/
secretstore_types.go
180 lines (140 loc) · 6.23 KB
/
secretstore_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// SecretStoreSpec defines the desired state of SecretStore.
type SecretStoreSpec struct {
// Used to select the correct ESO controller (think: ingress.ingressClassName)
// The ESO controller is instantiated with a specific controller name and filters ES based on this property
// +optional
Controller string `json:"controller,omitempty"`
// Used to configure the provider. Only one provider may be set
Provider *SecretStoreProvider `json:"provider"`
// Used to configure http retries if failed
// +optional
RetrySettings *SecretStoreRetrySettings `json:"retrySettings,omitempty"`
}
// SecretStoreProvider contains the provider-specific configration.
// +kubebuilder:validation:MinProperties=1
// +kubebuilder:validation:MaxProperties=1
type SecretStoreProvider struct {
// AWS configures this store to sync secrets using AWS Secret Manager provider
// +optional
AWS *AWSProvider `json:"aws,omitempty"`
// AzureKV configures this store to sync secrets using Azure Key Vault provider
// +optional
AzureKV *AzureKVProvider `json:"azurekv,omitempty"`
// Akeyless configures this store to sync secrets using Akeyless Vault provider
// +optional
Akeyless *AkeylessProvider `json:"akeyless,omitempty"`
// Vault configures this store to sync secrets using Hashi provider
// +optional
Vault *VaultProvider `json:"vault,omitempty"`
// GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider
// +optional
GCPSM *GCPSMProvider `json:"gcpsm,omitempty"`
// Oracle configures this store to sync secrets using Oracle Vault provider
// +optional
Oracle *OracleProvider `json:"oracle,omitempty"`
// IBM configures this store to sync secrets using IBM Cloud provider
// +optional
IBM *IBMProvider `json:"ibm,omitempty"`
// YandexLockbox configures this store to sync secrets using Yandex Lockbox provider
// +optional
YandexLockbox *YandexLockboxProvider `json:"yandexlockbox,omitempty"`
// GitLab configures this store to sync secrets using GitLab Variables provider
// +optional
Gitlab *GitlabProvider `json:"gitlab,omitempty"`
// Alibaba configures this store to sync secrets using Alibaba Cloud provider
// +optional
Alibaba *AlibabaProvider `json:"alibaba,omitempty"`
// Webhook configures this store to sync secrets using a generic templated webhook
// +optional
Webhook *WebhookProvider `json:"webhook,omitempty"`
// Kubernetes configures this store to sync secrets using a Kubernetes cluster provider
// +optional
Kubernetes *KubernetesProvider `json:"kubernetes,omitempty"`
PasswordDepot *PasswordDepotProvider `json:"passworddepot,omitempty"`
// Fake configures a store with static key/value pairs
// +optional
Fake *FakeProvider `json:"fake,omitempty"`
}
type SecretStoreRetrySettings struct {
MaxRetries *int32 `json:"maxRetries,omitempty"`
RetryInterval *string `json:"retryInterval,omitempty"`
}
type SecretStoreConditionType string
const (
SecretStoreReady SecretStoreConditionType = "Ready"
ReasonInvalidStore = "InvalidStoreConfiguration"
ReasonInvalidProviderConfig = "InvalidProviderConfig"
ReasonValidationFailed = "ValidationFailed"
ReasonStoreValid = "Valid"
)
type SecretStoreStatusCondition struct {
Type SecretStoreConditionType `json:"type"`
Status corev1.ConditionStatus `json:"status"`
// +optional
Reason string `json:"reason,omitempty"`
// +optional
Message string `json:"message,omitempty"`
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}
// SecretStoreStatus defines the observed state of the SecretStore.
type SecretStoreStatus struct {
// +optional
Conditions []SecretStoreStatusCondition `json:"conditions,omitempty"`
}
// +kubebuilder:object:root=true
// SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`
// +kubebuilder:subresource:status
// +kubebuilder:deprecatedversion
// +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss
type SecretStore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec SecretStoreSpec `json:"spec,omitempty"`
Status SecretStoreStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// SecretStoreList contains a list of SecretStore resources.
type SecretStoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []SecretStore `json:"items"`
}
// +kubebuilder:object:root=true
// ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason`
// +kubebuilder:deprecatedversion
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css
type ClusterSecretStore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec SecretStoreSpec `json:"spec,omitempty"`
Status SecretStoreStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// ClusterSecretStoreList contains a list of ClusterSecretStore resources.
type ClusterSecretStoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ClusterSecretStore `json:"items"`
}