Documentation ¶
Index ¶
- Constants
- Variables
- func KMSKeyARN() reference.ExtractValueFn
- type AlgorithmSpec
- type Alias
- func (in *Alias) DeepCopy() *Alias
- func (in *Alias) DeepCopyInto(out *Alias)
- func (in *Alias) DeepCopyObject() runtime.Object
- func (mg *Alias) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (mg *Alias) GetDeletionPolicy() xpv1.DeletionPolicy
- func (mg *Alias) GetProviderConfigReference() *xpv1.Reference
- func (mg *Alias) GetProviderReference() *xpv1.Reference
- func (mg *Alias) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (mg *Alias) ResolveReferences(ctx context.Context, c client.Reader) error
- func (mg *Alias) SetConditions(c ...xpv1.Condition)
- func (mg *Alias) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *Alias) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *Alias) SetProviderReference(r *xpv1.Reference)
- func (mg *Alias) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type AliasList
- type AliasListEntry
- type AliasObservation
- type AliasParameters
- type AliasSpec
- type AliasStatus
- type ConnectionErrorCodeType
- type ConnectionStateType
- type CustomKeyParameters
- type CustomKeyStoresListEntry
- type CustomerMasterKeySpec
- type DataKeyPairSpec
- type DataKeySpec
- type EncryptionAlgorithmSpec
- type ExpirationModelType
- type GrantListEntry
- type GrantOperation
- type Key
- func (in *Key) DeepCopy() *Key
- func (in *Key) DeepCopyInto(out *Key)
- func (in *Key) DeepCopyObject() runtime.Object
- func (mg *Key) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (mg *Key) GetDeletionPolicy() xpv1.DeletionPolicy
- func (mg *Key) GetProviderConfigReference() *xpv1.Reference
- func (mg *Key) GetProviderReference() *xpv1.Reference
- func (mg *Key) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (mg *Key) SetConditions(c ...xpv1.Condition)
- func (mg *Key) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *Key) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *Key) SetProviderReference(r *xpv1.Reference)
- func (mg *Key) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type KeyList
- type KeyListEntry
- type KeyManagerType
- type KeyMetadata
- type KeyObservation
- type KeyParameters
- type KeySpec
- type KeyState
- type KeyStatus
- type KeyUsageType
- type MessageType
- type OriginType
- type SigningAlgorithmSpec
- type Tag
- type WrappingKeySpec
Constants ¶
const ( Group = "kms.aws.crossplane.io" Version = "v1alpha1" )
Package type metadata.
Variables ¶
var ( AliasKind = "Alias" AliasGroupKind = schema.GroupKind{Group: Group, Kind: AliasKind}.String() AliasKindAPIVersion = AliasKind + "." + GroupVersion.String() AliasGroupVersionKind = GroupVersion.WithKind(AliasKind) )
Repository type metadata.
var ( // GroupVersion is the API Group Version used to register the objects GroupVersion = schema.GroupVersion{Group: Group, Version: Version} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var ( KeyKind = "Key" KeyGroupKind = schema.GroupKind{Group: Group, Kind: KeyKind}.String() KeyKindAPIVersion = KeyKind + "." + GroupVersion.String() KeyGroupVersionKind = GroupVersion.WithKind(KeyKind) )
Repository type metadata.
Functions ¶
func KMSKeyARN ¶ added in v0.23.0
func KMSKeyARN() reference.ExtractValueFn
KMSKeyARN returns the status.atProvider.ARN of an KMSKey.
Types ¶
type AlgorithmSpec ¶
type AlgorithmSpec string
const ( AlgorithmSpec_RSAES_PKCS1_V1_5 AlgorithmSpec = "RSAES_PKCS1_V1_5" AlgorithmSpec_RSAES_OAEP_SHA_1 AlgorithmSpec = "RSAES_OAEP_SHA_1" AlgorithmSpec_RSAES_OAEP_SHA_256 AlgorithmSpec = "RSAES_OAEP_SHA_256" )
type Alias ¶ added in v0.21.0
type Alias struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AliasSpec `json:"spec"` Status AliasStatus `json:"status,omitempty"` }
Alias is the Schema for the Aliases API +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
func (*Alias) DeepCopy ¶ added in v0.21.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Alias.
func (*Alias) DeepCopyInto ¶ added in v0.21.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Alias) DeepCopyObject ¶ added in v0.21.0
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Alias) GetCondition ¶ added in v0.21.0
func (mg *Alias) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this Alias.
func (*Alias) GetDeletionPolicy ¶ added in v0.21.0
func (mg *Alias) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this Alias.
func (*Alias) GetProviderConfigReference ¶ added in v0.21.0
GetProviderConfigReference of this Alias.
func (*Alias) GetProviderReference ¶ added in v0.21.0
GetProviderReference of this Alias. Deprecated: Use GetProviderConfigReference.
func (*Alias) GetWriteConnectionSecretToReference ¶ added in v0.21.0
func (mg *Alias) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this Alias.
func (*Alias) ResolveReferences ¶ added in v0.21.0
ResolveReferences of this Alias.
func (*Alias) SetConditions ¶ added in v0.21.0
SetConditions of this Alias.
func (*Alias) SetDeletionPolicy ¶ added in v0.21.0
func (mg *Alias) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this Alias.
func (*Alias) SetProviderConfigReference ¶ added in v0.21.0
SetProviderConfigReference of this Alias.
func (*Alias) SetProviderReference ¶ added in v0.21.0
SetProviderReference of this Alias. Deprecated: Use SetProviderConfigReference.
func (*Alias) SetWriteConnectionSecretToReference ¶ added in v0.21.0
func (mg *Alias) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this Alias.
type AliasList ¶ added in v0.21.0
type AliasList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Alias `json:"items"` }
AliasList contains a list of Aliases
func (*AliasList) DeepCopy ¶ added in v0.21.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasList.
func (*AliasList) DeepCopyInto ¶ added in v0.21.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AliasList) DeepCopyObject ¶ added in v0.21.0
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type AliasListEntry ¶
type AliasListEntry struct { AliasARN *string `json:"aliasARN,omitempty"` CreationDate *metav1.Time `json:"creationDate,omitempty"` LastUpdatedDate *metav1.Time `json:"lastUpdatedDate,omitempty"` TargetKeyID *string `json:"targetKeyID,omitempty"` }
+kubebuilder:skipversion
func (*AliasListEntry) DeepCopy ¶
func (in *AliasListEntry) DeepCopy() *AliasListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasListEntry.
func (*AliasListEntry) DeepCopyInto ¶
func (in *AliasListEntry) DeepCopyInto(out *AliasListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AliasObservation ¶ added in v0.21.0
type AliasObservation struct { }
AliasObservation defines the observed state of Alias
func (*AliasObservation) DeepCopy ¶ added in v0.21.0
func (in *AliasObservation) DeepCopy() *AliasObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasObservation.
func (*AliasObservation) DeepCopyInto ¶ added in v0.21.0
func (in *AliasObservation) DeepCopyInto(out *AliasObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AliasParameters ¶ added in v0.21.0
type AliasParameters struct { // Region is which region the Alias will be created. // +kubebuilder:validation:Required Region string `json:"region"` // Associates the alias with the specified customer managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). // The CMK must be in the same AWS Region. // // A valid CMK ID is required. If you supply a null or empty string value, this // operation returns an error. // // For help finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) // in the AWS Key Management Service Developer Guide. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // +crossplane:generate:reference:type=Key TargetKeyID *string `json:"targetKeyId,omitempty"` // TargetKeyIDRef is a reference to a KMS Key used to set TargetKeyID. // +optional TargetKeyIDRef *xpv1.Reference `json:"targetKeyIdRef,omitempty"` // TargetKeyIDSelector selects a reference to a KMS Key used to set TargetKeyID. // +optional TargetKeyIDSelector *xpv1.Selector `json:"targetKeyIdSelector,omitempty"` }
AliasParameters defines the desired state of Alias
func (*AliasParameters) DeepCopy ¶ added in v0.21.0
func (in *AliasParameters) DeepCopy() *AliasParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasParameters.
func (*AliasParameters) DeepCopyInto ¶ added in v0.21.0
func (in *AliasParameters) DeepCopyInto(out *AliasParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AliasSpec ¶ added in v0.21.0
type AliasSpec struct { xpv1.ResourceSpec `json:",inline"` ForProvider AliasParameters `json:"forProvider"` }
AliasSpec defines the desired state of Alias
func (*AliasSpec) DeepCopy ¶ added in v0.21.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasSpec.
func (*AliasSpec) DeepCopyInto ¶ added in v0.21.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AliasStatus ¶ added in v0.21.0
type AliasStatus struct { xpv1.ResourceStatus `json:",inline"` AtProvider AliasObservation `json:"atProvider,omitempty"` }
AliasStatus defines the observed state of Alias.
func (*AliasStatus) DeepCopy ¶ added in v0.21.0
func (in *AliasStatus) DeepCopy() *AliasStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AliasStatus.
func (*AliasStatus) DeepCopyInto ¶ added in v0.21.0
func (in *AliasStatus) DeepCopyInto(out *AliasStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConnectionErrorCodeType ¶
type ConnectionErrorCodeType string
const ( ConnectionErrorCodeType_INVALID_CREDENTIALS ConnectionErrorCodeType = "INVALID_CREDENTIALS" ConnectionErrorCodeType_CLUSTER_NOT_FOUND ConnectionErrorCodeType = "CLUSTER_NOT_FOUND" ConnectionErrorCodeType_NETWORK_ERRORS ConnectionErrorCodeType = "NETWORK_ERRORS" ConnectionErrorCodeType_INTERNAL_ERROR ConnectionErrorCodeType = "INTERNAL_ERROR" ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS ConnectionErrorCodeType = "INSUFFICIENT_CLOUDHSM_HSMS" ConnectionErrorCodeType_USER_LOCKED_OUT ConnectionErrorCodeType = "USER_LOCKED_OUT" ConnectionErrorCodeType_USER_NOT_FOUND ConnectionErrorCodeType = "USER_NOT_FOUND" ConnectionErrorCodeType_USER_LOGGED_IN ConnectionErrorCodeType = "USER_LOGGED_IN" ConnectionErrorCodeType_SUBNET_NOT_FOUND ConnectionErrorCodeType = "SUBNET_NOT_FOUND" )
type ConnectionStateType ¶
type ConnectionStateType string
const ( ConnectionStateType_CONNECTED ConnectionStateType = "CONNECTED" ConnectionStateType_CONNECTING ConnectionStateType = "CONNECTING" ConnectionStateType_FAILED ConnectionStateType = "FAILED" ConnectionStateType_DISCONNECTED ConnectionStateType = "DISCONNECTED" ConnectionStateType_DISCONNECTING ConnectionStateType = "DISCONNECTING" )
type CustomKeyParameters ¶
type CustomKeyParameters struct { // Specifies whether the CMK is enabled. Enabled *bool `json:"enabled,omitempty"` // Specifies how many days the Key is retained when scheduled for deletion. Defaults to 30 days. PendingWindowInDays *int64 `json:"pendingWindowInDays,omitempty"` }
CustomKeyParameters are custom parameters for Key.
func (*CustomKeyParameters) DeepCopy ¶
func (in *CustomKeyParameters) DeepCopy() *CustomKeyParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomKeyParameters.
func (*CustomKeyParameters) DeepCopyInto ¶
func (in *CustomKeyParameters) DeepCopyInto(out *CustomKeyParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomKeyStoresListEntry ¶
type CustomKeyStoresListEntry struct { CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"` CreationDate *metav1.Time `json:"creationDate,omitempty"` CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"` }
+kubebuilder:skipversion
func (*CustomKeyStoresListEntry) DeepCopy ¶
func (in *CustomKeyStoresListEntry) DeepCopy() *CustomKeyStoresListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomKeyStoresListEntry.
func (*CustomKeyStoresListEntry) DeepCopyInto ¶
func (in *CustomKeyStoresListEntry) DeepCopyInto(out *CustomKeyStoresListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomerMasterKeySpec ¶
type CustomerMasterKeySpec string
const ( CustomerMasterKeySpec_RSA_2048 CustomerMasterKeySpec = "RSA_2048" CustomerMasterKeySpec_RSA_3072 CustomerMasterKeySpec = "RSA_3072" CustomerMasterKeySpec_RSA_4096 CustomerMasterKeySpec = "RSA_4096" CustomerMasterKeySpec_ECC_NIST_P256 CustomerMasterKeySpec = "ECC_NIST_P256" CustomerMasterKeySpec_ECC_NIST_P384 CustomerMasterKeySpec = "ECC_NIST_P384" CustomerMasterKeySpec_ECC_NIST_P521 CustomerMasterKeySpec = "ECC_NIST_P521" CustomerMasterKeySpec_ECC_SECG_P256K1 CustomerMasterKeySpec = "ECC_SECG_P256K1" CustomerMasterKeySpec_SYMMETRIC_DEFAULT CustomerMasterKeySpec = "SYMMETRIC_DEFAULT" )
type DataKeyPairSpec ¶
type DataKeyPairSpec string
const ( DataKeyPairSpec_RSA_2048 DataKeyPairSpec = "RSA_2048" DataKeyPairSpec_RSA_3072 DataKeyPairSpec = "RSA_3072" DataKeyPairSpec_RSA_4096 DataKeyPairSpec = "RSA_4096" DataKeyPairSpec_ECC_NIST_P256 DataKeyPairSpec = "ECC_NIST_P256" DataKeyPairSpec_ECC_NIST_P384 DataKeyPairSpec = "ECC_NIST_P384" DataKeyPairSpec_ECC_NIST_P521 DataKeyPairSpec = "ECC_NIST_P521" DataKeyPairSpec_ECC_SECG_P256K1 DataKeyPairSpec = "ECC_SECG_P256K1" )
type DataKeySpec ¶
type DataKeySpec string
const ( DataKeySpec_AES_256 DataKeySpec = "AES_256" DataKeySpec_AES_128 DataKeySpec = "AES_128" )
type EncryptionAlgorithmSpec ¶
type EncryptionAlgorithmSpec string
const ( EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT EncryptionAlgorithmSpec = "SYMMETRIC_DEFAULT" EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1 EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_1" EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256 EncryptionAlgorithmSpec = "RSAES_OAEP_SHA_256" )
type ExpirationModelType ¶
type ExpirationModelType string
const ( ExpirationModelType_KEY_MATERIAL_EXPIRES ExpirationModelType = "KEY_MATERIAL_EXPIRES" ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE ExpirationModelType = "KEY_MATERIAL_DOES_NOT_EXPIRE" )
type GrantListEntry ¶
type GrantListEntry struct { CreationDate *metav1.Time `json:"creationDate,omitempty"` KeyID *string `json:"keyID,omitempty"` }
+kubebuilder:skipversion
func (*GrantListEntry) DeepCopy ¶
func (in *GrantListEntry) DeepCopy() *GrantListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrantListEntry.
func (*GrantListEntry) DeepCopyInto ¶
func (in *GrantListEntry) DeepCopyInto(out *GrantListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GrantOperation ¶
type GrantOperation string
const ( GrantOperation_Decrypt GrantOperation = "Decrypt" GrantOperation_Encrypt GrantOperation = "Encrypt" GrantOperation_GenerateDataKey GrantOperation = "GenerateDataKey" GrantOperation_GenerateDataKeyWithoutPlaintext GrantOperation = "GenerateDataKeyWithoutPlaintext" GrantOperation_ReEncryptFrom GrantOperation = "ReEncryptFrom" GrantOperation_ReEncryptTo GrantOperation = "ReEncryptTo" GrantOperation_Sign GrantOperation = "Sign" GrantOperation_Verify GrantOperation = "Verify" GrantOperation_GetPublicKey GrantOperation = "GetPublicKey" GrantOperation_CreateGrant GrantOperation = "CreateGrant" GrantOperation_RetireGrant GrantOperation = "RetireGrant" GrantOperation_DescribeKey GrantOperation = "DescribeKey" GrantOperation_GenerateDataKeyPair GrantOperation = "GenerateDataKeyPair" GrantOperation_GenerateDataKeyPairWithoutPlaintext GrantOperation = "GenerateDataKeyPairWithoutPlaintext" )
type Key ¶
type Key struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec KeySpec `json:"spec"` Status KeyStatus `json:"status,omitempty"` }
Key is the Schema for the Keys API +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
func (*Key) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Key.
func (*Key) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Key) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Key) GetCondition ¶
func (mg *Key) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this Key.
func (*Key) GetDeletionPolicy ¶
func (mg *Key) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this Key.
func (*Key) GetProviderConfigReference ¶
GetProviderConfigReference of this Key.
func (*Key) GetProviderReference ¶
GetProviderReference of this Key. Deprecated: Use GetProviderConfigReference.
func (*Key) GetWriteConnectionSecretToReference ¶
func (mg *Key) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this Key.
func (*Key) SetConditions ¶
SetConditions of this Key.
func (*Key) SetDeletionPolicy ¶
func (mg *Key) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this Key.
func (*Key) SetProviderConfigReference ¶
SetProviderConfigReference of this Key.
func (*Key) SetProviderReference ¶
SetProviderReference of this Key. Deprecated: Use SetProviderConfigReference.
func (*Key) SetWriteConnectionSecretToReference ¶
func (mg *Key) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this Key.
type KeyList ¶
type KeyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Key `json:"items"` }
KeyList contains a list of Keys
func (*KeyList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyList.
func (*KeyList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KeyList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KeyListEntry ¶
type KeyListEntry struct { KeyARN *string `json:"keyARN,omitempty"` KeyID *string `json:"keyID,omitempty"` }
+kubebuilder:skipversion
func (*KeyListEntry) DeepCopy ¶
func (in *KeyListEntry) DeepCopy() *KeyListEntry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyListEntry.
func (*KeyListEntry) DeepCopyInto ¶
func (in *KeyListEntry) DeepCopyInto(out *KeyListEntry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyManagerType ¶
type KeyManagerType string
const ( KeyManagerType_AWS KeyManagerType = "AWS" KeyManagerType_CUSTOMER KeyManagerType = "CUSTOMER" )
type KeyMetadata ¶
type KeyMetadata struct { AWSAccountID *string `json:"awsAccountID,omitempty"` ARN *string `json:"arn,omitempty"` CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"` CreationDate *metav1.Time `json:"creationDate,omitempty"` CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"` CustomerMasterKeySpec *string `json:"customerMasterKeySpec,omitempty"` DeletionDate *metav1.Time `json:"deletionDate,omitempty"` Description *string `json:"description,omitempty"` Enabled *bool `json:"enabled,omitempty"` EncryptionAlgorithms []*string `json:"encryptionAlgorithms,omitempty"` ExpirationModel *string `json:"expirationModel,omitempty"` KeyID *string `json:"keyID,omitempty"` KeyManager *string `json:"keyManager,omitempty"` KeyState *string `json:"keyState,omitempty"` KeyUsage *string `json:"keyUsage,omitempty"` Origin *string `json:"origin,omitempty"` SigningAlgorithms []*string `json:"signingAlgorithms,omitempty"` ValidTo *metav1.Time `json:"validTo,omitempty"` }
+kubebuilder:skipversion
func (*KeyMetadata) DeepCopy ¶
func (in *KeyMetadata) DeepCopy() *KeyMetadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyMetadata.
func (*KeyMetadata) DeepCopyInto ¶
func (in *KeyMetadata) DeepCopyInto(out *KeyMetadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyObservation ¶
type KeyObservation struct { // The twelve-digit account ID of the AWS account that owns the CMK. AWSAccountID *string `json:"awsAccountID,omitempty"` // The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management // Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) // in the Example ARNs section of the AWS General Reference. ARN *string `json:"arn,omitempty"` // The cluster ID of the AWS CloudHSM cluster that contains the key material // for the CMK. When you create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // AWS KMS creates the key material for the CMK in the associated AWS CloudHSM // cluster. This value is present only when the CMK is created in a custom key // store. CloudHsmClusterID *string `json:"cloudHsmClusterID,omitempty"` // The date and time when the CMK was created. CreationDate *metav1.Time `json:"creationDate,omitempty"` // The date and time after which AWS KMS deletes the CMK. This value is present // only when KeyState is PendingDeletion. DeletionDate *metav1.Time `json:"deletionDate,omitempty"` // Specifies whether the CMK is enabled. When KeyState is Enabled this value // is true, otherwise it is false. Enabled *bool `json:"enabled,omitempty"` // The encryption algorithms that the CMK supports. You cannot use the CMK with // other encryption algorithms within AWS KMS. // // This field appears only when the KeyUsage of the CMK is ENCRYPT_DECRYPT. EncryptionAlgorithms []*string `json:"encryptionAlgorithms,omitempty"` // Specifies whether the CMK's key material expires. This value is present only // when Origin is EXTERNAL, otherwise this value is omitted. ExpirationModel *string `json:"expirationModel,omitempty"` // The globally unique identifier for the CMK. KeyID *string `json:"keyID,omitempty"` // The manager of the CMK. CMKs in your AWS account are either customer managed // or AWS managed. For more information about the difference, see Customer Master // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // in the AWS Key Management Service Developer Guide. KeyManager *string `json:"keyManager,omitempty"` // The current status of the CMK. // // For more information about how key state affects the use of a CMK, see Key // state: Effect on your CMK (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. KeyState *string `json:"keyState,omitempty"` // The signing algorithms that the CMK supports. You cannot use the CMK with // other signing algorithms within AWS KMS. // // This field appears only when the KeyUsage of the CMK is SIGN_VERIFY. SigningAlgorithms []*string `json:"signingAlgorithms,omitempty"` // The time at which the imported key material expires. When the key material // expires, AWS KMS deletes the key material and the CMK becomes unusable. This // value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. ValidTo *metav1.Time `json:"validTo,omitempty"` }
KeyObservation defines the observed state of Key
func (*KeyObservation) DeepCopy ¶
func (in *KeyObservation) DeepCopy() *KeyObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyObservation.
func (*KeyObservation) DeepCopyInto ¶
func (in *KeyObservation) DeepCopyInto(out *KeyObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyParameters ¶
type KeyParameters struct { // Region is which region the Key will be created. // +kubebuilder:validation:Required Region string `json:"region"` // A flag to indicate whether to bypass the key policy lockout safety check. // // Setting this value to true increases the risk that the CMK becomes unmanageable. // Do not set this value to true indiscriminately. // // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section in the AWS Key Management Service Developer Guide . // // Use this parameter only when you include a policy in the request and you // intend to prevent the principal that is making the request from making a // subsequent PutKeyPolicy request on the CMK. // // The default value is false. BypassPolicyLockoutSafetyCheck *bool `json:"bypassPolicyLockoutSafetyCheck,omitempty"` // Creates the CMK in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // and the key material in its associated AWS CloudHSM cluster. To create a // CMK in a custom key store, you must also specify the Origin parameter with // a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with // the custom key store must have at least two active HSMs, each in a different // Availability Zone in the Region. // // This parameter is valid only for symmetric CMKs. You cannot create an asymmetric // CMK in a custom key store. // // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. // // The response includes the custom key store ID and the ID of the AWS CloudHSM // cluster. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. CustomKeyStoreID *string `json:"customKeyStoreID,omitempty"` // Specifies the type of CMK to create. The default value, SYMMETRIC_DEFAULT, // creates a CMK with a 256-bit symmetric key for encryption and decryption. // For help choosing a key spec for your CMK, see How to Choose Your CMK Configuration // (https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html) // in the AWS Key Management Service Developer Guide. // // The CustomerMasterKeySpec determines whether the CMK contains a symmetric // key or an asymmetric key pair. It also determines the encryption algorithms // or signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec // after the CMK is created. To further restrict the algorithms that can be // used with the CMK, use a condition key in its key policy or IAM policy. For // more information, see kms:EncryptionAlgorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm) // or kms:Signing Algorithm (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm) // in the AWS Key Management Service Developer Guide. // // AWS services that are integrated with AWS KMS (http://aws.amazon.com/kms/features/#AWS_Service_Integration) // use symmetric CMKs to protect your data. These services do not support asymmetric // CMKs. For help determining whether a CMK is symmetric or asymmetric, see // Identifying Symmetric and Asymmetric CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/find-symm-asymm.html) // in the AWS Key Management Service Developer Guide. // // AWS KMS supports the following key specs for CMKs: // // * Symmetric key (default) SYMMETRIC_DEFAULT (AES-256-GCM) // // * Asymmetric RSA key pairs RSA_2048 RSA_3072 RSA_4096 // // * Asymmetric NIST-recommended elliptic curve key pairs ECC_NIST_P256 (secp256r1) // ECC_NIST_P384 (secp384r1) ECC_NIST_P521 (secp521r1) // // * Other asymmetric elliptic curve key pairs ECC_SECG_P256K1 (secp256k1), // commonly used for cryptocurrencies. CustomerMasterKeySpec *string `json:"customerMasterKeySpec,omitempty"` // A description of the CMK. // // Use a description that helps you decide whether the CMK is appropriate for // a task. Description *string `json:"description,omitempty"` // Determines the cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) // for which you can use the CMK. The default value is ENCRYPT_DECRYPT. This // parameter is required only for asymmetric CMKs. You can't change the KeyUsage // value after the CMK is created. // // Select only one valid value. // // * For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT. // // * For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or // SIGN_VERIFY. // // * For asymmetric CMKs with ECC key material, specify SIGN_VERIFY. KeyUsage *string `json:"keyUsage,omitempty"` // The source of the key material for the CMK. You cannot change the origin // after you create the CMK. The default is AWS_KMS, which means AWS KMS creates // the key material. // // When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material // so that you can import key material from your existing key management infrastructure. // For more information about importing key material into AWS KMS, see Importing // Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. This value is valid only // for symmetric CMKs. // // When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS // KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // and creates its key material in the associated AWS CloudHSM cluster. You // must also use the CustomKeyStoreId parameter to identify the custom key store. // This value is valid only for symmetric CMKs. Origin *string `json:"origin,omitempty"` // The key policy to attach to the CMK. // // If you provide a key policy, it must meet the following criteria: // // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy // must allow the principal that is making the CreateKey request to make // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that // the CMK becomes unmanageable. For more information, refer to the scenario // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section of the AWS Key Management Service Developer Guide . // // * Each statement in the key policy must contain one or more principals. // The principals in the key policy must exist and be visible to AWS KMS. // When you create a new AWS principal (for example, an IAM user or role), // you might need to enforce a delay before including the new principal in // a key policy because the new principal might not be immediately visible // to AWS KMS. For more information, see Changes that I make are not always // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the AWS Identity and Access Management User Guide. // // If you do not provide a key policy, AWS KMS attaches a default key policy // to the CMK. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) // in the AWS Key Management Service Developer Guide. // // The key policy size quota is 32 kilobytes (32768 bytes). // // For help writing and formatting a JSON policy document, see the IAM JSON // Policy Reference (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) // in the IAM User Guide . Policy *string `json:"policy,omitempty"` // One or more tags. Each tag consists of a tag key and a tag value. Both the // tag key and the tag value are required, but the tag value can be an empty // (null) string. // // When you add tags to an AWS resource, AWS generates a cost allocation report // with usage and costs aggregated by tags. For information about adding, changing, // deleting and listing tags for CMKs, see Tagging Keys (https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html). // // Use this parameter to tag the CMK when it is created. To add tags to an existing // CMK, use the TagResource operation. // // To use this parameter, you must have kms:TagResource (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) // permission in an IAM policy. Tags []*Tag `json:"tags,omitempty"` CustomKeyParameters `json:",inline"` }
KeyParameters defines the desired state of Key
func (*KeyParameters) DeepCopy ¶
func (in *KeyParameters) DeepCopy() *KeyParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyParameters.
func (*KeyParameters) DeepCopyInto ¶
func (in *KeyParameters) DeepCopyInto(out *KeyParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeySpec ¶
type KeySpec struct { xpv1.ResourceSpec `json:",inline"` ForProvider KeyParameters `json:"forProvider"` }
KeySpec defines the desired state of Key
func (*KeySpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeySpec.
func (*KeySpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyStatus ¶
type KeyStatus struct { xpv1.ResourceStatus `json:",inline"` AtProvider KeyObservation `json:"atProvider,omitempty"` }
KeyStatus defines the observed state of Key.
func (*KeyStatus) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyStatus.
func (*KeyStatus) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KeyUsageType ¶
type KeyUsageType string
const ( KeyUsageType_SIGN_VERIFY KeyUsageType = "SIGN_VERIFY" KeyUsageType_ENCRYPT_DECRYPT KeyUsageType = "ENCRYPT_DECRYPT" )
type MessageType ¶
type MessageType string
const ( MessageType_RAW MessageType = "RAW" MessageType_DIGEST MessageType = "DIGEST" )
type OriginType ¶
type OriginType string
const ( OriginType_AWS_KMS OriginType = "AWS_KMS" OriginType_EXTERNAL OriginType = "EXTERNAL" OriginType_AWS_CLOUDHSM OriginType = "AWS_CLOUDHSM" )
type SigningAlgorithmSpec ¶
type SigningAlgorithmSpec string
const ( SigningAlgorithmSpec_RSASSA_PSS_SHA_256 SigningAlgorithmSpec = "RSASSA_PSS_SHA_256" SigningAlgorithmSpec_RSASSA_PSS_SHA_384 SigningAlgorithmSpec = "RSASSA_PSS_SHA_384" SigningAlgorithmSpec_RSASSA_PSS_SHA_512 SigningAlgorithmSpec = "RSASSA_PSS_SHA_512" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_256" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_384" SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512 SigningAlgorithmSpec = "RSASSA_PKCS1_V1_5_SHA_512" SigningAlgorithmSpec_ECDSA_SHA_256 SigningAlgorithmSpec = "ECDSA_SHA_256" SigningAlgorithmSpec_ECDSA_SHA_384 SigningAlgorithmSpec = "ECDSA_SHA_384" SigningAlgorithmSpec_ECDSA_SHA_512 SigningAlgorithmSpec = "ECDSA_SHA_512" )
type Tag ¶
type Tag struct { TagKey *string `json:"tagKey,omitempty"` TagValue *string `json:"tagValue,omitempty"` }
+kubebuilder:skipversion
func (*Tag) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tag.
func (*Tag) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WrappingKeySpec ¶
type WrappingKeySpec string
const (
WrappingKeySpec_RSA_2048 WrappingKeySpec = "RSA_2048"
)