialConfig)
type RabbitMQSecretEngineConfig
- func (rabbitMQ *RabbitMQSecretEngineConfig) CheckTTLValuesProvided() bool
- func (in *RabbitMQSecretEngineConfig) DeepCopy() *RabbitMQSecretEngineConfig
- func (in *RabbitMQSecretEngineConfig) DeepCopyInto(out *RabbitMQSecretEngineConfig)
- func (in *RabbitMQSecretEngineConfig) DeepCopyObject() runtime.Object
- func (m *RabbitMQSecretEngineConfig) GetConditions() []metav1.Condition
- func (d *RabbitMQSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (rabbitMQ *RabbitMQSecretEngineConfig) GetLeasePath() string
- func (rabbitMQ *RabbitMQSecretEngineConfig) GetLeasePayload() map[string]interface{}
- func (rabbitMQ *RabbitMQSecretEngineConfig) GetPath() string
- func (rabbitMQ *RabbitMQSecretEngineConfig) GetPayload() map[string]interface{}
- func (d *RabbitMQSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection
- func (rabbitMQ *RabbitMQSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (rabbitMQ *RabbitMQSecretEngineConfig) IsInitialized() bool
- func (rabbitMQ *RabbitMQSecretEngineConfig) IsValid() (bool, error)
- func (rabbitMQ *RabbitMQSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error
- func (rabbitMQ *RabbitMQSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *RabbitMQSecretEngineConfig) SetConditions(conditions []metav1.Condition)
- func (m *RabbitMQSecretEngineConfig) SetUsernameAndPassword(username string, password string)
type RabbitMQSecretEngineConfigList
- func (in *RabbitMQSecretEngineConfigList) DeepCopy() *RabbitMQSecretEngineConfigList
- func (in *RabbitMQSecretEngineConfigList) DeepCopyInto(out *RabbitMQSecretEngineConfigList)
- func (in *RabbitMQSecretEngineConfigList) DeepCopyObject() runtime.Object
type RabbitMQSecretEngineConfigSpec
- func (in *RabbitMQSecretEngineConfigSpec) DeepCopy() *RabbitMQSecretEngineConfigSpec
- func (in *RabbitMQSecretEngineConfigSpec) DeepCopyInto(out *RabbitMQSecretEngineConfigSpec)
type RabbitMQSecretEngineConfigStatus
- func (in *RabbitMQSecretEngineConfigStatus) DeepCopy() *RabbitMQSecretEngineConfigStatus
- func (in *RabbitMQSecretEngineConfigStatus) DeepCopyInto(out *RabbitMQSecretEngineConfigStatus)
type RabbitMQSecretEngineConfigValidation
- func (r *RabbitMQSecretEngineConfigValidation) Handle(ctx context.Context, req admission.Request) admission.Response
type RabbitMQSecretEngineRole
- func (in *RabbitMQSecretEngineRole) DeepCopy() *RabbitMQSecretEngineRole
- func (in *RabbitMQSecretEngineRole) DeepCopyInto(out *RabbitMQSecretEngineRole)
- func (in *RabbitMQSecretEngineRole) DeepCopyObject() runtime.Object
- func (r *RabbitMQSecretEngineRole) Default()
- func (m *RabbitMQSecretEngineRole) GetConditions() []metav1.Condition
- func (d *RabbitMQSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *RabbitMQSecretEngineRole) GetPath() string
- func (rabbitMQ *RabbitMQSecretEngineRole) GetPayload() map[string]interface{}
- func (d *RabbitMQSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection
- func (rabbitMQ *RabbitMQSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (rabbitMQ *RabbitMQSecretEngineRole) IsInitialized() bool
- func (rabbitMQ *RabbitMQSecretEngineRole) IsValid() (bool, error)
- func (rabbitMQ *RabbitMQSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error
- func (rabbitMQ *RabbitMQSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *RabbitMQSecretEngineRole) SetConditions(conditions []metav1.Condition)
- func (r *RabbitMQSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *RabbitMQSecretEngineRole) ValidateCreate() (admission.Warnings, error)
- func (r *RabbitMQSecretEngineRole) ValidateDelete() (admission.Warnings, error)
- func (r *RabbitMQSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type RabbitMQSecretEngineRoleList
- func (in *RabbitMQSecretEngineRoleList) DeepCopy() *RabbitMQSecretEngineRoleList
- func (in *RabbitMQSecretEngineRoleList) DeepCopyInto(out *RabbitMQSecretEngineRoleList)
- func (in *RabbitMQSecretEngineRoleList) DeepCopyObject() runtime.Object
type RabbitMQSecretEngineRoleSpec
- func (in *RabbitMQSecretEngineRoleSpec) DeepCopy() *RabbitMQSecretEngineRoleSpec
- func (in *RabbitMQSecretEngineRoleSpec) DeepCopyInto(out *RabbitMQSecretEngineRoleSpec)
type RabbitMQSecretEngineRoleStatus
- func (in *RabbitMQSecretEngineRoleStatus) DeepCopy() *RabbitMQSecretEngineRoleStatus
- func (in *RabbitMQSecretEngineRoleStatus) DeepCopyInto(out *RabbitMQSecretEngineRoleStatus)
type RandomSecret
- func (in *RandomSecret) DeepCopy() *RandomSecret
- func (in *RandomSecret) DeepCopyInto(out *RandomSecret)
- func (in *RandomSecret) DeepCopyObject() runtime.Object
- func (r *RandomSecret) Default()
- func (d *RandomSecret) GenerateNewPassword(context context.Context) error
- func (m *RandomSecret) GetConditions() []metav1.Condition
- func (d *RandomSecret) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *RandomSecret) GetPath() string
- func (d *RandomSecret) GetPayload() map[string]interface{}
- func (d *RandomSecret) GetVaultConnection() *vaultutils.VaultConnection
- func (d *RandomSecret) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *RandomSecret) IsInitialized() bool
- func (d *RandomSecret) IsKVSecretsEngineV2() bool
- func (r *RandomSecret) IsValid() (bool, error)
- func (d *RandomSecret) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *RandomSecret) PrepareTLSConfig(context context.Context, object client.Object) error
- func (m *RandomSecret) SetConditions(conditions []metav1.Condition)
- func (r *RandomSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *RandomSecret) ValidateCreate() (admission.Warnings, error)
- func (r *RandomSecret) ValidateDelete() (admission.Warnings, error)
- func (r *RandomSecret) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type RandomSecretList
- func (in *RandomSecretList) DeepCopy() *RandomSecretList
- func (in *RandomSecretList) DeepCopyInto(out *RandomSecretList)
- func (in *RandomSecretList) DeepCopyObject() runtime.Object
type RandomSecretSpec
- func (in *RandomSecretSpec) DeepCopy() *RandomSecretSpec
- func (in *RandomSecretSpec) DeepCopyInto(out *RandomSecretSpec)
type RandomSecretStatus
- func (in *RandomSecretStatus) DeepCopy() *RandomSecretStatus
- func (in *RandomSecretStatus) DeepCopyInto(out *RandomSecretStatus)
type RootPasswordRotation
- func (in *RootPasswordRotation) DeepCopy() *RootPasswordRotation
- func (in *RootPasswordRotation) DeepCopyInto(out *RootPasswordRotation)
type SSHKeyConfig
- func (in *SSHKeyConfig) DeepCopy() *SSHKeyConfig
- func (in *SSHKeyConfig) DeepCopyInto(out *SSHKeyConfig)
type SecretEngineMount
- func (in *SecretEngineMount) DeepCopy() *SecretEngineMount
- func (in *SecretEngineMount) DeepCopyInto(out *SecretEngineMount)
- func (in *SecretEngineMount) DeepCopyObject() runtime.Object
- func (r *SecretEngineMount) Default()
- func (m *SecretEngineMount) GetConditions() []metav1.Condition
- func (d *SecretEngineMount) GetEngineListPath() string
- func (d *SecretEngineMount) GetEngineTunePath() string
- func (d *SecretEngineMount) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *SecretEngineMount) GetPath() string
- func (d *SecretEngineMount) GetPayload() map[string]interface{}
- func (d *SecretEngineMount) GetTunePayload() map[string]interface{}
- func (d *SecretEngineMount) GetVaultConnection() *vaultutils.VaultConnection
- func (d *SecretEngineMount) IsEquivalentToDesiredState(payload map[string]interface{}) bool
- func (d *SecretEngineMount) IsInitialized() bool
- func (d *SecretEngineMount) IsValid() (bool, error)
- func (d *SecretEngineMount) PrepareInternalValues(context context.Context, object client.Object) error
- func (d *SecretEngineMount) PrepareTLSConfig(context context.Context, object client.Object) error
- func (d *SecretEngineMount) SetAccessor(accessor string)
- func (m *SecretEngineMount) SetConditions(conditions []metav1.Condition)
- func (r *SecretEngineMount) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *SecretEngineMount) ValidateCreate() (admission.Warnings, error)
- func (r *SecretEngineMount) ValidateDelete() (admission.Warnings, error)
- func (r *SecretEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type SecretEngineMountList
- func (in *SecretEngineMountList) DeepCopy() *SecretEngineMountList
- func (in *SecretEngineMountList) DeepCopyInto(out *SecretEngineMountList)
- func (in *SecretEngineMountList) DeepCopyObject() runtime.Object
type SecretEngineMountSpec
- func (in *SecretEngineMountSpec) DeepCopy() *SecretEngineMountSpec
- func (in *SecretEngineMountSpec) DeepCopyInto(out *SecretEngineMountSpec)
type SecretEngineMountStatus
- func (in *SecretEngineMountStatus) DeepCopy() *SecretEngineMountStatus
- func (in *SecretEngineMountStatus) DeepCopyInto(out *SecretEngineMountStatus)
type TeamRole
type TemplatizedK8sSecret
- func (in *TemplatizedK8sSecret) DeepCopy() *TemplatizedK8sSecret
- func (in *TemplatizedK8sSecret) DeepCopyInto(out *TemplatizedK8sSecret)
type Topic
- func (in *Topic) DeepCopy() *Topic
- func (in *Topic) DeepCopyInto(out *Topic)
type VRole
- func (in *VRole) DeepCopy() *VRole
- func (in *VRole) DeepCopyInto(out *VRole)
type VaultPasswordPolicy
- func (in *VaultPasswordPolicy) DeepCopy() *VaultPasswordPolicy
- func (in *VaultPasswordPolicy) DeepCopyInto(out *VaultPasswordPolicy)
type VaultSecret
- func (in *VaultSecret) DeepCopy() *VaultSecret
- func (in *VaultSecret) DeepCopyInto(out *VaultSecret)
- func (in *VaultSecret) DeepCopyObject() runtime.Object
- func (r *VaultSecret) Default()
- func (vs *VaultSecret) GetConditions() []metav1.Condition
- func (vs *VaultSecret) IsValid() (bool, error)
- func (vs *VaultSecret) SetConditions(conditions []metav1.Condition)
- func (r *VaultSecret) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *VaultSecret) ValidateCreate() (admission.Warnings, error)
- func (r *VaultSecret) ValidateDelete() (admission.Warnings, error)
- func (r *VaultSecret) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
type VaultSecretDefinition
- func (in *VaultSecretDefinition) DeepCopy() *VaultSecretDefinition
- func (in *VaultSecretDefinition) DeepCopyInto(out *VaultSecretDefinition)
- func (d *VaultSecretDefinition) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration
- func (d *VaultSecretDefinition) GetPath() string
- func (d *VaultSecretDefinition) GetPostRequestPayload() map[string]string
- func (d *VaultSecretDefinition) GetRequestMethod() string
- func (d *VaultSecretDefinition) GetVaultConnection() *vaultutils.VaultConnection
type VaultSecretDefinitionStatus
- func (in *VaultSecretDefinitionStatus) DeepCopy() *VaultSecretDefinitionStatus
- func (in *VaultSecretDefinitionStatus) DeepCopyInto(out *VaultSecretDefinitionStatus)
type VaultSecretList
- func (in *VaultSecretList) DeepCopy() *VaultSecretList
- func (in *VaultSecretList) DeepCopyInto(out *VaultSecretList)
- func (in *VaultSecretList) DeepCopyObject() runtime.Object
type VaultSecretSpec
- func (in *VaultSecretSpec) DeepCopy() *VaultSecretSpec
- func (in *VaultSecretSpec) DeepCopyInto(out *VaultSecretSpec)
type VaultSecretStatus
- func (in *VaultSecretStatus) DeepCopy() *VaultSecretStatus
- func (in *VaultSecretStatus) DeepCopyInto(out *VaultSecretStatus)
type Vhost
- func (in *Vhost) DeepCopy() *Vhost
- func (in *Vhost) DeepCopyInto(out *Vhost)
type VhostPermissions
- func (in *VhostPermissions) DeepCopy() *VhostPermissions
- func (in *VhostPermissions) DeepCopyInto(out *VhostPermissions)
type VhostTopic
- func (in *VhostTopic) DeepCopy() *VhostTopic
- func (in *VhostTopic) DeepCopyInto(out *VhostTopic)

Constants ¶

View Source

const (
	TeamRoleAdmin             TeamRole      = "admin"
	TeamRoleCreator           TeamRole      = "creator"
	TeamRoleMember            TeamRole      = "member"
	NamespaceTypeUser         NamespaceType = "user"
	NamespaceTypeOrganization NamespaceType = "organization"
	PermissionAdmin           Permission    = "admin"
	PermissionRead            Permission    = "read"
	PermissionWrite           Permission    = "write"
)

Variables ¶

View Source

var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "redhatcop.redhat.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions ¶

This section is empty.

Types ¶

type AuthEngineMount ¶

type AuthEngineMount struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AuthEngineMountSpec   `json:"spec,omitempty"`
	Status AuthEngineMountStatus `json:"status,omitempty"`
}

AuthEngineMount is the Schema for the authenginemounts API

func (*AuthEngineMount) DeepCopy ¶

func (in *AuthEngineMount) DeepCopy() *AuthEngineMount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthEngineMount.

func (*AuthEngineMount) DeepCopyInto ¶

func (in *AuthEngineMount) DeepCopyInto(out *AuthEngineMount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthEngineMount) DeepCopyObject ¶

func (in *AuthEngineMount) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthEngineMount) Default ¶

func (r *AuthEngineMount) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*AuthEngineMount) GetConditions ¶

func (m *AuthEngineMount) GetConditions() []metav1.Condition

func (*AuthEngineMount) GetEngineListPath ¶

func (d *AuthEngineMount) GetEngineListPath() string

func (*AuthEngineMount) GetEngineTunePath ¶

func (d *AuthEngineMount) GetEngineTunePath() string

func (*AuthEngineMount) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *AuthEngineMount) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*AuthEngineMount) GetPath ¶

func (d *AuthEngineMount) GetPath() string

func (*AuthEngineMount) GetPayload ¶

func (d *AuthEngineMount) GetPayload() map[string]interface{}

func (*AuthEngineMount) GetTunePayload ¶

func (d *AuthEngineMount) GetTunePayload() map[string]interface{}

func (*AuthEngineMount) GetVaultConnection ¶ added in v0.8.9

func (d *AuthEngineMount) GetVaultConnection() *vaultutils.VaultConnection

func (*AuthEngineMount) IsEquivalentToDesiredState ¶

func (d *AuthEngineMount) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*AuthEngineMount) IsInitialized ¶

func (d *AuthEngineMount) IsInitialized() bool

func (*AuthEngineMount) IsValid ¶

func (d *AuthEngineMount) IsValid() (bool, error)

func (*AuthEngineMount) PrepareInternalValues ¶

func (d *AuthEngineMount) PrepareInternalValues(context context.Context, object client.Object) error

func (*AuthEngineMount) PrepareTLSConfig ¶ added in v0.8.24

func (d *AuthEngineMount) PrepareTLSConfig(context context.Context, object client.Object) error

func (*AuthEngineMount) SetAccessor ¶

func (d *AuthEngineMount) SetAccessor(accessor string)

func (*AuthEngineMount) SetConditions ¶

func (m *AuthEngineMount) SetConditions(conditions []metav1.Condition)

func (*AuthEngineMount) SetupWebhookWithManager ¶

func (r *AuthEngineMount) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*AuthEngineMount) ValidateCreate ¶

func (r *AuthEngineMount) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*AuthEngineMount) ValidateDelete ¶

func (r *AuthEngineMount) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*AuthEngineMount) ValidateUpdate ¶

func (r *AuthEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type AuthEngineMountList ¶

type AuthEngineMountList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthEngineMount `json:"items"`
}

AuthEngineMountList contains a list of AuthEngineMount

func (*AuthEngineMountList) DeepCopy ¶

func (in *AuthEngineMountList) DeepCopy() *AuthEngineMountList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthEngineMountList.

func (*AuthEngineMountList) DeepCopyInto ¶

func (in *AuthEngineMountList) DeepCopyInto(out *AuthEngineMountList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthEngineMountList) DeepCopyObject ¶

func (in *AuthEngineMountList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthEngineMountSpec ¶

type AuthEngineMountSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	AuthMount `json:",inline"`

	// Path at which this auth engine will be mounted
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path /sys/auth/{[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

AuthEngineMountSpec defines the desired state of AuthEngineMount

func (*AuthEngineMountSpec) DeepCopy ¶

func (in *AuthEngineMountSpec) DeepCopy() *AuthEngineMountSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthEngineMountSpec.

func (*AuthEngineMountSpec) DeepCopyInto ¶

func (in *AuthEngineMountSpec) DeepCopyInto(out *AuthEngineMountSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthEngineMountStatus ¶

type AuthEngineMountStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	// +kubebuilder:validation:Optional
	Accessor string `json:"accessor,omitempty"`
}

AuthEngineMountStatus defines the observed state of AuthEngineMount

func (*AuthEngineMountStatus) DeepCopy ¶

func (in *AuthEngineMountStatus) DeepCopy() *AuthEngineMountStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthEngineMountStatus.

func (*AuthEngineMountStatus) DeepCopyInto ¶

func (in *AuthEngineMountStatus) DeepCopyInto(out *AuthEngineMountStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthMount ¶

type AuthMount struct {

	// Description Specifies a human-friendly description of the auth method.
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`

	// Type Specifies the name of the authentication method type, such as "github" or "token".
	// +kubebuilder:validation:Required
	Type string `json:"type,omitempty"`

	// Config Specifies configuration options for this auth method.
	// +kubebuilder:validation:Optional
	Config AuthMountConfig `json:"config,omitempty"`

	// Local Specifies if the auth method is local only. Local auth methods are not replicated nor (if a secondary) removed by replication. Logins via local auth methods do not make use of identity, i.e. no entity or groups will be attached to the token.
	// +kubebuilder:validation:Optional
	Local bool `json:"local,omitempty"`

	// SealWrap Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability.
	// +kubebuilder:validation:Optional
	SealWrap bool `json:"sealwrap,omitempty"`
}

func (*AuthMount) DeepCopy ¶

func (in *AuthMount) DeepCopy() *AuthMount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthMount.

func (*AuthMount) DeepCopyInto ¶

func (in *AuthMount) DeepCopyInto(out *AuthMount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthMountConfig ¶

type AuthMountConfig struct {
	// DefaultLeaseTTL  The default lease duration, specified as a string duration like "5s" or "30m".
	// +kubebuilder:validation:Optional
	DefaultLeaseTTL string `json:"defaultLeaseTTL"`

	// MaxLeaseTTL The maximum lease duration, specified as a string duration like "5s" or "30m".
	// +kubebuilder:validation:Optional
	MaxLeaseTTL string `json:"maxLeaseTTL"`

	// AuditNonHMACRequestKeys list of keys that will not be HMAC'd by audit devices in the request data object.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems:=true
	AuditNonHMACRequestKeys []string `json:"auditNonHMACRequestKeys,omitempty"`

	// AuditNonHMACResponseKeys list of keys that will not be HMAC'd by audit devices in the response data object.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AuditNonHMACResponseKeys []string `json:"auditNonHMACResponseKeys,omitempty"`

	// ListingVisibility Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden". If not set, behaves like "hidden"
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"unauth","hidden"}
	// +kubebuilder:default:="hidden"
	ListingVisibility string `json:"listingVisibility,omitempty"`

	// PassthroughRequestHeaders list of headers to whitelist and pass from the request to the plugin.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems:=true
	PassthroughRequestHeaders []string `json:"passthroughRequestHeaders,omitempty"`

	// AllowedResponseHeaders list of headers to whitelist, allowing a plugin to include them in the response.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedResponseHeaders []string `json:"allowedResponseHeaders,omitempty"`

	// Options undocumented
	// +kubebuilder:validation:Optional
	// +mapType=granular
	Options map[string]string `json:"options,omitempty"`

	// TokenType undocumented
	// +kubebuilder:validation:Optional
	TokenType string `json:"tokenType,omitempty"`

	// Description another description...
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty"`
}

func (*AuthMountConfig) DeepCopy ¶

func (in *AuthMountConfig) DeepCopy() *AuthMountConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthMountConfig.

func (*AuthMountConfig) DeepCopyInto ¶

func (in *AuthMountConfig) DeepCopyInto(out *AuthMountConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DBSEConfig ¶

type DBSEConfig struct {

	// PluginName Specifies the name of the plugin to use for this connection.
	// +kubebuilder:validation:Required
	PluginName string `json:"pluginName,omitempty"`

	// PluginVersion Specifies the semantic version of the plugin to use for this connection.
	// +kubebuilder:validation:Optional
	PluginVersion string `json:"pluginVersion,omitempty"`

	// VerifyConnection Specifies if the connection is verified during initial configuration. Defaults to true.
	// +kubebuilder:validation:Optional
	VerifyConnection bool `json:"verifyConnection,omitempty"`

	// AllowedRoles List of the roles allowed to use this connection. Defaults to empty (no roles), if contains a "*" any role can use this connection.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={"*"}
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedRoles []string `json:"allowedRoles,omitempty"`

	// RootRotationStatements Specifies the database statements to be executed to rotate the root user's credentials. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RootRotationStatements []string `json:"rootRotationStatements,omitempty"`

	// PasswordPolicy The name of the password policy to use when generating passwords for this database. If not specified, this will use a default policy defined as: 20 characters with at least 1 uppercase, 1 lowercase, 1 number, and 1 dash character.
	// +kubebuilder:validation:Optional
	PasswordPolicy string `json:"passwordPolicy,omitempty"`

	// ConnectionURL Specifies the connection string used to connect to the database. Some plugins use url rather than connection_url. This allows for simple templating of the username and password of the root user. Typically, this is done by including a "{{"username"}}", "{{"name"}}", and/or "{{"password"}}" field within the string. These fields are typically be replaced with the values in the username and password fields.
	// +kubebuilder:validation:Required
	ConnectionURL string `json:"connectionURL,omitempty"`

	// Username Specifies the name of the user to use as the "root" user when connecting to the database. This "root" user is used to create/update/delete users managed by these plugins, so you will need to ensure that this user has permissions to manipulate users appropriate to the database. This is typically used in the connection_url field via the templating directive "{{"username"}}" or "{{"name"}}"
	// If username is provided it takes precedence over the username retrieved from the referenced secrets
	// +kubebuilder:validation:Optional
	Username string `json:"username,omitempty"`

	// DisableEscaping Determines whether special characters in the username and password fields will be escaped. Useful for alternate connection string formats like ADO. More information regarding this parameter can be found on the databases secrets engine docs. Defaults to false
	// +kubebuilder:validation:Optional
	DisableEscaping bool `json:"disableEscaping,omitempty"`

	// DatabaseSpecificConfig this are the configuration specific to each database type
	// +kubebuilder:validation:Optional
	// +mapType=granular
	DatabaseSpecificConfig map[string]string `json:"databaseSpecificConfig,omitempty"`

	// +kubebuilder:validation:Optional
	RootPasswordRotation *RootPasswordRotation `json:"rootPasswordRotation,omitempty"`
	// contains filtered or unexported fields
}

func (*DBSEConfig) DeepCopy ¶

func (in *DBSEConfig) DeepCopy() *DBSEConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DBSEConfig.

func (*DBSEConfig) DeepCopyInto ¶

func (in *DBSEConfig) DeepCopyInto(out *DBSEConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DBSERole ¶

type DBSERole struct {
	// DBName The name of the database connection to use for this role.
	// +kubebuilder:validation:Required
	DBName string `json:"dBName,omitempty"`

	// DeafulTTL Specifies the TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/engine default TTL time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	DefaultTTL metav1.Duration `json:"defaultTTL,omitempty"`

	// MaxTTL Specifies the maximum TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also The TTL General Case.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	MaxTTL metav1.Duration `json:"maxTTL,omitempty"`

	// CreationStatements Specifies the database statements executed to create and configure a user. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	CreationStatements []string `json:"creationStatements,omitempty"`

	// RevocationStatements Specifies the database statements to be executed to revoke a user. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RevocationStatements []string `json:"revocationStatements,omitempty"`

	// RollbackStatements Specifies the database statements to be executed to rollback a create operation in the event of an error. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RollbackStatements []string `json:"rollbackStatements,omitempty"`

	// RenewStatements Specifies the database statements to be executed to renew a user. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RenewStatements []string `json:"renewStatements,omitempty"`
}

func (*DBSERole) DeepCopy ¶

func (in *DBSERole) DeepCopy() *DBSERole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DBSERole.

func (*DBSERole) DeepCopyInto ¶

func (in *DBSERole) DeepCopyInto(out *DBSERole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DBSEStaticRole ¶ added in v0.8.3

type DBSEStaticRole struct {
	// DBName The name of the database connection to use for this role.
	// +kubebuilder:validation:Required
	DBName string `json:"dBName,omitempty"`

	// Username Specifies the database username that this Vault role corresponds to.
	// +kubebuilder:validation:Required
	Username string `json:"username,omitempty"`

	// RotationPeriod Specifies the amount of time Vault should wait before rotating the password. The minimum is 5 seconds.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Minimum=5
	RotationPeriod int `json:"rotationPeriod,omitempty"`

	// RotationStatements Specifies the database statements to be executed to rotate the password for the configured database user. Not every plugin type will support this functionality. See the plugin's API page for more information on support and formatting for this parameter.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	RotationStatements []string `json:"rotationStatements,omitempty"`

	// CredentialType Specifies the type of credential that will be generated for the role. Options include: password, rsa_private_key. See the plugin's API page for credential types supported by individual databases.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum={"password","rsa_private_key"}
	CredentialType string `json:"credentialType,omitempty"`

	// PasswordCredentialConfig specifies the configuraiton when the password credential type is chosen.
	// +kubebuilder:validation:Optional
	PasswordCredentialConfig *PasswordCredentialConfig `json:"passwordCredentialConfig,omitempty"`

	RSAPrivateKeyCredentialConfig *RSAPrivateKeyCredentialConfig `json:"rsaPrivateKeyCredentialConfig,omitempty"`
}

func (*DBSEStaticRole) DeepCopy ¶ added in v0.8.4

func (in *DBSEStaticRole) DeepCopy() *DBSEStaticRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DBSEStaticRole.

func (*DBSEStaticRole) DeepCopyInto ¶ added in v0.8.4

func (in *DBSEStaticRole) DeepCopyInto(out *DBSEStaticRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineConfig ¶

type DatabaseSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DatabaseSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status DatabaseSecretEngineConfigStatus `json:"status,omitempty"`
}

DatabaseSecretEngineConfig is the Schema for the databasesecretengineconfigs API

func (*DatabaseSecretEngineConfig) DeepCopy ¶

func (in *DatabaseSecretEngineConfig) DeepCopy() *DatabaseSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineConfig.

func (*DatabaseSecretEngineConfig) DeepCopyInto ¶

func (in *DatabaseSecretEngineConfig) DeepCopyInto(out *DatabaseSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineConfig) DeepCopyObject ¶

func (in *DatabaseSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DatabaseSecretEngineConfig) Default ¶

func (r *DatabaseSecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*DatabaseSecretEngineConfig) GetConditions ¶

func (m *DatabaseSecretEngineConfig) GetConditions() []metav1.Condition

func (*DatabaseSecretEngineConfig) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *DatabaseSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*DatabaseSecretEngineConfig) GetPath ¶

func (d *DatabaseSecretEngineConfig) GetPath() string

func (*DatabaseSecretEngineConfig) GetPayload ¶

func (d *DatabaseSecretEngineConfig) GetPayload() map[string]interface{}

func (*DatabaseSecretEngineConfig) GetRootPasswordRotationPath ¶ added in v0.8.4

func (d *DatabaseSecretEngineConfig) GetRootPasswordRotationPath() string

func (*DatabaseSecretEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *DatabaseSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*DatabaseSecretEngineConfig) IsEquivalentToDesiredState ¶

func (d *DatabaseSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*DatabaseSecretEngineConfig) IsInitialized ¶

func (d *DatabaseSecretEngineConfig) IsInitialized() bool

func (*DatabaseSecretEngineConfig) IsValid ¶

func (r *DatabaseSecretEngineConfig) IsValid() (bool, error)

func (*DatabaseSecretEngineConfig) PrepareInternalValues ¶

func (d *DatabaseSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*DatabaseSecretEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (d *DatabaseSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*DatabaseSecretEngineConfig) RotateRootPassword ¶ added in v0.8.4

func (d *DatabaseSecretEngineConfig) RotateRootPassword(ctx context.Context) error

func (*DatabaseSecretEngineConfig) SetConditions ¶

func (m *DatabaseSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*DatabaseSecretEngineConfig) SetUsernameAndPassword ¶

func (m *DatabaseSecretEngineConfig) SetUsernameAndPassword(username string, password string)

func (*DatabaseSecretEngineConfig) SetupWebhookWithManager ¶

func (r *DatabaseSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*DatabaseSecretEngineConfig) ValidateCreate ¶

func (r *DatabaseSecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineConfig) ValidateDelete ¶

func (r *DatabaseSecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineConfig) ValidateUpdate ¶

func (r *DatabaseSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type DatabaseSecretEngineConfigList ¶

type DatabaseSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DatabaseSecretEngineConfig `json:"items"`
}

DatabaseSecretEngineConfigList contains a list of DatabaseSecretEngineConfig

func (*DatabaseSecretEngineConfigList) DeepCopy ¶

func (in *DatabaseSecretEngineConfigList) DeepCopy() *DatabaseSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineConfigList.

func (*DatabaseSecretEngineConfigList) DeepCopyInto ¶

func (in *DatabaseSecretEngineConfigList) DeepCopyInto(out *DatabaseSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineConfigList) DeepCopyObject ¶

func (in *DatabaseSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DatabaseSecretEngineConfigSpec ¶

type DatabaseSecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// +kubebuilder:validation:Required
	DBSEConfig `json:",inline"`

	// RootCredentials specifies how to retrieve the credentials for this DatabaseEngine connection.
	// +kubebuilder:validation:Required
	RootCredentials vaultutils.RootCredentialConfig `json:"rootCredentials,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

DatabaseSecretEngineConfigSpec defines the desired state of DatabaseSecretEngineConfig

func (*DatabaseSecretEngineConfigSpec) DeepCopy ¶

func (in *DatabaseSecretEngineConfigSpec) DeepCopy() *DatabaseSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineConfigSpec.

func (*DatabaseSecretEngineConfigSpec) DeepCopyInto ¶

func (in *DatabaseSecretEngineConfigSpec) DeepCopyInto(out *DatabaseSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineConfigStatus ¶

type DatabaseSecretEngineConfigStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	// +kubebuilder:validation:Optional
	LastRootPasswordRotation metav1.Time `json:"lastRootPasswordRotation,omitempty"`
}

DatabaseSecretEngineConfigStatus defines the observed state of DatabaseSecretEngineConfig

func (*DatabaseSecretEngineConfigStatus) DeepCopy ¶

func (in *DatabaseSecretEngineConfigStatus) DeepCopy() *DatabaseSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineConfigStatus.

func (*DatabaseSecretEngineConfigStatus) DeepCopyInto ¶

func (in *DatabaseSecretEngineConfigStatus) DeepCopyInto(out *DatabaseSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineRole ¶

type DatabaseSecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DatabaseSecretEngineRoleSpec   `json:"spec,omitempty"`
	Status DatabaseSecretEngineRoleStatus `json:"status,omitempty"`
}

DatabaseSecretEngineRole is the Schema for the databasesecretengineroles API

func (*DatabaseSecretEngineRole) DeepCopy ¶

func (in *DatabaseSecretEngineRole) DeepCopy() *DatabaseSecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineRole.

func (*DatabaseSecretEngineRole) DeepCopyInto ¶

func (in *DatabaseSecretEngineRole) DeepCopyInto(out *DatabaseSecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineRole) DeepCopyObject ¶

func (in *DatabaseSecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DatabaseSecretEngineRole) Default ¶

func (r *DatabaseSecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*DatabaseSecretEngineRole) GetConditions ¶

func (m *DatabaseSecretEngineRole) GetConditions() []metav1.Condition

func (*DatabaseSecretEngineRole) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *DatabaseSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*DatabaseSecretEngineRole) GetPath ¶

func (d *DatabaseSecretEngineRole) GetPath() string

func (*DatabaseSecretEngineRole) GetPayload ¶

func (d *DatabaseSecretEngineRole) GetPayload() map[string]interface{}

func (*DatabaseSecretEngineRole) GetVaultConnection ¶ added in v0.8.9

func (d *DatabaseSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*DatabaseSecretEngineRole) IsEquivalentToDesiredState ¶

func (d *DatabaseSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*DatabaseSecretEngineRole) IsInitialized ¶

func (d *DatabaseSecretEngineRole) IsInitialized() bool

func (*DatabaseSecretEngineRole) IsValid ¶

func (r *DatabaseSecretEngineRole) IsValid() (bool, error)

func (*DatabaseSecretEngineRole) PrepareInternalValues ¶

func (d *DatabaseSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*DatabaseSecretEngineRole) PrepareTLSConfig ¶ added in v0.8.24

func (d *DatabaseSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*DatabaseSecretEngineRole) SetConditions ¶

func (m *DatabaseSecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*DatabaseSecretEngineRole) SetupWebhookWithManager ¶

func (r *DatabaseSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*DatabaseSecretEngineRole) ValidateCreate ¶

func (r *DatabaseSecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineRole) ValidateDelete ¶

func (r *DatabaseSecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineRole) ValidateUpdate ¶

func (r *DatabaseSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type DatabaseSecretEngineRoleList ¶

type DatabaseSecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DatabaseSecretEngineRole `json:"items"`
}

DatabaseSecretEngineRoleList contains a list of DatabaseSecretEngineRole

func (*DatabaseSecretEngineRoleList) DeepCopy ¶

func (in *DatabaseSecretEngineRoleList) DeepCopy() *DatabaseSecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineRoleList.

func (*DatabaseSecretEngineRoleList) DeepCopyInto ¶

func (in *DatabaseSecretEngineRoleList) DeepCopyInto(out *DatabaseSecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineRoleList) DeepCopyObject ¶

func (in *DatabaseSecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DatabaseSecretEngineRoleSpec ¶

type DatabaseSecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	DBSERole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

DatabaseSecretEngineRoleSpec defines the desired state of DatabaseSecretEngineRole

func (*DatabaseSecretEngineRoleSpec) DeepCopy ¶

func (in *DatabaseSecretEngineRoleSpec) DeepCopy() *DatabaseSecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineRoleSpec.

func (*DatabaseSecretEngineRoleSpec) DeepCopyInto ¶

func (in *DatabaseSecretEngineRoleSpec) DeepCopyInto(out *DatabaseSecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineRoleStatus ¶

type DatabaseSecretEngineRoleStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

DatabaseSecretEngineRoleStatus defines the observed state of DatabaseSecretEngineRole

func (*DatabaseSecretEngineRoleStatus) DeepCopy ¶

func (in *DatabaseSecretEngineRoleStatus) DeepCopy() *DatabaseSecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineRoleStatus.

func (*DatabaseSecretEngineRoleStatus) DeepCopyInto ¶

func (in *DatabaseSecretEngineRoleStatus) DeepCopyInto(out *DatabaseSecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineStaticRole ¶ added in v0.8.3

type DatabaseSecretEngineStaticRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DatabaseSecretEngineStaticRoleSpec   `json:"spec,omitempty"`
	Status DatabaseSecretEngineStaticRoleStatus `json:"status,omitempty"`
}

DatabaseSecretEngineStaticRole is the Schema for the databasesecretenginestaticroles API

func (*DatabaseSecretEngineStaticRole) DeepCopy ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRole) DeepCopy() *DatabaseSecretEngineStaticRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineStaticRole.

func (*DatabaseSecretEngineStaticRole) DeepCopyInto ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRole) DeepCopyInto(out *DatabaseSecretEngineStaticRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineStaticRole) DeepCopyObject ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DatabaseSecretEngineStaticRole) Default ¶ added in v0.8.3

func (r *DatabaseSecretEngineStaticRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*DatabaseSecretEngineStaticRole) GetConditions ¶ added in v0.8.3

func (m *DatabaseSecretEngineStaticRole) GetConditions() []metav1.Condition

func (*DatabaseSecretEngineStaticRole) GetKubeAuthConfiguration ¶ added in v0.8.3

func (d *DatabaseSecretEngineStaticRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*DatabaseSecretEngineStaticRole) GetPath ¶ added in v0.8.3

func (d *DatabaseSecretEngineStaticRole) GetPath() string

func (*DatabaseSecretEngineStaticRole) GetPayload ¶ added in v0.8.3

func (d *DatabaseSecretEngineStaticRole) GetPayload() map[string]interface{}

func (*DatabaseSecretEngineStaticRole) GetVaultConnection ¶ added in v0.8.9

func (d *DatabaseSecretEngineStaticRole) GetVaultConnection() *vaultutils.VaultConnection

func (*DatabaseSecretEngineStaticRole) IsEquivalentToDesiredState ¶ added in v0.8.3

func (d *DatabaseSecretEngineStaticRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*DatabaseSecretEngineStaticRole) IsInitialized ¶ added in v0.8.3

func (d *DatabaseSecretEngineStaticRole) IsInitialized() bool

func (*DatabaseSecretEngineStaticRole) IsValid ¶ added in v0.8.3

func (r *DatabaseSecretEngineStaticRole) IsValid() (bool, error)

func (*DatabaseSecretEngineStaticRole) PrepareInternalValues ¶ added in v0.8.3

func (d *DatabaseSecretEngineStaticRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*DatabaseSecretEngineStaticRole) PrepareTLSConfig ¶ added in v0.8.24

func (d *DatabaseSecretEngineStaticRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*DatabaseSecretEngineStaticRole) SetConditions ¶ added in v0.8.3

func (m *DatabaseSecretEngineStaticRole) SetConditions(conditions []metav1.Condition)

func (*DatabaseSecretEngineStaticRole) SetupWebhookWithManager ¶ added in v0.8.3

func (r *DatabaseSecretEngineStaticRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*DatabaseSecretEngineStaticRole) ValidateCreate ¶ added in v0.8.3

func (r *DatabaseSecretEngineStaticRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineStaticRole) ValidateDelete ¶ added in v0.8.3

func (r *DatabaseSecretEngineStaticRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*DatabaseSecretEngineStaticRole) ValidateUpdate ¶ added in v0.8.3

func (r *DatabaseSecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type DatabaseSecretEngineStaticRoleList ¶ added in v0.8.3

type DatabaseSecretEngineStaticRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DatabaseSecretEngineStaticRole `json:"items"`
}

DatabaseSecretEngineStaticRoleList contains a list of DatabaseSecretEngineStaticRole

func (*DatabaseSecretEngineStaticRoleList) DeepCopy ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRoleList) DeepCopy() *DatabaseSecretEngineStaticRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineStaticRoleList.

func (*DatabaseSecretEngineStaticRoleList) DeepCopyInto ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRoleList) DeepCopyInto(out *DatabaseSecretEngineStaticRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DatabaseSecretEngineStaticRoleList) DeepCopyObject ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DatabaseSecretEngineStaticRoleSpec ¶ added in v0.8.3

type DatabaseSecretEngineStaticRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	DBSEStaticRole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

DatabaseSecretEngineStaticRoleSpec defines the desired state of DatabaseSecretEngineStaticRole

func (*DatabaseSecretEngineStaticRoleSpec) DeepCopy ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRoleSpec) DeepCopy() *DatabaseSecretEngineStaticRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineStaticRoleSpec.

func (*DatabaseSecretEngineStaticRoleSpec) DeepCopyInto ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRoleSpec) DeepCopyInto(out *DatabaseSecretEngineStaticRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DatabaseSecretEngineStaticRoleStatus ¶ added in v0.8.3

type DatabaseSecretEngineStaticRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

DatabaseSecretEngineStaticRoleStatus defines the observed state of DatabaseSecretEngineStaticRole

func (*DatabaseSecretEngineStaticRoleStatus) DeepCopy ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRoleStatus) DeepCopy() *DatabaseSecretEngineStaticRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DatabaseSecretEngineStaticRoleStatus.

func (*DatabaseSecretEngineStaticRoleStatus) DeepCopyInto ¶ added in v0.8.3

func (in *DatabaseSecretEngineStaticRoleStatus) DeepCopyInto(out *DatabaseSecretEngineStaticRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GHConfig ¶

type GHConfig struct {
	// ApplicationID the Application ID of the GitHub App.
	// +kubebuilder:validation:Required
	ApplicationID int64 `json:"applicationID,omitempty"`

	// GitHubAPIBaseURL the base URL for API requests (defaults to the public GitHub API).
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="https://api.github.com"
	GitHubAPIBaseURL string `json:"gitHubAPIBaseURL,omitempty"`
	// contains filtered or unexported fields
}

func (*GHConfig) DeepCopy ¶

func (in *GHConfig) DeepCopy() *GHConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GHConfig.

func (*GHConfig) DeepCopyInto ¶

func (in *GHConfig) DeepCopyInto(out *GHConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitHubSecretEngineConfig ¶

type GitHubSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GitHubSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status GitHubSecretEngineConfigStatus `json:"status,omitempty"`
}

GitHubSecretEngineConfig is the Schema for the githubsecretengineconfigs API

func (*GitHubSecretEngineConfig) DeepCopy ¶

func (in *GitHubSecretEngineConfig) DeepCopy() *GitHubSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineConfig.

func (*GitHubSecretEngineConfig) DeepCopyInto ¶

func (in *GitHubSecretEngineConfig) DeepCopyInto(out *GitHubSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GitHubSecretEngineConfig) DeepCopyObject ¶

func (in *GitHubSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GitHubSecretEngineConfig) Default ¶

func (r *GitHubSecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*GitHubSecretEngineConfig) GetConditions ¶

func (m *GitHubSecretEngineConfig) GetConditions() []metav1.Condition

func (*GitHubSecretEngineConfig) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *GitHubSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*GitHubSecretEngineConfig) GetPath ¶

func (d *GitHubSecretEngineConfig) GetPath() string

func (*GitHubSecretEngineConfig) GetPayload ¶

func (d *GitHubSecretEngineConfig) GetPayload() map[string]interface{}

func (*GitHubSecretEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *GitHubSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*GitHubSecretEngineConfig) IsEquivalentToDesiredState ¶

func (d *GitHubSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*GitHubSecretEngineConfig) IsInitialized ¶

func (d *GitHubSecretEngineConfig) IsInitialized() bool

func (*GitHubSecretEngineConfig) IsValid ¶

func (r *GitHubSecretEngineConfig) IsValid() (bool, error)

func (*GitHubSecretEngineConfig) PrepareInternalValues ¶

func (d *GitHubSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*GitHubSecretEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (d *GitHubSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*GitHubSecretEngineConfig) SetConditions ¶

func (m *GitHubSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*GitHubSecretEngineConfig) SetupWebhookWithManager ¶

func (r *GitHubSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*GitHubSecretEngineConfig) ValidateCreate ¶

func (r *GitHubSecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*GitHubSecretEngineConfig) ValidateDelete ¶

func (r *GitHubSecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*GitHubSecretEngineConfig) ValidateUpdate ¶

func (r *GitHubSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GitHubSecretEngineConfigList ¶

type GitHubSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GitHubSecretEngineConfig `json:"items"`
}

GitHubSecretEngineConfigList contains a list of GitHubSecretEngineConfig

func (*GitHubSecretEngineConfigList) DeepCopy ¶

func (in *GitHubSecretEngineConfigList) DeepCopy() *GitHubSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineConfigList.

func (*GitHubSecretEngineConfigList) DeepCopyInto ¶

func (in *GitHubSecretEngineConfigList) DeepCopyInto(out *GitHubSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GitHubSecretEngineConfigList) DeepCopyObject ¶

func (in *GitHubSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GitHubSecretEngineConfigSpec ¶

type GitHubSecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	GHConfig `json:",inline"`

	// SSHKeyReference allows ofr options to retrieve the ssh key. For security reasons it is never displayed.
	// +kubebuilder:validation:Required
	SSHKeyReference SSHKeyConfig `json:"sSHKeyReference,omitempty"`
}

GitHubSecretEngineConfigSpec defines the desired state of GitHubSecretEngineConfig

func (*GitHubSecretEngineConfigSpec) DeepCopy ¶

func (in *GitHubSecretEngineConfigSpec) DeepCopy() *GitHubSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineConfigSpec.

func (*GitHubSecretEngineConfigSpec) DeepCopyInto ¶

func (in *GitHubSecretEngineConfigSpec) DeepCopyInto(out *GitHubSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitHubSecretEngineConfigStatus ¶

type GitHubSecretEngineConfigStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GitHubSecretEngineConfigStatus defines the observed state of GitHubSecretEngineConfig

func (*GitHubSecretEngineConfigStatus) DeepCopy ¶

func (in *GitHubSecretEngineConfigStatus) DeepCopy() *GitHubSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineConfigStatus.

func (*GitHubSecretEngineConfigStatus) DeepCopyInto ¶

func (in *GitHubSecretEngineConfigStatus) DeepCopyInto(out *GitHubSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitHubSecretEngineRole ¶

type GitHubSecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GitHubSecretEngineRoleSpec   `json:"spec,omitempty"`
	Status GitHubSecretEngineRoleStatus `json:"status,omitempty"`
}

GitHubSecretEngineRole is the Schema for the githubsecretengineroles API

func (*GitHubSecretEngineRole) DeepCopy ¶

func (in *GitHubSecretEngineRole) DeepCopy() *GitHubSecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineRole.

func (*GitHubSecretEngineRole) DeepCopyInto ¶

func (in *GitHubSecretEngineRole) DeepCopyInto(out *GitHubSecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GitHubSecretEngineRole) DeepCopyObject ¶

func (in *GitHubSecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GitHubSecretEngineRole) Default ¶

func (r *GitHubSecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*GitHubSecretEngineRole) GetConditions ¶

func (m *GitHubSecretEngineRole) GetConditions() []metav1.Condition

func (*GitHubSecretEngineRole) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *GitHubSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*GitHubSecretEngineRole) GetPath ¶

func (d *GitHubSecretEngineRole) GetPath() string

func (*GitHubSecretEngineRole) GetPayload ¶

func (d *GitHubSecretEngineRole) GetPayload() map[string]interface{}

func (*GitHubSecretEngineRole) GetVaultConnection ¶ added in v0.8.9

func (d *GitHubSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*GitHubSecretEngineRole) IsEquivalentToDesiredState ¶

func (d *GitHubSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*GitHubSecretEngineRole) IsInitialized ¶

func (d *GitHubSecretEngineRole) IsInitialized() bool

func (*GitHubSecretEngineRole) IsValid ¶

func (r *GitHubSecretEngineRole) IsValid() (bool, error)

func (*GitHubSecretEngineRole) PrepareInternalValues ¶

func (d *GitHubSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*GitHubSecretEngineRole) PrepareTLSConfig ¶ added in v0.8.24

func (d *GitHubSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*GitHubSecretEngineRole) SetConditions ¶

func (m *GitHubSecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*GitHubSecretEngineRole) SetupWebhookWithManager ¶

func (r *GitHubSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*GitHubSecretEngineRole) ValidateCreate ¶

func (r *GitHubSecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*GitHubSecretEngineRole) ValidateDelete ¶

func (r *GitHubSecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*GitHubSecretEngineRole) ValidateUpdate ¶

func (r *GitHubSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GitHubSecretEngineRoleList ¶

type GitHubSecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GitHubSecretEngineRole `json:"items"`
}

GitHubSecretEngineRoleList contains a list of GitHubSecretEngineRole

func (*GitHubSecretEngineRoleList) DeepCopy ¶

func (in *GitHubSecretEngineRoleList) DeepCopy() *GitHubSecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineRoleList.

func (*GitHubSecretEngineRoleList) DeepCopyInto ¶

func (in *GitHubSecretEngineRoleList) DeepCopyInto(out *GitHubSecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GitHubSecretEngineRoleList) DeepCopyObject ¶

func (in *GitHubSecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GitHubSecretEngineRoleSpec ¶

type GitHubSecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/permissionset/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// PermissionsSet All parameters are optional. Omitting them results in a token that has access to all of the repositories and permissions that the GitHub App has.
	// When crafting Vault policy, hyper security sensitive organisations may wish to favour repository_ids (GitHub repository IDs are immutable) instead of repositories (GitHub repository names are mutable).
	// +kubebuilder:validation:Optional
	PermissionSet `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

GitHubSecretEngineRoleSpec defines the desired state of GitHubSecretEngineRole

func (*GitHubSecretEngineRoleSpec) DeepCopy ¶

func (in *GitHubSecretEngineRoleSpec) DeepCopy() *GitHubSecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineRoleSpec.

func (*GitHubSecretEngineRoleSpec) DeepCopyInto ¶

func (in *GitHubSecretEngineRoleSpec) DeepCopyInto(out *GitHubSecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GitHubSecretEngineRoleStatus ¶

type GitHubSecretEngineRoleStatus struct {

	// Important: Run "make" to regenerate code after modifying this file
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GitHubSecretEngineRoleStatus defines the observed state of GitHubSecretEngineRole

func (*GitHubSecretEngineRoleStatus) DeepCopy ¶

func (in *GitHubSecretEngineRoleStatus) DeepCopy() *GitHubSecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubSecretEngineRoleStatus.

func (*GitHubSecretEngineRoleStatus) DeepCopyInto ¶

func (in *GitHubSecretEngineRoleStatus) DeepCopyInto(out *GitHubSecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Group ¶ added in v0.8.20

type Group struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GroupSpec   `json:"spec,omitempty"`
	Status GroupStatus `json:"status,omitempty"`
}

Group is the Schema for the groups API

func (*Group) DeepCopy ¶ added in v0.8.20

func (in *Group) DeepCopy() *Group

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Group.

func (*Group) DeepCopyInto ¶ added in v0.8.20

func (in *Group) DeepCopyInto(out *Group)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Group) DeepCopyObject ¶ added in v0.8.20

func (in *Group) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Group) Default ¶ added in v0.8.20

func (r *Group) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*Group) GetConditions ¶ added in v0.8.20

func (m *Group) GetConditions() []metav1.Condition

func (*Group) GetKubeAuthConfiguration ¶ added in v0.8.20

func (d *Group) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*Group) GetPath ¶ added in v0.8.20

func (d *Group) GetPath() string

func (*Group) GetPayload ¶ added in v0.8.20

func (d *Group) GetPayload() map[string]interface{}

func (*Group) GetVaultConnection ¶ added in v0.8.20

func (d *Group) GetVaultConnection() *vaultutils.VaultConnection

func (*Group) IsEquivalentToDesiredState ¶ added in v0.8.20

func (d *Group) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*Group) IsInitialized ¶ added in v0.8.20

func (d *Group) IsInitialized() bool

func (*Group) IsValid ¶ added in v0.8.20

func (r *Group) IsValid() (bool, error)

func (*Group) PrepareInternalValues ¶ added in v0.8.20

func (d *Group) PrepareInternalValues(context context.Context, object client.Object) error

func (*Group) PrepareTLSConfig ¶ added in v0.8.24

func (d *Group) PrepareTLSConfig(context context.Context, object client.Object) error

func (*Group) SetConditions ¶ added in v0.8.20

func (m *Group) SetConditions(conditions []metav1.Condition)

func (*Group) SetupWebhookWithManager ¶ added in v0.8.20

func (r *Group) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*Group) ValidateCreate ¶ added in v0.8.20

func (r *Group) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*Group) ValidateDelete ¶ added in v0.8.20

func (r *Group) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*Group) ValidateUpdate ¶ added in v0.8.20

func (r *Group) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GroupAlias ¶ added in v0.8.20

type GroupAlias struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   GroupAliasSpec   `json:"spec,omitempty"`
	Status GroupAliasStatus `json:"status,omitempty"`
}

GroupAlias is the Schema for the groupalias API

func (*GroupAlias) DeepCopy ¶ added in v0.8.20

func (in *GroupAlias) DeepCopy() *GroupAlias

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAlias.

func (*GroupAlias) DeepCopyInto ¶ added in v0.8.20

func (in *GroupAlias) DeepCopyInto(out *GroupAlias)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupAlias) DeepCopyObject ¶ added in v0.8.20

func (in *GroupAlias) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*GroupAlias) Default ¶ added in v0.8.20

func (r *GroupAlias) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*GroupAlias) GetConditions ¶ added in v0.8.20

func (m *GroupAlias) GetConditions() []metav1.Condition

func (*GroupAlias) GetKubeAuthConfiguration ¶ added in v0.8.20

func (d *GroupAlias) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*GroupAlias) GetPath ¶ added in v0.8.20

func (d *GroupAlias) GetPath() string

func (*GroupAlias) GetPayload ¶ added in v0.8.20

func (d *GroupAlias) GetPayload() map[string]interface{}

func (*GroupAlias) GetVaultConnection ¶ added in v0.8.20

func (d *GroupAlias) GetVaultConnection() *vaultutils.VaultConnection

func (*GroupAlias) IsEquivalentToDesiredState ¶ added in v0.8.20

func (d *GroupAlias) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*GroupAlias) IsInitialized ¶ added in v0.8.20

func (d *GroupAlias) IsInitialized() bool

func (*GroupAlias) IsValid ¶ added in v0.8.20

func (r *GroupAlias) IsValid() (bool, error)

func (*GroupAlias) PrepareInternalValues ¶ added in v0.8.20

func (d *GroupAlias) PrepareInternalValues(context context.Context, object client.Object) error

func (*GroupAlias) PrepareTLSConfig ¶ added in v0.8.24

func (d *GroupAlias) PrepareTLSConfig(context context.Context, object client.Object) error

func (*GroupAlias) SetConditions ¶ added in v0.8.20

func (m *GroupAlias) SetConditions(conditions []metav1.Condition)

func (*GroupAlias) SetupWebhookWithManager ¶ added in v0.8.20

func (r *GroupAlias) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*GroupAlias) ValidateCreate ¶ added in v0.8.20

func (r *GroupAlias) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*GroupAlias) ValidateDelete ¶ added in v0.8.20

func (r *GroupAlias) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*GroupAlias) ValidateUpdate ¶ added in v0.8.20

func (r *GroupAlias) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type GroupAliasConfig ¶ added in v0.8.20

type GroupAliasConfig struct {
	AuthEngineMountPath string `json:"authEngineMountPath,omitempty"`
	GroupName           string `json:"groupName,omitempty"`
}

func (*GroupAliasConfig) DeepCopy ¶ added in v0.8.20

func (in *GroupAliasConfig) DeepCopy() *GroupAliasConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAliasConfig.

func (*GroupAliasConfig) DeepCopyInto ¶ added in v0.8.20

func (in *GroupAliasConfig) DeepCopyInto(out *GroupAliasConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupAliasList ¶ added in v0.8.20

type GroupAliasList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []GroupAlias `json:"items"`
}

GroupAliasList contains a list of GroupAlias

func (*GroupAliasList) DeepCopy ¶ added in v0.8.20

func (in *GroupAliasList) DeepCopy() *GroupAliasList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAliasList.

func (*GroupAliasList) DeepCopyInto ¶ added in v0.8.20

func (in *GroupAliasList) DeepCopyInto(out *GroupAliasList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupAliasList) DeepCopyObject ¶ added in v0.8.20

func (in *GroupAliasList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GroupAliasSpec ¶ added in v0.8.20

type GroupAliasSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	GroupAliasConfig `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
	// contains filtered or unexported fields
}

GroupAliasSpec defines the desired state of GroupAlias

func (*GroupAliasSpec) DeepCopy ¶ added in v0.8.20

func (in *GroupAliasSpec) DeepCopy() *GroupAliasSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAliasSpec.

func (*GroupAliasSpec) DeepCopyInto ¶ added in v0.8.20

func (in *GroupAliasSpec) DeepCopyInto(out *GroupAliasSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupAliasStatus ¶ added in v0.8.20

type GroupAliasStatus struct {
	// +kubebuilder:validation:Optional
	ID string `json:"id,omitempty"`

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GroupAliasStatus defines the observed state of GroupAlias

func (*GroupAliasStatus) DeepCopy ¶ added in v0.8.20

func (in *GroupAliasStatus) DeepCopy() *GroupAliasStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupAliasStatus.

func (*GroupAliasStatus) DeepCopyInto ¶ added in v0.8.20

func (in *GroupAliasStatus) DeepCopyInto(out *GroupAliasStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupConfig ¶ added in v0.8.20

type GroupConfig struct {

	// Type Type of the group, internal or external. Defaults to internal
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"internal","external"}
	// +kubebuilder:default:="internal"
	Type string `json:"type,omitempty"`

	// Metadata Metadata to be associated with the group.
	// +kubebuilder:validation:Optional
	// +mapType=granular
	Metadata map[string]string `json:"metadata,omitempty"`

	// Policies Policies to be tied to the group.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	Policies []string `json:"policies,omitempty"`

	// MemberGroupIDs Group IDs to be assigned as group members.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	MemberGroupIDs []string `json:"memberGroupIDs,omitempty"`

	// MemberEntityIDs Entity IDs to be assigned as group members.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	MemberEntityIDs []string `json:"memberEntityIDs,omitempty"`
}

func (*GroupConfig) DeepCopy ¶ added in v0.8.20

func (in *GroupConfig) DeepCopy() *GroupConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupConfig.

func (*GroupConfig) DeepCopyInto ¶ added in v0.8.20

func (in *GroupConfig) DeepCopyInto(out *GroupConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupList ¶ added in v0.8.20

type GroupList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Group `json:"items"`
}

GroupList contains a list of Group

func (*GroupList) DeepCopy ¶ added in v0.8.20

func (in *GroupList) DeepCopy() *GroupList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupList.

func (*GroupList) DeepCopyInto ¶ added in v0.8.20

func (in *GroupList) DeepCopyInto(out *GroupList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*GroupList) DeepCopyObject ¶ added in v0.8.20

func (in *GroupList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type GroupSpec ¶ added in v0.8.20

type GroupSpec struct {
	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	GroupConfig `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

GroupSpec defines the desired state of Group

func (*GroupSpec) DeepCopy ¶ added in v0.8.20

func (in *GroupSpec) DeepCopy() *GroupSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSpec.

func (*GroupSpec) DeepCopyInto ¶ added in v0.8.20

func (in *GroupSpec) DeepCopyInto(out *GroupSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupStatus ¶ added in v0.8.20

type GroupStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

GroupStatus defines the observed state of Group

func (*GroupStatus) DeepCopy ¶ added in v0.8.20

func (in *GroupStatus) DeepCopy() *GroupStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupStatus.

func (*GroupStatus) DeepCopyInto ¶ added in v0.8.20

func (in *GroupStatus) DeepCopyInto(out *GroupStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCAuthEngineConfig ¶ added in v0.7.0

type JWTOIDCAuthEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   JWTOIDCAuthEngineConfigSpec   `json:"spec,omitempty"`
	Status JWTOIDCAuthEngineConfigStatus `json:"status,omitempty"`
}

JWTOIDCAuthEngineConfig is the Schema for the jwtoidcauthengineconfigs API

func (*JWTOIDCAuthEngineConfig) DeepCopy ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfig) DeepCopy() *JWTOIDCAuthEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineConfig.

func (*JWTOIDCAuthEngineConfig) DeepCopyInto ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfig) DeepCopyInto(out *JWTOIDCAuthEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTOIDCAuthEngineConfig) DeepCopyObject ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*JWTOIDCAuthEngineConfig) Default ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*JWTOIDCAuthEngineConfig) GetConditions ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) GetConditions() []metav1.Condition

func (*JWTOIDCAuthEngineConfig) GetKubeAuthConfiguration ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*JWTOIDCAuthEngineConfig) GetPath ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) GetPath() string

func (*JWTOIDCAuthEngineConfig) GetPayload ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) GetPayload() map[string]interface{}

func (*JWTOIDCAuthEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *JWTOIDCAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*JWTOIDCAuthEngineConfig) IsEquivalentToDesiredState ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*JWTOIDCAuthEngineConfig) IsInitialized ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) IsInitialized() bool

func (*JWTOIDCAuthEngineConfig) IsValid ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) IsValid() (bool, error)

func (*JWTOIDCAuthEngineConfig) PrepareInternalValues ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*JWTOIDCAuthEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (r *JWTOIDCAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*JWTOIDCAuthEngineConfig) SetConditions ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) SetConditions(conditions []metav1.Condition)

func (*JWTOIDCAuthEngineConfig) SetUsernameAndPassword ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) SetUsernameAndPassword(OIDCClientID string, OIDCClientSecret string)

func (*JWTOIDCAuthEngineConfig) SetupWebhookWithManager ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*JWTOIDCAuthEngineConfig) ValidateCreate ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*JWTOIDCAuthEngineConfig) ValidateDelete ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*JWTOIDCAuthEngineConfig) ValidateUpdate ¶ added in v0.7.0

func (r *JWTOIDCAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type JWTOIDCAuthEngineConfigList ¶ added in v0.7.0

type JWTOIDCAuthEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []JWTOIDCAuthEngineConfig `json:"items"`
}

JWTOIDCAuthEngineConfigList contains a list of JWTOIDCAuthEngineConfig

func (*JWTOIDCAuthEngineConfigList) DeepCopy ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfigList) DeepCopy() *JWTOIDCAuthEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineConfigList.

func (*JWTOIDCAuthEngineConfigList) DeepCopyInto ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfigList) DeepCopyInto(out *JWTOIDCAuthEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTOIDCAuthEngineConfigList) DeepCopyObject ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type JWTOIDCAuthEngineConfigSpec ¶ added in v0.7.0

type JWTOIDCAuthEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	JWTOIDCConfig `json:",inline"`

	// OIDCCredentials from the provider for OIDC roles
	// OIDCCredentials consists in OIDCClientID and OIDCClientSecret, which can be created as Kubernetes Secret, VaultSecret or RandomSecret
	// +kubebuilder:validation:Optional
	OIDCCredentials vaultutils.RootCredentialConfig `json:"OIDCCredentials,omitempty"`
}

JWTOIDCAuthEngineConfigSpec defines the desired state of JWTOIDCAuthEngineConfig

func (*JWTOIDCAuthEngineConfigSpec) DeepCopy ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfigSpec) DeepCopy() *JWTOIDCAuthEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineConfigSpec.

func (*JWTOIDCAuthEngineConfigSpec) DeepCopyInto ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfigSpec) DeepCopyInto(out *JWTOIDCAuthEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCAuthEngineConfigStatus ¶ added in v0.7.0

type JWTOIDCAuthEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

JWTOIDCAuthEngineConfigStatus defines the observed state of JWTOIDCAuthEngineConfig

func (*JWTOIDCAuthEngineConfigStatus) DeepCopy ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfigStatus) DeepCopy() *JWTOIDCAuthEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineConfigStatus.

func (*JWTOIDCAuthEngineConfigStatus) DeepCopyInto ¶ added in v0.7.0

func (in *JWTOIDCAuthEngineConfigStatus) DeepCopyInto(out *JWTOIDCAuthEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCAuthEngineRole ¶ added in v0.8.0

type JWTOIDCAuthEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   JWTOIDCAuthEngineRoleSpec   `json:"spec,omitempty"`
	Status JWTOIDCAuthEngineRoleStatus `json:"status,omitempty"`
}

JWTOIDCAuthEngineRole is the Schema for the jwtoidcauthengineroles API

func (*JWTOIDCAuthEngineRole) DeepCopy ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRole) DeepCopy() *JWTOIDCAuthEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineRole.

func (*JWTOIDCAuthEngineRole) DeepCopyInto ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRole) DeepCopyInto(out *JWTOIDCAuthEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTOIDCAuthEngineRole) DeepCopyObject ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*JWTOIDCAuthEngineRole) Default ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*JWTOIDCAuthEngineRole) GetConditions ¶ added in v0.8.2

func (r *JWTOIDCAuthEngineRole) GetConditions() []metav1.Condition

func (*JWTOIDCAuthEngineRole) GetKubeAuthConfiguration ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*JWTOIDCAuthEngineRole) GetPath ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) GetPath() string

func (*JWTOIDCAuthEngineRole) GetPayload ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) GetPayload() map[string]interface{}

func (*JWTOIDCAuthEngineRole) GetVaultConnection ¶ added in v0.8.9

func (d *JWTOIDCAuthEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*JWTOIDCAuthEngineRole) IsEquivalentToDesiredState ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*JWTOIDCAuthEngineRole) IsInitialized ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) IsInitialized() bool

func (*JWTOIDCAuthEngineRole) IsValid ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) IsValid() (bool, error)

func (*JWTOIDCAuthEngineRole) PrepareInternalValues ¶ added in v0.8.0

func (d *JWTOIDCAuthEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*JWTOIDCAuthEngineRole) PrepareTLSConfig ¶ added in v0.8.24

func (d *JWTOIDCAuthEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*JWTOIDCAuthEngineRole) SetConditions ¶ added in v0.8.2

func (r *JWTOIDCAuthEngineRole) SetConditions(conditions []metav1.Condition)

func (*JWTOIDCAuthEngineRole) SetupWebhookWithManager ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*JWTOIDCAuthEngineRole) ValidateCreate ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*JWTOIDCAuthEngineRole) ValidateDelete ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*JWTOIDCAuthEngineRole) ValidateUpdate ¶ added in v0.8.0

func (r *JWTOIDCAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type JWTOIDCAuthEngineRoleList ¶ added in v0.8.0

type JWTOIDCAuthEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []JWTOIDCAuthEngineRole `json:"items"`
}

JWTOIDCAuthEngineRoleList contains a list of JWTOIDCAuthEngineRole

func (*JWTOIDCAuthEngineRoleList) DeepCopy ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRoleList) DeepCopy() *JWTOIDCAuthEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineRoleList.

func (*JWTOIDCAuthEngineRoleList) DeepCopyInto ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRoleList) DeepCopyInto(out *JWTOIDCAuthEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTOIDCAuthEngineRoleList) DeepCopyObject ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type JWTOIDCAuthEngineRoleSpec ¶ added in v0.8.0

type JWTOIDCAuthEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuraiton to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/groups/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	JWTOIDCRole `json:",inline"`
}

JWTOIDCAuthEngineRoleSpec defines the desired state of JWTOIDCAuthEngineRole

func (*JWTOIDCAuthEngineRoleSpec) DeepCopy ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRoleSpec) DeepCopy() *JWTOIDCAuthEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineRoleSpec.

func (*JWTOIDCAuthEngineRoleSpec) DeepCopyInto ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRoleSpec) DeepCopyInto(out *JWTOIDCAuthEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCAuthEngineRoleStatus ¶ added in v0.8.0

type JWTOIDCAuthEngineRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

JWTOIDCAuthEngineRoleStatus defines the observed state of JWTOIDCAuthEngineRole

func (*JWTOIDCAuthEngineRoleStatus) DeepCopy ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRoleStatus) DeepCopy() *JWTOIDCAuthEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCAuthEngineRoleStatus.

func (*JWTOIDCAuthEngineRoleStatus) DeepCopyInto ¶ added in v0.8.0

func (in *JWTOIDCAuthEngineRoleStatus) DeepCopyInto(out *JWTOIDCAuthEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCConfig ¶ added in v0.7.0

type JWTOIDCConfig struct {
	// The OIDC Discovery URL, without any .well-known component (base path). Cannot be used with "jwks_url" or "jwt_validation_pubkeys"
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	OIDCDiscoveryURL string `json:"OIDCDiscoveryURL"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL.
	// If not set, system certificates are used
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	OIDCDiscoveryCAPEM string `json:"OIDCDiscoveryCAPEM,omitempty"`

	// The OAuth Client ID from the provider for OIDC roles.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	OIDCClientID string `json:"OIDCClientID,omitempty"`

	// The response mode to be used in the OAuth2 request.
	// Allowed values are "query" and "form_post". Defaults to "query".
	// If using Vault namespaces, and oidc_response_mode is "form_post", then "namespace_in_state" should be set to false
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	OIDCResponseMode string `json:"OIDCResponseMode,omitempty"`

	// The response types to request. Allowed values are "code" and "id_token". Defaults to "code".
	// Note: "id_token" may only be used if "oidc_response_mode" is set to "form_post"
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	OIDCResponseTypes []string `json:"OIDCResponseTypes,omitempty"`

	// JWKS URL to use to authenticate signatures.
	// Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys"
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	JWKSURL string `json:"JWKSURL,omitempty"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL.
	// If not set, system certificates are used.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	JWKSCAPEM string `json:"JWKSCAPEM,omitempty"`

	// A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with "jwks_url" or "oidc_discovery_url"
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	JWTValidationPubKeys []string `json:"JWTValidationPubKeys,omitempty"`

	// The value against which to match the iss claim in a JWT
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	BoundIssuer string `json:"boundIssuer,omitempty"`

	// A list of supported signing algorithms. Defaults to [RS256] for OIDC roles. Defaults to all available algorithms for JWT roles
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	JWTSupportedAlgs []string `json:"JWTSupportedAlgs,omitempty"`

	// The default role to use if none is provided during login
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	DefaultRole string `json:"defaultRole,omitempty"`

	// Configuration options for provider-specific handling. Providers with specific handling include: Azure, Google.
	// The options are described in each provider's section in OIDC Provider Setup
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	ProviderConfig *apiextensionsv1.JSON `json:"providerConfig,omitempty"`

	// Pass namespace in the OIDC state parameter instead of as a separate query parameter.
	// With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter.
	// This means only one redirect URL entry needs to be maintained on the provider side for all vault namespaces that will be authenticating against it.
	// Defaults to true for new configs
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	NamespaceInState bool `json:"namespaceInState,omitempty"`
	// contains filtered or unexported fields
}

func (*JWTOIDCConfig) DeepCopy ¶ added in v0.8.0

func (in *JWTOIDCConfig) DeepCopy() *JWTOIDCConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCConfig.

func (*JWTOIDCConfig) DeepCopyInto ¶ added in v0.8.0

func (in *JWTOIDCConfig) DeepCopyInto(out *JWTOIDCConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCRole ¶ added in v0.8.0

type JWTOIDCRole struct {

	// Name of the role
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// Type of role, either "oidc" (default) or "jwt"
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	RoleType string `json:"roleType,omitempty"`

	// List of aud claims to match against. Any match is sufficient. Required for "jwt" roles, optional for "oidc" roles
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	BoundAudiences []string `json:"boundAudiences,omitempty"`

	// The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login.
	// The claim value must be a string
	// +kubebuilder:validation:Required
	UserClaim string `json:"userClaim"`

	// Specifies if the user_claim value uses JSON pointer syntax for referencing claims.
	// By default, the user_claim value will not use JSON pointer.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	UserClaimJSONPointer bool `json:"userClaimJSONPointer"`

	// The amount of leeway to add to all claims to account for clock skew, in seconds.
	// Defaults to 60 seconds if set to 0 and can be disabled if set to -1.
	// Accepts an integer number of seconds, or a Go duration format string. Only applicable with "jwt" roles
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	ClockSkewLeeway int64 `json:"clockSkewLeeway"`

	// The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds.
	// Defaults to 150 seconds if set to 0 and can be disabled if set to -1.
	// Accepts an integer number of seconds, or a Go duration format string. Only applicable with "jwt" roles.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	ExpirationLeeway int64 `json:"expirationLeeway"`

	// he amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds
	// Defaults to 150 seconds if set to 0 and can be disabled if set to -1.
	// Accepts an integer number of seconds, or a Go duration format string. Only applicable with "jwt" roles
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	NotBeforeLeeway int64 `json:"notBeforeLeeway"`

	// If set, requires that the sub claim matches this value.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	BoundSubject string `json:"boundSubject,omitempty"`

	// If set, a map of claims (keys) to match against respective claim values (values)
	// The expected value may be a single string or a list of strings
	// The interpretation of the bound claim values is configured with bound_claims_type
	// Keys support JSON pointer syntax for referencing claims
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	BoundClaims map[string]string `json:"boundClaims,omitempty"`

	// Configures the interpretation of the bound_claims values.
	// If "string" (the default), the values will treated as string literals and must match exactly.
	// If set to "glob", the values will be interpreted as globs, with * matching any number of characters
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="string"
	BoundClaimsType string `json:"boundClaimsType,omitempty"`

	// The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login.
	// The claim value must be a list of strings. Supports JSON pointer syntax for referencing claims
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	GroupsClaim string `json:"groupsClaim,omitempty"`

	// If set, a map of claims (keys) to be copied to specified metadata fields (values)
	// Keys support JSON pointer syntax for referencing claims
	// +kubebuilder:validation:Optional
	// +kubebuilder:default={}
	ClaimMappings map[string]string `json:"claimMappings,omitempty"`

	// If set, a list of OIDC scopes to be used with an OIDC role
	// The standard scope "openid" is automatically included and need not be specified
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	OIDCScopes []string `json:"OIDCScopes,omitempty"`

	// The list of allowed values for redirect_uri during OIDC logins
	// +kubebuilder:validation:Required
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedRedirectURIs []string `json:"allowedRedirectURIs,omitempty"`

	// Log received OIDC tokens and claims when debug-level logging is active
	// Not recommended in production since sensitive information may be present in OIDC responses
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	VerboseOIDCLogging bool `json:"verboseOIDCLogging"`

	// Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated with the OIDC provider
	// If set, the max_age request parameter will be included in the authentication request
	// See AuthRequest for additional details
	// Accepts an integer number of seconds, or a Go duration format string
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	MaxAge int64 `json:"maxage"`

	// The incremental lifetime for generated tokens
	// This current value of this will be referenced at renewal time
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenTTL string `json:"tokenTTL,omitempty"`

	// The maximum lifetime for generated tokens.
	// This current value of this will be referenced at renewal time
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenMaxTTL string `json:"tokenMaxTTL,omitempty"`

	// List of policies to encode onto generated tokens
	// Depending on the auth method, this list may be supplemented by user/group/other values
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenPolicies []string `json:"tokenPolicies,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenBoundCIDRs []string `json:"tokenBoundCIDRs,omitempty"`

	// If set, will encode an explicit max TTL onto the token.
	// This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenExplicitMaxTTL string `json:"tokenExplicitMaxTTL,omitempty"`

	// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy"`

	// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	// If you require the token to have the ability to create child tokens, you will need to set this value to 0
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenNumUses int64 `json:"tokenNumUses"`

	// The period, if any, to set on the token
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenPeriod int64 `json:"tokenPeriod"`

	// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens).
	// For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenType string `json:"tokenType,omitempty"`
}

func (*JWTOIDCRole) DeepCopy ¶ added in v0.8.0

func (in *JWTOIDCRole) DeepCopy() *JWTOIDCRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCRole.

func (*JWTOIDCRole) DeepCopyInto ¶ added in v0.8.0

func (in *JWTOIDCRole) DeepCopyInto(out *JWTOIDCRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KAECConfig ¶

type KAECConfig struct {

	// KubernetesHost Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
	// +kubebuilder:validation:Required
	// +kubebuilder:default="https://kubernetes.default.svc:443"
	KubernetesHost string `json:"kubernetesHost,omitempty"`

	// kubernetesCACert PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. NOTE: Every line must end with a newline: \n
	// if omitted will default to the content of the file "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" in the operator pod
	// +kubebuilder:validation:Optional
	KubernetesCACert string `json:"kubernetesCACert,omitempty"`

	// PEMKeys Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
	// +kubebuilder:validation:Optional
	PEMKeys []string `json:"PEMKeys,omitempty"`

	// Issuer Optional JWT issuer. If no issuer is specified, then this plugin will use kubernetes/serviceaccount as the default issuer. See these instructions for looking up the issuer for a given Kubernetes cluster.
	// +kubebuilder:validation:Optional
	Issuer string `json:"issuer,omitempty"`

	// DisableISSValidation Disable JWT issuer validation. Allows to skip ISS validation.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DisableISSValidation bool `json:"disableISSValidation,omitempty"`

	// DisableLocalCAJWT Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DisableLocalCAJWT bool `json:"disableLocalCAJWT,omitempty"`
	// contains filtered or unexported fields
}

func (*KAECConfig) DeepCopy ¶

func (in *KAECConfig) DeepCopy() *KAECConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KAECConfig.

func (*KAECConfig) DeepCopyInto ¶

func (in *KAECConfig) DeepCopyInto(out *KAECConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeSEConfig ¶ added in v0.6.0

type KubeSEConfig struct {
	// KubernetesHost Kubernetes API URL to connect to.
	// +kubebuilder:validation:Required
	KubernetesHost string `json:"kubernetesHost,omitempty"`

	// KubernetesCACert PEM encoded CA certificate to verify the Kubernetes API server certificate.
	// +kubebuilder:validation:Optional
	KubernetesCACert string `json:"kubernetesCACert,omitempty"`

	// DisableLocalCAJWT Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DisableLocalCAJWT bool `json:"disableLocalCAJWT,omitempty"`
	// contains filtered or unexported fields
}

func (*KubeSEConfig) DeepCopy ¶ added in v0.6.0

func (in *KubeSEConfig) DeepCopy() *KubeSEConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSEConfig.

func (*KubeSEConfig) DeepCopyInto ¶ added in v0.6.0

func (in *KubeSEConfig) DeepCopyInto(out *KubeSEConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeSERole ¶ added in v0.6.0

type KubeSERole struct {

	// AllowedKubernetesNamespaces The list of Kubernetes namespaces this role can generate credentials for. If set to "*" all namespaces are allowed.
	// +kubebuilder:validation:Required
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedKubernetesNamespaces []string `json:"allowedKubernetesNamespaces,omitempty"`

	// DeafulTTL Specifies the TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/engine default TTL time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	DefaultTTL metav1.Duration `json:"defaultTTL,omitempty"`

	// MaxTTL Specifies the maximum TTL for the leases associated with this role. Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer. See also The TTL General Case.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	MaxTTL metav1.Duration `json:"maxTTL,omitempty"`

	// ServiceAccountName The pre-existing service account to generate tokens for. Mutually exclusive with all role parameters. If set, only a Kubernetes token will be created when credentials are requested. See the Kubernetes service account documentation for more details on service accounts.
	// +kubebuilder:validation:Optional
	ServiceAccountName string `json:"serviceAccountName,omitempty"`

	// KubernetesRoleName The pre-existing Role or ClusterRole to bind a generated service account to. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested. See the Kubernetes roles documentation for more details on Kubernetes roles.
	// +kubebuilder:validation:Optional
	KubernetesRoleName string `json:"kubernetesRoleName,omitempty"`

	// KubernetesRoleType Specifies whether the Kubernetes role is a Role or ClusterRole
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="Role"
	// +kubebuilder:validation:Enum={"Role","ClusterRole"}
	KubernetesRoleType string `json:"kubernetesRoleType,omitempty"`

	// GenerateRoleRules The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. If set, the entire chain of Kubernetes objects will be generated when credentials are requested. The value should be a rules key with an array of PolicyRule objects, as illustrated in the Kubernetes RBAC documentation and Sample Payload 3 below.
	// +kubebuilder:validation:Optional
	GenerateRoleRules string `json:"generateRoleRules,omitempty"`

	// NameTemplate The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used. See username templating for details on how to write a custom template.
	// +kubebuilder:validation:Optional
	NameTemplate string `json:"nameTemplate,omitempty"`

	// ExtraAnnotations Additional annotations to apply to all generated Kubernetes objects. See the Kubernetes annotations documentation for more details on annotations.
	// +kubebuilder:validation:Optional
	ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty"`

	// ExtraLabels Additional labels to apply to all generated Kubernetes objects. See the Kubernetes labels documentation for more details on labels.
	// +kubebuilder:validation:Optional
	ExtraLabels map[string]string `json:"extraLabels,omitempty"`
}

func (*KubeSERole) DeepCopy ¶ added in v0.6.0

func (in *KubeSERole) DeepCopy() *KubeSERole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSERole.

func (*KubeSERole) DeepCopyInto ¶ added in v0.6.0

func (in *KubeSERole) DeepCopyInto(out *KubeSERole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuthEngineConfig ¶

type KubernetesAuthEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   KubernetesAuthEngineConfigSpec   `json:"spec,omitempty"`
	Status KubernetesAuthEngineConfigStatus `json:"status,omitempty"`
}

KubernetesAuthEngineConfig is the Schema for the kubernetesauthengineconfigs API

func (*KubernetesAuthEngineConfig) DeepCopy ¶

func (in *KubernetesAuthEngineConfig) DeepCopy() *KubernetesAuthEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineConfig.

func (*KubernetesAuthEngineConfig) DeepCopyInto ¶

func (in *KubernetesAuthEngineConfig) DeepCopyInto(out *KubernetesAuthEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesAuthEngineConfig) DeepCopyObject ¶

func (in *KubernetesAuthEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*KubernetesAuthEngineConfig) Default ¶

func (r *KubernetesAuthEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*KubernetesAuthEngineConfig) GetConditions ¶

func (m *KubernetesAuthEngineConfig) GetConditions() []metav1.Condition

func (*KubernetesAuthEngineConfig) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *KubernetesAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*KubernetesAuthEngineConfig) GetPath ¶

func (d *KubernetesAuthEngineConfig) GetPath() string

func (*KubernetesAuthEngineConfig) GetPayload ¶

func (d *KubernetesAuthEngineConfig) GetPayload() map[string]interface{}

func (*KubernetesAuthEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *KubernetesAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*KubernetesAuthEngineConfig) IsEquivalentToDesiredState ¶

func (d *KubernetesAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*KubernetesAuthEngineConfig) IsInitialized ¶

func (d *KubernetesAuthEngineConfig) IsInitialized() bool

func (*KubernetesAuthEngineConfig) IsValid ¶

func (r *KubernetesAuthEngineConfig) IsValid() (bool, error)

func (*KubernetesAuthEngineConfig) PrepareInternalValues ¶

func (d *KubernetesAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*KubernetesAuthEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (d *KubernetesAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*KubernetesAuthEngineConfig) SetConditions ¶

func (m *KubernetesAuthEngineConfig) SetConditions(conditions []metav1.Condition)

func (*KubernetesAuthEngineConfig) SetupWebhookWithManager ¶

func (r *KubernetesAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*KubernetesAuthEngineConfig) ValidateCreate ¶

func (r *KubernetesAuthEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesAuthEngineConfig) ValidateDelete ¶

func (r *KubernetesAuthEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesAuthEngineConfig) ValidateUpdate ¶

func (r *KubernetesAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type KubernetesAuthEngineConfigList ¶

type KubernetesAuthEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []KubernetesAuthEngineConfig `json:"items"`
}

KubernetesAuthEngineConfigList contains a list of KubernetesAuthEngineConfig

func (*KubernetesAuthEngineConfigList) DeepCopy ¶

func (in *KubernetesAuthEngineConfigList) DeepCopy() *KubernetesAuthEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineConfigList.

func (*KubernetesAuthEngineConfigList) DeepCopyInto ¶

func (in *KubernetesAuthEngineConfigList) DeepCopyInto(out *KubernetesAuthEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesAuthEngineConfigList) DeepCopyObject ¶

func (in *KubernetesAuthEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubernetesAuthEngineConfigSpec ¶

type KubernetesAuthEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	KAECConfig `json:",inline"`

	// TokenReviewerServiceAccount A service account JWT used to access the TokenReview API to validate other JWTs during login. If not set, the JWT submitted in the login payload will be used to access the Kubernetes TokenReview API.
	// +kubebuilder:validation:Optional
	TokenReviewerServiceAccount *corev1.LocalObjectReference `json:"tokenReviewerServiceAccount,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

KubernetesAuthEngineConfigSpec defines the desired state of KubernetesAuthEngineConfig

func (*KubernetesAuthEngineConfigSpec) DeepCopy ¶

func (in *KubernetesAuthEngineConfigSpec) DeepCopy() *KubernetesAuthEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineConfigSpec.

func (*KubernetesAuthEngineConfigSpec) DeepCopyInto ¶

func (in *KubernetesAuthEngineConfigSpec) DeepCopyInto(out *KubernetesAuthEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuthEngineConfigStatus ¶

type KubernetesAuthEngineConfigStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

KubernetesAuthEngineConfigStatus defines the observed state of KubernetesAuthEngineConfig

func (*KubernetesAuthEngineConfigStatus) DeepCopy ¶

func (in *KubernetesAuthEngineConfigStatus) DeepCopy() *KubernetesAuthEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineConfigStatus.

func (*KubernetesAuthEngineConfigStatus) DeepCopyInto ¶

func (in *KubernetesAuthEngineConfigStatus) DeepCopyInto(out *KubernetesAuthEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuthEngineRole ¶

type KubernetesAuthEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   KubernetesAuthEngineRoleSpec   `json:"spec,omitempty"`
	Status KubernetesAuthEngineRoleStatus `json:"status,omitempty"`
}

KubernetesAuthEngineRole can be used to define a KubernetesAuthEngineRole for the kube-auth authentication method

func (*KubernetesAuthEngineRole) DeepCopy ¶

func (in *KubernetesAuthEngineRole) DeepCopy() *KubernetesAuthEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineRole.

func (*KubernetesAuthEngineRole) DeepCopyInto ¶

func (in *KubernetesAuthEngineRole) DeepCopyInto(out *KubernetesAuthEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesAuthEngineRole) DeepCopyObject ¶

func (in *KubernetesAuthEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*KubernetesAuthEngineRole) Default ¶

func (r *KubernetesAuthEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*KubernetesAuthEngineRole) GetConditions ¶

func (m *KubernetesAuthEngineRole) GetConditions() []metav1.Condition

func (*KubernetesAuthEngineRole) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *KubernetesAuthEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*KubernetesAuthEngineRole) GetPath ¶

func (d *KubernetesAuthEngineRole) GetPath() string

func (*KubernetesAuthEngineRole) GetPayload ¶

func (d *KubernetesAuthEngineRole) GetPayload() map[string]interface{}

func (*KubernetesAuthEngineRole) GetVaultConnection ¶ added in v0.8.9

func (d *KubernetesAuthEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*KubernetesAuthEngineRole) IsEquivalentToDesiredState ¶

func (d *KubernetesAuthEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*KubernetesAuthEngineRole) IsInitialized ¶

func (d *KubernetesAuthEngineRole) IsInitialized() bool

func (*KubernetesAuthEngineRole) IsValid ¶

func (r *KubernetesAuthEngineRole) IsValid() (bool, error)

func (*KubernetesAuthEngineRole) PrepareInternalValues ¶

func (d *KubernetesAuthEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*KubernetesAuthEngineRole) PrepareTLSConfig ¶ added in v0.8.24

func (d *KubernetesAuthEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*KubernetesAuthEngineRole) SetConditions ¶

func (m *KubernetesAuthEngineRole) SetConditions(conditions []metav1.Condition)

func (*KubernetesAuthEngineRole) SetInternalNamespaces ¶

func (m *KubernetesAuthEngineRole) SetInternalNamespaces(namespaces []string)

func (*KubernetesAuthEngineRole) SetupWebhookWithManager ¶

func (r *KubernetesAuthEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*KubernetesAuthEngineRole) ValidateCreate ¶

func (r *KubernetesAuthEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesAuthEngineRole) ValidateDelete ¶

func (r *KubernetesAuthEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesAuthEngineRole) ValidateUpdate ¶

func (r *KubernetesAuthEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type KubernetesAuthEngineRoleList ¶

type KubernetesAuthEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []KubernetesAuthEngineRole `json:"items"`
}

KubernetesAuthEngineRoleList contains a list of KubernetesAuthEngineRole

func (*KubernetesAuthEngineRoleList) DeepCopy ¶

func (in *KubernetesAuthEngineRoleList) DeepCopy() *KubernetesAuthEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineRoleList.

func (*KubernetesAuthEngineRoleList) DeepCopyInto ¶

func (in *KubernetesAuthEngineRoleList) DeepCopyInto(out *KubernetesAuthEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesAuthEngineRoleList) DeepCopyObject ¶

func (in *KubernetesAuthEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubernetesAuthEngineRoleSpec ¶

type KubernetesAuthEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/role/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	VRole `json:",inline"`

	// TargetNamespaces specifies how to retrieve the namespaces bound to this Vault role.
	// +kubebuilder:validation:Required
	TargetNamespaces vaultutils.TargetNamespaceConfig `json:"targetNamespaces,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

KubernetesAuthEngineRoleSpec defines the desired state of KubernetesAuthEngineRole

func (*KubernetesAuthEngineRoleSpec) DeepCopy ¶

func (in *KubernetesAuthEngineRoleSpec) DeepCopy() *KubernetesAuthEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineRoleSpec.

func (*KubernetesAuthEngineRoleSpec) DeepCopyInto ¶

func (in *KubernetesAuthEngineRoleSpec) DeepCopyInto(out *KubernetesAuthEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesAuthEngineRoleStatus ¶

type KubernetesAuthEngineRoleStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

KubernetesAuthEngineRoleStatus defines the observed state of KubernetesAuthEngineRole

func (*KubernetesAuthEngineRoleStatus) DeepCopy ¶

func (in *KubernetesAuthEngineRoleStatus) DeepCopy() *KubernetesAuthEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAuthEngineRoleStatus.

func (*KubernetesAuthEngineRoleStatus) DeepCopyInto ¶

func (in *KubernetesAuthEngineRoleStatus) DeepCopyInto(out *KubernetesAuthEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSecretEngineConfig ¶ added in v0.6.0

type KubernetesSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   KubernetesSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status KubernetesSecretEngineConfigStatus `json:"status,omitempty"`
}

KubernetesSecretEngineConfig is the Schema for the kubernetessecretengineconfigs API

func (*KubernetesSecretEngineConfig) DeepCopy ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfig) DeepCopy() *KubernetesSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineConfig.

func (*KubernetesSecretEngineConfig) DeepCopyInto ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfig) DeepCopyInto(out *KubernetesSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretEngineConfig) DeepCopyObject ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*KubernetesSecretEngineConfig) Default ¶ added in v0.6.0

func (r *KubernetesSecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*KubernetesSecretEngineConfig) GetConditions ¶ added in v0.6.0

func (m *KubernetesSecretEngineConfig) GetConditions() []metav1.Condition

func (*KubernetesSecretEngineConfig) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *KubernetesSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*KubernetesSecretEngineConfig) GetPath ¶ added in v0.6.0

func (d *KubernetesSecretEngineConfig) GetPath() string

func (*KubernetesSecretEngineConfig) GetPayload ¶ added in v0.6.0

func (d *KubernetesSecretEngineConfig) GetPayload() map[string]interface{}

func (*KubernetesSecretEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *KubernetesSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*KubernetesSecretEngineConfig) IsEquivalentToDesiredState ¶ added in v0.6.0

func (d *KubernetesSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*KubernetesSecretEngineConfig) IsInitialized ¶ added in v0.6.0

func (d *KubernetesSecretEngineConfig) IsInitialized() bool

func (*KubernetesSecretEngineConfig) IsValid ¶ added in v0.6.0

func (r *KubernetesSecretEngineConfig) IsValid() (bool, error)

func (*KubernetesSecretEngineConfig) PrepareInternalValues ¶ added in v0.6.0

func (d *KubernetesSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*KubernetesSecretEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (d *KubernetesSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*KubernetesSecretEngineConfig) SetConditions ¶ added in v0.6.0

func (m *KubernetesSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*KubernetesSecretEngineConfig) SetupWebhookWithManager ¶ added in v0.6.0

func (r *KubernetesSecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*KubernetesSecretEngineConfig) ValidateCreate ¶ added in v0.6.0

func (r *KubernetesSecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesSecretEngineConfig) ValidateDelete ¶ added in v0.6.0

func (r *KubernetesSecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesSecretEngineConfig) ValidateUpdate ¶ added in v0.6.0

func (r *KubernetesSecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type KubernetesSecretEngineConfigList ¶ added in v0.6.0

type KubernetesSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []KubernetesSecretEngineConfig `json:"items"`
}

KubernetesSecretEngineConfigList contains a list of KubernetesSecretEngineConfig

func (*KubernetesSecretEngineConfigList) DeepCopy ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfigList) DeepCopy() *KubernetesSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineConfigList.

func (*KubernetesSecretEngineConfigList) DeepCopyInto ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfigList) DeepCopyInto(out *KubernetesSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretEngineConfigList) DeepCopyObject ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubernetesSecretEngineConfigSpec ¶ added in v0.6.0

type KubernetesSecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// JWTReference specifies how to retrieve the JWT token for this Kubernetes Engine connection. Only VaultSecretReference or LocalObjectRefence can be used, random secret is not allowed.
	// +kubebuilder:validation:Required
	JWTReference vaultutils.RootCredentialConfig `json:"jwtReference,omitempty"`

	KubeSEConfig `json:",inline"`
}

KubernetesSecretEngineConfigSpec defines the desired state of KubernetesSecretEngineConfig

func (*KubernetesSecretEngineConfigSpec) DeepCopy ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfigSpec) DeepCopy() *KubernetesSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineConfigSpec.

func (*KubernetesSecretEngineConfigSpec) DeepCopyInto ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfigSpec) DeepCopyInto(out *KubernetesSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSecretEngineConfigStatus ¶ added in v0.6.0

type KubernetesSecretEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

KubernetesSecretEngineConfigStatus defines the observed state of KubernetesSecretEngineConfig

func (*KubernetesSecretEngineConfigStatus) DeepCopy ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfigStatus) DeepCopy() *KubernetesSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineConfigStatus.

func (*KubernetesSecretEngineConfigStatus) DeepCopyInto ¶ added in v0.6.0

func (in *KubernetesSecretEngineConfigStatus) DeepCopyInto(out *KubernetesSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSecretEngineRole ¶ added in v0.6.0

type KubernetesSecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   KubernetesSecretEngineRoleSpec   `json:"spec,omitempty"`
	Status KubernetesSecretEngineRoleStatus `json:"status,omitempty"`
}

KubernetesSecretEngineRole is the Schema for the kubernetessecretengineroles API

func (*KubernetesSecretEngineRole) DeepCopy ¶ added in v0.6.0

func (in *KubernetesSecretEngineRole) DeepCopy() *KubernetesSecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineRole.

func (*KubernetesSecretEngineRole) DeepCopyInto ¶ added in v0.6.0

func (in *KubernetesSecretEngineRole) DeepCopyInto(out *KubernetesSecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretEngineRole) DeepCopyObject ¶ added in v0.6.0

func (in *KubernetesSecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*KubernetesSecretEngineRole) Default ¶ added in v0.6.0

func (r *KubernetesSecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*KubernetesSecretEngineRole) GetConditions ¶ added in v0.6.0

func (m *KubernetesSecretEngineRole) GetConditions() []metav1.Condition

func (*KubernetesSecretEngineRole) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *KubernetesSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*KubernetesSecretEngineRole) GetPath ¶ added in v0.6.0

func (d *KubernetesSecretEngineRole) GetPath() string

func (*KubernetesSecretEngineRole) GetPayload ¶ added in v0.6.0

func (d *KubernetesSecretEngineRole) GetPayload() map[string]interface{}

func (*KubernetesSecretEngineRole) GetVaultConnection ¶ added in v0.8.9

func (d *KubernetesSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*KubernetesSecretEngineRole) IsEquivalentToDesiredState ¶ added in v0.6.0

func (d *KubernetesSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*KubernetesSecretEngineRole) IsInitialized ¶ added in v0.6.0

func (d *KubernetesSecretEngineRole) IsInitialized() bool

func (*KubernetesSecretEngineRole) IsValid ¶ added in v0.6.0

func (r *KubernetesSecretEngineRole) IsValid() (bool, error)

func (*KubernetesSecretEngineRole) PrepareInternalValues ¶ added in v0.6.0

func (d *KubernetesSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*KubernetesSecretEngineRole) PrepareTLSConfig ¶ added in v0.8.24

func (d *KubernetesSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*KubernetesSecretEngineRole) SetConditions ¶ added in v0.6.0

func (m *KubernetesSecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*KubernetesSecretEngineRole) SetupWebhookWithManager ¶ added in v0.6.0

func (r *KubernetesSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*KubernetesSecretEngineRole) ValidateCreate ¶ added in v0.6.0

func (r *KubernetesSecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesSecretEngineRole) ValidateDelete ¶ added in v0.6.0

func (r *KubernetesSecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*KubernetesSecretEngineRole) ValidateUpdate ¶ added in v0.6.0

func (r *KubernetesSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type KubernetesSecretEngineRoleList ¶ added in v0.6.0

type KubernetesSecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []KubernetesSecretEngineRole `json:"items"`
}

KubernetesSecretEngineRoleList contains a list of KubernetesSecretEngineRole

func (*KubernetesSecretEngineRoleList) DeepCopy ¶ added in v0.6.0

func (in *KubernetesSecretEngineRoleList) DeepCopy() *KubernetesSecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineRoleList.

func (*KubernetesSecretEngineRoleList) DeepCopyInto ¶ added in v0.6.0

func (in *KubernetesSecretEngineRoleList) DeepCopyInto(out *KubernetesSecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubernetesSecretEngineRoleList) DeepCopyObject ¶ added in v0.6.0

func (in *KubernetesSecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubernetesSecretEngineRoleSpec ¶ added in v0.6.0

type KubernetesSecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// TargetNamespaces specifies how to retrieve the list of Kubernetes namespaces this role can generate credentials for.
	// +kubebuilder:validation:Required
	TargetNamespaces vaultutils.TargetNamespaceConfig `json:"targetNamespaces,omitempty"`

	KubeSERole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

KubernetesSecretEngineRoleSpec defines the desired state of KubernetesSecretEngineRole

func (*KubernetesSecretEngineRoleSpec) DeepCopy ¶ added in v0.6.0

func (in *KubernetesSecretEngineRoleSpec) DeepCopy() *KubernetesSecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineRoleSpec.

func (*KubernetesSecretEngineRoleSpec) DeepCopyInto ¶ added in v0.6.0

func (in *KubernetesSecretEngineRoleSpec) DeepCopyInto(out *KubernetesSecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSecretEngineRoleStatus ¶ added in v0.6.0

type KubernetesSecretEngineRoleStatus struct {
	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
	// Important: Run "make" to regenerate code after modifying this file
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

KubernetesSecretEngineRoleStatus defines the observed state of KubernetesSecretEngineRole

func (*KubernetesSecretEngineRoleStatus) DeepCopy ¶ added in v0.6.0

func (in *KubernetesSecretEngineRoleStatus) DeepCopy() *KubernetesSecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSecretEngineRoleStatus.

func (*KubernetesSecretEngineRoleStatus) DeepCopyInto ¶ added in v0.6.0

func (in *KubernetesSecretEngineRoleStatus) DeepCopyInto(out *KubernetesSecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPAuthEngineConfig ¶ added in v0.5.0

type LDAPAuthEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   LDAPAuthEngineConfigSpec   `json:"spec,omitempty"`
	Status LDAPAuthEngineConfigStatus `json:"status,omitempty"`
}

LDAPAuthEngineConfig is the Schema for the ldapauthengineconfigs API

func (*LDAPAuthEngineConfig) DeepCopy ¶ added in v0.5.0

func (in *LDAPAuthEngineConfig) DeepCopy() *LDAPAuthEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineConfig.

func (*LDAPAuthEngineConfig) DeepCopyInto ¶ added in v0.5.0

func (in *LDAPAuthEngineConfig) DeepCopyInto(out *LDAPAuthEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPAuthEngineConfig) DeepCopyObject ¶ added in v0.5.0

func (in *LDAPAuthEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*LDAPAuthEngineConfig) Default ¶ added in v0.5.0

func (r *LDAPAuthEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*LDAPAuthEngineConfig) GetConditions ¶ added in v0.5.0

func (m *LDAPAuthEngineConfig) GetConditions() []metav1.Condition

func (*LDAPAuthEngineConfig) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *LDAPAuthEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*LDAPAuthEngineConfig) GetPath ¶ added in v0.5.0

func (d *LDAPAuthEngineConfig) GetPath() string

func (*LDAPAuthEngineConfig) GetPayload ¶ added in v0.5.0

func (d *LDAPAuthEngineConfig) GetPayload() map[string]interface{}

func (*LDAPAuthEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *LDAPAuthEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*LDAPAuthEngineConfig) IsEquivalentToDesiredState ¶ added in v0.5.0

func (d *LDAPAuthEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*LDAPAuthEngineConfig) IsInitialized ¶ added in v0.5.0

func (d *LDAPAuthEngineConfig) IsInitialized() bool

func (*LDAPAuthEngineConfig) IsValid ¶ added in v0.5.0

func (r *LDAPAuthEngineConfig) IsValid() (bool, error)

func (*LDAPAuthEngineConfig) PrepareInternalValues ¶ added in v0.5.0

func (d *LDAPAuthEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*LDAPAuthEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (d *LDAPAuthEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*LDAPAuthEngineConfig) SetConditions ¶ added in v0.5.0

func (m *LDAPAuthEngineConfig) SetConditions(conditions []metav1.Condition)

func (*LDAPAuthEngineConfig) SetUsernameAndPassword ¶ added in v0.5.0

func (m *LDAPAuthEngineConfig) SetUsernameAndPassword(bindDN string, bindPass string)

func (*LDAPAuthEngineConfig) SetupWebhookWithManager ¶ added in v0.5.0

func (r *LDAPAuthEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*LDAPAuthEngineConfig) ValidateCreate ¶ added in v0.5.0

func (r *LDAPAuthEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*LDAPAuthEngineConfig) ValidateDelete ¶ added in v0.5.0

func (r *LDAPAuthEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*LDAPAuthEngineConfig) ValidateUpdate ¶ added in v0.5.0

func (r *LDAPAuthEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type LDAPAuthEngineConfigList ¶ added in v0.5.0

type LDAPAuthEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []LDAPAuthEngineConfig `json:"items"`
}

LDAPAuthEngineConfigList contains a list of LDAPAuthEngineConfig

func (*LDAPAuthEngineConfigList) DeepCopy ¶ added in v0.5.0

func (in *LDAPAuthEngineConfigList) DeepCopy() *LDAPAuthEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineConfigList.

func (*LDAPAuthEngineConfigList) DeepCopyInto ¶ added in v0.5.0

func (in *LDAPAuthEngineConfigList) DeepCopyInto(out *LDAPAuthEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPAuthEngineConfigList) DeepCopyObject ¶ added in v0.5.0

func (in *LDAPAuthEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type LDAPAuthEngineConfigSpec ¶ added in v0.5.0

type LDAPAuthEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	LDAPConfig `json:",inline"`

	// BindCredentials is used to connect to the LDAP service on the specified LDAP Server.
	// BindCredentials consists in bindDN and bindPass, which can be created as Kubernetes Secret, VaultSecret or RandomSecret.
	// +kubebuilder:validation:Required
	BindCredentials vaultutils.RootCredentialConfig `json:"bindCredentials,omitempty"`

	// CertificateConfig represents the LDAP service certificate configuration.
	// CertificateConfig consists in certificate, clientTLSCert and clientTLSKey which can be consumed from an Kubernetes Secret.
	// +kubebuilder:validation:Optional
	TLSConfig vaultutils.TLSConfig `json:"tLSConfig,omitempty"`
}

LDAPAuthEngineConfigSpec defines the desired state of LDAPAuthEngineConfig

func (*LDAPAuthEngineConfigSpec) DeepCopy ¶ added in v0.5.0

func (in *LDAPAuthEngineConfigSpec) DeepCopy() *LDAPAuthEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineConfigSpec.

func (*LDAPAuthEngineConfigSpec) DeepCopyInto ¶ added in v0.5.0

func (in *LDAPAuthEngineConfigSpec) DeepCopyInto(out *LDAPAuthEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPAuthEngineConfigStatus ¶ added in v0.5.0

type LDAPAuthEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

LDAPAuthEngineConfigStatus defines the observed state of LDAPAuthEngineConfig

func (*LDAPAuthEngineConfigStatus) DeepCopy ¶ added in v0.5.0

func (in *LDAPAuthEngineConfigStatus) DeepCopy() *LDAPAuthEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineConfigStatus.

func (*LDAPAuthEngineConfigStatus) DeepCopyInto ¶ added in v0.5.0

func (in *LDAPAuthEngineConfigStatus) DeepCopyInto(out *LDAPAuthEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPAuthEngineGroup ¶ added in v0.5.1

type LDAPAuthEngineGroup struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   LDAPAuthEngineGroupSpec   `json:"spec,omitempty"`
	Status LDAPAuthEngineGroupStatus `json:"status,omitempty"`
}

LDAPAuthEngineGroup is the Schema for the ldapauthenginegroups API

func (*LDAPAuthEngineGroup) DeepCopy ¶ added in v0.5.1

func (in *LDAPAuthEngineGroup) DeepCopy() *LDAPAuthEngineGroup

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineGroup.

func (*LDAPAuthEngineGroup) DeepCopyInto ¶ added in v0.5.1

func (in *LDAPAuthEngineGroup) DeepCopyInto(out *LDAPAuthEngineGroup)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPAuthEngineGroup) DeepCopyObject ¶ added in v0.5.1

func (in *LDAPAuthEngineGroup) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*LDAPAuthEngineGroup) Default ¶ added in v0.5.1

func (r *LDAPAuthEngineGroup) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*LDAPAuthEngineGroup) GetConditions ¶ added in v0.5.1

func (m *LDAPAuthEngineGroup) GetConditions() []metav1.Condition

func (*LDAPAuthEngineGroup) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *LDAPAuthEngineGroup) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*LDAPAuthEngineGroup) GetPath ¶ added in v0.5.1

func (d *LDAPAuthEngineGroup) GetPath() string

func (*LDAPAuthEngineGroup) GetPayload ¶ added in v0.5.1

func (d *LDAPAuthEngineGroup) GetPayload() map[string]interface{}

func (*LDAPAuthEngineGroup) GetVaultConnection ¶ added in v0.8.9

func (d *LDAPAuthEngineGroup) GetVaultConnection() *vaultutils.VaultConnection

func (*LDAPAuthEngineGroup) IsEquivalentToDesiredState ¶ added in v0.5.1

func (d *LDAPAuthEngineGroup) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*LDAPAuthEngineGroup) IsInitialized ¶ added in v0.5.1

func (d *LDAPAuthEngineGroup) IsInitialized() bool

func (*LDAPAuthEngineGroup) IsValid ¶ added in v0.5.1

func (r *LDAPAuthEngineGroup) IsValid() (bool, error)

func (*LDAPAuthEngineGroup) PrepareInternalValues ¶ added in v0.5.1

func (d *LDAPAuthEngineGroup) PrepareInternalValues(context context.Context, object client.Object) error

func (*LDAPAuthEngineGroup) PrepareTLSConfig ¶ added in v0.8.24

func (d *LDAPAuthEngineGroup) PrepareTLSConfig(context context.Context, object client.Object) error

func (*LDAPAuthEngineGroup) SetConditions ¶ added in v0.5.1

func (m *LDAPAuthEngineGroup) SetConditions(conditions []metav1.Condition)

func (*LDAPAuthEngineGroup) SetupWebhookWithManager ¶ added in v0.5.1

func (r *LDAPAuthEngineGroup) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*LDAPAuthEngineGroup) ValidateCreate ¶ added in v0.5.1

func (r *LDAPAuthEngineGroup) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*LDAPAuthEngineGroup) ValidateDelete ¶ added in v0.5.1

func (r *LDAPAuthEngineGroup) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*LDAPAuthEngineGroup) ValidateUpdate ¶ added in v0.5.1

func (r *LDAPAuthEngineGroup) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type LDAPAuthEngineGroupList ¶ added in v0.5.1

type LDAPAuthEngineGroupList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []LDAPAuthEngineGroup `json:"items"`
}

LDAPAuthEngineGroupList contains a list of LDAPAuthEngineGroup

func (*LDAPAuthEngineGroupList) DeepCopy ¶ added in v0.5.1

func (in *LDAPAuthEngineGroupList) DeepCopy() *LDAPAuthEngineGroupList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineGroupList.

func (*LDAPAuthEngineGroupList) DeepCopyInto ¶ added in v0.5.1

func (in *LDAPAuthEngineGroupList) DeepCopyInto(out *LDAPAuthEngineGroupList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LDAPAuthEngineGroupList) DeepCopyObject ¶ added in v0.5.1

func (in *LDAPAuthEngineGroupList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type LDAPAuthEngineGroupSpec ¶ added in v0.5.1

type LDAPAuthEngineGroupSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuraiton to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/groups/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// The name of the LDAP group
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`

	// Comma-separated list of policies associated to the group
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	Policies string `json:"policies,omitempty"`
}

LDAPAuthEngineGroupSpec defines the desired state of LDAPAuthEngineGroup

func (*LDAPAuthEngineGroupSpec) DeepCopy ¶ added in v0.5.1

func (in *LDAPAuthEngineGroupSpec) DeepCopy() *LDAPAuthEngineGroupSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineGroupSpec.

func (*LDAPAuthEngineGroupSpec) DeepCopyInto ¶ added in v0.5.1

func (in *LDAPAuthEngineGroupSpec) DeepCopyInto(out *LDAPAuthEngineGroupSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPAuthEngineGroupStatus ¶ added in v0.5.1

type LDAPAuthEngineGroupStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

LDAPAuthEngineGroupStatus defines the observed state of LDAPAuthEngineGroup

func (*LDAPAuthEngineGroupStatus) DeepCopy ¶ added in v0.5.1

func (in *LDAPAuthEngineGroupStatus) DeepCopy() *LDAPAuthEngineGroupStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAuthEngineGroupStatus.

func (*LDAPAuthEngineGroupStatus) DeepCopyInto ¶ added in v0.5.1

func (in *LDAPAuthEngineGroupStatus) DeepCopyInto(out *LDAPAuthEngineGroupStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LDAPConfig ¶ added in v0.5.0

type LDAPConfig struct {

	// URL The LDAP server to connect to. Examples: ldap://ldap.myorg.com, ldaps://ldap.myorg.com:636.
	// Multiple URLs can be specified with commas, e.g. ldap://ldap.myorg.com,ldap://ldap2.myorg.com; these will be tried in-order.
	// +kubebuilder:validation:Required
	// +kubebuilder:default="ldap://127.0.0.1"
	URL string `json:"url"`

	// CaseSensitiveNames If set, user and group names assigned to policies within the backend will be case sensitive.
	// Otherwise, names will be normalized to lower case. Case will still be preserved when sending the username to the LDAP server at login time; this is only for matching local user/group definitions.
	// +kubebuilder:validation:Required
	// +kubebuilder:default=false
	CaseSensitiveNames bool `json:"caseSensitiveNames"`

	// RequestTimeout Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="90s"
	RequestTimeout string `json:"requestTimeout"`

	// StartTLS If true, issues a StartTLS command after establishing an unencrypted connection.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	StartTLS bool `json:"startTLS"`

	// TLSMinVersion Minimum TLS version to use. Accepted values are tls10, tls11, tls12 or tls13
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="tls12"
	TLSMinVersion string `json:"TLSMinVersion"`

	// TLSMaxVersion Maximum TLS version to use. Accepted values are tls10, tls11, tls12 or tls13
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="tls12"
	TLSMaxVersion string `json:"TLSMaxVersion"`

	// InsecureTLS If true, skips LDAP server SSL certificate verification - insecure, use with caution!
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	InsecureTLS bool `json:"insecureTLS"`

	// Certificate CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	Certificate string `json:"certificate,omitempty"`

	// ClientTLSCert Client certificate to provide to the LDAP server, must be x509 PEM encoded
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	ClientTLSCert string `json:"clientTLSCert,omitempty"`

	// ClientTLSKey Client certificate key to provide to the LDAP server, must be x509 PEM encoded
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	ClientTLSKey string `json:"clientTLSKey,omitempty"`

	// BindDN - Username used to connect to the LDAP service on the specified LDAP Server.
	// If in the form accountname@domain.com, the username is transformed into a proper LDAP bind DN, for example, CN=accountname,CN=users,DC=domain,DC=com, when accessing the LDAP server.
	// If username is provided it takes precedence over the username retrieved from the referenced secrets
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	BindDN string `json:"bindDN,omitempty"`

	// UserDN Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	UserDN string `json:"userDN,omitempty"`

	// UserAttr Attribute on user attribute object matching the username passed when authenticating. Examples: sAMAccountName, cn, uid
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="cn"
	UserAttr string `json:"userAttr"`

	// DiscoverDN Use anonymous bind to discover the bind DN of a user.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DiscoverDN bool `json:"discoverDN"`

	// DenyNullBind This option prevents users from bypassing authentication when providing an empty password
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	DenyNullBind bool `json:"denyNullBind"`

	// UPNDomain  The userPrincipalDomain used to construct the UPN string for the authenticating user.
	// The constructed UPN will appear as [username]@UPNDomain. Example: example.com, which will cause vault to bind as username@example.com
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	UPNDomain string `json:"UPNDomain,omitempty"`

	// UserFilter An optional LDAP user search filter. The template can access the following context variables: UserAttr, Username.
	// The default is ({{.UserAttr}}={{.Username}}), or ({{.UserAttr}}={{.Username@.upndomain}}) if upndomain is set.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	UserFilter string `json:"userFilter,omitempty"`

	// AnonymousGroupSearch Use anonymous binds when performing LDAP group searches (note: even when true, the initial credentials will still be used for the initial connection test).
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	AnonymousGroupSearch bool `json:"anonymousGroupSearch"`

	// GroupFilter Go template used when constructing the group membership query. The template can access the following context variables: [UserDN, Username].
	// The default is (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})), which is compatible with several common directory schemas.
	// To support nested group resolution for Active Directory, instead use the following query: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	GroupFilter string `json:"groupFilter,omitempty"`

	// GroupDN LDAP search base to use for group membership search. This can be the root containing either groups or users. Example: ou=Groups,dc=example,dc=com
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	GroupDN string `json:"groupDN,omitempty"`

	// GroupAttr LDAP attribute to follow on objects returned by groupfilter in order to enumerate user group membership.
	// Examples: for groupfilter queries returning group objects, use: cn. For queries returning user objects, use: memberOf. The default is cn.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	GroupAttr string `json:"groupAttr,omitempty"`

	// UsernameAsAlias If set to true, forces the auth method to use the username passed by the user as the alias name.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	UsernameAsAlias bool `json:"usernameAsAlias"`

	// TokenTTL The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenTTL string `json:"tokenTTL,omitempty"`

	// TokenMaxTTL The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenMaxTTL string `json:"tokenMaxTTL,omitempty"`

	// TokenPolicies List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenPolicies string `json:"tokenPolicies,omitempty"`

	// TokenBoundCIDRs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenBoundCIDRs string `json:"tokenBoundCIDRs,omitempty"`

	// TonenExplicitMaxTTL If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenExplicitMaxTTL string `json:"tokenExplicitMaxTTL,omitempty"`

	// TokenNoDefaultPolicy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy"`

	// TokenNumUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	// If you require the token to have the ability to create child tokens, you will need to set this value to 0.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenNumUses int64 `json:"tokenNumUses"`

	// TokenPeriod The period, if any, to set on the token
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=0
	TokenPeriod int64 `json:"tokenPeriod"`

	// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens).
	// For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=""
	TokenType string `json:"tokenType,omitempty"`
	// contains filtered or unexported fields
}

func (*LDAPConfig) DeepCopy ¶ added in v0.5.0

func (in *LDAPConfig) DeepCopy() *LDAPConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPConfig.

func (*LDAPConfig) DeepCopyInto ¶ added in v0.5.0

func (in *LDAPConfig) DeepCopyInto(out *LDAPConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Mount ¶

type Mount struct {
	// Type Specifies the type of the backend, such as "aws".
	// +kubebuilder:validation:Required
	Type string `json:"type,omitempty"`

	// Description Specifies the human-friendly description of the mount.
	// +kubebuilder:validation:Optional
	Description string `json:"description,omitempty"`

	// Specifies configuration options for this mount; if set on a specific mount, values will override any global defaults (e.g. the system TTL/Max TTL)
	// +kubebuilder:validation:Optional
	Config MountConfig `json:"config,omitempty"`

	// Local Specifies if the secrets engine is a local mount only. Local mounts are not replicated nor (if a secondary) removed by replication.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	Local bool `json:"local,omitempty"`

	// SealWrap Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	SealWrap bool `json:"sealWrap,omitempty"`

	// ExternalEntropyAccess Enable the secrets engine to access Vault's external entropy source.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	ExternalEntropyAccess bool `json:"externalEntropyAccess,omitempty"`

	// Options Specifies mount type specific options that are passed to the backend.
	// +kubebuilder:validation:Optional
	// +mapType=granular
	Options map[string]string `json:"options,omitempty"`
}

+k8s:openapi-gen=true

func (*Mount) DeepCopy ¶

func (in *Mount) DeepCopy() *Mount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mount.

func (*Mount) DeepCopyInto ¶

func (in *Mount) DeepCopyInto(out *Mount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MountConfig ¶

type MountConfig struct {

	// DefaultLeaseTTL  The default lease duration, specified as a string duration like "5s" or "30m".
	// +kubebuilder:validation:Optional
	DefaultLeaseTTL string `json:"defaultLeaseTTL"`

	// MaxLeaseTTL The maximum lease duration, specified as a string duration like "5s" or "30m".
	// +kubebuilder:validation:Optional
	MaxLeaseTTL string `json:"maxLeaseTTL"`

	// ForceNoCache Disable caching.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	ForceNoCache bool `json:"forceNoCache"`

	// AuditNonHMACRequestKeys list of keys that will not be HMAC'd by audit devices in the request data object.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AuditNonHMACRequestKeys []string `json:"auditNonHMACRequestKeys,omitempty"`

	// AuditNonHMACResponseKeys list of keys that will not be HMAC'd by audit devices in the response data object.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AuditNonHMACResponseKeys []string `json:"auditNonHMACResponseKeys,omitempty"`

	// ListingVisibility Specifies whether to show this mount in the UI-specific listing endpoint. Valid values are "unauth" or "hidden". If not set, behaves like "hidden"
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"unauth","hidden"}
	// +kubebuilder:default:="hidden"
	ListingVisibility string `json:"listingVisibility,omitempty"`

	// PassthroughRequestHeaders list of headers to whitelist and pass from the request to the plugin.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	PassthroughRequestHeaders []string `json:"passthroughRequestHeaders,omitempty"`

	// AllowedResponseHeaders list of headers to whitelist, allowing a plugin to include them in the response.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedResponseHeaders []string `json:"allowedResponseHeaders,omitempty"`
}

+k8s:openapi-gen=true

func (*MountConfig) DeepCopy ¶

func (in *MountConfig) DeepCopy() *MountConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MountConfig.

func (*MountConfig) DeepCopyInto ¶

func (in *MountConfig) DeepCopyInto(out *MountConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamespaceType ¶ added in v0.4.0

type NamespaceType string

type PKICommon ¶ added in v0.3.0

type PKICommon struct {

	// Specifies the requested CN for the certificate.
	// +kubebuilder:validation:Required
	CommonName string `json:"commonName,omitempty"`

	// Specifies the requested Subject Alternative Names, in a comma-delimited list. These can be host names or email addresses; they will be parsed into their respective fields.
	// +kubebuilder:validation:Optional
	AltNames string `json:"altNames,omitempty"`

	// Specifies the requested IP Subject Alternative Names, in a comma-delimited list.
	// +kubebuilder:validation:Optional
	IPSans string `json:"IPSans,omitempty"`

	// Specifies the requested URI Subject Alternative Names, in a comma-delimited list.
	// +kubebuilder:validation:Optional
	URISans string `json:"URISans,omitempty"`

	// Specifies custom OID/UTF8-string SANs. These must match values specified on the role in allowed_other_sans (see role creation for allowed_other_sans globbing rules). The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8. This can be a comma-delimited list or a JSON string slice.
	// +kubebuilder:validation:Optional
	OtherSans string `json:"otherSans,omitempty"`

	// Specifies the requested Time To Live (after which the certificate will be expired). This cannot be larger than the engine's max (or, if not set, the system max).
	// +kubebuilder:validation:Optional
	TTL metav1.Duration `json:"TTL,omitempty"`

	// Specifies the format for returned data. Can be pem, der, or pem_bundle. If der, the output is base64 encoded. If pem_bundle, the certificate field will contain the private key (if exported) and certificate, concatenated; if the issuing CA is not a Vault-derived self-signed root, this will be included as well.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"pem","pem_bundle", "der"}
	// +kubebuilder:default="pem"
	Format string `json:"format,omitempty"`

	// Specifies the format for marshaling the private key. Defaults to der which will return either base64-encoded DER or PEM-encoded DER, depending on the value of format. The other option is pkcs8 which will return the key marshalled as PEM-encoded PKCS8.
	// +kubebuilder:validation:Optional
	PrivateKeyFormat string `json:"privateKeyFormat,omitempty"`

	// Specifies the desired key type; must be rsa or ec.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"rsa","ec"}
	// +kubebuilder:default="rsa"
	KeyType string `json:"keyType,omitempty"`

	// Specifies the number of bits to use. This must be changed to a valid value if the key_type is ec, e.g., 224, 256, 384 or 521.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=2048
	KeyBits int `json:"keyBits,omitempty"`

	// Specifies the maximum path length to encode in the generated certificate. -1 means no limit. Unless the signing certificate has a maximum path length set, in which case the path length is set to one less than that of the signing certificate. A limit of 0 means a literal path length of zero.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=-1
	MaxPathLength int `json:"maxPathLength,omitempty"`

	// If set, the given common_name will not be included in DNS or Email Subject Alternate Names (as appropriate). Useful if the CN is not a hostname or email address, but is instead some human-readable identifier.
	// +kubebuilder:validation:Optional
	ExcludeCnFromSans bool `json:"excludeCnFromSans,omitempty"`

	// A comma separated string (or, string array) containing DNS domains for which certificates are allowed to be issued or signed by this CA certificate. Note that subdomains are allowed, as per RFC.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	PermittedDnsDomains []string `json:"permittedDnsDomains,omitempty"`

	// Specifies the OU (OrganizationalUnit) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	OU string `json:"ou,omitempty"`

	// Specifies the O (Organization) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Organization string `json:"organization,omitempty"`

	// Specifies the C (Country) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Country string `json:"country,omitempty"`

	// Specifies the L (Locality) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Locality string `json:"locality,omitempty"`

	// Specifies the ST (Province) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Province string `json:"province,omitempty"`

	// Specifies the Street Address values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	StreetAddress string `json:"streetAddress,omitempty"`

	// Specifies the Postal Code values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	PostalCode string `json:"postalCode,omitempty"`

	// Specifies the Serial Number, if any. Otherwise Vault will generate a random serial for you. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5.
	// +kubebuilder:validation:Optional
	SerialNumber string `json:"serialNumber,omitempty"`
}

func (*PKICommon) DeepCopy ¶ added in v0.3.0

func (in *PKICommon) DeepCopy() *PKICommon

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICommon.

func (*PKICommon) DeepCopyInto ¶ added in v0.3.0

func (in *PKICommon) DeepCopyInto(out *PKICommon)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIConfig ¶ added in v0.3.0

type PKIConfig struct {
	// +kubebuilder:validation:Optional
	PKIConfigUrls `json:",inline"`
	// +kubebuilder:validation:Optional
	PKIConfigCRL `json:",inline"`
}

func (*PKIConfig) DeepCopy ¶ added in v0.3.0

func (in *PKIConfig) DeepCopy() *PKIConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIConfig.

func (*PKIConfig) DeepCopyInto ¶ added in v0.3.0

func (in *PKIConfig) DeepCopyInto(out *PKIConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIConfigCRL ¶ added in v0.3.0

type PKIConfigCRL struct {
	// Specifies the time until expiration.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="72h"
	CRLExpiry metav1.Duration `json:"CRLExpiry,omitempty"`

	// Disables or enables CRL building.
	// +kubebuilder:validation:Optional
	CRLDisable bool `json:"CRLDisable,omitempty"`
}

func (*PKIConfigCRL) DeepCopy ¶ added in v0.3.0

func (in *PKIConfigCRL) DeepCopy() *PKIConfigCRL

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIConfigCRL.

func (*PKIConfigCRL) DeepCopyInto ¶ added in v0.3.0

func (in *PKIConfigCRL) DeepCopyInto(out *PKIConfigCRL)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIConfigUrls ¶ added in v0.3.0

type PKIConfigUrls struct {
	// Specifies the URL values for the Issuing Certificate field. This can be an array or a comma-separated string list.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	IssuingCertificates []string `json:"issuingCertificates,omitempty"`

	// Specifies the URL values for the CRL Distribution Points field. This can be an array or a comma-separated string list.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	CRLDistributionPoints []string `json:"CRLDistributionPoints,omitempty"`

	// Specifies the URL values for the OCSP Servers field. This can be an array or a comma-separated string list.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	OcspServers []string `json:"ocspServers,omitempty"`
}

func (*PKIConfigUrls) DeepCopy ¶ added in v0.3.0

func (in *PKIConfigUrls) DeepCopy() *PKIConfigUrls

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIConfigUrls.

func (*PKIConfigUrls) DeepCopyInto ¶ added in v0.3.0

func (in *PKIConfigUrls) DeepCopyInto(out *PKIConfigUrls)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIIntermediate ¶ added in v0.3.0

type PKIIntermediate struct {
	// ExternalSignSecret retrieves the signed intermediate certificate from a Kubernetes secret. Allows submitting the signed CA certificate corresponding to a private key generated.
	// +kubebuilder:validation:Optional
	ExternalSignSecret *corev1.LocalObjectReference `json:"externalSignSecret,omitempty"`

	// CertificateKey key to be used when retrieving the signed certificate
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="tls.crt"
	CertificateKey string `json:"certificateKey,omitempty"`

	// Use the configured refered Vault PKISecretEngineConfig to issue a certificate with appropriate values for acting as an intermediate CA.
	// +kubebuilder:validation:Optional
	InternalSign *corev1.LocalObjectReference `json:"internalSign,omitempty"`
	// contains filtered or unexported fields
}

func (*PKIIntermediate) DeepCopy ¶ added in v0.3.0

func (in *PKIIntermediate) DeepCopy() *PKIIntermediate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIIntermediate.

func (*PKIIntermediate) DeepCopyInto ¶ added in v0.3.0

func (in *PKIIntermediate) DeepCopyInto(out *PKIIntermediate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIRole ¶ added in v0.3.0

type PKIRole struct {

	// Specifies the Time To Live value provided as a string duration with time suffix. Hour is the largest suffix. If not set, uses the system default value or the value of max_ttl, whichever is shorter.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	TTL metav1.Duration `json:"TTL,omitempty"`

	// Specifies the maximum Time To Live provided as a string duration with time suffix. Hour is the largest suffix. If not set, defaults to the system maximum lease TTL.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="0s"
	MaxTTL metav1.Duration `json:"maxTTL,omitempty"`

	// +kubebuilder:validation:Optional
	AllowLocalhost bool `json:"allowLocalhost,omitempty"`

	// Specifies the domains of the role. This is used with the allow_bare_domains and allow_subdomains options.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedDomains []string `json:"allowedDomains,omitempty"`

	// When set, allowed_domains may contain templates, as with ACL Path Templating.
	// +kubebuilder:validation:Optional
	AllowedDomainsTemplate bool `json:"allowedDomainsTemplate,omitempty"`

	// Specifies if clients can request certificates matching the value of the actual domains themselves; e.g. if a configured domain set with allowed_domains is example.com, this allows clients to actually request a certificate containing the name example.com as one of the DNS values on the final certificate. In some scenarios, this can be considered a security risk.
	// +kubebuilder:validation:Optional
	AllowBareDomains bool `json:"allowBareDomains,omitempty"`

	// Specifies if clients can request certificates with CNs that are subdomains of the CNs allowed by the other role options. This includes wildcard subdomains. For example, an allowed_domains value of example.com with this option set to true will allow foo.example.com and bar.example.com as well as *.example.com. This is redundant when using the allow_any_name option.
	// +kubebuilder:validation:Optional
	AllowSubdomains bool `json:"allowSubdomains,omitempty"`

	// Allows names specified in allowed_domains to contain glob patterns (e.g. ftp*.example.com). Clients will be allowed to request certificates with names matching the glob patterns.
	// +kubebuilder:validation:Optional
	AllowGlobDomains bool `json:"allowGlobDomains,omitempty"`

	// Specifies if clients can request any CN. Useful in some circumstances, but make sure you understand whether it is appropriate for your installation before enabling it.
	// +kubebuilder:validation:Optional
	AllowAnyName bool `json:"allowAnyName,omitempty"`

	// Specifies if only valid host names are allowed for CNs, DNS SANs, and the host part of email addresses.
	// +kubebuilder:validation:Optional
	EnforceHostnames bool `json:"enforceHostnames,omitempty"`

	// Specifies if clients can request IP Subject Alternative Names. No authorization checking is performed except to verify that the given values are valid IP addresses.
	// +kubebuilder:validation:Optional
	AllowIPSans bool `json:"allowIPSans,omitempty"`

	// Defines allowed URI Subject Alternative Names. No authorization checking is performed except to verify that the given values are valid URIs. This can be a comma-delimited list or a JSON string slice. Values can contain glob patterns (e.g. spiffe://hostname/*).
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	AllowedURISans []string `json:"allowedURISans,omitempty"`

	// Defines allowed custom OID/UTF8-string SANs. This can be a comma-delimited list or a JSON string slice, where each element has the same format as OpenSSL: <oid>;<type>:<value>, but the only valid type is UTF8 or UTF-8. The value part of an element may be a * to allow any value with that OID. Alternatively, specifying a single * will allow any other_sans input.
	// +kubebuilder:validation:Optional
	AllowedOtherSans string `json:"allowedOtherSans,omitempty"`

	// Specifies if certificates are flagged for server use.
	// +kubebuilder:validation:Optional
	ServerFlag bool `json:"serverFlag,omitempty"`

	// Specifies if certificates are flagged for client use.
	// +kubebuilder:validation:Optional
	ClientFlag bool `json:"clientFlag,omitempty"`

	// Specifies if certificates are flagged for code signing use.
	// +kubebuilder:validation:Optional
	CodeSigningFlag bool `json:"codeSigningFlag,omitempty"`

	// Specifies if certificates are flagged for email protection use.
	// +kubebuilder:validation:Optional
	EmailProtectionFlag bool `json:"emailProtectionFlag,omitempty"`

	// Specifies the type of key to generate for generated private keys and the type of key expected for submitted CSRs. Currently, rsa and ec are supported, or when signing CSRs any can be specified to allow keys of either type and with any bit size (subject to > 1024 bits for RSA keys).
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"rsa","ec"}
	// +kubebuilder:default="rsa"
	KeyType string `json:"keyType,omitempty"`

	// Specifies the number of bits to use for the generated keys. This will need to be changed for ec keys, e.g., 224, 256, 384 or 521.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=2048
	KeyBits int `json:"keyBits,omitempty"`

	// Specifies the allowed key usage constraint on issued certificates. Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage - simply drop the KeyUsage part of the value. Values are not case-sensitive. To specify no key usage constraints, set this to an empty list.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:=DigitalSignature;KeyAgreement;KeyEncipherment;ContentCommitment;DataEncipherment;CertSign;CRLSign;EncipherOnly;DecipherOnly
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	KeyUsage []string `json:"keyUsage,omitempty"`

	// Specifies the allowed extended key usage constraint on issued certificates. Valid values can be found at https://golang.org/pkg/crypto/x509/#ExtKeyUsage - simply drop the ExtKeyUsage part of the value. Values are not case-sensitive. To specify no key usage constraints, set this to an empty list.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:=ServerAuth;ClientAuth;CodeSigning;EmailProtection;IPSECEndSystem;IPSECTunnel;IPSECUser;TimeStamping;OCSPSigning;MicrosoftServerGatedCrypto;NetscapeServerGatedCrypto;MicrosoftCommercialCodeSigning;MicrosoftKernelCodeSigning
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	ExtKeyUsage []string `json:"extKeyUsage,omitempty"`

	// A comma-separated string or list of extended key usage oids.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	ExtKeyUsageOids []string `json:"extKeyUsageOids,omitempty"`

	// When used with the CSR signing endpoint, the common name in the CSR will be used instead of taken from the JSON data. This does not include any requested SANs in the CSR; use use_csr_sans for that.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	UseCSRCommonName bool `json:"useCSRCommonName,omitempty"`

	// When used with the CSR signing endpoint, the subject alternate names in the CSR will be used instead of taken from the JSON data. This does not include the common name in the CSR; use use_csr_common_name for that.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=true
	UseCSRSans bool `json:"useCSRSans,omitempty"`

	// Specifies the OU (OrganizationalUnit) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	OU string `json:"ou,omitempty"`

	// Specifies the O (Organization) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Organization string `json:"organization,omitempty"`

	// Specifies the C (Country) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Country string `json:"country,omitempty"`

	// Specifies the L (Locality) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Locality string `json:"locality,omitempty"`

	// Specifies the ST (Province) values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	Province string `json:"province,omitempty"`

	// Specifies the Street Address values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	StreetAddress string `json:"streetAddress,omitempty"`

	// Specifies the Postal Code values in the subject field of issued certificates. This is a comma-separated string or JSON array.
	// +kubebuilder:validation:Optional
	PostalCode string `json:"postalCode,omitempty"`

	// Specifies the Serial Number, if any. Otherwise Vault will generate a random serial for you. If you want more than one, specify alternative names in the alt_names map using OID 2.5.4.5.
	// +kubebuilder:validation:Optional
	SerialNumber string `json:"serialNumber,omitempty"`

	// Specifies if certificates issued/signed against this role will have Vault leases attached to them. Certificates can be added to the CRL by vault revoke <lease_id> when certificates are associated with leases. It can also be done using the pki/revoke endpoint. However, when lease generation is disabled, invoking pki/revoke would be the only way to add the certificates to the CRL.
	// +kubebuilder:validation:Optional
	GenerateLease bool `json:"generateLease,omitempty"`

	// If set, certificates issued/signed against this role will not be stored in the storage backend. This can improve performance when issuing large numbers of certificates. However, certificates issued in this way cannot be enumerated or revoked, so this option is recommended only for certificates that are non-sensitive, or extremely short-lived. This option implies a value of false for generate_lease.
	// +kubebuilder:validation:Optional
	NoStore bool `json:"noStore,omitempty"`

	// If set to false, makes the common_name field optional while generating a certificate.
	// +kubebuilder:validation:Optional
	RequireCn bool `json:"requireCn,omitempty"`

	// A comma-separated string or list of policy OIDs.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	PolicyIdentifiers []string `json:"policyIdentifiers,omitempty"`

	// Mark Basic Constraints valid when issuing non-CA certificates.
	// +kubebuilder:validation:Optional
	BasicConstraintsValidForNonCa bool `json:"basicConstraintsValidForNonCa,omitempty"`

	// Specifies the duration by which to backdate the NotBefore property.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default="30s"
	NotBeforeDuration metav1.Duration `json:"notBeforeDuration,omitempty"`
}

func (*PKIRole) DeepCopy ¶ added in v0.3.0

func (in *PKIRole) DeepCopy() *PKIRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIRole.

func (*PKIRole) DeepCopyInto ¶ added in v0.3.0

func (in *PKIRole) DeepCopyInto(out *PKIRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKISecretEngineConfig ¶ added in v0.3.0

type PKISecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PKISecretEngineConfigSpec   `json:"spec,omitempty"`
	Status PKISecretEngineConfigStatus `json:"status,omitempty"`
}

PKISecretEngineConfig is the Schema for the pkisecretengineconfigs API

func (*PKISecretEngineConfig) CreateExported ¶ added in v0.3.0

func (p *PKISecretEngineConfig) CreateExported(context context.Context, secret *vault.Secret) (bool, error)

func (*PKISecretEngineConfig) DeepCopy ¶ added in v0.3.0

func (in *PKISecretEngineConfig) DeepCopy() *PKISecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineConfig.

func (*PKISecretEngineConfig) DeepCopyInto ¶ added in v0.3.0

func (in *PKISecretEngineConfig) DeepCopyInto(out *PKISecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PKISecretEngineConfig) DeepCopyObject ¶ added in v0.3.0

func (in *PKISecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PKISecretEngineConfig) Default ¶ added in v0.3.0

func (r *PKISecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*PKISecretEngineConfig) GetConditions ¶ added in v0.3.0

func (m *PKISecretEngineConfig) GetConditions() []metav1.Condition

func (*PKISecretEngineConfig) GetConfigCrlPath ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetConfigCrlPath() string

func (*PKISecretEngineConfig) GetConfigCrlPayload ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetConfigCrlPayload() map[string]interface{}

func (*PKISecretEngineConfig) GetConfigUrlsPath ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetConfigUrlsPath() string

func (*PKISecretEngineConfig) GetConfigUrlsPayload ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetConfigUrlsPayload() map[string]interface{}

func (*PKISecretEngineConfig) GetDeletePath ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetDeletePath() string

func (*PKISecretEngineConfig) GetExportedPayload ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetExportedPayload(data map[string]interface{}) map[string]string

func (*PKISecretEngineConfig) GetGeneratePath ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetGeneratePath() string

func (*PKISecretEngineConfig) GetGeneratedStatus ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetGeneratedStatus() bool

func (*PKISecretEngineConfig) GetIntermediateSetSignedPath ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetIntermediateSetSignedPath() string

func (*PKISecretEngineConfig) GetIntermediateSetSignedPayload ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetIntermediateSetSignedPayload() map[string]interface{}

func (*PKISecretEngineConfig) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *PKISecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*PKISecretEngineConfig) GetPath ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetPath() string

func (*PKISecretEngineConfig) GetPayload ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetPayload() map[string]interface{}

func (*PKISecretEngineConfig) GetSignIntermediatePath ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetSignIntermediatePath() string

func (*PKISecretEngineConfig) GetSignIntermediatePayload ¶ added in v0.3.0

func (p *PKISecretEngineConfig) GetSignIntermediatePayload() map[string]interface{}

func (*PKISecretEngineConfig) GetSignedStatus ¶ added in v0.5.0

func (p *PKISecretEngineConfig) GetSignedStatus() bool

func (*PKISecretEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *PKISecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*PKISecretEngineConfig) IsEquivalentToDesiredState ¶ added in v0.3.0

func (p *PKISecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*PKISecretEngineConfig) IsInitialized ¶ added in v0.3.0

func (p *PKISecretEngineConfig) IsInitialized() bool

func (*PKISecretEngineConfig) IsValid ¶ added in v0.3.0

func (p *PKISecretEngineConfig) IsValid() (bool, error)

func (*PKISecretEngineConfig) PrepareInternalValues ¶ added in v0.3.0

func (p *PKISecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*PKISecretEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (p *PKISecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*PKISecretEngineConfig) SetConditions ¶ added in v0.3.0

func (m *PKISecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*PKISecretEngineConfig) SetExportedStatus ¶ added in v0.3.0

func (p *PKISecretEngineConfig) SetExportedStatus(status bool)

func (*PKISecretEngineConfig) SetGeneratedStatus ¶ added in v0.3.0

func (p *PKISecretEngineConfig) SetGeneratedStatus(status bool)

func (*PKISecretEngineConfig) SetIntermediate ¶ added in v0.3.0

func (p *PKISecretEngineConfig) SetIntermediate(context context.Context) error

func (*PKISecretEngineConfig) SetSignedStatus ¶ added in v0.5.0

func (p *PKISecretEngineConfig) SetSignedStatus(status bool)

func (*PKISecretEngineConfig) SetupWebhookWithManager ¶ added in v0.3.0

func (r *PKISecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*PKISecretEngineConfig) ValidateCreate ¶ added in v0.3.0

func (r *PKISecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*PKISecretEngineConfig) ValidateDelete ¶ added in v0.3.0

func (r *PKISecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*PKISecretEngineConfig) ValidateUpdate ¶ added in v0.3.0

func (r *PKISecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PKISecretEngineConfigList ¶ added in v0.3.0

type PKISecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PKISecretEngineConfig `json:"items"`
}

PKISecretEngineConfigList contains a list of PKISecretEngineConfig

func (*PKISecretEngineConfigList) DeepCopy ¶ added in v0.3.0

func (in *PKISecretEngineConfigList) DeepCopy() *PKISecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineConfigList.

func (*PKISecretEngineConfigList) DeepCopyInto ¶ added in v0.3.0

func (in *PKISecretEngineConfigList) DeepCopyInto(out *PKISecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PKISecretEngineConfigList) DeepCopyObject ¶ added in v0.3.0

func (in *PKISecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PKISecretEngineConfigSpec ¶ added in v0.3.0

type PKISecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	PKIType `json:",inline"`

	PKICommon `json:",inline"`

	PKIConfig `json:",inline"`

	PKIIntermediate `json:",inline"`
}

PKISecretEngineConfigSpec defines the desired state of PKISecretEngineConfig

func (*PKISecretEngineConfigSpec) DeepCopy ¶ added in v0.3.0

func (in *PKISecretEngineConfigSpec) DeepCopy() *PKISecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineConfigSpec.

func (*PKISecretEngineConfigSpec) DeepCopyInto ¶ added in v0.3.0

func (in *PKISecretEngineConfigSpec) DeepCopyInto(out *PKISecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKISecretEngineConfigStatus ¶ added in v0.3.0

type PKISecretEngineConfigStatus struct {
	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
	// Important: Run "make" to regenerate code after modifying this file
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	// +kubebuilder:validation:Optional
	Generated bool `json:"generated,omitempty"`

	// +kubebuilder:validation:Optional
	Exported bool `json:"exported,omitempty"`

	// +kubebuilder:validation:Optional
	Signed bool `json:"signed,omitempty"`
}

PKISecretEngineConfigStatus defines the observed state of PKISecretEngineConfig

func (*PKISecretEngineConfigStatus) DeepCopy ¶ added in v0.3.0

func (in *PKISecretEngineConfigStatus) DeepCopy() *PKISecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineConfigStatus.

func (*PKISecretEngineConfigStatus) DeepCopyInto ¶ added in v0.3.0

func (in *PKISecretEngineConfigStatus) DeepCopyInto(out *PKISecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKISecretEngineRole ¶ added in v0.3.0

type PKISecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PKISecretEngineRoleSpec   `json:"spec,omitempty"`
	Status PKISecretEngineRoleStatus `json:"status,omitempty"`
}

PKISecretEngineRole is the Schema for the pkisecretengineroles API

func (*PKISecretEngineRole) DeepCopy ¶ added in v0.3.0

func (in *PKISecretEngineRole) DeepCopy() *PKISecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineRole.

func (*PKISecretEngineRole) DeepCopyInto ¶ added in v0.3.0

func (in *PKISecretEngineRole) DeepCopyInto(out *PKISecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PKISecretEngineRole) DeepCopyObject ¶ added in v0.3.0

func (in *PKISecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PKISecretEngineRole) Default ¶ added in v0.3.0

func (r *PKISecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*PKISecretEngineRole) GetConditions ¶ added in v0.3.0

func (m *PKISecretEngineRole) GetConditions() []metav1.Condition

func (*PKISecretEngineRole) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *PKISecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*PKISecretEngineRole) GetPath ¶ added in v0.3.0

func (d *PKISecretEngineRole) GetPath() string

func (*PKISecretEngineRole) GetPayload ¶ added in v0.3.0

func (d *PKISecretEngineRole) GetPayload() map[string]interface{}

func (*PKISecretEngineRole) GetVaultConnection ¶ added in v0.8.9

func (d *PKISecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*PKISecretEngineRole) IsEquivalentToDesiredState ¶ added in v0.3.0

func (d *PKISecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*PKISecretEngineRole) IsInitialized ¶ added in v0.3.0

func (d *PKISecretEngineRole) IsInitialized() bool

func (*PKISecretEngineRole) IsValid ¶ added in v0.3.0

func (r *PKISecretEngineRole) IsValid() (bool, error)

func (*PKISecretEngineRole) PrepareInternalValues ¶ added in v0.3.0

func (d *PKISecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*PKISecretEngineRole) PrepareTLSConfig ¶ added in v0.8.24

func (p *PKISecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*PKISecretEngineRole) SetConditions ¶ added in v0.3.0

func (m *PKISecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*PKISecretEngineRole) SetupWebhookWithManager ¶ added in v0.3.0

func (r *PKISecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*PKISecretEngineRole) ValidateCreate ¶ added in v0.3.0

func (r *PKISecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*PKISecretEngineRole) ValidateDelete ¶ added in v0.3.0

func (r *PKISecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*PKISecretEngineRole) ValidateUpdate ¶ added in v0.3.0

func (r *PKISecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PKISecretEngineRoleList ¶ added in v0.3.0

type PKISecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PKISecretEngineRole `json:"items"`
}

PKISecretEngineRoleList contains a list of PKISecretEngineRole

func (*PKISecretEngineRoleList) DeepCopy ¶ added in v0.3.0

func (in *PKISecretEngineRoleList) DeepCopy() *PKISecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineRoleList.

func (*PKISecretEngineRoleList) DeepCopyInto ¶ added in v0.3.0

func (in *PKISecretEngineRoleList) DeepCopyInto(out *PKISecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PKISecretEngineRoleList) DeepCopyObject ¶ added in v0.3.0

func (in *PKISecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PKISecretEngineRoleSpec ¶ added in v0.3.0

type PKISecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the role.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	PKIRole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

PKISecretEngineRoleSpec defines the desired state of PKISecretEngineRole

func (*PKISecretEngineRoleSpec) DeepCopy ¶ added in v0.3.0

func (in *PKISecretEngineRoleSpec) DeepCopy() *PKISecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineRoleSpec.

func (*PKISecretEngineRoleSpec) DeepCopyInto ¶ added in v0.3.0

func (in *PKISecretEngineRoleSpec) DeepCopyInto(out *PKISecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKISecretEngineRoleStatus ¶ added in v0.3.0

type PKISecretEngineRoleStatus struct {
	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
	// Important: Run "make" to regenerate code after modifying this file
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

PKISecretEngineRoleStatus defines the observed state of PKISecretEngineRole

func (*PKISecretEngineRoleStatus) DeepCopy ¶ added in v0.3.0

func (in *PKISecretEngineRoleStatus) DeepCopy() *PKISecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISecretEngineRoleStatus.

func (*PKISecretEngineRoleStatus) DeepCopyInto ¶ added in v0.3.0

func (in *PKISecretEngineRoleStatus) DeepCopyInto(out *PKISecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PKIType ¶ added in v0.3.0

type PKIType struct {
	// Specifies the type of certificate authority. Root CA or Intermediate CA. This is part of the request URL.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:={"root","intermediate"}
	// +kubebuilder:default="root"
	Type string `json:"type,omitempty"`

	// Specifies the type of the root to create. If exported, the private key will be returned in the response; if internal the private key will not be returned and cannot be retrieved later. This is part of the request URL.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum:={"internal","exported"}
	// +kubebuilder:default="internal"
	PrivateKeyType string `json:"privateKeyType,omitempty"`
}

func (*PKIType) DeepCopy ¶ added in v0.3.0

func (in *PKIType) DeepCopy() *PKIType

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIType.

func (*PKIType) DeepCopyInto ¶ added in v0.3.0

func (in *PKIType) DeepCopyInto(out *PKIType)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordCredentialConfig ¶ added in v0.8.3

type PasswordCredentialConfig struct {
	// PasswordPolicy The policy used for password generation. If not provided, defaults to the password policy of the database configuration
	// +kubebuilder:validation:Optional
	PasswordPolicy string `json:"passwordPolicy,omitempty"`
}

func (*PasswordCredentialConfig) DeepCopy ¶ added in v0.8.4

func (in *PasswordCredentialConfig) DeepCopy() *PasswordCredentialConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordCredentialConfig.

func (*PasswordCredentialConfig) DeepCopyInto ¶ added in v0.8.4

func (in *PasswordCredentialConfig) DeepCopyInto(out *PasswordCredentialConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordPolicy ¶

type PasswordPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PasswordPolicySpec   `json:"spec,omitempty"`
	Status PasswordPolicyStatus `json:"status,omitempty"`
}

PasswordPolicy is the Schema for the passowordpolicies API

func (*PasswordPolicy) DeepCopy ¶

func (in *PasswordPolicy) DeepCopy() *PasswordPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicy.

func (*PasswordPolicy) DeepCopyInto ¶

func (in *PasswordPolicy) DeepCopyInto(out *PasswordPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PasswordPolicy) DeepCopyObject ¶

func (in *PasswordPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PasswordPolicy) Default ¶

func (r *PasswordPolicy) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*PasswordPolicy) GetConditions ¶

func (m *PasswordPolicy) GetConditions() []metav1.Condition

func (*PasswordPolicy) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *PasswordPolicy) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*PasswordPolicy) GetPath ¶

func (d *PasswordPolicy) GetPath() string

func (*PasswordPolicy) GetPayload ¶

func (d *PasswordPolicy) GetPayload() map[string]interface{}

func (*PasswordPolicy) GetVaultConnection ¶ added in v0.8.9

func (d *PasswordPolicy) GetVaultConnection() *vaultutils.VaultConnection

func (*PasswordPolicy) IsEquivalentToDesiredState ¶

func (d *PasswordPolicy) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*PasswordPolicy) IsInitialized ¶

func (d *PasswordPolicy) IsInitialized() bool

func (*PasswordPolicy) IsValid ¶

func (r *PasswordPolicy) IsValid() (bool, error)

func (*PasswordPolicy) PrepareInternalValues ¶

func (d *PasswordPolicy) PrepareInternalValues(context context.Context, object client.Object) error

func (*PasswordPolicy) PrepareTLSConfig ¶ added in v0.8.24

func (d *PasswordPolicy) PrepareTLSConfig(context context.Context, object client.Object) error

func (*PasswordPolicy) SetConditions ¶

func (m *PasswordPolicy) SetConditions(conditions []metav1.Condition)

func (*PasswordPolicy) SetupWebhookWithManager ¶

func (r *PasswordPolicy) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*PasswordPolicy) ValidateCreate ¶

func (r *PasswordPolicy) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*PasswordPolicy) ValidateDelete ¶

func (r *PasswordPolicy) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*PasswordPolicy) ValidateUpdate ¶

func (r *PasswordPolicy) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PasswordPolicyFormat ¶

type PasswordPolicyFormat struct {
	Length int                  `hcl:"length"`
	Rules  []PasswordPolicyRule `hcl:"rule,block"`
}

func (*PasswordPolicyFormat) DeepCopy ¶

func (in *PasswordPolicyFormat) DeepCopy() *PasswordPolicyFormat

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicyFormat.

func (*PasswordPolicyFormat) DeepCopyInto ¶

func (in *PasswordPolicyFormat) DeepCopyInto(out *PasswordPolicyFormat)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordPolicyList ¶

type PasswordPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PasswordPolicy `json:"items"`
}

PasswordPolicyList contains a list of PasswordPolicy

func (*PasswordPolicyList) DeepCopy ¶

func (in *PasswordPolicyList) DeepCopy() *PasswordPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicyList.

func (*PasswordPolicyList) DeepCopyInto ¶

func (in *PasswordPolicyList) DeepCopyInto(out *PasswordPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PasswordPolicyList) DeepCopyObject ¶

func (in *PasswordPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PasswordPolicyRule ¶

type PasswordPolicyRule struct {
	RuleType string `hcl:"type,label"`
	Charset  string `hcl:"charset"`
	MinChars int    `hcl:"min-chars"`
}

func (*PasswordPolicyRule) DeepCopy ¶

func (in *PasswordPolicyRule) DeepCopy() *PasswordPolicyRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicyRule.

func (*PasswordPolicyRule) DeepCopyInto ¶

func (in *PasswordPolicyRule) DeepCopyInto(out *PasswordPolicyRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordPolicySpec ¶

type PasswordPolicySpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// PasswordPolicy  is a Vault password policy (https://www.vaultproject.io/docs/concepts/password-policies) expressed in HCL language.
	// +kubebuilder:validation:Required
	PasswordPolicy string `json:"passwordPolicy,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

PasswordPolicySpec defines the desired state of PasswordPolicy

func (*PasswordPolicySpec) DeepCopy ¶

func (in *PasswordPolicySpec) DeepCopy() *PasswordPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicySpec.

func (*PasswordPolicySpec) DeepCopyInto ¶

func (in *PasswordPolicySpec) DeepCopyInto(out *PasswordPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PasswordPolicyStatus ¶

type PasswordPolicyStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

PolicyStatus defines the observed state of Policy

func (*PasswordPolicyStatus) DeepCopy ¶

func (in *PasswordPolicyStatus) DeepCopy() *PasswordPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordPolicyStatus.

func (*PasswordPolicyStatus) DeepCopyInto ¶

func (in *PasswordPolicyStatus) DeepCopyInto(out *PasswordPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Permission ¶ added in v0.4.0

type Permission string

+kubebuilder:validation:Enum:={"admin","read","write"}

type PermissionSet ¶

type PermissionSet struct {

	//  InstallationID the ID of the app installation. Note the Installation ID from the URL of this page (usually: https://github.com/settings/installations/<installation id>) if you wish to configure using the installation ID directly. Only one of installationID or organizationName is required. If both are provided, installationID takes precedence.
	// +kubebuilder:validation:Optional
	InstallationID int64 `json:"installationID,omitempty"`

	// OrganizationName the name of the organization with the GitHub App installation. Only one of installationID or organizationName is required. If both are provided, installationID takes precedence.
	// +kubebuilder:validation:Optional
	OrganizationName string `json:"organizationName,omitempty"`

	// Repositories a list of the names of the repositories within the organisation that the installation token can access
	// +kubebuilder:validation:Optional
	Repositories []string `json:"repositories,omitempty"`

	// Repositories a list of the IDs of the repositories that the installation token can access. See [this StackOverflow](https://stackoverflow.com/a/47223479) post for the quickest way to find a repository ID
	// +kubebuilder:validation:Optional
	RepositoriesIDs []string `json:"repositoriesIDs,omitempty"`

	// Permissions a key value map of permission names to their access type (read or write). See [GitHub’s documentation](https://developer.github.com/v3/apps/permissions) on permission names and access types.
	// +kubebuilder:validation:Optional
	Permissions map[string]string `json:"permissions,omitempty"`
}

func (*PermissionSet) DeepCopy ¶

func (in *PermissionSet) DeepCopy() *PermissionSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PermissionSet.

func (*PermissionSet) DeepCopyInto ¶

func (in *PermissionSet) DeepCopyInto(out *PermissionSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Policy ¶

type Policy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PolicySpec   `json:"spec,omitempty"`
	Status PolicyStatus `json:"status,omitempty"`
}

Policy is the Schema for the policies API

func (*Policy) DeepCopy ¶

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto ¶

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject ¶

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Policy) Default ¶

func (r *Policy) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*Policy) GetConditions ¶

func (m *Policy) GetConditions() []metav1.Condition

func (*Policy) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *Policy) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*Policy) GetPath ¶

func (d *Policy) GetPath() string

func (*Policy) GetPayload ¶

func (d *Policy) GetPayload() map[string]interface{}

func (*Policy) GetVaultConnection ¶ added in v0.8.9

func (d *Policy) GetVaultConnection() *vaultutils.VaultConnection

func (*Policy) IsEquivalentToDesiredState ¶

func (d *Policy) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*Policy) IsInitialized ¶

func (d *Policy) IsInitialized() bool

func (*Policy) IsValid ¶

func (r *Policy) IsValid() (bool, error)

func (*Policy) PrepareInternalValues ¶

func (d *Policy) PrepareInternalValues(context context.Context, object client.Object) error

func (*Policy) PrepareTLSConfig ¶ added in v0.8.24

func (d *Policy) PrepareTLSConfig(context context.Context, object client.Object) error

func (*Policy) SetConditions ¶

func (m *Policy) SetConditions(conditions []metav1.Condition)

func (*Policy) SetupWebhookWithManager ¶

func (r *Policy) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*Policy) ValidateCreate ¶

func (r *Policy) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*Policy) ValidateDelete ¶

func (r *Policy) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*Policy) ValidateUpdate ¶

func (r *Policy) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type PolicyList ¶

type PolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Policy `json:"items"`
}

PolicyList contains a list of Policy

func (*PolicyList) DeepCopy ¶

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto ¶

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject ¶

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicySpec ¶

type PolicySpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Policy is a Vault policy expressed in HCL language.
	// +kubebuilder:validation:Required
	Policy string `json:"policy,omitempty"`

	// Type represents the policy type, currently the only supported policy type is "acl", but in the future rgp and egp  might be supported. If not specified a policy will be created at /sys/policies/<name>, if specified (the recommended approach) a policy will be created at /sys/policies/acl/<name>
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum={"acl"}
	Type string `json:"type,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

PolicySpec defines the desired state of Policy

func (*PolicySpec) DeepCopy ¶

func (in *PolicySpec) DeepCopy() *PolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.

func (*PolicySpec) DeepCopyInto ¶

func (in *PolicySpec) DeepCopyInto(out *PolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyStatus ¶

type PolicyStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

PolicyStatus defines the observed state of Policy

func (*PolicyStatus) DeepCopy ¶

func (in *PolicyStatus) DeepCopy() *PolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.

func (*PolicyStatus) DeepCopyInto ¶

func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuayBaseRole ¶ added in v0.4.0

type QuayBaseRole struct {
	// NamespaceType Type of account namespace to manage.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"organization","user"}
	// +kubebuilder:default="organization"
	NamespaceType NamespaceType `json:"namespaceType,omitempty"`

	// NamespaceName Name of the Quay account.
	// +kubebuilder:validation:Required
	NamespaceName string `json:"namespaceName,omitempty"`

	// CreateRepositories Access to create Quay repositories.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	CreateRepositories *bool `json:"createRepositories,omitempty"`

	// Teams Permissions granted to the Robot Account to Teams.
	// +kubebuilder:validation:Optional
	Teams *map[string]TeamRole `json:"teams,omitempty"`

	// Teams Permissions granted to the Robot Account to Repositories.
	// +kubebuilder:validation:Optional
	Repositories *map[string]Permission `json:"repositories,omitempty"`

	// DefaultPermission Permissions granted to the Robot Account in newly created repositories
	// +kubebuilder:validation:Optional
	DefaultPermission *Permission `json:"defaultPermission,omitempty"`
}

func (*QuayBaseRole) DeepCopy ¶ added in v0.4.0

func (in *QuayBaseRole) DeepCopy() *QuayBaseRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayBaseRole.

func (*QuayBaseRole) DeepCopyInto ¶ added in v0.4.0

func (in *QuayBaseRole) DeepCopyInto(out *QuayBaseRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuayConfig ¶ added in v0.4.0

type QuayConfig struct {

	// url Specifies the location of the Quay instance
	// +kubebuilder:validation:Required
	URL string `json:"url,omitempty"`

	// CACertertificate PEM encoded CA cert for use by the TLS client used to communicate with Quay.
	// +kubebuilder:validation:Optional
	CACertertificate string `json:"caCertificate,omitempty"`

	// DisableSslVerification Disable SSL verification when communicating with Quay.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=false
	DisableSslVerification bool `json:"disableSslVerification,omitempty"`
	// contains filtered or unexported fields
}

func (*QuayConfig) DeepCopy ¶ added in v0.4.0

func (in *QuayConfig) DeepCopy() *QuayConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayConfig.

func (*QuayConfig) DeepCopyInto ¶ added in v0.4.0

func (in *QuayConfig) DeepCopyInto(out *QuayConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuayRole ¶ added in v0.4.0

type QuayRole struct {
	QuayBaseRole `json:",inline"`

	// TTL Time-to-Live for the credential
	// +kubebuilder:validation:Optional
	TTL *metav1.Duration `json:"TTL,omitempty"`

	// MaxTTL Maximum Time-to-Live for the credential
	// +kubebuilder:validation:Optional
	MaxTTL *metav1.Duration `json:"maxTTL,omitempty"`
}

func (*QuayRole) DeepCopy ¶ added in v0.4.0

func (in *QuayRole) DeepCopy() *QuayRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayRole.

func (*QuayRole) DeepCopyInto ¶ added in v0.4.0

func (in *QuayRole) DeepCopyInto(out *QuayRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineConfig ¶ added in v0.4.0

type QuaySecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   QuaySecretEngineConfigSpec   `json:"spec,omitempty"`
	Status QuaySecretEngineConfigStatus `json:"status,omitempty"`
}

QuaySecretEngineConfig is the Schema for the quaysecretengineconfigs API

func (*QuaySecretEngineConfig) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineConfig) DeepCopy() *QuaySecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineConfig.

func (*QuaySecretEngineConfig) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineConfig) DeepCopyInto(out *QuaySecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineConfig) DeepCopyObject ¶ added in v0.4.0

func (in *QuaySecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*QuaySecretEngineConfig) Default ¶ added in v0.4.0

func (r *QuaySecretEngineConfig) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*QuaySecretEngineConfig) GetConditions ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) GetConditions() []metav1.Condition

func (*QuaySecretEngineConfig) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *QuaySecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*QuaySecretEngineConfig) GetPath ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) GetPath() string

func (*QuaySecretEngineConfig) GetPayload ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) GetPayload() map[string]interface{}

func (*QuaySecretEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *QuaySecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*QuaySecretEngineConfig) IsEquivalentToDesiredState ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*QuaySecretEngineConfig) IsInitialized ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) IsInitialized() bool

func (*QuaySecretEngineConfig) IsValid ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) IsValid() (bool, error)

func (*QuaySecretEngineConfig) PrepareInternalValues ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*QuaySecretEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (q *QuaySecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*QuaySecretEngineConfig) SetConditions ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*QuaySecretEngineConfig) SetToken ¶ added in v0.4.0

func (q *QuaySecretEngineConfig) SetToken(token string)

func (*QuaySecretEngineConfig) SetupWebhookWithManager ¶ added in v0.4.0

func (r *QuaySecretEngineConfig) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*QuaySecretEngineConfig) ValidateCreate ¶ added in v0.4.0

func (r *QuaySecretEngineConfig) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineConfig) ValidateDelete ¶ added in v0.4.0

func (r *QuaySecretEngineConfig) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineConfig) ValidateUpdate ¶ added in v0.4.0

func (r *QuaySecretEngineConfig) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type QuaySecretEngineConfigList ¶ added in v0.4.0

type QuaySecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []QuaySecretEngineConfig `json:"items"`
}

QuaySecretEngineConfigList contains a list of QuaySecretEngineConfig

func (*QuaySecretEngineConfigList) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineConfigList) DeepCopy() *QuaySecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineConfigList.

func (*QuaySecretEngineConfigList) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineConfigList) DeepCopyInto(out *QuaySecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineConfigList) DeepCopyObject ¶ added in v0.4.0

func (in *QuaySecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type QuaySecretEngineConfigSpec ¶ added in v0.4.0

type QuaySecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	QuayConfig `json:",inline"`

	// RootCredentials specifies how to retrieve the credentials for this Quay connection.
	// +kubebuilder:validation:Required
	RootCredentials vaultutils.RootCredentialConfig `json:"rootCredentials,omitempty"`
}

QuaySecretEngineConfigSpec defines the desired state of QuaySecretEngineConfig

func (*QuaySecretEngineConfigSpec) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineConfigSpec) DeepCopy() *QuaySecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineConfigSpec.

func (*QuaySecretEngineConfigSpec) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineConfigSpec) DeepCopyInto(out *QuaySecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineConfigStatus ¶ added in v0.4.0

type QuaySecretEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

QuaySecretEngineConfigStatus defines the observed state of QuaySecretEngineConfig

func (*QuaySecretEngineConfigStatus) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineConfigStatus) DeepCopy() *QuaySecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineConfigStatus.

func (*QuaySecretEngineConfigStatus) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineConfigStatus) DeepCopyInto(out *QuaySecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineRole ¶ added in v0.4.0

type QuaySecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   QuaySecretEngineRoleSpec   `json:"spec,omitempty"`
	Status QuaySecretEngineRoleStatus `json:"status,omitempty"`
}

QuaySecretEngineRole is the Schema for the quaysecretengineroles API

func (*QuaySecretEngineRole) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineRole) DeepCopy() *QuaySecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineRole.

func (*QuaySecretEngineRole) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineRole) DeepCopyInto(out *QuaySecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineRole) DeepCopyObject ¶ added in v0.4.0

func (in *QuaySecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*QuaySecretEngineRole) Default ¶ added in v0.4.0

func (r *QuaySecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*QuaySecretEngineRole) GetConditions ¶ added in v0.4.0

func (q *QuaySecretEngineRole) GetConditions() []metav1.Condition

func (*QuaySecretEngineRole) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *QuaySecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*QuaySecretEngineRole) GetPath ¶ added in v0.4.0

func (d *QuaySecretEngineRole) GetPath() string

func (*QuaySecretEngineRole) GetPayload ¶ added in v0.4.0

func (q *QuaySecretEngineRole) GetPayload() map[string]interface{}

func (*QuaySecretEngineRole) GetVaultConnection ¶ added in v0.8.9

func (d *QuaySecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*QuaySecretEngineRole) IsEquivalentToDesiredState ¶ added in v0.4.0

func (q *QuaySecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*QuaySecretEngineRole) IsInitialized ¶ added in v0.4.0

func (q *QuaySecretEngineRole) IsInitialized() bool

func (*QuaySecretEngineRole) IsValid ¶ added in v0.4.0

func (q *QuaySecretEngineRole) IsValid() (bool, error)

func (*QuaySecretEngineRole) PrepareInternalValues ¶ added in v0.4.0

func (q *QuaySecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*QuaySecretEngineRole) PrepareTLSConfig ¶ added in v0.8.24

func (q *QuaySecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*QuaySecretEngineRole) SetConditions ¶ added in v0.4.0

func (q *QuaySecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*QuaySecretEngineRole) SetupWebhookWithManager ¶ added in v0.4.0

func (r *QuaySecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*QuaySecretEngineRole) ValidateCreate ¶ added in v0.4.0

func (r *QuaySecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineRole) ValidateDelete ¶ added in v0.4.0

func (r *QuaySecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineRole) ValidateUpdate ¶ added in v0.4.0

func (r *QuaySecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type QuaySecretEngineRoleList ¶ added in v0.4.0

type QuaySecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []QuaySecretEngineRole `json:"items"`
}

QuaySecretEngineRoleList contains a list of QuaySecretEngineRole

func (*QuaySecretEngineRoleList) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineRoleList) DeepCopy() *QuaySecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineRoleList.

func (*QuaySecretEngineRoleList) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineRoleList) DeepCopyInto(out *QuaySecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineRoleList) DeepCopyObject ¶ added in v0.4.0

func (in *QuaySecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type QuaySecretEngineRoleSpec ¶ added in v0.4.0

type QuaySecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	QuayRole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

QuaySecretEngineRoleSpec defines the desired state of QuaySecretEngineRole

func (*QuaySecretEngineRoleSpec) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineRoleSpec) DeepCopy() *QuaySecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineRoleSpec.

func (*QuaySecretEngineRoleSpec) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineRoleSpec) DeepCopyInto(out *QuaySecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineRoleStatus ¶ added in v0.4.0

type QuaySecretEngineRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

QuaySecretEngineRoleStatus defines the observed state of QuaySecretEngineRole

func (*QuaySecretEngineRoleStatus) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineRoleStatus) DeepCopy() *QuaySecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineRoleStatus.

func (*QuaySecretEngineRoleStatus) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineRoleStatus) DeepCopyInto(out *QuaySecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineStaticRole ¶ added in v0.4.0

type QuaySecretEngineStaticRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   QuaySecretEngineStaticRoleSpec   `json:"spec,omitempty"`
	Status QuaySecretEngineStaticRoleStatus `json:"status,omitempty"`
}

QuaySecretEngineStaticRole is the Schema for the quaysecretenginestaticroles API

func (*QuaySecretEngineStaticRole) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRole) DeepCopy() *QuaySecretEngineStaticRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineStaticRole.

func (*QuaySecretEngineStaticRole) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRole) DeepCopyInto(out *QuaySecretEngineStaticRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineStaticRole) DeepCopyObject ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*QuaySecretEngineStaticRole) Default ¶ added in v0.4.0

func (r *QuaySecretEngineStaticRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*QuaySecretEngineStaticRole) GetConditions ¶ added in v0.4.0

func (q *QuaySecretEngineStaticRole) GetConditions() []metav1.Condition

func (*QuaySecretEngineStaticRole) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *QuaySecretEngineStaticRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*QuaySecretEngineStaticRole) GetPath ¶ added in v0.4.0

func (d *QuaySecretEngineStaticRole) GetPath() string

func (*QuaySecretEngineStaticRole) GetPayload ¶ added in v0.4.0

func (q *QuaySecretEngineStaticRole) GetPayload() map[string]interface{}

func (*QuaySecretEngineStaticRole) GetVaultConnection ¶ added in v0.8.9

func (d *QuaySecretEngineStaticRole) GetVaultConnection() *vaultutils.VaultConnection

func (*QuaySecretEngineStaticRole) IsEquivalentToDesiredState ¶ added in v0.4.0

func (q *QuaySecretEngineStaticRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*QuaySecretEngineStaticRole) IsInitialized ¶ added in v0.4.0

func (q *QuaySecretEngineStaticRole) IsInitialized() bool

func (*QuaySecretEngineStaticRole) IsValid ¶ added in v0.4.0

func (q *QuaySecretEngineStaticRole) IsValid() (bool, error)

func (*QuaySecretEngineStaticRole) PrepareInternalValues ¶ added in v0.4.0

func (q *QuaySecretEngineStaticRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*QuaySecretEngineStaticRole) PrepareTLSConfig ¶ added in v0.8.24

func (q *QuaySecretEngineStaticRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*QuaySecretEngineStaticRole) SetConditions ¶ added in v0.4.0

func (q *QuaySecretEngineStaticRole) SetConditions(conditions []metav1.Condition)

func (*QuaySecretEngineStaticRole) SetupWebhookWithManager ¶ added in v0.4.0

func (r *QuaySecretEngineStaticRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*QuaySecretEngineStaticRole) ValidateCreate ¶ added in v0.4.0

func (r *QuaySecretEngineStaticRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineStaticRole) ValidateDelete ¶ added in v0.4.0

func (r *QuaySecretEngineStaticRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*QuaySecretEngineStaticRole) ValidateUpdate ¶ added in v0.4.0

func (r *QuaySecretEngineStaticRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type QuaySecretEngineStaticRoleList ¶ added in v0.4.0

type QuaySecretEngineStaticRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []QuaySecretEngineStaticRole `json:"items"`
}

QuaySecretEngineStaticRoleList contains a list of QuaySecretEngineStaticRole

func (*QuaySecretEngineStaticRoleList) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRoleList) DeepCopy() *QuaySecretEngineStaticRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineStaticRoleList.

func (*QuaySecretEngineStaticRoleList) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRoleList) DeepCopyInto(out *QuaySecretEngineStaticRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*QuaySecretEngineStaticRoleList) DeepCopyObject ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type QuaySecretEngineStaticRoleSpec ¶ added in v0.4.0

type QuaySecretEngineStaticRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/static-roles/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	QuayBaseRole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

QuaySecretEngineStaticRoleSpec defines the desired state of QuaySecretEngineStaticRole

func (*QuaySecretEngineStaticRoleSpec) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRoleSpec) DeepCopy() *QuaySecretEngineStaticRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineStaticRoleSpec.

func (*QuaySecretEngineStaticRoleSpec) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRoleSpec) DeepCopyInto(out *QuaySecretEngineStaticRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type QuaySecretEngineStaticRoleStatus ¶ added in v0.4.0

type QuaySecretEngineStaticRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

QuaySecretEngineStaticRoleStatus defines the observed state of QuaySecretEngineStaticRole

func (*QuaySecretEngineStaticRoleStatus) DeepCopy ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRoleStatus) DeepCopy() *QuaySecretEngineStaticRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuaySecretEngineStaticRoleStatus.

func (*QuaySecretEngineStaticRoleStatus) DeepCopyInto ¶ added in v0.4.0

func (in *QuaySecretEngineStaticRoleStatus) DeepCopyInto(out *QuaySecretEngineStaticRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RMQSEConfig ¶

type RMQSEConfig struct {
	// ConnectionURL Specifies the connection string used to connect to the RabbitMQ cluster.
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^(http|https):\/\/.+$`
	ConnectionURI string `json:"connectionURI,omitempty"`

	// Username Specifies the name of the user to use as the "administrator" user when connecting to the RabbitMQ cluster. This "administrator" user is used to create/update/delete users, so you will need to ensure that this user has permissions to manipulate users. If management plugin is used, this user need to have "administrator" tag, no additional permissions necessary.
	// If username is provided it takes precedence over the username retrieved from the referenced secrets
	// +kubebuilder:validation:Optional
	Username string `json:"username,omitempty"`

	// VerifyConnection Specifies if the connection is verified during initial configuration. Defaults to true.
	// +kubebuilder:validation:Optional
	VerifyConnection bool `json:"verifyConnection,omitempty"`

	// PasswordPolicy The name of the password policy to use when generating passwords for this engine. Defaults to generating an alphanumeric password if not set.
	// +kubebuilder:validation:Optional
	PasswordPolicy string `json:"passwordPolicy,omitempty"`

	// UsernameTemplate Vault username template describing how dynamic usernames are generated.
	UsernameTemplate string `json:"usernameTemplate,omitempty"`

	// Lease TTL for generated credentials in seconds.
	// +kubebuilder:validation:Optional
	LeaseTTL int `json:"leaseTTL,omitempty"`

	// Lease maximum TTL for generated credentials in seconds.
	// +kubebuilder:validation:Optional
	LeaseMaxTTL int `json:"leaseMaxTTL,omitempty"`
	// contains filtered or unexported fields
}

func (*RMQSEConfig) DeepCopy ¶

func (in *RMQSEConfig) DeepCopy() *RMQSEConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RMQSEConfig.

func (*RMQSEConfig) DeepCopyInto ¶

func (in *RMQSEConfig) DeepCopyInto(out *RMQSEConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RMQSERole ¶

type RMQSERole struct {
	// Comma-separated RabbitMQ permissions tags to associate with the user. This determines the level of
	// access to the RabbitMQ management UI granted to the user. Omitting this field will
	// lead to a user than can still connect to the cluster through messaging protocols,
	// but cannot perform any management actions.
	// +kubebuilder:validation:Optional
	Tags string `json:"tags,omitempty"`

	// +kubebuilder:validation:Optional
	// +listType=atomic
	Vhosts []Vhost `json:"vhosts,omitempty"`

	// This option requires RabbitMQ 3.7.0 or later.
	// +kubebuilder:validation:Optional
	// +listType=atomic
	VhostTopics []VhostTopic `json:"vhostTopics,omitempty"`
}

func (*RMQSERole) DeepCopy ¶

func (in *RMQSERole) DeepCopy() *RMQSERole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RMQSERole.

func (*RMQSERole) DeepCopyInto ¶

func (in *RMQSERole) DeepCopyInto(out *RMQSERole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RSAPrivateKeyCredentialConfig ¶ added in v0.8.3

type RSAPrivateKeyCredentialConfig struct {
	// KeyBits The bit size of the RSA key to generate. Options include: 2048, 3072, 4096.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum={2048,3072,4096}
	KeyBits int `json:"keyBits,omitempty"`
	// Format The output format of the generated private key credential. The private key will be returned from the API in PEM encoding. Options include: pkcs8
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum={"pkcs8"}
	Format string `json:"format,omitempty"`
}

func (*RSAPrivateKeyCredentialConfig) DeepCopy ¶ added in v0.8.4

func (in *RSAPrivateKeyCredentialConfig) DeepCopy() *RSAPrivateKeyCredentialConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RSAPrivateKeyCredentialConfig.

func (*RSAPrivateKeyCredentialConfig) DeepCopyInto ¶ added in v0.8.4

func (in *RSAPrivateKeyCredentialConfig) DeepCopyInto(out *RSAPrivateKeyCredentialConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RabbitMQSecretEngineConfig ¶

type RabbitMQSecretEngineConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RabbitMQSecretEngineConfigSpec   `json:"spec,omitempty"`
	Status RabbitMQSecretEngineConfigStatus `json:"status,omitempty"`
}

RabbitMQSecretEngineConfig is the Schema for the rabbitmqsecretengineconfigs API

func (*RabbitMQSecretEngineConfig) CheckTTLValuesProvided ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) CheckTTLValuesProvided() bool

func (*RabbitMQSecretEngineConfig) DeepCopy ¶

func (in *RabbitMQSecretEngineConfig) DeepCopy() *RabbitMQSecretEngineConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineConfig.

func (*RabbitMQSecretEngineConfig) DeepCopyInto ¶

func (in *RabbitMQSecretEngineConfig) DeepCopyInto(out *RabbitMQSecretEngineConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RabbitMQSecretEngineConfig) DeepCopyObject ¶

func (in *RabbitMQSecretEngineConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RabbitMQSecretEngineConfig) GetConditions ¶

func (m *RabbitMQSecretEngineConfig) GetConditions() []metav1.Condition

func (*RabbitMQSecretEngineConfig) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *RabbitMQSecretEngineConfig) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*RabbitMQSecretEngineConfig) GetLeasePath ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) GetLeasePath() string

func (*RabbitMQSecretEngineConfig) GetLeasePayload ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) GetLeasePayload() map[string]interface{}

func (*RabbitMQSecretEngineConfig) GetPath ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) GetPath() string

func (*RabbitMQSecretEngineConfig) GetPayload ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) GetPayload() map[string]interface{}

func (*RabbitMQSecretEngineConfig) GetVaultConnection ¶ added in v0.8.9

func (d *RabbitMQSecretEngineConfig) GetVaultConnection() *vaultutils.VaultConnection

func (*RabbitMQSecretEngineConfig) IsEquivalentToDesiredState ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*RabbitMQSecretEngineConfig) IsInitialized ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) IsInitialized() bool

func (*RabbitMQSecretEngineConfig) IsValid ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) IsValid() (bool, error)

func (*RabbitMQSecretEngineConfig) PrepareInternalValues ¶

func (rabbitMQ *RabbitMQSecretEngineConfig) PrepareInternalValues(context context.Context, object client.Object) error

func (*RabbitMQSecretEngineConfig) PrepareTLSConfig ¶ added in v0.8.24

func (rabbitMQ *RabbitMQSecretEngineConfig) PrepareTLSConfig(context context.Context, object client.Object) error

func (*RabbitMQSecretEngineConfig) SetConditions ¶

func (m *RabbitMQSecretEngineConfig) SetConditions(conditions []metav1.Condition)

func (*RabbitMQSecretEngineConfig) SetUsernameAndPassword ¶

func (m *RabbitMQSecretEngineConfig) SetUsernameAndPassword(username string, password string)

type RabbitMQSecretEngineConfigList ¶

type RabbitMQSecretEngineConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RabbitMQSecretEngineConfig `json:"items"`
}

RabbitMQSecretEngineConfigList contains a list of RabbitMQSecretEngineConfig

func (*RabbitMQSecretEngineConfigList) DeepCopy ¶

func (in *RabbitMQSecretEngineConfigList) DeepCopy() *RabbitMQSecretEngineConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineConfigList.

func (*RabbitMQSecretEngineConfigList) DeepCopyInto ¶

func (in *RabbitMQSecretEngineConfigList) DeepCopyInto(out *RabbitMQSecretEngineConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RabbitMQSecretEngineConfigList) DeepCopyObject ¶

func (in *RabbitMQSecretEngineConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RabbitMQSecretEngineConfigSpec ¶

type RabbitMQSecretEngineConfigSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the k8s auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/{metadata.name}/config/connection.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// +kubebuilder:validation:Required
	RMQSEConfig `json:",inline"`

	// RootCredentials specifies how to retrieve the credentials for this RabbitMQEngine connection.
	// +kubebuilder:validation:Required
	RootCredentials vaultutils.RootCredentialConfig `json:"rootCredentials,omitempty"`
}

RabbitMQSecretEngineConfigSpec defines the desired state of RabbitMQSecretEngineConfig

func (*RabbitMQSecretEngineConfigSpec) DeepCopy ¶

func (in *RabbitMQSecretEngineConfigSpec) DeepCopy() *RabbitMQSecretEngineConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineConfigSpec.

func (*RabbitMQSecretEngineConfigSpec) DeepCopyInto ¶

func (in *RabbitMQSecretEngineConfigSpec) DeepCopyInto(out *RabbitMQSecretEngineConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RabbitMQSecretEngineConfigStatus ¶

type RabbitMQSecretEngineConfigStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

RabbitMQSecretEngineConfigStatus defines the observed state of RabbitMQSecretEngineConfig

func (*RabbitMQSecretEngineConfigStatus) DeepCopy ¶

func (in *RabbitMQSecretEngineConfigStatus) DeepCopy() *RabbitMQSecretEngineConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineConfigStatus.

func (*RabbitMQSecretEngineConfigStatus) DeepCopyInto ¶

func (in *RabbitMQSecretEngineConfigStatus) DeepCopyInto(out *RabbitMQSecretEngineConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RabbitMQSecretEngineConfigValidation ¶

type RabbitMQSecretEngineConfigValidation struct {
	Client client.Client
}

+kubebuilder:object:generate:=false

func (*RabbitMQSecretEngineConfigValidation) Handle ¶

func (r *RabbitMQSecretEngineConfigValidation) Handle(ctx context.Context, req admission.Request) admission.Response

type RabbitMQSecretEngineRole ¶

type RabbitMQSecretEngineRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RabbitMQSecretEngineRoleSpec   `json:"spec,omitempty"`
	Status RabbitMQSecretEngineRoleStatus `json:"status,omitempty"`
}

RabbitMQSecretEngineRole is the Schema for the rabbitmqsecretengineroles API

func (*RabbitMQSecretEngineRole) DeepCopy ¶

func (in *RabbitMQSecretEngineRole) DeepCopy() *RabbitMQSecretEngineRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineRole.

func (*RabbitMQSecretEngineRole) DeepCopyInto ¶

func (in *RabbitMQSecretEngineRole) DeepCopyInto(out *RabbitMQSecretEngineRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RabbitMQSecretEngineRole) DeepCopyObject ¶

func (in *RabbitMQSecretEngineRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RabbitMQSecretEngineRole) Default ¶

func (r *RabbitMQSecretEngineRole) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*RabbitMQSecretEngineRole) GetConditions ¶

func (m *RabbitMQSecretEngineRole) GetConditions() []metav1.Condition

func (*RabbitMQSecretEngineRole) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *RabbitMQSecretEngineRole) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*RabbitMQSecretEngineRole) GetPath ¶

func (d *RabbitMQSecretEngineRole) GetPath() string

func (*RabbitMQSecretEngineRole) GetPayload ¶

func (rabbitMQ *RabbitMQSecretEngineRole) GetPayload() map[string]interface{}

func (*RabbitMQSecretEngineRole) GetVaultConnection ¶ added in v0.8.9

func (d *RabbitMQSecretEngineRole) GetVaultConnection() *vaultutils.VaultConnection

func (*RabbitMQSecretEngineRole) IsEquivalentToDesiredState ¶

func (rabbitMQ *RabbitMQSecretEngineRole) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*RabbitMQSecretEngineRole) IsInitialized ¶

func (rabbitMQ *RabbitMQSecretEngineRole) IsInitialized() bool

func (*RabbitMQSecretEngineRole) IsValid ¶

func (rabbitMQ *RabbitMQSecretEngineRole) IsValid() (bool, error)

func (*RabbitMQSecretEngineRole) PrepareInternalValues ¶

func (rabbitMQ *RabbitMQSecretEngineRole) PrepareInternalValues(context context.Context, object client.Object) error

func (*RabbitMQSecretEngineRole) PrepareTLSConfig ¶ added in v0.8.24

func (rabbitMQ *RabbitMQSecretEngineRole) PrepareTLSConfig(context context.Context, object client.Object) error

func (*RabbitMQSecretEngineRole) SetConditions ¶

func (m *RabbitMQSecretEngineRole) SetConditions(conditions []metav1.Condition)

func (*RabbitMQSecretEngineRole) SetupWebhookWithManager ¶

func (r *RabbitMQSecretEngineRole) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*RabbitMQSecretEngineRole) ValidateCreate ¶

func (r *RabbitMQSecretEngineRole) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*RabbitMQSecretEngineRole) ValidateDelete ¶

func (r *RabbitMQSecretEngineRole) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*RabbitMQSecretEngineRole) ValidateUpdate ¶

func (r *RabbitMQSecretEngineRole) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type RabbitMQSecretEngineRoleList ¶

type RabbitMQSecretEngineRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RabbitMQSecretEngineRole `json:"items"`
}

RabbitMQSecretEngineRoleList contains a list of RabbitMQSecretEngineRole

func (*RabbitMQSecretEngineRoleList) DeepCopy ¶

func (in *RabbitMQSecretEngineRoleList) DeepCopy() *RabbitMQSecretEngineRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineRoleList.

func (*RabbitMQSecretEngineRoleList) DeepCopyInto ¶

func (in *RabbitMQSecretEngineRoleList) DeepCopyInto(out *RabbitMQSecretEngineRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RabbitMQSecretEngineRoleList) DeepCopyObject ¶

func (in *RabbitMQSecretEngineRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RabbitMQSecretEngineRoleSpec ¶

type RabbitMQSecretEngineRoleSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the k8s auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication"`

	// Path at which to make the configuration.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/config/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path"`

	// +kubebuilder:validation:Required
	RMQSERole `json:",inline"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

RabbitMQSecretEngineRoleSpec defines the desired state of RabbitMQSecretEngineRole

func (*RabbitMQSecretEngineRoleSpec) DeepCopy ¶

func (in *RabbitMQSecretEngineRoleSpec) DeepCopy() *RabbitMQSecretEngineRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineRoleSpec.

func (*RabbitMQSecretEngineRoleSpec) DeepCopyInto ¶

func (in *RabbitMQSecretEngineRoleSpec) DeepCopyInto(out *RabbitMQSecretEngineRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RabbitMQSecretEngineRoleStatus ¶

type RabbitMQSecretEngineRoleStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

RabbitMQSecretEngineRoleStatus defines the observed state of RabbitMQSecretEngineRole

func (*RabbitMQSecretEngineRoleStatus) DeepCopy ¶

func (in *RabbitMQSecretEngineRoleStatus) DeepCopy() *RabbitMQSecretEngineRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RabbitMQSecretEngineRoleStatus.

func (*RabbitMQSecretEngineRoleStatus) DeepCopyInto ¶

func (in *RabbitMQSecretEngineRoleStatus) DeepCopyInto(out *RabbitMQSecretEngineRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RandomSecret ¶

type RandomSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RandomSecretSpec   `json:"spec,omitempty"`
	Status RandomSecretStatus `json:"status,omitempty"`
}

RandomSecret is the Schema for the randomsecrets API

func (*RandomSecret) DeepCopy ¶

func (in *RandomSecret) DeepCopy() *RandomSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RandomSecret.

func (*RandomSecret) DeepCopyInto ¶

func (in *RandomSecret) DeepCopyInto(out *RandomSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RandomSecret) DeepCopyObject ¶

func (in *RandomSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*RandomSecret) Default ¶

func (r *RandomSecret) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*RandomSecret) GenerateNewPassword ¶

func (d *RandomSecret) GenerateNewPassword(context context.Context) error

func (*RandomSecret) GetConditions ¶

func (m *RandomSecret) GetConditions() []metav1.Condition

func (*RandomSecret) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *RandomSecret) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*RandomSecret) GetPath ¶

func (d *RandomSecret) GetPath() string

func (*RandomSecret) GetPayload ¶

func (d *RandomSecret) GetPayload() map[string]interface{}

func (*RandomSecret) GetVaultConnection ¶ added in v0.8.9

func (d *RandomSecret) GetVaultConnection() *vaultutils.VaultConnection

func (*RandomSecret) IsEquivalentToDesiredState ¶

func (d *RandomSecret) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*RandomSecret) IsInitialized ¶

func (d *RandomSecret) IsInitialized() bool

func (*RandomSecret) IsKVSecretsEngineV2 ¶ added in v0.8.17

func (d *RandomSecret) IsKVSecretsEngineV2() bool

func (*RandomSecret) IsValid ¶

func (r *RandomSecret) IsValid() (bool, error)

func (*RandomSecret) PrepareInternalValues ¶

func (d *RandomSecret) PrepareInternalValues(context context.Context, object client.Object) error

func (*RandomSecret) PrepareTLSConfig ¶ added in v0.8.24

func (d *RandomSecret) PrepareTLSConfig(context context.Context, object client.Object) error

func (*RandomSecret) SetConditions ¶

func (m *RandomSecret) SetConditions(conditions []metav1.Condition)

func (*RandomSecret) SetupWebhookWithManager ¶

func (r *RandomSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*RandomSecret) ValidateCreate ¶

func (r *RandomSecret) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*RandomSecret) ValidateDelete ¶

func (r *RandomSecret) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*RandomSecret) ValidateUpdate ¶

func (r *RandomSecret) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type RandomSecretList ¶

type RandomSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RandomSecret `json:"items"`
}

RandomSecretList contains a list of RandomSecret

func (*RandomSecretList) DeepCopy ¶

func (in *RandomSecretList) DeepCopy() *RandomSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RandomSecretList.

func (*RandomSecretList) DeepCopyInto ¶

func (in *RandomSecretList) DeepCopyInto(out *RandomSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RandomSecretList) DeepCopyObject ¶

func (in *RandomSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RandomSecretSpec ¶

type RandomSecretSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	// Path at which to create the secret.
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
	// If IsKVSecretsEngineV2 is false, the authentication role must have the following capabilities = [ "create", "update", "delete"] on the {[spec.authentication.namespace]}/{spec.path}/{metadata.name} path.
	// If IsKVSecretsEngineV2 is true, the authentication role must have the following capabilities = [ "create", "update"] on the {[spec.authentication.namespace]}/{spec.path}/data/{metadata.name} path and capabilities = [ "delete"] on the {[spec.authentication.namespace]}/{spec.path}/metadata/{metadata.name} path.
	// Additionally, if IsKVSecretsEngineV2 is true, it is acceptable for this value to have a suffix of "/data" or not. This suffix is no longer needed but still supported for backwards compatibility.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// SecretFormat specifies a map of key and password policies used to generate random values
	// +kubebuilder:validation:Required
	SecretFormat VaultPasswordPolicy `json:"secretFormat,omitempty"`

	// RefreshPeriod if specified, the operator will refresh the secret with the given frequency. This will also set the ttl of the secret which provides a hint for how often consumers should check back for a new value when reading the secret's lease_duration.
	// +kubebuilder:validation:Optional
	RefreshPeriod *metav1.Duration `json:"refreshPeriod,omitempty"`

	// SecretKey is the key to be used for this secret when stored in Vault kv
	// +kubebuilder:validation:Required
	SecretKey string `json:"secretKey,omitempty"`

	// IsKVSecretsEngineV2 indicates if the KV Secrets engine is V2 or not. Default is false to indicate the payload to send is for KV Secret Engine V1.
	// +kubebuilder:validation:Required
	// +kubebuilder:default=false
	IsKVSecretsEngineV2 bool `json:"isKVSecretsEngineV2,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
	// contains filtered or unexported fields
}

RandomSecretSpec defines the desired state of RandomSecret

func (*RandomSecretSpec) DeepCopy ¶

func (in *RandomSecretSpec) DeepCopy() *RandomSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RandomSecretSpec.

func (*RandomSecretSpec) DeepCopyInto ¶

func (in *RandomSecretSpec) DeepCopyInto(out *RandomSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RandomSecretStatus ¶

type RandomSecretStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	//LastVaultSecretUpdate last time when this secret was updated in Vault
	LastVaultSecretUpdate *metav1.Time `json:"lastVaultSecretUpdate,omitempty"`
}

RandomSecretStatus defines the observed state of RandomSecret

func (*RandomSecretStatus) DeepCopy ¶

func (in *RandomSecretStatus) DeepCopy() *RandomSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RandomSecretStatus.

func (*RandomSecretStatus) DeepCopyInto ¶

func (in *RandomSecretStatus) DeepCopyInto(out *RandomSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RootPasswordRotation ¶ added in v0.8.4

type RootPasswordRotation struct {
	// Enabled whether the toot password should be rotated with the rotation statement. If set to true the root password will be rotated immediately.
	// +kubebuilder:validation:Optional
	Enable bool `json:"enable,omitempty"`
	// RotationPeriod if this value is set, the root password will be rotated approximately with teh requested frequency.
	// +kubebuilder:validation:Optional
	RotationPeriod metav1.Duration `json:"rotationPeriod,omitempty"`
}

func (*RootPasswordRotation) DeepCopy ¶ added in v0.8.4

func (in *RootPasswordRotation) DeepCopy() *RootPasswordRotation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RootPasswordRotation.

func (*RootPasswordRotation) DeepCopyInto ¶ added in v0.8.4

func (in *RootPasswordRotation) DeepCopyInto(out *RootPasswordRotation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SSHKeyConfig ¶

type SSHKeyConfig struct {
	// VaultSecret retrieves the sshkey from a Vault secret. The sshkey will be retrieve at the key "key" (pun intented).
	// +kubebuilder:validation:Optional
	VaultSecret *vaultutils.VaultSecretReference `json:"vaultSecret,omitempty"`

	// Secret retrieves the ssh key from a Kubernetes secret. The secret must be of ssh type (https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets).
	// +kubebuilder:validation:Optional
	Secret *corev1.LocalObjectReference `json:"secret,omitempty"`
}

func (*SSHKeyConfig) DeepCopy ¶

func (in *SSHKeyConfig) DeepCopy() *SSHKeyConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSHKeyConfig.

func (*SSHKeyConfig) DeepCopyInto ¶

func (in *SSHKeyConfig) DeepCopyInto(out *SSHKeyConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretEngineMount ¶

type SecretEngineMount struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretEngineMountSpec   `json:"spec,omitempty"`
	Status SecretEngineMountStatus `json:"status,omitempty"`
}

SecretEngineMount is the Schema for the secretenginemounts API

func (*SecretEngineMount) DeepCopy ¶

func (in *SecretEngineMount) DeepCopy() *SecretEngineMount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineMount.

func (*SecretEngineMount) DeepCopyInto ¶

func (in *SecretEngineMount) DeepCopyInto(out *SecretEngineMount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretEngineMount) DeepCopyObject ¶

func (in *SecretEngineMount) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretEngineMount) Default ¶

func (r *SecretEngineMount) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*SecretEngineMount) GetConditions ¶

func (m *SecretEngineMount) GetConditions() []metav1.Condition

func (*SecretEngineMount) GetEngineListPath ¶

func (d *SecretEngineMount) GetEngineListPath() string

func (*SecretEngineMount) GetEngineTunePath ¶

func (d *SecretEngineMount) GetEngineTunePath() string

func (*SecretEngineMount) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *SecretEngineMount) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*SecretEngineMount) GetPath ¶

func (d *SecretEngineMount) GetPath() string

func (*SecretEngineMount) GetPayload ¶

func (d *SecretEngineMount) GetPayload() map[string]interface{}

func (*SecretEngineMount) GetTunePayload ¶

func (d *SecretEngineMount) GetTunePayload() map[string]interface{}

func (*SecretEngineMount) GetVaultConnection ¶ added in v0.8.9

func (d *SecretEngineMount) GetVaultConnection() *vaultutils.VaultConnection

func (*SecretEngineMount) IsEquivalentToDesiredState ¶

func (d *SecretEngineMount) IsEquivalentToDesiredState(payload map[string]interface{}) bool

func (*SecretEngineMount) IsInitialized ¶

func (d *SecretEngineMount) IsInitialized() bool

func (*SecretEngineMount) IsValid ¶

func (d *SecretEngineMount) IsValid() (bool, error)

func (*SecretEngineMount) PrepareInternalValues ¶

func (d *SecretEngineMount) PrepareInternalValues(context context.Context, object client.Object) error

func (*SecretEngineMount) PrepareTLSConfig ¶ added in v0.8.24

func (d *SecretEngineMount) PrepareTLSConfig(context context.Context, object client.Object) error

func (*SecretEngineMount) SetAccessor ¶

func (d *SecretEngineMount) SetAccessor(accessor string)

func (*SecretEngineMount) SetConditions ¶

func (m *SecretEngineMount) SetConditions(conditions []metav1.Condition)

func (*SecretEngineMount) SetupWebhookWithManager ¶

func (r *SecretEngineMount) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*SecretEngineMount) ValidateCreate ¶

func (r *SecretEngineMount) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*SecretEngineMount) ValidateDelete ¶

func (r *SecretEngineMount) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*SecretEngineMount) ValidateUpdate ¶

func (r *SecretEngineMount) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type SecretEngineMountList ¶

type SecretEngineMountList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretEngineMount `json:"items"`
}

SecretEngineMountList contains a list of SecretEngineMount

func (*SecretEngineMountList) DeepCopy ¶

func (in *SecretEngineMountList) DeepCopy() *SecretEngineMountList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineMountList.

func (*SecretEngineMountList) DeepCopyInto ¶

func (in *SecretEngineMountList) DeepCopyInto(out *SecretEngineMountList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretEngineMountList) DeepCopyObject ¶

func (in *SecretEngineMountList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecretEngineMountSpec ¶

type SecretEngineMountSpec struct {

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuration to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`

	Mount `json:",inline"`

	// Path at which this secret engine will be available
	// The final path in Vault will be {[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
	// The authentication role must have the following capabilities = [ "create", "read", "update", "delete"] on that path /sys/mounts/{[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
	// +kubebuilder:validation:Required
	Path vaultutils.Path `json:"path,omitempty"`

	// The name of the obejct created in Vault. If this is specified it takes precedence over {metatada.name}
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Pattern:=`[a-z0-9]([-a-z0-9]*[a-z0-9])?`
	Name string `json:"name,omitempty"`
}

SecretEngineMountSpec defines the desired state of SecretEngineMount

func (*SecretEngineMountSpec) DeepCopy ¶

func (in *SecretEngineMountSpec) DeepCopy() *SecretEngineMountSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineMountSpec.

func (*SecretEngineMountSpec) DeepCopyInto ¶

func (in *SecretEngineMountSpec) DeepCopyInto(out *SecretEngineMountSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretEngineMountStatus ¶

type SecretEngineMountStatus struct {

	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	// +kubebuilder:validation:Optional
	Accessor string `json:"accessor,omitempty"`
}

SecretEngineMountStatus defines the observed state of SecretEngineMount

func (*SecretEngineMountStatus) DeepCopy ¶

func (in *SecretEngineMountStatus) DeepCopy() *SecretEngineMountStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretEngineMountStatus.

func (*SecretEngineMountStatus) DeepCopyInto ¶

func (in *SecretEngineMountStatus) DeepCopyInto(out *SecretEngineMountStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TeamRole ¶ added in v0.4.0

type TeamRole string

+kubebuilder:validation:Enum:={"admin","creator","member"}

type TemplatizedK8sSecret ¶

type TemplatizedK8sSecret struct {
	// Name is the K8s Secret name to output to.
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`
	// Type is the K8s Secret type to output to.
	// +kubebuilder:validation:Required
	Type string `json:"type,omitempty"`
	// StringData is the K8s Secret stringData and allows specifying non-binary secret data in string form with go templating support
	// to transform the Vault KV secrets into a formatted K8s Secret.
	// The Sprig template library and Helm functions (like toYaml) are supported.
	// +kubebuilder:validation:Required
	StringData map[string]string `json:"stringData,omitempty"`
	// Labels are labels to add to the final K8s Secret.
	// +kubebuilder:validation:Optional
	Labels map[string]string `json:"labels,omitempty"`
	// Annotations are annotations to add to the final K8s Secret.
	// +kubebuilder:validation:Optional
	Annotations map[string]string `json:"annotations,omitempty"`
}

func (*TemplatizedK8sSecret) DeepCopy ¶

func (in *TemplatizedK8sSecret) DeepCopy() *TemplatizedK8sSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplatizedK8sSecret.

func (*TemplatizedK8sSecret) DeepCopyInto ¶

func (in *TemplatizedK8sSecret) DeepCopyInto(out *TemplatizedK8sSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Topic ¶

type Topic struct {
	// Name of an existing topic.
	// +kubebuilder:validation:Required
	TopicName string `json:"topicName,omitempty"`

	// Permissions to grant to the user in the specific vhost
	// +kubebuilder:validation:Required
	Permissions VhostPermissions `json:"permissions,omitempty"`
}

func (*Topic) DeepCopy ¶

func (in *Topic) DeepCopy() *Topic

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Topic.

func (*Topic) DeepCopyInto ¶

func (in *Topic) DeepCopyInto(out *Topic)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VRole ¶

type VRole struct {

	// TargetServiceAccounts is a list of service account names that will receive this role
	// +kubebuilder:validation:MinItems=1
	// kubebuilder:validation:UniqueItems=true
	// +kubebuilder:default={"default"}
	TargetServiceAccounts []string `json:"targetServiceAccounts"`

	// Audience Audience claim to verify in the JWT.
	// +kubebuilder:validation:Optional
	Audience *string `json:"audience,omitempty"`

	// AliasNameSource Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name When serviceaccount_uid is specified, the machine generated UID from the service account will be used as the identity alias name. When serviceaccount_name is specified, the service account's namespace and name will be used as the identity alias name e.g vault/vault-auth. While it is strongly advised that you use serviceaccount_uid, you may also use serviceaccount_name in cases where you want to set the alias ahead of time, and the risks are mitigated or otherwise acceptable given your use case. It is very important to limit who is able to delete/create service accounts within a given cluster. See the Create an Entity Alias document which further expands on the potential security implications mentioned above.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"serviceaccount_uid", "serviceaccount_name"}
	// +kubebuilder:default="serviceaccount_uid"
	AliasNameSource string `json:"aliasNameSource,omitempty"`

	// TokenTTL The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenTTL int `json:"tokenTTL,omitempty"`

	// Policies is a list of policy names to be bound to this role.
	// +kubebuilder:validation:MinItems=1
	// kubebuilder:validation:UniqueItems=true
	// +kubebuilder:validation:Required
	Policies []string `json:"policies"`

	// TokenMaxTTL The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenMaxTTL int `json:"tokenMaxTTL,omitempty"`

	// TokenBoundCIDRs List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	// +kubebuilder:validation:Optional
	// +listType=set
	// kubebuilder:validation:UniqueItems=true
	TokenBoundCIDRs []string `json:"tokenBoundCIDRs,omitempty"`

	// TokenExplicitMaxTTL If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenExplicitMaxTTL int `json:"tokenExplicitMaxTTL,omitempty"`

	// TokenNoDefaultPolicy If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=false
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy,omitempty"`

	// TokenNumUses The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited. If you require the token to have the ability to create child tokens, you will need to set this value to 0.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenNumUses int `json:"tokenNumUses,omitempty"`

	// TokenPeriod The period, if any, to set on the token.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default:=0
	TokenPeriod int `json:"tokenPeriod,omitempty"`

	// TokenType The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	// +kubebuilder:validation:Optional
	// +kubebuilder:validation:Enum:={"service","batch","default","default-service","default-batch"}
	// +kubebuilder:default="default"
	TokenType string `json:"tokenType,omitempty"`
	// contains filtered or unexported fields
}

func (*VRole) DeepCopy ¶

func (in *VRole) DeepCopy() *VRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VRole.

func (*VRole) DeepCopyInto ¶

func (in *VRole) DeepCopyInto(out *VRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPasswordPolicy ¶

type VaultPasswordPolicy struct {
	// PasswordPolicyName a ref to a password policy defined in Vault. Notice that in order to use this, the Vault role you use needs the following capabilities = ["read"] on /sys/policy/password.
	// Only one of PasswordPolicyName or InlinePasswordPolicy can be specified
	// +kubebuilder:validation:Optional
	PasswordPolicyName string `json:"passwordPolicyName,omitempty"`

	// InlinePasswordPolicy is an inline password policy specified using Vault password policy syntax (https://www.vaultproject.io/docs/concepts/password-policies#password-policy-syntax)
	// Only one of PasswordPolicyName or InlinePasswordPolicy can be specified
	// +kubebuilder:validation:Optional
	InlinePasswordPolicy string `json:"inlinePasswordPolicy,omitempty"`
}

func (*VaultPasswordPolicy) DeepCopy ¶

func (in *VaultPasswordPolicy) DeepCopy() *VaultPasswordPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPasswordPolicy.

func (*VaultPasswordPolicy) DeepCopyInto ¶

func (in *VaultPasswordPolicy) DeepCopyInto(out *VaultPasswordPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSecret ¶

type VaultSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   VaultSecretSpec   `json:"spec,omitempty"`
	Status VaultSecretStatus `json:"status,omitempty"`
}

VaultSecret is the Schema for the vaultsecrets API

func (*VaultSecret) DeepCopy ¶

func (in *VaultSecret) DeepCopy() *VaultSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecret.

func (*VaultSecret) DeepCopyInto ¶

func (in *VaultSecret) DeepCopyInto(out *VaultSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSecret) DeepCopyObject ¶

func (in *VaultSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*VaultSecret) Default ¶

func (r *VaultSecret) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*VaultSecret) GetConditions ¶

func (vs *VaultSecret) GetConditions() []metav1.Condition

func (*VaultSecret) IsValid ¶

func (vs *VaultSecret) IsValid() (bool, error)

func (*VaultSecret) SetConditions ¶

func (vs *VaultSecret) SetConditions(conditions []metav1.Condition)

func (*VaultSecret) SetupWebhookWithManager ¶

func (r *VaultSecret) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*VaultSecret) ValidateCreate ¶

func (r *VaultSecret) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*VaultSecret) ValidateDelete ¶

func (r *VaultSecret) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*VaultSecret) ValidateUpdate ¶

func (r *VaultSecret) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type VaultSecretDefinition ¶

type VaultSecretDefinition struct {
	// Name is an arbitrary, but unique, name for this KV Vault secret and referenced when templating.
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`

	// Connection represents the information needed to connect to Vault. This operator uses the standard Vault environment variables to connect to Vault. If you need to override those settings and for example connect to a different Vault instance, you can do with this section of the CR.
	// +kubebuilder:validation:Optional
	Connection *vaultutils.VaultConnection `json:"connection,omitempty"`

	// Authentication is the kube auth configuraiton to be used to execute this request
	// +kubebuilder:validation:Required
	Authentication vaultutils.KubeAuthConfiguration `json:"authentication,omitempty"`
	// Path is the path of the secret.
	// +kubebuilder:validation:Required
	// +kubebuilder:default=kubernetes
	Path vaultutils.Path `json:"path,omitempty"`

	// RequestType the type of request needed to retrieve a secret. Normally a GET, but some secret engnes require a POST.
	// +kubebuilder:validation:Optional
	// +kubebuilder:default=GET
	// +kubebuilder:validation:Enum={"GET","POST"}
	RequestType string `json:"requestType,omitempty"`

	// RequestPayload for POST type of requests, this field contains the payload of the request. Not used for GET requests.
	// +kubebuilder:validation:Optional
	RequestPayload map[string]string `json:"requestPayload,omitempty"`
}

func (*VaultSecretDefinition) DeepCopy ¶

func (in *VaultSecretDefinition) DeepCopy() *VaultSecretDefinition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretDefinition.

func (*VaultSecretDefinition) DeepCopyInto ¶

func (in *VaultSecretDefinition) DeepCopyInto(out *VaultSecretDefinition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSecretDefinition) GetKubeAuthConfiguration ¶ added in v0.6.3

func (d *VaultSecretDefinition) GetKubeAuthConfiguration() *vaultutils.KubeAuthConfiguration

func (*VaultSecretDefinition) GetPath ¶

func (d *VaultSecretDefinition) GetPath() string

func (*VaultSecretDefinition) GetPostRequestPayload ¶ added in v0.6.0

func (d *VaultSecretDefinition) GetPostRequestPayload() map[string]string

func (*VaultSecretDefinition) GetRequestMethod ¶ added in v0.6.0

func (d *VaultSecretDefinition) GetRequestMethod() string

func (*VaultSecretDefinition) GetVaultConnection ¶ added in v0.8.9

func (d *VaultSecretDefinition) GetVaultConnection() *vaultutils.VaultConnection

type VaultSecretDefinitionStatus ¶

type VaultSecretDefinitionStatus struct {
	// Name is an arbitrary, but unique, name for this KV Vault secret and referenced when templating.
	// +kubebuilder:validation:Required
	Name string `json:"name,omitempty"`
	// LeaseID is the id of a lease, this denotes the secret is dynamic
	// +kubebuilder:validation:Optional
	LeaseID string `json:"lease_id,omitempty"`
	// LeaseDuration is the time until the secret should be read in again, thus recreating the k8s Secret
	// +kubebuilder:validation:Optional
	LeaseDuration int `json:"lease_duration,omitempty"`
	// Renewable informs if the lease is renewable for the dynamic secret
	// +kubebuilder:validation:Optional
	Renewable bool `json:"renewable,omitempty"`
}

func (*VaultSecretDefinitionStatus) DeepCopy ¶

func (in *VaultSecretDefinitionStatus) DeepCopy() *VaultSecretDefinitionStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretDefinitionStatus.

func (*VaultSecretDefinitionStatus) DeepCopyInto ¶

func (in *VaultSecretDefinitionStatus) DeepCopyInto(out *VaultSecretDefinitionStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSecretList ¶

type VaultSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultSecret `json:"items"`
}

VaultSecretList contains a list of VaultSecret

func (*VaultSecretList) DeepCopy ¶

func (in *VaultSecretList) DeepCopy() *VaultSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretList.

func (*VaultSecretList) DeepCopyInto ¶

func (in *VaultSecretList) DeepCopyInto(out *VaultSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultSecretList) DeepCopyObject ¶

func (in *VaultSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultSecretSpec ¶

type VaultSecretSpec struct {

	// RefreshPeriod if specified, the operator will refresh the secret with the given frequency.
	// This takes precedence over any vault secret lease duration and can be used to force a refresh.
	// +kubebuilder:validation:Optional
	RefreshPeriod *metav1.Duration `json:"refreshPeriod,omitempty"`
	// RefreshThreshold if specified, will instruct the operator to refresh when a percentage of the lease duration is met when there is no RefreshPeriod specified.
	// This is particularly useful for controlling when dynamic secrets should be refreshed before the lease duration is exceeded.
	// The default is 90, meaning the secret would refresh after 90% of the time has passed from the vault secret's lease duration.
	// +kubebuilder:validation:Required
	// +kubebuilder:default=90
	RefreshThreshold int `json:"refreshThreshold,omitempty"`
	// VaultSecretDefinitions are the secrets in Vault.
	// +kubebuilder:validation:Required
	VaultSecretDefinitions []VaultSecretDefinition `json:"vaultSecretDefinitions,omitempty"`
	// TemplatizedK8sSecret is the formatted K8s Secret created by templating from the Vault KV secrets.
	// +kubebuilder:validation:Required
	TemplatizedK8sSecret TemplatizedK8sSecret `json:"output,omitempty"`
}

VaultSecretSpec defines the desired state of VaultSecret

func (*VaultSecretSpec) DeepCopy ¶

func (in *VaultSecretSpec) DeepCopy() *VaultSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretSpec.

func (*VaultSecretSpec) DeepCopyInto ¶

func (in *VaultSecretSpec) DeepCopyInto(out *VaultSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultSecretStatus ¶

type VaultSecretStatus struct {
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`

	//LastVaultSecretUpdate the last time when this secret was updated from Vault
	LastVaultSecretUpdate *metav1.Time `json:"lastVaultSecretUpdate,omitempty"`

	//NextVaultSecretUpdate the next time when this secret will be synced with Vault. If nil, it will not be refreshed.
	NextVaultSecretUpdate *metav1.Time `json:"nextVaultSecretUpdate,omitempty"`

	//VaultSecretDefinitionsStatus information used to determine if the secret should be rereconciled
	VaultSecretDefinitionsStatus []VaultSecretDefinitionStatus `json:"vaultSecretDefinitionsStatus,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

VaultSecretStatus defines the observed state of VaultSecret

func (*VaultSecretStatus) DeepCopy ¶

func (in *VaultSecretStatus) DeepCopy() *VaultSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultSecretStatus.

func (*VaultSecretStatus) DeepCopyInto ¶

func (in *VaultSecretStatus) DeepCopyInto(out *VaultSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Vhost ¶

type Vhost struct {
	// Name of an existing vhost.
	// +kubebuilder:validation:Required
	VhostName string `json:"vhostName,omitempty"`
	// Permissions to grant to the user in the specific vhost.
	// +kubebuilder:validation:Required
	Permissions VhostPermissions `json:"permissions,omitempty"`
}

func (*Vhost) DeepCopy ¶

func (in *Vhost) DeepCopy() *Vhost

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Vhost.

func (*Vhost) DeepCopyInto ¶

func (in *Vhost) DeepCopyInto(out *Vhost)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VhostPermissions ¶

type VhostPermissions struct {
	// +kubebuilder:validation:Optional
	Configure string `json:"configure,omitempty"`
	// +kubebuilder:validation:Optional
	Write string `json:"write,omitempty"`
	// +kubebuilder:validation:Optional
	Read string `json:"read,omitempty"`
}

Set of RabbitMQ permissions: configure, read and write. By not setting a property (configure/write/read), it result in an empty string which does not match any permission.

func (*VhostPermissions) DeepCopy ¶

func (in *VhostPermissions) DeepCopy() *VhostPermissions

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VhostPermissions.

func (*VhostPermissions) DeepCopyInto ¶

func (in *VhostPermissions) DeepCopyInto(out *VhostPermissions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VhostTopic ¶

type VhostTopic struct {
	// Name of an existing vhost.
	// +kubebuilder:validation:Required
	VhostName string `json:"vhostName,omitempty"`

	// List of topics to provide
	// +kubebuilder:validation:Required
	// +listType=atomic
	Topics []Topic `json:"topics,omitempty"`
}

func (*VhostTopic) DeepCopy ¶

func (in *VhostTopic) DeepCopy() *VhostTopic

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VhostTopic.

func (*VhostTopic) DeepCopyInto ¶

func (in *VhostTopic) DeepCopyInto(out *VhostTopic)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL