mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity
external-secrets/apis/generators/v1alpha1/generator_ecr.go
Thomas a15b146165
fix: add missing omitempty json tags for optional fields (#2855) 
The missing tags can confuse some tools.

Fixes: #2853

Signed-off-by: Thomas Way <thomas@6f.io>
2023-11-06 21:54:44 +01:00

92 lines
3.4 KiB
Go
Raw Blame History

/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
)
type ECRAuthorizationTokenSpec struct {
// Region specifies the region to operate in.
Region string `json:"region"`
// Auth defines how to authenticate with AWS
// +optional
Auth AWSAuth `json:"auth,omitempty"`
// You can assume a role before making calls to the
// desired AWS service.
// +optional
Role string `json:"role,omitempty"`
}
// AWSAuth tells the controller how to do authentication with aws.
// Only one of secretRef or jwt can be specified.
// if none is specified the controller will load credentials using the aws sdk defaults.
type AWSAuth struct {
// +optional
SecretRef *AWSAuthSecretRef `json:"secretRef,omitempty"`
// +optional
JWTAuth *AWSJWTAuth `json:"jwt,omitempty"`
}
// AWSAuthSecretRef holds secret references for AWS credentials
// both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
type AWSAuthSecretRef struct {
// The AccessKeyID is used for authentication
AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`
// The SecretAccessKey is used for authentication
SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
// The SessionToken used for authentication
// This must be defined if AccessKeyID and SecretAccessKey are temporary credentials
// see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
// +Optional
SessionToken *esmeta.SecretKeySelector `json:"sessionTokenSecretRef,omitempty"`
}
// Authenticate against AWS using service account tokens.
type AWSJWTAuth struct {
ServiceAccountRef *esmeta.ServiceAccountSelector `json:"serviceAccountRef,omitempty"`
}
// ECRAuthorizationTokenSpec uses the GetAuthorizationToken API to retrieve an
// authorization token.
// The authorization token is valid for 12 hours.
// The authorizationToken returned is a base64 encoded string that can be decoded
// and used in a docker login command to authenticate to a registry.
// For more information, see Registry authentication (https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth) in the Amazon Elastic Container Registry User Guide.
// +kubebuilder:object:root=true
// +kubebuilder:storageversion
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Namespaced,categories={ecrauthorizationtoken},shortName=ecrauthorizationtoken
type ECRAuthorizationToken struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ECRAuthorizationTokenSpec `json:"spec,omitempty"`
}
// +kubebuilder:object:root=true
// ECRAuthorizationTokenList contains a list of ExternalSecret resources.
type ECRAuthorizationTokenList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ECRAuthorizationToken `json:"items"`
}
View git blame Copy permalink