Documentation ¶
Overview ¶
+kubebuilder:object:generate=true +groupName=ad.vault.upbound.io +versionName=v1alpha1
Index ¶
- Constants
- Variables
- type SecretBackend
- func (in *SecretBackend) DeepCopy() *SecretBackend
- func (in *SecretBackend) DeepCopyInto(out *SecretBackend)
- func (in *SecretBackend) DeepCopyObject() runtime.Object
- func (mg *SecretBackend) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (tr *SecretBackend) GetConnectionDetailsMapping() map[string]string
- func (mg *SecretBackend) GetDeletionPolicy() xpv1.DeletionPolicy
- func (tr *SecretBackend) GetID() string
- func (tr *SecretBackend) GetInitParameters() (map[string]any, error)
- func (mg *SecretBackend) GetManagementPolicies() xpv1.ManagementPolicies
- func (tr *SecretBackend) GetObservation() (map[string]any, error)
- func (tr *SecretBackend) GetParameters() (map[string]any, error)
- func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference
- func (mg *SecretBackend) GetProviderReference() *xpv1.Reference
- func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
- func (mg *SecretBackend) GetTerraformResourceType() string
- func (tr *SecretBackend) GetTerraformSchemaVersion() int
- func (mg *SecretBackend) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (tr *SecretBackend) LateInitialize(attrs []byte) (bool, error)
- func (mg *SecretBackend) SetConditions(c ...xpv1.Condition)
- func (mg *SecretBackend) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *SecretBackend) SetManagementPolicies(r xpv1.ManagementPolicies)
- func (tr *SecretBackend) SetObservation(obs map[string]any) error
- func (tr *SecretBackend) SetParameters(params map[string]any) error
- func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference)
- func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
- func (mg *SecretBackend) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type SecretBackendInitParameters
- type SecretBackendList
- type SecretBackendObservation
- type SecretBackendParameters
- type SecretBackendSpec
- type SecretBackendStatus
- type SecretRole
- func (in *SecretRole) DeepCopy() *SecretRole
- func (in *SecretRole) DeepCopyInto(out *SecretRole)
- func (in *SecretRole) DeepCopyObject() runtime.Object
- func (mg *SecretRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (tr *SecretRole) GetConnectionDetailsMapping() map[string]string
- func (mg *SecretRole) GetDeletionPolicy() xpv1.DeletionPolicy
- func (tr *SecretRole) GetID() string
- func (tr *SecretRole) GetInitParameters() (map[string]any, error)
- func (mg *SecretRole) GetManagementPolicies() xpv1.ManagementPolicies
- func (tr *SecretRole) GetObservation() (map[string]any, error)
- func (tr *SecretRole) GetParameters() (map[string]any, error)
- func (mg *SecretRole) GetProviderConfigReference() *xpv1.Reference
- func (mg *SecretRole) GetProviderReference() *xpv1.Reference
- func (mg *SecretRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
- func (mg *SecretRole) GetTerraformResourceType() string
- func (tr *SecretRole) GetTerraformSchemaVersion() int
- func (mg *SecretRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (tr *SecretRole) LateInitialize(attrs []byte) (bool, error)
- func (mg *SecretRole) SetConditions(c ...xpv1.Condition)
- func (mg *SecretRole) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *SecretRole) SetManagementPolicies(r xpv1.ManagementPolicies)
- func (tr *SecretRole) SetObservation(obs map[string]any) error
- func (tr *SecretRole) SetParameters(params map[string]any) error
- func (mg *SecretRole) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *SecretRole) SetProviderReference(r *xpv1.Reference)
- func (mg *SecretRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
- func (mg *SecretRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type SecretRoleInitParameters
- type SecretRoleList
- type SecretRoleObservation
- type SecretRoleParameters
- type SecretRoleSpec
- type SecretRoleStatus
Constants ¶
const ( CRDGroup = "ad.vault.upbound.io" CRDVersion = "v1alpha1" )
Package type metadata.
Variables ¶
var ( // CRDGroupVersion is the API Group Version used to register the objects CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var ( SecretBackend_Kind = "SecretBackend" SecretBackend_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: SecretBackend_Kind}.String() SecretBackend_KindAPIVersion = SecretBackend_Kind + "." + CRDGroupVersion.String() SecretBackend_GroupVersionKind = CRDGroupVersion.WithKind(SecretBackend_Kind) )
Repository type metadata.
var ( SecretRole_Kind = "SecretRole" SecretRole_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: SecretRole_Kind}.String() SecretRole_KindAPIVersion = SecretRole_Kind + "." + CRDGroupVersion.String() SecretRole_GroupVersionKind = CRDGroupVersion.WithKind(SecretRole_Kind) )
Repository type metadata.
Functions ¶
This section is empty.
Types ¶
type SecretBackend ¶
type SecretBackend struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.binddn) || has(self.initProvider.binddn)",message="binddn is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.bindpassSecretRef)",message="bindpassSecretRef is a required parameter" Spec SecretBackendSpec `json:"spec"` Status SecretBackendStatus `json:"status,omitempty"` }
SecretBackend is the Schema for the SecretBackends API. Creates an Active Directory secret backend for Vault. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}
func (*SecretBackend) DeepCopy ¶
func (in *SecretBackend) DeepCopy() *SecretBackend
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackend.
func (*SecretBackend) DeepCopyInto ¶
func (in *SecretBackend) DeepCopyInto(out *SecretBackend)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretBackend) DeepCopyObject ¶
func (in *SecretBackend) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretBackend) GetCondition ¶
func (mg *SecretBackend) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this SecretBackend.
func (*SecretBackend) GetConnectionDetailsMapping ¶
func (tr *SecretBackend) GetConnectionDetailsMapping() map[string]string
GetConnectionDetailsMapping for this SecretBackend
func (*SecretBackend) GetDeletionPolicy ¶
func (mg *SecretBackend) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this SecretBackend.
func (*SecretBackend) GetID ¶
func (tr *SecretBackend) GetID() string
GetID returns ID of underlying Terraform resource of this SecretBackend
func (*SecretBackend) GetInitParameters ¶ added in v0.2.0
func (tr *SecretBackend) GetInitParameters() (map[string]any, error)
GetInitParameters of this SecretBackend
func (*SecretBackend) GetManagementPolicies ¶ added in v0.2.0
func (mg *SecretBackend) GetManagementPolicies() xpv1.ManagementPolicies
GetManagementPolicies of this SecretBackend.
func (*SecretBackend) GetObservation ¶
func (tr *SecretBackend) GetObservation() (map[string]any, error)
GetObservation of this SecretBackend
func (*SecretBackend) GetParameters ¶
func (tr *SecretBackend) GetParameters() (map[string]any, error)
GetParameters of this SecretBackend
func (*SecretBackend) GetProviderConfigReference ¶
func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference
GetProviderConfigReference of this SecretBackend.
func (*SecretBackend) GetProviderReference ¶
func (mg *SecretBackend) GetProviderReference() *xpv1.Reference
GetProviderReference of this SecretBackend. Deprecated: Use GetProviderConfigReference.
func (*SecretBackend) GetPublishConnectionDetailsTo ¶
func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
GetPublishConnectionDetailsTo of this SecretBackend.
func (*SecretBackend) GetTerraformResourceType ¶
func (mg *SecretBackend) GetTerraformResourceType() string
GetTerraformResourceType returns Terraform resource type for this SecretBackend
func (*SecretBackend) GetTerraformSchemaVersion ¶
func (tr *SecretBackend) GetTerraformSchemaVersion() int
GetTerraformSchemaVersion returns the associated Terraform schema version
func (*SecretBackend) GetWriteConnectionSecretToReference ¶
func (mg *SecretBackend) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this SecretBackend.
func (*SecretBackend) LateInitialize ¶
func (tr *SecretBackend) LateInitialize(attrs []byte) (bool, error)
LateInitialize this SecretBackend using its observed tfState. returns True if there are any spec changes for the resource.
func (*SecretBackend) SetConditions ¶
func (mg *SecretBackend) SetConditions(c ...xpv1.Condition)
SetConditions of this SecretBackend.
func (*SecretBackend) SetDeletionPolicy ¶
func (mg *SecretBackend) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this SecretBackend.
func (*SecretBackend) SetManagementPolicies ¶ added in v0.2.0
func (mg *SecretBackend) SetManagementPolicies(r xpv1.ManagementPolicies)
SetManagementPolicies of this SecretBackend.
func (*SecretBackend) SetObservation ¶
func (tr *SecretBackend) SetObservation(obs map[string]any) error
SetObservation for this SecretBackend
func (*SecretBackend) SetParameters ¶
func (tr *SecretBackend) SetParameters(params map[string]any) error
SetParameters for this SecretBackend
func (*SecretBackend) SetProviderConfigReference ¶
func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference)
SetProviderConfigReference of this SecretBackend.
func (*SecretBackend) SetProviderReference ¶
func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference)
SetProviderReference of this SecretBackend. Deprecated: Use SetProviderConfigReference.
func (*SecretBackend) SetPublishConnectionDetailsTo ¶
func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
SetPublishConnectionDetailsTo of this SecretBackend.
func (*SecretBackend) SetWriteConnectionSecretToReference ¶
func (mg *SecretBackend) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this SecretBackend.
type SecretBackendInitParameters ¶ added in v0.2.0
type SecretBackendInitParameters struct { // Use anonymous binds when performing LDAP group searches // (if true the initial credentials will still be used for the initial connection test). // Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test). AnonymousGroupSearch *bool `json:"anonymousGroupSearch,omitempty" tf:"anonymous_group_search,omitempty"` // The unique path this backend should be mounted at. Must // not begin or end with a /. Defaults to ad. // The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad". Backend *string `json:"backend,omitempty" tf:"backend,omitempty"` // Distinguished name of object to bind when performing user and group search. // Distinguished name of object to bind when performing user and group search. Binddn *string `json:"binddn,omitempty" tf:"binddn,omitempty"` // If set, user and group names assigned to policies within the // backend will be case sensitive. Otherwise, names will be normalized to lower case. // If true, case sensitivity will be used when comparing usernames and groups for matching policies. CaseSensitiveNames *bool `json:"caseSensitiveNames,omitempty" tf:"case_sensitive_names,omitempty"` // CA certificate to use when verifying LDAP server certificate, must be // x509 PEM encoded. // CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded. Certificate *string `json:"certificate,omitempty" tf:"certificate,omitempty"` // Default lease duration for secrets in seconds. // Default lease duration for secrets in seconds DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"` // Denies an unauthenticated LDAP bind request if the user's password is empty; // defaults to true. // Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true DenyNullBind *bool `json:"denyNullBind,omitempty" tf:"deny_null_bind,omitempty"` // Human-friendly description of the mount for the Active Directory backend. // Human-friendly description of the mount for the backend. Description *string `json:"description,omitempty" tf:"description,omitempty"` // If set, opts out of mount migration on path updates. // See here for more info on Mount Migration // If set, opts out of mount migration on path updates. DisableRemount *bool `json:"disableRemount,omitempty" tf:"disable_remount,omitempty"` // Use anonymous bind to discover the bind Distinguished Name of a user. // Use anonymous bind to discover the bind DN of a user. Discoverdn *bool `json:"discoverdn,omitempty" tf:"discoverdn,omitempty"` // Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". // Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". Formatter *string `json:"formatter,omitempty" tf:"formatter,omitempty"` // LDAP attribute to follow on objects returned by in order to enumerate // user group membership. Examples: cn or memberOf, etc. Defaults to cn. // LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn Groupattr *string `json:"groupattr,omitempty" tf:"groupattr,omitempty"` // LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org). // LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org) Groupdn *string `json:"groupdn,omitempty" tf:"groupdn,omitempty"` // Go template for querying group membership of user The template can access // the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) // Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) Groupfilter *string `json:"groupfilter,omitempty" tf:"groupfilter,omitempty"` // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to false. // Skip LDAP server SSL Certificate verification - insecure and not recommended for production use. InsecureTLS *bool `json:"insecureTls,omitempty" tf:"insecure_tls,omitempty"` // The number of seconds after a Vault rotation where, if Active Directory // shows a later rotation, it should be considered out-of-band // The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band. LastRotationTolerance *float64 `json:"lastRotationTolerance,omitempty" tf:"last_rotation_tolerance,omitempty"` // Deprecated use password_policy. The desired length of passwords that Vault generates. // Mutually exclusive with // The desired length of passwords that Vault generates. Length *float64 `json:"length,omitempty" tf:"length,omitempty"` // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. // Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time. Local *bool `json:"local,omitempty" tf:"local,omitempty"` // Maximum possible lease duration for secrets in seconds. // Maximum possible lease duration for secrets in seconds. MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"` // In seconds, the maximum password time-to-live. // In seconds, the maximum password time-to-live. MaxTTL *float64 `json:"maxTtl,omitempty" tf:"max_ttl,omitempty"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The namespace is always relative to the provider's configured namespace. // Available only for Vault Enterprise. // Target namespace. (requires Enterprise) Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` // 1.11+ // Name of the password policy to use to generate passwords. PasswordPolicy *string `json:"passwordPolicy,omitempty" tf:"password_policy,omitempty"` // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. // Timeout, in seconds, for the connection when making requests against the server before returning back an error. RequestTimeout *float64 `json:"requestTimeout,omitempty" tf:"request_timeout,omitempty"` // Issue a StartTLS command after establishing unencrypted connection. // Issue a StartTLS command after establishing unencrypted connection. Starttls *bool `json:"starttls,omitempty" tf:"starttls,omitempty"` // Maximum TLS version to use. Accepted values are tls10, tls11, // tls12 or tls13. Defaults to tls12. // Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' TLSMaxVersion *string `json:"tlsMaxVersion,omitempty" tf:"tls_max_version,omitempty"` // Minimum TLS version to use. Accepted values are tls10, tls11, // tls12 or tls13. Defaults to tls12. // Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' TLSMinVersion *string `json:"tlsMinVersion,omitempty" tf:"tls_min_version,omitempty"` // In seconds, the default password time-to-live. // In seconds, the default password time-to-live. TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` // LDAP URL to connect to. Multiple URLs can be specified by concatenating // them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1. // LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. URL *string `json:"url,omitempty" tf:"url,omitempty"` // Enables userPrincipalDomain login with [username]@UPNDomain. // Enables userPrincipalDomain login with [username]@UPNDomain. Upndomain *string `json:"upndomain,omitempty" tf:"upndomain,omitempty"` // In Vault 1.1.1 a fix for handling group CN values of // different cases unfortunately introduced a regression that could cause previously defined groups // to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for // matching group CNs will be used. This is only needed in some upgrade scenarios for backwards // compatibility. It is enabled by default if the config is upgraded but disabled by default on // new configurations. // In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations. UsePre111GroupCnBehavior *bool `json:"usePre111GroupCnBehavior,omitempty" tf:"use_pre111_group_cn_behavior,omitempty"` // If true, use the Active Directory tokenGroups constructed attribute of the // user to find the group memberships. This will find all security groups including nested ones. // If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones. UseTokenGroups *bool `json:"useTokenGroups,omitempty" tf:"use_token_groups,omitempty"` // Attribute used when searching users. Defaults to cn. // Attribute used for users (default: cn) Userattr *string `json:"userattr,omitempty" tf:"userattr,omitempty"` // LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. // LDAP domain to use for users (eg: ou=People,dc=example,dc=org) Userdn *string `json:"userdn,omitempty" tf:"userdn,omitempty"` }
func (*SecretBackendInitParameters) DeepCopy ¶ added in v0.2.0
func (in *SecretBackendInitParameters) DeepCopy() *SecretBackendInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendInitParameters.
func (*SecretBackendInitParameters) DeepCopyInto ¶ added in v0.2.0
func (in *SecretBackendInitParameters) DeepCopyInto(out *SecretBackendInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretBackendList ¶
type SecretBackendList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []SecretBackend `json:"items"` }
SecretBackendList contains a list of SecretBackends
func (*SecretBackendList) DeepCopy ¶
func (in *SecretBackendList) DeepCopy() *SecretBackendList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendList.
func (*SecretBackendList) DeepCopyInto ¶
func (in *SecretBackendList) DeepCopyInto(out *SecretBackendList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretBackendList) DeepCopyObject ¶
func (in *SecretBackendList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretBackendList) GetItems ¶
func (l *SecretBackendList) GetItems() []resource.Managed
GetItems of this SecretBackendList.
type SecretBackendObservation ¶
type SecretBackendObservation struct { // Use anonymous binds when performing LDAP group searches // (if true the initial credentials will still be used for the initial connection test). // Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test). AnonymousGroupSearch *bool `json:"anonymousGroupSearch,omitempty" tf:"anonymous_group_search,omitempty"` // The unique path this backend should be mounted at. Must // not begin or end with a /. Defaults to ad. // The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad". Backend *string `json:"backend,omitempty" tf:"backend,omitempty"` // Distinguished name of object to bind when performing user and group search. // Distinguished name of object to bind when performing user and group search. Binddn *string `json:"binddn,omitempty" tf:"binddn,omitempty"` // If set, user and group names assigned to policies within the // backend will be case sensitive. Otherwise, names will be normalized to lower case. // If true, case sensitivity will be used when comparing usernames and groups for matching policies. CaseSensitiveNames *bool `json:"caseSensitiveNames,omitempty" tf:"case_sensitive_names,omitempty"` // CA certificate to use when verifying LDAP server certificate, must be // x509 PEM encoded. // CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded. Certificate *string `json:"certificate,omitempty" tf:"certificate,omitempty"` // Default lease duration for secrets in seconds. // Default lease duration for secrets in seconds DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"` // Denies an unauthenticated LDAP bind request if the user's password is empty; // defaults to true. // Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true DenyNullBind *bool `json:"denyNullBind,omitempty" tf:"deny_null_bind,omitempty"` // Human-friendly description of the mount for the Active Directory backend. // Human-friendly description of the mount for the backend. Description *string `json:"description,omitempty" tf:"description,omitempty"` // If set, opts out of mount migration on path updates. // See here for more info on Mount Migration // If set, opts out of mount migration on path updates. DisableRemount *bool `json:"disableRemount,omitempty" tf:"disable_remount,omitempty"` // Use anonymous bind to discover the bind Distinguished Name of a user. // Use anonymous bind to discover the bind DN of a user. Discoverdn *bool `json:"discoverdn,omitempty" tf:"discoverdn,omitempty"` // Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". // Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". Formatter *string `json:"formatter,omitempty" tf:"formatter,omitempty"` // LDAP attribute to follow on objects returned by in order to enumerate // user group membership. Examples: cn or memberOf, etc. Defaults to cn. // LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn Groupattr *string `json:"groupattr,omitempty" tf:"groupattr,omitempty"` // LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org). // LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org) Groupdn *string `json:"groupdn,omitempty" tf:"groupdn,omitempty"` // Go template for querying group membership of user The template can access // the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) // Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) Groupfilter *string `json:"groupfilter,omitempty" tf:"groupfilter,omitempty"` ID *string `json:"id,omitempty" tf:"id,omitempty"` // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to false. // Skip LDAP server SSL Certificate verification - insecure and not recommended for production use. InsecureTLS *bool `json:"insecureTls,omitempty" tf:"insecure_tls,omitempty"` // The number of seconds after a Vault rotation where, if Active Directory // shows a later rotation, it should be considered out-of-band // The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band. LastRotationTolerance *float64 `json:"lastRotationTolerance,omitempty" tf:"last_rotation_tolerance,omitempty"` // Deprecated use password_policy. The desired length of passwords that Vault generates. // Mutually exclusive with // The desired length of passwords that Vault generates. Length *float64 `json:"length,omitempty" tf:"length,omitempty"` // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. // Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time. Local *bool `json:"local,omitempty" tf:"local,omitempty"` // Maximum possible lease duration for secrets in seconds. // Maximum possible lease duration for secrets in seconds. MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"` // In seconds, the maximum password time-to-live. // In seconds, the maximum password time-to-live. MaxTTL *float64 `json:"maxTtl,omitempty" tf:"max_ttl,omitempty"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The namespace is always relative to the provider's configured namespace. // Available only for Vault Enterprise. // Target namespace. (requires Enterprise) Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` // 1.11+ // Name of the password policy to use to generate passwords. PasswordPolicy *string `json:"passwordPolicy,omitempty" tf:"password_policy,omitempty"` // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. // Timeout, in seconds, for the connection when making requests against the server before returning back an error. RequestTimeout *float64 `json:"requestTimeout,omitempty" tf:"request_timeout,omitempty"` // Issue a StartTLS command after establishing unencrypted connection. // Issue a StartTLS command after establishing unencrypted connection. Starttls *bool `json:"starttls,omitempty" tf:"starttls,omitempty"` // Maximum TLS version to use. Accepted values are tls10, tls11, // tls12 or tls13. Defaults to tls12. // Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' TLSMaxVersion *string `json:"tlsMaxVersion,omitempty" tf:"tls_max_version,omitempty"` // Minimum TLS version to use. Accepted values are tls10, tls11, // tls12 or tls13. Defaults to tls12. // Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' TLSMinVersion *string `json:"tlsMinVersion,omitempty" tf:"tls_min_version,omitempty"` // In seconds, the default password time-to-live. // In seconds, the default password time-to-live. TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` // LDAP URL to connect to. Multiple URLs can be specified by concatenating // them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1. // LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. URL *string `json:"url,omitempty" tf:"url,omitempty"` // Enables userPrincipalDomain login with [username]@UPNDomain. // Enables userPrincipalDomain login with [username]@UPNDomain. Upndomain *string `json:"upndomain,omitempty" tf:"upndomain,omitempty"` // In Vault 1.1.1 a fix for handling group CN values of // different cases unfortunately introduced a regression that could cause previously defined groups // to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for // matching group CNs will be used. This is only needed in some upgrade scenarios for backwards // compatibility. It is enabled by default if the config is upgraded but disabled by default on // new configurations. // In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations. UsePre111GroupCnBehavior *bool `json:"usePre111GroupCnBehavior,omitempty" tf:"use_pre111_group_cn_behavior,omitempty"` // If true, use the Active Directory tokenGroups constructed attribute of the // user to find the group memberships. This will find all security groups including nested ones. // If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones. UseTokenGroups *bool `json:"useTokenGroups,omitempty" tf:"use_token_groups,omitempty"` // Attribute used when searching users. Defaults to cn. // Attribute used for users (default: cn) Userattr *string `json:"userattr,omitempty" tf:"userattr,omitempty"` // LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. // LDAP domain to use for users (eg: ou=People,dc=example,dc=org) Userdn *string `json:"userdn,omitempty" tf:"userdn,omitempty"` }
func (*SecretBackendObservation) DeepCopy ¶
func (in *SecretBackendObservation) DeepCopy() *SecretBackendObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendObservation.
func (*SecretBackendObservation) DeepCopyInto ¶
func (in *SecretBackendObservation) DeepCopyInto(out *SecretBackendObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretBackendParameters ¶
type SecretBackendParameters struct { // Use anonymous binds when performing LDAP group searches // (if true the initial credentials will still be used for the initial connection test). // Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test). // +kubebuilder:validation:Optional AnonymousGroupSearch *bool `json:"anonymousGroupSearch,omitempty" tf:"anonymous_group_search,omitempty"` // The unique path this backend should be mounted at. Must // not begin or end with a /. Defaults to ad. // The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad". // +kubebuilder:validation:Optional Backend *string `json:"backend,omitempty" tf:"backend,omitempty"` // Distinguished name of object to bind when performing user and group search. // Distinguished name of object to bind when performing user and group search. // +kubebuilder:validation:Optional Binddn *string `json:"binddn,omitempty" tf:"binddn,omitempty"` // Password to use along with binddn when performing user search. // LDAP password for searching for the user DN. // +kubebuilder:validation:Optional BindpassSecretRef v1.SecretKeySelector `json:"bindpassSecretRef" tf:"-"` // If set, user and group names assigned to policies within the // backend will be case sensitive. Otherwise, names will be normalized to lower case. // If true, case sensitivity will be used when comparing usernames and groups for matching policies. // +kubebuilder:validation:Optional CaseSensitiveNames *bool `json:"caseSensitiveNames,omitempty" tf:"case_sensitive_names,omitempty"` // CA certificate to use when verifying LDAP server certificate, must be // x509 PEM encoded. // CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded. // +kubebuilder:validation:Optional Certificate *string `json:"certificate,omitempty" tf:"certificate,omitempty"` // Client certificate to provide to the LDAP server, must be x509 PEM encoded. // Client certificate to provide to the LDAP server, must be x509 PEM encoded. // +kubebuilder:validation:Optional ClientTLSCertSecretRef *v1.SecretKeySelector `json:"clientTlsCertSecretRef,omitempty" tf:"-"` // Client certificate key to provide to the LDAP server, must be x509 PEM encoded. // Client certificate key to provide to the LDAP server, must be x509 PEM encoded. // +kubebuilder:validation:Optional ClientTLSKeySecretRef *v1.SecretKeySelector `json:"clientTlsKeySecretRef,omitempty" tf:"-"` // Default lease duration for secrets in seconds. // Default lease duration for secrets in seconds // +kubebuilder:validation:Optional DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"` // Denies an unauthenticated LDAP bind request if the user's password is empty; // defaults to true. // Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true // +kubebuilder:validation:Optional DenyNullBind *bool `json:"denyNullBind,omitempty" tf:"deny_null_bind,omitempty"` // Human-friendly description of the mount for the Active Directory backend. // Human-friendly description of the mount for the backend. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` // If set, opts out of mount migration on path updates. // See here for more info on Mount Migration // If set, opts out of mount migration on path updates. // +kubebuilder:validation:Optional DisableRemount *bool `json:"disableRemount,omitempty" tf:"disable_remount,omitempty"` // Use anonymous bind to discover the bind Distinguished Name of a user. // Use anonymous bind to discover the bind DN of a user. // +kubebuilder:validation:Optional Discoverdn *bool `json:"discoverdn,omitempty" tf:"discoverdn,omitempty"` // Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". // Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". // +kubebuilder:validation:Optional Formatter *string `json:"formatter,omitempty" tf:"formatter,omitempty"` // LDAP attribute to follow on objects returned by in order to enumerate // user group membership. Examples: cn or memberOf, etc. Defaults to cn. // LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn // +kubebuilder:validation:Optional Groupattr *string `json:"groupattr,omitempty" tf:"groupattr,omitempty"` // LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org). // LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org) // +kubebuilder:validation:Optional Groupdn *string `json:"groupdn,omitempty" tf:"groupdn,omitempty"` // Go template for querying group membership of user The template can access // the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) // Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) // +kubebuilder:validation:Optional Groupfilter *string `json:"groupfilter,omitempty" tf:"groupfilter,omitempty"` // Skip LDAP server SSL Certificate verification. This is not recommended for production. // Defaults to false. // Skip LDAP server SSL Certificate verification - insecure and not recommended for production use. // +kubebuilder:validation:Optional InsecureTLS *bool `json:"insecureTls,omitempty" tf:"insecure_tls,omitempty"` // The number of seconds after a Vault rotation where, if Active Directory // shows a later rotation, it should be considered out-of-band // The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band. // +kubebuilder:validation:Optional LastRotationTolerance *float64 `json:"lastRotationTolerance,omitempty" tf:"last_rotation_tolerance,omitempty"` // Deprecated use password_policy. The desired length of passwords that Vault generates. // Mutually exclusive with // The desired length of passwords that Vault generates. // +kubebuilder:validation:Optional Length *float64 `json:"length,omitempty" tf:"length,omitempty"` // Mark the secrets engine as local-only. Local engines are not replicated or removed by // replication.Tolerance duration to use when checking the last rotation time. // Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time. // +kubebuilder:validation:Optional Local *bool `json:"local,omitempty" tf:"local,omitempty"` // Maximum possible lease duration for secrets in seconds. // Maximum possible lease duration for secrets in seconds. // +kubebuilder:validation:Optional MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"` // In seconds, the maximum password time-to-live. // In seconds, the maximum password time-to-live. // +kubebuilder:validation:Optional MaxTTL *float64 `json:"maxTtl,omitempty" tf:"max_ttl,omitempty"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The namespace is always relative to the provider's configured namespace. // Available only for Vault Enterprise. // Target namespace. (requires Enterprise) // +kubebuilder:validation:Optional Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` // 1.11+ // Name of the password policy to use to generate passwords. // +kubebuilder:validation:Optional PasswordPolicy *string `json:"passwordPolicy,omitempty" tf:"password_policy,omitempty"` // Timeout, in seconds, for the connection when making requests against the server // before returning back an error. // Timeout, in seconds, for the connection when making requests against the server before returning back an error. // +kubebuilder:validation:Optional RequestTimeout *float64 `json:"requestTimeout,omitempty" tf:"request_timeout,omitempty"` // Issue a StartTLS command after establishing unencrypted connection. // Issue a StartTLS command after establishing unencrypted connection. // +kubebuilder:validation:Optional Starttls *bool `json:"starttls,omitempty" tf:"starttls,omitempty"` // Maximum TLS version to use. Accepted values are tls10, tls11, // tls12 or tls13. Defaults to tls12. // Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' // +kubebuilder:validation:Optional TLSMaxVersion *string `json:"tlsMaxVersion,omitempty" tf:"tls_max_version,omitempty"` // Minimum TLS version to use. Accepted values are tls10, tls11, // tls12 or tls13. Defaults to tls12. // Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' // +kubebuilder:validation:Optional TLSMinVersion *string `json:"tlsMinVersion,omitempty" tf:"tls_min_version,omitempty"` // In seconds, the default password time-to-live. // In seconds, the default password time-to-live. // +kubebuilder:validation:Optional TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` // LDAP URL to connect to. Multiple URLs can be specified by concatenating // them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1. // LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. // +kubebuilder:validation:Optional URL *string `json:"url,omitempty" tf:"url,omitempty"` // Enables userPrincipalDomain login with [username]@UPNDomain. // Enables userPrincipalDomain login with [username]@UPNDomain. // +kubebuilder:validation:Optional Upndomain *string `json:"upndomain,omitempty" tf:"upndomain,omitempty"` // In Vault 1.1.1 a fix for handling group CN values of // different cases unfortunately introduced a regression that could cause previously defined groups // to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for // matching group CNs will be used. This is only needed in some upgrade scenarios for backwards // compatibility. It is enabled by default if the config is upgraded but disabled by default on // new configurations. // In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations. // +kubebuilder:validation:Optional UsePre111GroupCnBehavior *bool `json:"usePre111GroupCnBehavior,omitempty" tf:"use_pre111_group_cn_behavior,omitempty"` // If true, use the Active Directory tokenGroups constructed attribute of the // user to find the group memberships. This will find all security groups including nested ones. // If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones. // +kubebuilder:validation:Optional UseTokenGroups *bool `json:"useTokenGroups,omitempty" tf:"use_token_groups,omitempty"` // Attribute used when searching users. Defaults to cn. // Attribute used for users (default: cn) // +kubebuilder:validation:Optional Userattr *string `json:"userattr,omitempty" tf:"userattr,omitempty"` // LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. // LDAP domain to use for users (eg: ou=People,dc=example,dc=org) // +kubebuilder:validation:Optional Userdn *string `json:"userdn,omitempty" tf:"userdn,omitempty"` }
func (*SecretBackendParameters) DeepCopy ¶
func (in *SecretBackendParameters) DeepCopy() *SecretBackendParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendParameters.
func (*SecretBackendParameters) DeepCopyInto ¶
func (in *SecretBackendParameters) DeepCopyInto(out *SecretBackendParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretBackendSpec ¶
type SecretBackendSpec struct { v1.ResourceSpec `json:",inline"` ForProvider SecretBackendParameters `json:"forProvider"` // THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored // unless the relevant Crossplane feature flag is enabled, and may be // changed or removed without notice. // InitProvider holds the same fields as ForProvider, with the exception // of Identifier and other resource reference fields. The fields that are // in InitProvider are merged into ForProvider when the resource is created. // The same fields are also added to the terraform ignore_changes hook, to // avoid updating them after creation. This is useful for fields that are // required on creation, but we do not desire to update them after creation, // for example because of an external controller is managing them, like an // autoscaler. InitProvider SecretBackendInitParameters `json:"initProvider,omitempty"` }
SecretBackendSpec defines the desired state of SecretBackend
func (*SecretBackendSpec) DeepCopy ¶
func (in *SecretBackendSpec) DeepCopy() *SecretBackendSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendSpec.
func (*SecretBackendSpec) DeepCopyInto ¶
func (in *SecretBackendSpec) DeepCopyInto(out *SecretBackendSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretBackendStatus ¶
type SecretBackendStatus struct { v1.ResourceStatus `json:",inline"` AtProvider SecretBackendObservation `json:"atProvider,omitempty"` }
SecretBackendStatus defines the observed state of SecretBackend.
func (*SecretBackendStatus) DeepCopy ¶
func (in *SecretBackendStatus) DeepCopy() *SecretBackendStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendStatus.
func (*SecretBackendStatus) DeepCopyInto ¶
func (in *SecretBackendStatus) DeepCopyInto(out *SecretBackendStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretRole ¶
type SecretRole struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.backend) || has(self.initProvider.backend)",message="backend is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.role) || has(self.initProvider.role)",message="role is a required parameter" // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.serviceAccountName) || has(self.initProvider.serviceAccountName)",message="serviceAccountName is a required parameter" Spec SecretRoleSpec `json:"spec"` Status SecretRoleStatus `json:"status,omitempty"` }
SecretRole is the Schema for the SecretRoles API. Creates a role on the Active Directory Secret Backend for Vault. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}
func (*SecretRole) DeepCopy ¶
func (in *SecretRole) DeepCopy() *SecretRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRole.
func (*SecretRole) DeepCopyInto ¶
func (in *SecretRole) DeepCopyInto(out *SecretRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretRole) DeepCopyObject ¶
func (in *SecretRole) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretRole) GetCondition ¶
func (mg *SecretRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this SecretRole.
func (*SecretRole) GetConnectionDetailsMapping ¶
func (tr *SecretRole) GetConnectionDetailsMapping() map[string]string
GetConnectionDetailsMapping for this SecretRole
func (*SecretRole) GetDeletionPolicy ¶
func (mg *SecretRole) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this SecretRole.
func (*SecretRole) GetID ¶
func (tr *SecretRole) GetID() string
GetID returns ID of underlying Terraform resource of this SecretRole
func (*SecretRole) GetInitParameters ¶ added in v0.2.0
func (tr *SecretRole) GetInitParameters() (map[string]any, error)
GetInitParameters of this SecretRole
func (*SecretRole) GetManagementPolicies ¶ added in v0.2.0
func (mg *SecretRole) GetManagementPolicies() xpv1.ManagementPolicies
GetManagementPolicies of this SecretRole.
func (*SecretRole) GetObservation ¶
func (tr *SecretRole) GetObservation() (map[string]any, error)
GetObservation of this SecretRole
func (*SecretRole) GetParameters ¶
func (tr *SecretRole) GetParameters() (map[string]any, error)
GetParameters of this SecretRole
func (*SecretRole) GetProviderConfigReference ¶
func (mg *SecretRole) GetProviderConfigReference() *xpv1.Reference
GetProviderConfigReference of this SecretRole.
func (*SecretRole) GetProviderReference ¶
func (mg *SecretRole) GetProviderReference() *xpv1.Reference
GetProviderReference of this SecretRole. Deprecated: Use GetProviderConfigReference.
func (*SecretRole) GetPublishConnectionDetailsTo ¶
func (mg *SecretRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
GetPublishConnectionDetailsTo of this SecretRole.
func (*SecretRole) GetTerraformResourceType ¶
func (mg *SecretRole) GetTerraformResourceType() string
GetTerraformResourceType returns Terraform resource type for this SecretRole
func (*SecretRole) GetTerraformSchemaVersion ¶
func (tr *SecretRole) GetTerraformSchemaVersion() int
GetTerraformSchemaVersion returns the associated Terraform schema version
func (*SecretRole) GetWriteConnectionSecretToReference ¶
func (mg *SecretRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this SecretRole.
func (*SecretRole) LateInitialize ¶
func (tr *SecretRole) LateInitialize(attrs []byte) (bool, error)
LateInitialize this SecretRole using its observed tfState. returns True if there are any spec changes for the resource.
func (*SecretRole) SetConditions ¶
func (mg *SecretRole) SetConditions(c ...xpv1.Condition)
SetConditions of this SecretRole.
func (*SecretRole) SetDeletionPolicy ¶
func (mg *SecretRole) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this SecretRole.
func (*SecretRole) SetManagementPolicies ¶ added in v0.2.0
func (mg *SecretRole) SetManagementPolicies(r xpv1.ManagementPolicies)
SetManagementPolicies of this SecretRole.
func (*SecretRole) SetObservation ¶
func (tr *SecretRole) SetObservation(obs map[string]any) error
SetObservation for this SecretRole
func (*SecretRole) SetParameters ¶
func (tr *SecretRole) SetParameters(params map[string]any) error
SetParameters for this SecretRole
func (*SecretRole) SetProviderConfigReference ¶
func (mg *SecretRole) SetProviderConfigReference(r *xpv1.Reference)
SetProviderConfigReference of this SecretRole.
func (*SecretRole) SetProviderReference ¶
func (mg *SecretRole) SetProviderReference(r *xpv1.Reference)
SetProviderReference of this SecretRole. Deprecated: Use SetProviderConfigReference.
func (*SecretRole) SetPublishConnectionDetailsTo ¶
func (mg *SecretRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
SetPublishConnectionDetailsTo of this SecretRole.
func (*SecretRole) SetWriteConnectionSecretToReference ¶
func (mg *SecretRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this SecretRole.
type SecretRoleInitParameters ¶ added in v0.2.0
type SecretRoleInitParameters struct { // The path the AD secret backend is mounted at, // with no leading or trailing /s. // The mount path for the AD backend. Backend *string `json:"backend,omitempty" tf:"backend,omitempty"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The namespace is always relative to the provider's configured namespace. // Available only for Vault Enterprise. // Target namespace. (requires Enterprise) Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` // The name to identify this role within the backend. // Must be unique within the backend. // Name of the role. Role *string `json:"role,omitempty" tf:"role,omitempty"` // Specifies the name of the Active Directory service // account mapped to this role. // The username/logon name for the service account with which this role will be associated. ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"` // The password time-to-live in seconds. Defaults to the configuration // ttl if not provided. // In seconds, the default password time-to-live. TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` }
func (*SecretRoleInitParameters) DeepCopy ¶ added in v0.2.0
func (in *SecretRoleInitParameters) DeepCopy() *SecretRoleInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleInitParameters.
func (*SecretRoleInitParameters) DeepCopyInto ¶ added in v0.2.0
func (in *SecretRoleInitParameters) DeepCopyInto(out *SecretRoleInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretRoleList ¶
type SecretRoleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []SecretRole `json:"items"` }
SecretRoleList contains a list of SecretRoles
func (*SecretRoleList) DeepCopy ¶
func (in *SecretRoleList) DeepCopy() *SecretRoleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleList.
func (*SecretRoleList) DeepCopyInto ¶
func (in *SecretRoleList) DeepCopyInto(out *SecretRoleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecretRoleList) DeepCopyObject ¶
func (in *SecretRoleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*SecretRoleList) GetItems ¶
func (l *SecretRoleList) GetItems() []resource.Managed
GetItems of this SecretRoleList.
type SecretRoleObservation ¶
type SecretRoleObservation struct { // The path the AD secret backend is mounted at, // with no leading or trailing /s. // The mount path for the AD backend. Backend *string `json:"backend,omitempty" tf:"backend,omitempty"` ID *string `json:"id,omitempty" tf:"id,omitempty"` // Timestamp of the last password rotation by Vault. // Last time Vault rotated this service account's password. LastVaultRotation *string `json:"lastVaultRotation,omitempty" tf:"last_vault_rotation,omitempty"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The namespace is always relative to the provider's configured namespace. // Available only for Vault Enterprise. // Target namespace. (requires Enterprise) Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` // Timestamp of the last password set by Vault. // Last time Vault set this service account's password. PasswordLastSet *string `json:"passwordLastSet,omitempty" tf:"password_last_set,omitempty"` // The name to identify this role within the backend. // Must be unique within the backend. // Name of the role. Role *string `json:"role,omitempty" tf:"role,omitempty"` // Specifies the name of the Active Directory service // account mapped to this role. // The username/logon name for the service account with which this role will be associated. ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"` // The password time-to-live in seconds. Defaults to the configuration // ttl if not provided. // In seconds, the default password time-to-live. TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` }
func (*SecretRoleObservation) DeepCopy ¶
func (in *SecretRoleObservation) DeepCopy() *SecretRoleObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleObservation.
func (*SecretRoleObservation) DeepCopyInto ¶
func (in *SecretRoleObservation) DeepCopyInto(out *SecretRoleObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretRoleParameters ¶
type SecretRoleParameters struct { // The path the AD secret backend is mounted at, // with no leading or trailing /s. // The mount path for the AD backend. // +kubebuilder:validation:Optional Backend *string `json:"backend,omitempty" tf:"backend,omitempty"` // The namespace to provision the resource in. // The value should not contain leading or trailing forward slashes. // The namespace is always relative to the provider's configured namespace. // Available only for Vault Enterprise. // Target namespace. (requires Enterprise) // +kubebuilder:validation:Optional Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"` // The name to identify this role within the backend. // Must be unique within the backend. // Name of the role. // +kubebuilder:validation:Optional Role *string `json:"role,omitempty" tf:"role,omitempty"` // Specifies the name of the Active Directory service // account mapped to this role. // The username/logon name for the service account with which this role will be associated. // +kubebuilder:validation:Optional ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"` // The password time-to-live in seconds. Defaults to the configuration // ttl if not provided. // In seconds, the default password time-to-live. // +kubebuilder:validation:Optional TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"` }
func (*SecretRoleParameters) DeepCopy ¶
func (in *SecretRoleParameters) DeepCopy() *SecretRoleParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleParameters.
func (*SecretRoleParameters) DeepCopyInto ¶
func (in *SecretRoleParameters) DeepCopyInto(out *SecretRoleParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretRoleSpec ¶
type SecretRoleSpec struct { v1.ResourceSpec `json:",inline"` ForProvider SecretRoleParameters `json:"forProvider"` // THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored // unless the relevant Crossplane feature flag is enabled, and may be // changed or removed without notice. // InitProvider holds the same fields as ForProvider, with the exception // of Identifier and other resource reference fields. The fields that are // in InitProvider are merged into ForProvider when the resource is created. // The same fields are also added to the terraform ignore_changes hook, to // avoid updating them after creation. This is useful for fields that are // required on creation, but we do not desire to update them after creation, // for example because of an external controller is managing them, like an // autoscaler. InitProvider SecretRoleInitParameters `json:"initProvider,omitempty"` }
SecretRoleSpec defines the desired state of SecretRole
func (*SecretRoleSpec) DeepCopy ¶
func (in *SecretRoleSpec) DeepCopy() *SecretRoleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleSpec.
func (*SecretRoleSpec) DeepCopyInto ¶
func (in *SecretRoleSpec) DeepCopyInto(out *SecretRoleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretRoleStatus ¶
type SecretRoleStatus struct { v1.ResourceStatus `json:",inline"` AtProvider SecretRoleObservation `json:"atProvider,omitempty"` }
SecretRoleStatus defines the observed state of SecretRole.
func (*SecretRoleStatus) DeepCopy ¶
func (in *SecretRoleStatus) DeepCopy() *SecretRoleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleStatus.
func (*SecretRoleStatus) DeepCopyInto ¶
func (in *SecretRoleStatus) DeepCopyInto(out *SecretRoleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.