Documentation
¶
Overview ¶
+k8s:deepcopy-gen=package +k8s:openapi-gen=true Package v1alpha1 is the v1alpha1 version of the API. +groupName=secret.jenkins-x.io
Index ¶
- Constants
- type AwsSecretsManager
- type AzureKeyVaultConfig
- type BackendType
- type Defaults
- type GcpSecretsManager
- type Mapping
- type SecretMapping
- func (c *SecretMapping) DestinationString(rule *SecretRule, mapping *Mapping) string
- func (c *SecretMapping) Find(secretName, dataKey string) *Mapping
- func (c *SecretMapping) FindRule(namespace, secretName string) *SecretRule
- func (c *SecretMapping) FindSecret(secretName string) *SecretRule
- func (c *SecretMapping) IsSecretKeyUnsecured(secretName, keyName string) bool
- func (c *SecretMapping) SaveConfig(fileName string) error
- func (c *SecretMapping) Validate() error
- type SecretMappingList
- type SecretMappingSpec
- type SecretRule
Constants ¶
View Source
const (
SecretMappingFileName = "secret-mappings.yaml"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsSecretsManager ¶ added in v0.1.23
type AwsSecretsManager struct {
RoleArn string `json:"roleArn,omitempty"`
Region string `json:"region,omitempty"`
VersionStage string `json:"versionStage,omitempty"`
}
AwsSecretsManager stores default config when using AWS Secret Manager for secret storage
type AzureKeyVaultConfig ¶
type AzureKeyVaultConfig struct {
KeyVaultName string `json:"keyVaultName,omitempty"`
}
AzureKeyVaultConfig stores default config when using Azure Key Vault for secret storage
type BackendType ¶
type BackendType string
BackendType describes a secrets backend
const ( // BackendTypeAlicloud Alicloud KMS Secret Manager as the Backed service BackendTypeAlicloud BackendType = "alicloudSecretsManager" // BackendTypeAWSSecretsManager AWS Secrets Manager as the Backed service BackendTypeAWSSecretsManager BackendType = "secretsManager" // BackendTypeAWSParameterStore AWS SSM Parameter Store as the Backed service BackendTypeAWSParameterStore BackendType = "systemManager" // BackendTypeAzure Azure Key Vault as the Backed service BackendTypeAzure BackendType = "azureKeyVault" // BackendTypeGSM Google Secrets Manager is the Backed service BackendTypeGSM BackendType = "gcpSecretsManager" // BackendTypeIBMSecretsManager IBM Secrets Manager is the Backed service BackendTypeIBMSecretsManager BackendType = "ibmcloudSecretsManager" // BackendTypeLocal local secrets - i.e. vanilla k8s Secrets BackendTypeLocal BackendType = "local" // BackendTypeVault Vault is the Backed service BackendTypeVault BackendType = "vault" // BackendTypeNone if none is configured BackendTypeNone BackendType = "" )
type Defaults ¶
type Defaults struct {
// DefaultBackendType the default back end to use if there's no specific mapping
BackendType BackendType `json:"backendType,omitempty" validate:"nonzero"`
// RoleArn is used for some back ends like AWS and Alicloud
RoleArn string `json:"roleArn,omitempty"`
// Region is used for some back ends like AWS
Region string `json:"region,omitempty"`
// VersionStage the default version stage to use which is used on some back ends like AWS and Alicloud
VersionStage string `json:"versionStage,omitempty"`
// AzureKeyVault config
AzureKeyVaultConfig *AzureKeyVaultConfig `json:"azureKeyVault,omitempty"`
// GcpSecretsManager config
GcpSecretsManager *GcpSecretsManager `json:"gcpSecretsManager,omitempty"`
// AwsSecretsManager config
AwsSecretsManager *AwsSecretsManager `json:"secretsManager,omitempty"`
}
Defaults contains default mapping configuration for any Kubernetes secrets to External Secrets
type GcpSecretsManager ¶
type GcpSecretsManager struct {
// Version of the referenced secret
Version string `json:"version,omitempty"`
// ProjectID for the secret, defaults to the current GCP project
ProjectID string `json:"projectId,omitempty"`
// UniquePrefix needs to be a unique prefix in the GCP project where the secret resides, defaults to cluster name
UniquePrefix string `json:"uniquePrefix,omitempty"`
}
GcpSecretsManager stores default config when using GSM for secret storage
type Mapping ¶
type Mapping struct {
// Name the secret entry name which maps to the Key of the Secret.Data map
Name string `json:"name,omitempty"`
// Key the Vault key to load the secret value
// +optional
Key string `json:"key,omitempty"`
// Property the Vault property on the key to load the secret value
// +optional
Property string `json:"property,omitempty"`
// VersionStage the version of the secret value
// +optional
VersionStage string `json:"versionStage,omitempty"`
// IsBinary to indicate a binary secret
// +optional
IsBinary bool `json:"isBinary,omitempty"`
}
Mapping the predicates which must be true to invoke the associated tasks/pipelines
type SecretMapping ¶
type SecretMapping struct {
metav1.TypeMeta `json:",inline"`
// +optional
metav1.ObjectMeta `json:"metadata"`
// Spec the definition of the secret mappings
Spec SecretMappingSpec `json:"spec"`
}
SecretMapping represents a collection of mappings of Secrets to destinations in the underlying secret store (e.g. Vault keys)
+k8s:openapi-gen=true
func (*SecretMapping) DestinationString ¶
func (c *SecretMapping) DestinationString(rule *SecretRule, mapping *Mapping) string
DestinationString returns a unique string for where the entry will be stored so that we can find secrets using the same storage location.
func (*SecretMapping) Find ¶
func (c *SecretMapping) Find(secretName, dataKey string) *Mapping
Find finds a secret rule for the given secret name
func (*SecretMapping) FindRule ¶
func (c *SecretMapping) FindRule(namespace, secretName string) *SecretRule
FindRule finds a secret rule for the given secret name
func (*SecretMapping) FindSecret ¶
func (c *SecretMapping) FindSecret(secretName string) *SecretRule
Find finds a secret rule for the given secret name
func (*SecretMapping) IsSecretKeyUnsecured ¶
func (c *SecretMapping) IsSecretKeyUnsecured(secretName, keyName string) bool
func (*SecretMapping) SaveConfig ¶
func (c *SecretMapping) SaveConfig(fileName string) error
SaveConfig saves the configuration file to the given project directory
func (*SecretMapping) Validate ¶
func (c *SecretMapping) Validate() error
validate the secrete mapping fields
type SecretMappingList ¶
type SecretMappingList struct {
metav1.TypeMeta `json:",inline"`
// +optional
metav1.ListMeta `json:"metadata,omitempty"`
Items []SecretMapping `json:"items"`
}
SecretMappingList contains a list of SecretMapping
+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type SecretMappingSpec ¶
type SecretMappingSpec struct {
// Secrets rules for each secret
Secrets []SecretRule `json:"secrets,omitempty"`
Defaults `json:"defaults,omitempty" validate:"nonzero"`
}
SecretMappingSpec defines the desired state of SecretMapping.
type SecretRule ¶
type SecretRule struct {
// Name name of the secret
Name string `json:"name,omitempty"`
// Namespace name of the secret
Namespace string `json:"namespace,omitempty"`
// BackendType for the secret
BackendType BackendType `json:"backendType"`
// Mappings one more mappings
Mappings []Mapping `json:"mappings,omitempty"`
// Unsecured represent a list of a secret's keys that will remain as plain secrets rather than undergoing conversion
Unsecured []string `json:"unsecured,omitempty"`
// RoleArn is used for some back ends like AWS and Alicloud
RoleArn string `json:"roleArn,omitempty"`
// Region is used for some back ends like AWS
Region string `json:"region,omitempty"`
// AzureKeyVaultConfig config
AzureKeyVaultConfig *AzureKeyVaultConfig `json:"azureKeyVault,omitempty"`
// GcpSecretsManager config
GcpSecretsManager *GcpSecretsManager `json:"gcpSecretsManager,omitempty"`
// AwsSecretsManager config
AwsSecretsManager *AwsSecretsManager `json:"secretsManager,omitempty"`
}
SecretRule the rules for a specific Secret
func (*SecretRule) Find ¶
func (r *SecretRule) Find(dataKey string) *Mapping
Find finds a mapping for the given data name
Source Files
Click to show internal directories.
Click to hide internal directories.