/
keyvault_types.go
89 lines (76 loc) · 3.69 KB
/
keyvault_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// KeyVaultSpec defines the desired state of KeyVault
type KeyVaultSpec struct {
Location string `json:"location"`
// +kubebuilder:validation:Pattern=^[-\w\._\(\)]+$
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Required
ResourceGroup string `json:"resourceGroup"`
EnableSoftDelete bool `json:"enableSoftDelete,omitempty"`
NetworkPolicies *NetworkRuleSet `json:"networkPolicies,omitempty"`
AccessPolicies *[]AccessPolicyEntry `json:"accessPolicies,omitempty"`
Sku KeyVaultSku `json:"sku,omitempty"`
}
type NetworkRuleSet struct {
// Bypass - Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'. Possible values include: 'AzureServices', 'None'
Bypass string `json:"bypass,omitempty"`
// DefaultAction - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated. Possible values include: 'Allow', 'Deny'
DefaultAction string `json:"defaultAction,omitempty"`
// IPRules - The list of IP address rules.
IPRules *[]string `json:"ipRules,omitempty"`
// VirtualNetworkRules - The list of virtual network rules.
VirtualNetworkRules *[]string `json:"virtualNetworkRules,omitempty"`
}
type AccessPolicyEntry struct {
// TenantID - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
TenantID string `json:"tenantID,omitempty"`
// ClientID - The client ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The client ID must be unique for the list of access policies.
// TODO: Remove this in a future API version, see: https://github.com/Azure/azure-service-operator/issues/1351
ClientID string `json:"clientID,omitempty"`
// ObjectID is the AAD object id of the entity to provide access to.
ObjectID string `json:"objectID,omitempty"`
// ApplicationID - Application ID of the client making request on behalf of a principal
ApplicationID string `json:"applicationID,omitempty"`
// Permissions - Permissions the identity has for keys, secrets, and certificates.
Permissions *Permissions `json:"permissions,omitempty"`
}
// KeyVaultSku the SKU of the Key Vault
type KeyVaultSku struct {
// Name - The SKU name. Required for account creation; optional for update.
// Possible values include: 'Premium', `Standard`
Name string `json:"name,omitempty"`
}
type Permissions struct {
Keys *[]string `json:"keys,omitempty"`
Secrets *[]string `json:"secrets,omitempty"`
Certificates *[]string `json:"certificates,omitempty"`
Storage *[]string `json:"storage,omitempty"`
}
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// KeyVault is the Schema for the keyvaults API
// +kubebuilder:resource:shortName=kv
// +kubebuilder:printcolumn:name="Provisioned",type="string",JSONPath=".status.provisioned"
// +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.message"
type KeyVault struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec KeyVaultSpec `json:"spec,omitempty"`
Status ASOStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// KeyVaultList contains a list of KeyVault
type KeyVaultList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []KeyVault `json:"items"`
}
func init() {
SchemeBuilder.Register(&KeyVault{}, &KeyVaultList{})
}