apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: pushsecrets.external-secrets.io spec: group: external-secrets.io names: categories: - external-secrets kind: PushSecret listKind: PushSecretList plural: pushsecrets singular: pushsecret scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: AGE type: date - jsonPath: .status.conditions[?(@.type=="Ready")].reason name: Status type: string name: v1alpha1 schema: openAPIV3Schema: properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: PushSecretSpec configures the behavior of the PushSecret. properties: data: description: Secret Data that should be pushed to providers items: properties: conversionStrategy: default: None description: Used to define a conversion Strategy for the secret keys enum: - None - ReverseUnicode type: string match: description: Match a given Secret Key to be pushed to the provider. properties: remoteRef: description: Remote Refs to push to providers. properties: property: description: Name of the property in the resulting secret type: string remoteKey: description: Name of the resulting provider secret. type: string required: - remoteKey type: object secretKey: description: Secret Key to be pushed type: string required: - remoteRef type: object metadata: description: |- Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. x-kubernetes-preserve-unknown-fields: true required: - match type: object type: array deletionPolicy: default: None description: Deletion Policy to handle Secrets in the provider. enum: - Delete - None type: string refreshInterval: description: The Interval to which External Secrets will try to push a secret definition type: string secretStoreRefs: items: properties: kind: default: SecretStore description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) enum: - SecretStore - ClusterSecretStore type: string labelSelector: description: Optionally, sync to secret stores with label selector properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic name: description: Optionally, sync to the SecretStore of the given name maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object type: array selector: description: The Secret Selector (k8s source) for the Push Secret maxProperties: 1 minProperties: 1 properties: generatorRef: description: Point to a generator to create a Secret. properties: apiVersion: default: generators.external-secrets.io/v1alpha1 description: Specify the apiVersion of the generator resource type: string kind: description: Specify the Kind of the generator resource enum: - ACRAccessToken - ClusterGenerator - ECRAuthorizationToken - Fake - GCRAccessToken - GithubAccessToken - Password - STSSessionToken - UUID - VaultDynamicSecret - Webhook type: string name: description: Specify the name of the generator resource maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind - name type: object secret: description: Select a Secret to Push. properties: name: description: |- Name of the Secret. The Secret must exist in the same namespace as the PushSecret manifest. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - name type: object type: object template: description: Template defines a blueprint for the created Secret resource. properties: data: additionalProperties: type: string type: object engineVersion: default: v2 description: |- EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. enum: - v1 - v2 type: string mergePolicy: default: Replace enum: - Replace - Merge type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object templateFrom: items: properties: configMap: properties: items: description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: description: A key in the ConfigMap/Secret maxLength: 253 minLength: 1 pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values enum: - Values - KeysAndValues type: string required: - key type: object type: array name: description: The name of the ConfigMap/Secret resource maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items - name type: object literal: type: string secret: properties: items: description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: description: A key in the ConfigMap/Secret maxLength: 253 minLength: 1 pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values enum: - Values - KeysAndValues type: string required: - key type: object type: array name: description: The name of the ConfigMap/Secret resource maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items - name type: object target: default: Data enum: - Data - Annotations - Labels type: string type: object type: array type: type: string type: object updatePolicy: default: Replace description: UpdatePolicy to handle Secrets in the provider. enum: - Replace - IfNotExists type: string required: - secretStoreRefs - selector type: object status: description: PushSecretStatus indicates the history of the status of PushSecret. properties: conditions: items: description: PushSecretStatusCondition indicates the status of the PushSecret. properties: lastTransitionTime: format: date-time type: string message: type: string reason: type: string status: type: string type: description: PushSecretConditionType indicates the condition of the PushSecret. type: string required: - status - type type: object type: array refreshTime: description: |- refreshTime is the time and date the external secret was fetched and the target secret updated format: date-time nullable: true type: string syncedPushSecrets: additionalProperties: additionalProperties: properties: conversionStrategy: default: None description: Used to define a conversion Strategy for the secret keys enum: - None - ReverseUnicode type: string match: description: Match a given Secret Key to be pushed to the provider. properties: remoteRef: description: Remote Refs to push to providers. properties: property: description: Name of the property in the resulting secret type: string remoteKey: description: Name of the resulting provider secret. type: string required: - remoteKey type: object secretKey: description: Secret Key to be pushed type: string required: - remoteRef type: object metadata: description: |- Metadata is metadata attached to the secret. The structure of metadata is provider specific, please look it up in the provider documentation. x-kubernetes-preserve-unknown-fields: true required: - match type: object type: object description: |- Synced PushSecrets, including secrets that already exist in provider. Matches secret stores to PushSecretData that was stored to that secret store. type: object syncedResourceVersion: description: SyncedResourceVersion keeps track of the last synced version. type: string type: object type: object served: true storage: true subresources: status: {}