-
Notifications
You must be signed in to change notification settings - Fork 113
/
zz_secret_types.go
executable file
·169 lines (127 loc) · 8.01 KB
/
zz_secret_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
/*
Copyright 2022 Upbound Inc.
*/
// Code generated by upjet. DO NOT EDIT.
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
v1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
)
type ReplicaObservation struct {
// Date that you last accessed the secret in the Region.
LastAccessedDate *string `json:"lastAccessedDate,omitempty" tf:"last_accessed_date,omitempty"`
// Status can be InProgress, Failed, or InSync.
Status *string `json:"status,omitempty" tf:"status,omitempty"`
// Message such as Replication succeeded or Secret with this name already exists in this region.
StatusMessage *string `json:"statusMessage,omitempty" tf:"status_message,omitempty"`
}
type ReplicaParameters struct {
// ARN, Key ID, or Alias of the AWS KMS key within the region secret is replicated to. If one is not specified, then Secrets Manager defaults to using the AWS account's default KMS key (aws/secretsmanager) in the region or creates one for use if non-existent.
// +kubebuilder:validation:Optional
KMSKeyID *string `json:"kmsKeyId,omitempty" tf:"kms_key_id,omitempty"`
// Region for replicating the secret.
// +kubebuilder:validation:Required
Region *string `json:"region" tf:"region,omitempty"`
}
type RotationRulesObservation struct {
// Specifies the number of days between automatic scheduled rotations of the secret.
AutomaticallyAfterDays *float64 `json:"automaticallyAfterDays,omitempty" tf:"automatically_after_days,omitempty"`
}
type RotationRulesParameters struct {
}
type SecretObservation struct {
// ARN of the secret.
Arn *string `json:"arn,omitempty" tf:"arn,omitempty"`
// ARN of the secret.
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// Valid JSON document representing a resource policy. Removing policy from your configuration or setting policy to null or an empty string (i.e., policy = "") will not delete the policy since it could have been set by aws_secretsmanager_secret_policy. To delete the policy, set it to "{}" (an empty JSON document).
Policy *string `json:"policy,omitempty" tf:"policy,omitempty"`
// Configuration block to support secret replication. See details below.
// +kubebuilder:validation:Optional
Replica []ReplicaObservation `json:"replica,omitempty" tf:"replica,omitempty"`
// Whether automatic rotation is enabled for this secret.
RotationEnabled *bool `json:"rotationEnabled,omitempty" tf:"rotation_enabled,omitempty"`
// ARN of the Lambda function that can rotate the secret. Use the aws_secretsmanager_secret_rotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
RotationLambdaArn *string `json:"rotationLambdaArn,omitempty" tf:"rotation_lambda_arn,omitempty"`
// Configuration block for the rotation configuration of this secret. Defined below. Use the aws_secretsmanager_secret_rotation resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.
RotationRules []RotationRulesObservation `json:"rotationRules,omitempty" tf:"rotation_rules,omitempty"`
// Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
TagsAll map[string]*string `json:"tagsAll,omitempty" tf:"tags_all,omitempty"`
}
type SecretParameters struct {
// Description of the secret.
// +kubebuilder:validation:Optional
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// Accepts boolean value to specify whether to overwrite a secret with the same name in the destination Region.
// +kubebuilder:validation:Optional
ForceOverwriteReplicaSecret *bool `json:"forceOverwriteReplicaSecret,omitempty" tf:"force_overwrite_replica_secret,omitempty"`
// ARN or Id of the AWS KMS key to be used to encrypt the secret values in the versions stored in this secret. If you don't specify this value, then Secrets Manager defaults to using the AWS account's default KMS key (the one named aws/secretsmanager). If the default KMS key with that name doesn't yet exist, then AWS Secrets Manager creates it for you automatically the first time.
// +crossplane:generate:reference:type=github.com/upbound/provider-aws/apis/kms/v1beta1.Key
// +kubebuilder:validation:Optional
KMSKeyID *string `json:"kmsKeyId,omitempty" tf:"kms_key_id,omitempty"`
// Reference to a Key in kms to populate kmsKeyId.
// +kubebuilder:validation:Optional
KMSKeyIDRef *v1.Reference `json:"kmsKeyIdRef,omitempty" tf:"-"`
// Selector for a Key in kms to populate kmsKeyId.
// +kubebuilder:validation:Optional
KMSKeyIDSelector *v1.Selector `json:"kmsKeyIdSelector,omitempty" tf:"-"`
// Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: /_+=.@- Conflicts with name_prefix.
// +kubebuilder:validation:Optional
Name *string `json:"name,omitempty" tf:"name,omitempty"`
// Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.
// +kubebuilder:validation:Optional
RecoveryWindowInDays *float64 `json:"recoveryWindowInDays,omitempty" tf:"recovery_window_in_days,omitempty"`
// Region for replicating the secret.
// Region is the region you'd like your resource to be created in.
// +upjet:crd:field:TFTag=-
// +kubebuilder:validation:Required
Region *string `json:"region" tf:"-"`
// Configuration block to support secret replication. See details below.
// +kubebuilder:validation:Optional
Replica []ReplicaParameters `json:"replica,omitempty" tf:"replica,omitempty"`
// Key-value map of user-defined tags that are attached to the secret. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
// +kubebuilder:validation:Optional
Tags map[string]*string `json:"tags,omitempty" tf:"tags,omitempty"`
}
// SecretSpec defines the desired state of Secret
type SecretSpec struct {
v1.ResourceSpec `json:",inline"`
ForProvider SecretParameters `json:"forProvider"`
}
// SecretStatus defines the observed state of Secret.
type SecretStatus struct {
v1.ResourceStatus `json:",inline"`
AtProvider SecretObservation `json:"atProvider,omitempty"`
}
// +kubebuilder:object:root=true
// Secret is the Schema for the Secrets API. Provides a resource to manage AWS Secrets Manager secret metadata
// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
type Secret struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec SecretSpec `json:"spec"`
Status SecretStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// SecretList contains a list of Secrets
type SecretList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Secret `json:"items"`
}
// Repository type metadata.
var (
Secret_Kind = "Secret"
Secret_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Secret_Kind}.String()
Secret_KindAPIVersion = Secret_Kind + "." + CRDGroupVersion.String()
Secret_GroupVersionKind = CRDGroupVersion.WithKind(Secret_Kind)
)
func init() {
SchemeBuilder.Register(&Secret{}, &SecretList{})
}