1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
external-secrets/config/crds/bases/external-secrets.io_pushsecrets.yaml

382 lines
16 KiB
YAML
Raw Normal View History

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: pushsecrets.external-secrets.io
spec:
group: external-secrets.io
names:
categories:
- pushsecrets
kind: PushSecret
listKind: PushSecretList
plural: pushsecrets
singular: pushsecret
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].reason
name: Status
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PushSecretSpec configures the behavior of the PushSecret.
properties:
data:
description: Secret Data that should be pushed to providers
items:
properties:
conversionStrategy:
default: None
description: Used to define a conversion Strategy for the secret
keys
enum:
- None
- ReverseUnicode
type: string
match:
description: Match a given Secret Key to be pushed to the provider.
properties:
remoteRef:
description: Remote Refs to push to providers.
properties:
Feature/pushsecret kubernetes (#2322) * Add API changes for push secret to k8s - Property field similar to ExternalSecret Signed-off-by: Stephan Discher <stephan.discher@sap.com> * rebase: merge commits Signed-off-by: Stephan Discher <stephan.discher@sap.com> * New Test cases for existing PushSecret Logic Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: replace property if it exists, but differs Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: restrict usage to having a property always Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: refactor delete to work with property only and cleanup whole secret only if it would be empty otherwise Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: refuse to work without property in spec Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: cleanup code, make it more readable Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: add metric calls for kubernetes Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: reorder test cases Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: make property optional to not break compatibility Signed-off-by: Stephan Discher <stephan.discher@sap.com> * fix: adapt fake impls to include new method to fix tests Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: change status-ref to include property to allow multi property deletes Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: fix make reviewable complains Signed-off-by: Stephan Discher <stephan.discher@sap.com> * fix: fix imports from merge conflict Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: adapt latest make reviewable suggestions Signed-off-by: Stephan Discher <stephan.discher@sap.com> * docs: update push secret support for k8s provider Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * docs: add Kubernetes PushSecret docs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Stephan Discher <stephan.discher@sap.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-17 22:15:18 +00:00
property:
description: Name of the property in the resulting secret
type: string
remoteKey:
description: Name of the resulting provider secret.
type: string
required:
- remoteKey
type: object
secretKey:
description: Secret Key to be pushed
type: string
required:
- remoteRef
type: object
metadata:
description: |-
Metadata is metadata attached to the secret.
The structure of metadata is provider specific, please look it up in the provider documentation.
x-kubernetes-preserve-unknown-fields: true
required:
- match
type: object
type: array
deletionPolicy:
default: None
description: 'Deletion Policy to handle Secrets in the provider. Possible
Values: "Delete/None". Defaults to "None".'
enum:
- Delete
- None
type: string
refreshInterval:
description: The Interval to which External Secrets will try to push
a secret definition
type: string
secretStoreRefs:
items:
properties:
kind:
default: SecretStore
description: |-
Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
Defaults to `SecretStore`
type: string
labelSelector:
description: Optionally, sync to secret stores with label selector
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
name:
description: Optionally, sync to the SecretStore of the given
name
type: string
type: object
type: array
selector:
description: The Secret Selector (k8s source) for the Push Secret
properties:
secret:
description: Select a Secret to Push.
properties:
name:
description: Name of the Secret. The Secret must exist in
the same namespace as the PushSecret manifest.
type: string
required:
- name
type: object
required:
- secret
type: object
template:
description: Template defines a blueprint for the created Secret resource.
properties:
data:
additionalProperties:
type: string
type: object
engineVersion:
default: v2
description: |-
EngineVersion specifies the template engine version
that should be used to compile/execute the
template specified in .data and .templateFrom[].
enum:
- v1
- v2
type: string
mergePolicy:
default: Replace
enum:
- Replace
- Merge
type: string
metadata:
description: ExternalSecretTemplateMetadata defines metadata fields
for the Secret blueprint.
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
templateFrom:
items:
properties:
configMap:
properties:
items:
items:
properties:
key:
type: string
templateAs:
default: Values
enum:
- Values
- KeysAndValues
type: string
required:
- key
type: object
type: array
name:
type: string
required:
- items
- name
type: object
literal:
type: string
secret:
properties:
items:
items:
properties:
key:
type: string
templateAs:
default: Values
enum:
- Values
- KeysAndValues
type: string
required:
- key
type: object
type: array
name:
type: string
required:
- items
- name
type: object
target:
default: Data
enum:
- Data
- Annotations
- Labels
type: string
type: object
type: array
type:
type: string
type: object
updatePolicy:
default: Replace
description: 'UpdatePolicy to handle Secrets in the provider. Possible
Values: "Replace/IfNotExists". Defaults to "Replace".'
enum:
- Replace
- IfNotExists
type: string
required:
- secretStoreRefs
- selector
type: object
status:
description: PushSecretStatus indicates the history of the status of PushSecret.
properties:
conditions:
items:
description: PushSecretStatusCondition indicates the status of the
PushSecret.
properties:
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
type: string
status:
type: string
type:
description: PushSecretConditionType indicates the condition
of the PushSecret.
type: string
required:
- status
- type
type: object
type: array
refreshTime:
description: |-
refreshTime is the time and date the external secret was fetched and
the target secret updated
format: date-time
nullable: true
type: string
syncedPushSecrets:
additionalProperties:
additionalProperties:
properties:
conversionStrategy:
default: None
description: Used to define a conversion Strategy for the
secret keys
enum:
- None
- ReverseUnicode
type: string
match:
description: Match a given Secret Key to be pushed to the
provider.
properties:
remoteRef:
description: Remote Refs to push to providers.
properties:
Feature/pushsecret kubernetes (#2322) * Add API changes for push secret to k8s - Property field similar to ExternalSecret Signed-off-by: Stephan Discher <stephan.discher@sap.com> * rebase: merge commits Signed-off-by: Stephan Discher <stephan.discher@sap.com> * New Test cases for existing PushSecret Logic Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: replace property if it exists, but differs Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: restrict usage to having a property always Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: refactor delete to work with property only and cleanup whole secret only if it would be empty otherwise Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: refuse to work without property in spec Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: cleanup code, make it more readable Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: add metric calls for kubernetes Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: reorder test cases Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: make property optional to not break compatibility Signed-off-by: Stephan Discher <stephan.discher@sap.com> * fix: adapt fake impls to include new method to fix tests Signed-off-by: Stephan Discher <stephan.discher@sap.com> * feat: change status-ref to include property to allow multi property deletes Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: fix make reviewable complains Signed-off-by: Stephan Discher <stephan.discher@sap.com> * fix: fix imports from merge conflict Signed-off-by: Stephan Discher <stephan.discher@sap.com> * chore: adapt latest make reviewable suggestions Signed-off-by: Stephan Discher <stephan.discher@sap.com> * docs: update push secret support for k8s provider Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * docs: add Kubernetes PushSecret docs Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Stephan Discher <stephan.discher@sap.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>
2023-05-17 22:15:18 +00:00
property:
description: Name of the property in the resulting
secret
type: string
remoteKey:
description: Name of the resulting provider secret.
type: string
required:
- remoteKey
type: object
secretKey:
description: Secret Key to be pushed
type: string
required:
- remoteRef
type: object
metadata:
description: |-
Metadata is metadata attached to the secret.
The structure of metadata is provider specific, please look it up in the provider documentation.
x-kubernetes-preserve-unknown-fields: true
required:
- match
type: object
type: object
description: |-
Synced PushSecrets, including secrets that already exist in provider.
Matches secret stores to PushSecretData that was stored to that secret store.
type: object
syncedResourceVersion:
description: SyncedResourceVersion keeps track of the last synced
version.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}