v1alpha1

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 22, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

+kubebuilder:object:generate=true +groupName=ad.vault.upbound.io +versionName=v1alpha1

Index

Constants

View Source 
const (
	CRDGroup   = "ad.vault.upbound.io"
	CRDVersion = "v1alpha1"
)

Package type metadata.

Variables

View Source 
var (
	// CRDGroupVersion is the API Group Version used to register the objects
	CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var (
	SecretBackend_Kind             = "SecretBackend"
	SecretBackend_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: SecretBackend_Kind}.String()
	SecretBackend_KindAPIVersion   = SecretBackend_Kind + "." + CRDGroupVersion.String()
	SecretBackend_GroupVersionKind = CRDGroupVersion.WithKind(SecretBackend_Kind)
)

Repository type metadata.

View Source 
var (
	SecretRole_Kind             = "SecretRole"
	SecretRole_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: SecretRole_Kind}.String()
	SecretRole_KindAPIVersion   = SecretRole_Kind + "." + CRDGroupVersion.String()
	SecretRole_GroupVersionKind = CRDGroupVersion.WithKind(SecretRole_Kind)
)

Repository type metadata.

Functions

This section is empty.

Types

type SecretBackend 

type SecretBackend struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.binddn) || has(self.initProvider.binddn)",message="binddn is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.bindpassSecretRef)",message="bindpassSecretRef is a required parameter"
	Spec   SecretBackendSpec   `json:"spec"`
	Status SecretBackendStatus `json:"status,omitempty"`
}

SecretBackend is the Schema for the SecretBackends API. Creates an Active Directory secret backend for Vault. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*SecretBackend) DeepCopy 

func (in *SecretBackend) DeepCopy() *SecretBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackend.

func (*SecretBackend) DeepCopyInto 

func (in *SecretBackend) DeepCopyInto(out *SecretBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretBackend) DeepCopyObject 

func (in *SecretBackend) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretBackend) GetCondition 

func (mg *SecretBackend) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this SecretBackend.

func (*SecretBackend) GetConnectionDetailsMapping 

func (tr *SecretBackend) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this SecretBackend

func (*SecretBackend) GetDeletionPolicy 

func (mg *SecretBackend) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this SecretBackend.

func (*SecretBackend) GetID 

func (tr *SecretBackend) GetID() string

GetID returns ID of underlying Terraform resource of this SecretBackend

func (*SecretBackend) GetInitParameters added in v0.2.0 

func (tr *SecretBackend) GetInitParameters() (map[string]any, error)

GetInitParameters of this SecretBackend

func (*SecretBackend) GetManagementPolicies added in v0.2.0 

func (mg *SecretBackend) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this SecretBackend.

func (*SecretBackend) GetObservation 

func (tr *SecretBackend) GetObservation() (map[string]any, error)

GetObservation of this SecretBackend

func (*SecretBackend) GetParameters 

func (tr *SecretBackend) GetParameters() (map[string]any, error)

GetParameters of this SecretBackend

func (*SecretBackend) GetProviderConfigReference 

func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this SecretBackend.

func (*SecretBackend) GetProviderReference 

func (mg *SecretBackend) GetProviderReference() *xpv1.Reference

GetProviderReference of this SecretBackend. Deprecated: Use GetProviderConfigReference.

func (*SecretBackend) GetPublishConnectionDetailsTo 

func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this SecretBackend.

func (*SecretBackend) GetTerraformResourceType 

func (mg *SecretBackend) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this SecretBackend

func (*SecretBackend) GetTerraformSchemaVersion 

func (tr *SecretBackend) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*SecretBackend) GetWriteConnectionSecretToReference 

func (mg *SecretBackend) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this SecretBackend.

func (*SecretBackend) LateInitialize 

func (tr *SecretBackend) LateInitialize(attrs []byte) (bool, error)

LateInitialize this SecretBackend using its observed tfState. returns True if there are any spec changes for the resource.

func (*SecretBackend) SetConditions 

func (mg *SecretBackend) SetConditions(c ...xpv1.Condition)

SetConditions of this SecretBackend.

func (*SecretBackend) SetDeletionPolicy 

func (mg *SecretBackend) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this SecretBackend.

func (*SecretBackend) SetManagementPolicies added in v0.2.0 

func (mg *SecretBackend) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this SecretBackend.

func (*SecretBackend) SetObservation 

func (tr *SecretBackend) SetObservation(obs map[string]any) error

SetObservation for this SecretBackend

func (*SecretBackend) SetParameters 

func (tr *SecretBackend) SetParameters(params map[string]any) error

SetParameters for this SecretBackend

func (*SecretBackend) SetProviderConfigReference 

func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this SecretBackend.

func (*SecretBackend) SetProviderReference 

func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this SecretBackend. Deprecated: Use SetProviderConfigReference.

func (*SecretBackend) SetPublishConnectionDetailsTo 

func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this SecretBackend.

func (*SecretBackend) SetWriteConnectionSecretToReference 

func (mg *SecretBackend) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this SecretBackend.

type SecretBackendInitParameters added in v0.2.0 

type SecretBackendInitParameters struct {

	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	// Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch *bool `json:"anonymousGroupSearch,omitempty" tf:"anonymous_group_search,omitempty"`

	// The unique path this backend should be mounted at. Must
	// not begin or end with a /. Defaults to ad.
	// The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad".
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Distinguished name of object to bind when performing user and group search.
	// Distinguished name of object to bind when performing user and group search.
	Binddn *string `json:"binddn,omitempty" tf:"binddn,omitempty"`

	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	// If true, case sensitivity will be used when comparing usernames and groups for matching policies.
	CaseSensitiveNames *bool `json:"caseSensitiveNames,omitempty" tf:"case_sensitive_names,omitempty"`

	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	// CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
	Certificate *string `json:"certificate,omitempty" tf:"certificate,omitempty"`

	// Default lease duration for secrets in seconds.
	// Default lease duration for secrets in seconds
	DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"`

	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	// Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true
	DenyNullBind *bool `json:"denyNullBind,omitempty" tf:"deny_null_bind,omitempty"`

	// Human-friendly description of the mount for the Active Directory backend.
	// Human-friendly description of the mount for the backend.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// If set, opts out of mount migration on path updates.
	// See here for more info on Mount Migration
	// If set, opts out of mount migration on path updates.
	DisableRemount *bool `json:"disableRemount,omitempty" tf:"disable_remount,omitempty"`

	// Use anonymous bind to discover the bind Distinguished Name of a user.
	// Use anonymous bind to discover the bind DN of a user.
	Discoverdn *bool `json:"discoverdn,omitempty" tf:"discoverdn,omitempty"`

	// Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
	// Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
	Formatter *string `json:"formatter,omitempty" tf:"formatter,omitempty"`

	// LDAP attribute to follow on objects returned by  in order to enumerate
	// user group membership. Examples: cn or memberOf, etc. Defaults to cn.
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn
	Groupattr *string `json:"groupattr,omitempty" tf:"groupattr,omitempty"`

	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)
	Groupdn *string `json:"groupdn,omitempty" tf:"groupdn,omitempty"`

	// Go template for querying group membership of user  The template can access
	// the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	// Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	Groupfilter *string `json:"groupfilter,omitempty" tf:"groupfilter,omitempty"`

	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to false.
	// Skip LDAP server SSL Certificate verification - insecure and not recommended for production use.
	InsecureTLS *bool `json:"insecureTls,omitempty" tf:"insecure_tls,omitempty"`

	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	// The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band.
	LastRotationTolerance *float64 `json:"lastRotationTolerance,omitempty" tf:"last_rotation_tolerance,omitempty"`

	// Deprecated use password_policy. The desired length of passwords that Vault generates.
	// Mutually exclusive with
	// The desired length of passwords that Vault generates.
	Length *float64 `json:"length,omitempty" tf:"length,omitempty"`

	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.
	Local *bool `json:"local,omitempty" tf:"local,omitempty"`

	// Maximum possible lease duration for secrets in seconds.
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"`

	// In seconds, the maximum password time-to-live.
	// In seconds, the maximum password time-to-live.
	MaxTTL *float64 `json:"maxTtl,omitempty" tf:"max_ttl,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// 1.11+
	// Name of the password policy to use to generate passwords.
	PasswordPolicy *string `json:"passwordPolicy,omitempty" tf:"password_policy,omitempty"`

	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	// Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	RequestTimeout *float64 `json:"requestTimeout,omitempty" tf:"request_timeout,omitempty"`

	// Issue a StartTLS command after establishing unencrypted connection.
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls *bool `json:"starttls,omitempty" tf:"starttls,omitempty"`

	// Maximum TLS version to use. Accepted values are tls10, tls11,
	// tls12 or tls13. Defaults to tls12.
	// Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TLSMaxVersion *string `json:"tlsMaxVersion,omitempty" tf:"tls_max_version,omitempty"`

	// Minimum TLS version to use. Accepted values are tls10, tls11,
	// tls12 or tls13. Defaults to tls12.
	// Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TLSMinVersion *string `json:"tlsMinVersion,omitempty" tf:"tls_min_version,omitempty"`

	// In seconds, the default password time-to-live.
	// In seconds, the default password time-to-live.
	TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"`

	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1.
	// LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.
	URL *string `json:"url,omitempty" tf:"url,omitempty"`

	// Enables userPrincipalDomain login with [username]@UPNDomain.
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain *string `json:"upndomain,omitempty" tf:"upndomain,omitempty"`

	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	// In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.
	UsePre111GroupCnBehavior *bool `json:"usePre111GroupCnBehavior,omitempty" tf:"use_pre111_group_cn_behavior,omitempty"`

	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	// If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups *bool `json:"useTokenGroups,omitempty" tf:"use_token_groups,omitempty"`

	// Attribute used when searching users. Defaults to cn.
	// Attribute used for users (default: cn)
	Userattr *string `json:"userattr,omitempty" tf:"userattr,omitempty"`

	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)
	Userdn *string `json:"userdn,omitempty" tf:"userdn,omitempty"`
}

func (*SecretBackendInitParameters) DeepCopy added in v0.2.0 

func (in *SecretBackendInitParameters) DeepCopy() *SecretBackendInitParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendInitParameters.

func (*SecretBackendInitParameters) DeepCopyInto added in v0.2.0 

func (in *SecretBackendInitParameters) DeepCopyInto(out *SecretBackendInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendList 

type SecretBackendList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretBackend `json:"items"`
}

SecretBackendList contains a list of SecretBackends

func (*SecretBackendList) DeepCopy 

func (in *SecretBackendList) DeepCopy() *SecretBackendList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendList.

func (*SecretBackendList) DeepCopyInto 

func (in *SecretBackendList) DeepCopyInto(out *SecretBackendList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretBackendList) DeepCopyObject 

func (in *SecretBackendList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretBackendList) GetItems 

func (l *SecretBackendList) GetItems() []resource.Managed

GetItems of this SecretBackendList.

type SecretBackendObservation 

type SecretBackendObservation struct {

	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	// Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).
	AnonymousGroupSearch *bool `json:"anonymousGroupSearch,omitempty" tf:"anonymous_group_search,omitempty"`

	// The unique path this backend should be mounted at. Must
	// not begin or end with a /. Defaults to ad.
	// The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad".
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Distinguished name of object to bind when performing user and group search.
	// Distinguished name of object to bind when performing user and group search.
	Binddn *string `json:"binddn,omitempty" tf:"binddn,omitempty"`

	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	// If true, case sensitivity will be used when comparing usernames and groups for matching policies.
	CaseSensitiveNames *bool `json:"caseSensitiveNames,omitempty" tf:"case_sensitive_names,omitempty"`

	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	// CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
	Certificate *string `json:"certificate,omitempty" tf:"certificate,omitempty"`

	// Default lease duration for secrets in seconds.
	// Default lease duration for secrets in seconds
	DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"`

	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	// Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true
	DenyNullBind *bool `json:"denyNullBind,omitempty" tf:"deny_null_bind,omitempty"`

	// Human-friendly description of the mount for the Active Directory backend.
	// Human-friendly description of the mount for the backend.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// If set, opts out of mount migration on path updates.
	// See here for more info on Mount Migration
	// If set, opts out of mount migration on path updates.
	DisableRemount *bool `json:"disableRemount,omitempty" tf:"disable_remount,omitempty"`

	// Use anonymous bind to discover the bind Distinguished Name of a user.
	// Use anonymous bind to discover the bind DN of a user.
	Discoverdn *bool `json:"discoverdn,omitempty" tf:"discoverdn,omitempty"`

	// Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
	// Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
	Formatter *string `json:"formatter,omitempty" tf:"formatter,omitempty"`

	// LDAP attribute to follow on objects returned by  in order to enumerate
	// user group membership. Examples: cn or memberOf, etc. Defaults to cn.
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn
	Groupattr *string `json:"groupattr,omitempty" tf:"groupattr,omitempty"`

	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)
	Groupdn *string `json:"groupdn,omitempty" tf:"groupdn,omitempty"`

	// Go template for querying group membership of user  The template can access
	// the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	// Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	Groupfilter *string `json:"groupfilter,omitempty" tf:"groupfilter,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to false.
	// Skip LDAP server SSL Certificate verification - insecure and not recommended for production use.
	InsecureTLS *bool `json:"insecureTls,omitempty" tf:"insecure_tls,omitempty"`

	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	// The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band.
	LastRotationTolerance *float64 `json:"lastRotationTolerance,omitempty" tf:"last_rotation_tolerance,omitempty"`

	// Deprecated use password_policy. The desired length of passwords that Vault generates.
	// Mutually exclusive with
	// The desired length of passwords that Vault generates.
	Length *float64 `json:"length,omitempty" tf:"length,omitempty"`

	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.
	Local *bool `json:"local,omitempty" tf:"local,omitempty"`

	// Maximum possible lease duration for secrets in seconds.
	// Maximum possible lease duration for secrets in seconds.
	MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"`

	// In seconds, the maximum password time-to-live.
	// In seconds, the maximum password time-to-live.
	MaxTTL *float64 `json:"maxTtl,omitempty" tf:"max_ttl,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// 1.11+
	// Name of the password policy to use to generate passwords.
	PasswordPolicy *string `json:"passwordPolicy,omitempty" tf:"password_policy,omitempty"`

	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	// Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	RequestTimeout *float64 `json:"requestTimeout,omitempty" tf:"request_timeout,omitempty"`

	// Issue a StartTLS command after establishing unencrypted connection.
	// Issue a StartTLS command after establishing unencrypted connection.
	Starttls *bool `json:"starttls,omitempty" tf:"starttls,omitempty"`

	// Maximum TLS version to use. Accepted values are tls10, tls11,
	// tls12 or tls13. Defaults to tls12.
	// Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TLSMaxVersion *string `json:"tlsMaxVersion,omitempty" tf:"tls_max_version,omitempty"`

	// Minimum TLS version to use. Accepted values are tls10, tls11,
	// tls12 or tls13. Defaults to tls12.
	// Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	TLSMinVersion *string `json:"tlsMinVersion,omitempty" tf:"tls_min_version,omitempty"`

	// In seconds, the default password time-to-live.
	// In seconds, the default password time-to-live.
	TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"`

	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1.
	// LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.
	URL *string `json:"url,omitempty" tf:"url,omitempty"`

	// Enables userPrincipalDomain login with [username]@UPNDomain.
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	Upndomain *string `json:"upndomain,omitempty" tf:"upndomain,omitempty"`

	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	// In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.
	UsePre111GroupCnBehavior *bool `json:"usePre111GroupCnBehavior,omitempty" tf:"use_pre111_group_cn_behavior,omitempty"`

	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	// If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.
	UseTokenGroups *bool `json:"useTokenGroups,omitempty" tf:"use_token_groups,omitempty"`

	// Attribute used when searching users. Defaults to cn.
	// Attribute used for users (default: cn)
	Userattr *string `json:"userattr,omitempty" tf:"userattr,omitempty"`

	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)
	Userdn *string `json:"userdn,omitempty" tf:"userdn,omitempty"`
}

func (*SecretBackendObservation) DeepCopy 

func (in *SecretBackendObservation) DeepCopy() *SecretBackendObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendObservation.

func (*SecretBackendObservation) DeepCopyInto 

func (in *SecretBackendObservation) DeepCopyInto(out *SecretBackendObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendParameters 

type SecretBackendParameters struct {

	// Use anonymous binds when performing LDAP group searches
	// (if true the initial credentials will still be used for the initial connection test).
	// Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).
	// +kubebuilder:validation:Optional
	AnonymousGroupSearch *bool `json:"anonymousGroupSearch,omitempty" tf:"anonymous_group_search,omitempty"`

	// The unique path this backend should be mounted at. Must
	// not begin or end with a /. Defaults to ad.
	// The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad".
	// +kubebuilder:validation:Optional
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Distinguished name of object to bind when performing user and group search.
	// Distinguished name of object to bind when performing user and group search.
	// +kubebuilder:validation:Optional
	Binddn *string `json:"binddn,omitempty" tf:"binddn,omitempty"`

	// Password to use along with binddn when performing user search.
	// LDAP password for searching for the user DN.
	// +kubebuilder:validation:Optional
	BindpassSecretRef v1.SecretKeySelector `json:"bindpassSecretRef" tf:"-"`

	// If set, user and group names assigned to policies within the
	// backend will be case sensitive. Otherwise, names will be normalized to lower case.
	// If true, case sensitivity will be used when comparing usernames and groups for matching policies.
	// +kubebuilder:validation:Optional
	CaseSensitiveNames *bool `json:"caseSensitiveNames,omitempty" tf:"case_sensitive_names,omitempty"`

	// CA certificate to use when verifying LDAP server certificate, must be
	// x509 PEM encoded.
	// CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.
	// +kubebuilder:validation:Optional
	Certificate *string `json:"certificate,omitempty" tf:"certificate,omitempty"`

	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	// Client certificate to provide to the LDAP server, must be x509 PEM encoded.
	// +kubebuilder:validation:Optional
	ClientTLSCertSecretRef *v1.SecretKeySelector `json:"clientTlsCertSecretRef,omitempty" tf:"-"`

	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	// Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
	// +kubebuilder:validation:Optional
	ClientTLSKeySecretRef *v1.SecretKeySelector `json:"clientTlsKeySecretRef,omitempty" tf:"-"`

	// Default lease duration for secrets in seconds.
	// Default lease duration for secrets in seconds
	// +kubebuilder:validation:Optional
	DefaultLeaseTTLSeconds *float64 `json:"defaultLeaseTtlSeconds,omitempty" tf:"default_lease_ttl_seconds,omitempty"`

	// Denies an unauthenticated LDAP bind request if the user's password is empty;
	// defaults to true.
	// Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true
	// +kubebuilder:validation:Optional
	DenyNullBind *bool `json:"denyNullBind,omitempty" tf:"deny_null_bind,omitempty"`

	// Human-friendly description of the mount for the Active Directory backend.
	// Human-friendly description of the mount for the backend.
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// If set, opts out of mount migration on path updates.
	// See here for more info on Mount Migration
	// If set, opts out of mount migration on path updates.
	// +kubebuilder:validation:Optional
	DisableRemount *bool `json:"disableRemount,omitempty" tf:"disable_remount,omitempty"`

	// Use anonymous bind to discover the bind Distinguished Name of a user.
	// Use anonymous bind to discover the bind DN of a user.
	// +kubebuilder:validation:Optional
	Discoverdn *bool `json:"discoverdn,omitempty" tf:"discoverdn,omitempty"`

	// Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
	// Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
	// +kubebuilder:validation:Optional
	Formatter *string `json:"formatter,omitempty" tf:"formatter,omitempty"`

	// LDAP attribute to follow on objects returned by  in order to enumerate
	// user group membership. Examples: cn or memberOf, etc. Defaults to cn.
	// LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn
	// +kubebuilder:validation:Optional
	Groupattr *string `json:"groupattr,omitempty" tf:"groupattr,omitempty"`

	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
	// LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)
	// +kubebuilder:validation:Optional
	Groupdn *string `json:"groupdn,omitempty" tf:"groupdn,omitempty"`

	// Go template for querying group membership of user  The template can access
	// the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	// Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))
	// +kubebuilder:validation:Optional
	Groupfilter *string `json:"groupfilter,omitempty" tf:"groupfilter,omitempty"`

	// Skip LDAP server SSL Certificate verification. This is not recommended for production.
	// Defaults to false.
	// Skip LDAP server SSL Certificate verification - insecure and not recommended for production use.
	// +kubebuilder:validation:Optional
	InsecureTLS *bool `json:"insecureTls,omitempty" tf:"insecure_tls,omitempty"`

	// The number of seconds after a Vault rotation where, if Active Directory
	// shows a later rotation, it should be considered out-of-band
	// The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band.
	// +kubebuilder:validation:Optional
	LastRotationTolerance *float64 `json:"lastRotationTolerance,omitempty" tf:"last_rotation_tolerance,omitempty"`

	// Deprecated use password_policy. The desired length of passwords that Vault generates.
	// Mutually exclusive with
	// The desired length of passwords that Vault generates.
	// +kubebuilder:validation:Optional
	Length *float64 `json:"length,omitempty" tf:"length,omitempty"`

	// Mark the secrets engine as local-only. Local engines are not replicated or removed by
	// replication.Tolerance duration to use when checking the last rotation time.
	// Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.
	// +kubebuilder:validation:Optional
	Local *bool `json:"local,omitempty" tf:"local,omitempty"`

	// Maximum possible lease duration for secrets in seconds.
	// Maximum possible lease duration for secrets in seconds.
	// +kubebuilder:validation:Optional
	MaxLeaseTTLSeconds *float64 `json:"maxLeaseTtlSeconds,omitempty" tf:"max_lease_ttl_seconds,omitempty"`

	// In seconds, the maximum password time-to-live.
	// In seconds, the maximum password time-to-live.
	// +kubebuilder:validation:Optional
	MaxTTL *float64 `json:"maxTtl,omitempty" tf:"max_ttl,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// 1.11+
	// Name of the password policy to use to generate passwords.
	// +kubebuilder:validation:Optional
	PasswordPolicy *string `json:"passwordPolicy,omitempty" tf:"password_policy,omitempty"`

	// Timeout, in seconds, for the connection when making requests against the server
	// before returning back an error.
	// Timeout, in seconds, for the connection when making requests against the server before returning back an error.
	// +kubebuilder:validation:Optional
	RequestTimeout *float64 `json:"requestTimeout,omitempty" tf:"request_timeout,omitempty"`

	// Issue a StartTLS command after establishing unencrypted connection.
	// Issue a StartTLS command after establishing unencrypted connection.
	// +kubebuilder:validation:Optional
	Starttls *bool `json:"starttls,omitempty" tf:"starttls,omitempty"`

	// Maximum TLS version to use. Accepted values are tls10, tls11,
	// tls12 or tls13. Defaults to tls12.
	// Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	// +kubebuilder:validation:Optional
	TLSMaxVersion *string `json:"tlsMaxVersion,omitempty" tf:"tls_max_version,omitempty"`

	// Minimum TLS version to use. Accepted values are tls10, tls11,
	// tls12 or tls13. Defaults to tls12.
	// Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'
	// +kubebuilder:validation:Optional
	TLSMinVersion *string `json:"tlsMinVersion,omitempty" tf:"tls_min_version,omitempty"`

	// In seconds, the default password time-to-live.
	// In seconds, the default password time-to-live.
	// +kubebuilder:validation:Optional
	TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"`

	// LDAP URL to connect to. Multiple URLs can be specified by concatenating
	// them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1.
	// LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.
	// +kubebuilder:validation:Optional
	URL *string `json:"url,omitempty" tf:"url,omitempty"`

	// Enables userPrincipalDomain login with [username]@UPNDomain.
	// Enables userPrincipalDomain login with [username]@UPNDomain.
	// +kubebuilder:validation:Optional
	Upndomain *string `json:"upndomain,omitempty" tf:"upndomain,omitempty"`

	// In Vault 1.1.1 a fix for handling group CN values of
	// different cases unfortunately introduced a regression that could cause previously defined groups
	// to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
	// matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
	// compatibility. It is enabled by default if the config is upgraded but disabled by default on
	// new configurations.
	// In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.
	// +kubebuilder:validation:Optional
	UsePre111GroupCnBehavior *bool `json:"usePre111GroupCnBehavior,omitempty" tf:"use_pre111_group_cn_behavior,omitempty"`

	// If true, use the Active Directory tokenGroups constructed attribute of the
	// user to find the group memberships. This will find all security groups including nested ones.
	// If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.
	// +kubebuilder:validation:Optional
	UseTokenGroups *bool `json:"useTokenGroups,omitempty" tf:"use_token_groups,omitempty"`

	// Attribute used when searching users. Defaults to cn.
	// Attribute used for users (default: cn)
	// +kubebuilder:validation:Optional
	Userattr *string `json:"userattr,omitempty" tf:"userattr,omitempty"`

	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
	// LDAP domain to use for users (eg: ou=People,dc=example,dc=org)
	// +kubebuilder:validation:Optional
	Userdn *string `json:"userdn,omitempty" tf:"userdn,omitempty"`
}

func (*SecretBackendParameters) DeepCopy 

func (in *SecretBackendParameters) DeepCopy() *SecretBackendParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendParameters.

func (*SecretBackendParameters) DeepCopyInto 

func (in *SecretBackendParameters) DeepCopyInto(out *SecretBackendParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendSpec 

type SecretBackendSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     SecretBackendParameters `json:"forProvider"`
	// THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
	// unless the relevant Crossplane feature flag is enabled, and may be
	// changed or removed without notice.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider SecretBackendInitParameters `json:"initProvider,omitempty"`
}

SecretBackendSpec defines the desired state of SecretBackend

func (*SecretBackendSpec) DeepCopy 

func (in *SecretBackendSpec) DeepCopy() *SecretBackendSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendSpec.

func (*SecretBackendSpec) DeepCopyInto 

func (in *SecretBackendSpec) DeepCopyInto(out *SecretBackendSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretBackendStatus 

type SecretBackendStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        SecretBackendObservation `json:"atProvider,omitempty"`
}

SecretBackendStatus defines the observed state of SecretBackend.

func (*SecretBackendStatus) DeepCopy 

func (in *SecretBackendStatus) DeepCopy() *SecretBackendStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretBackendStatus.

func (*SecretBackendStatus) DeepCopyInto 

func (in *SecretBackendStatus) DeepCopyInto(out *SecretBackendStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretRole 

type SecretRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.backend) || has(self.initProvider.backend)",message="backend is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.role) || has(self.initProvider.role)",message="role is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.serviceAccountName) || has(self.initProvider.serviceAccountName)",message="serviceAccountName is a required parameter"
	Spec   SecretRoleSpec   `json:"spec"`
	Status SecretRoleStatus `json:"status,omitempty"`
}

SecretRole is the Schema for the SecretRoles API. Creates a role on the Active Directory Secret Backend for Vault. +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*SecretRole) DeepCopy 

func (in *SecretRole) DeepCopy() *SecretRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRole.

func (*SecretRole) DeepCopyInto 

func (in *SecretRole) DeepCopyInto(out *SecretRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretRole) DeepCopyObject 

func (in *SecretRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretRole) GetCondition 

func (mg *SecretRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this SecretRole.

func (*SecretRole) GetConnectionDetailsMapping 

func (tr *SecretRole) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this SecretRole

func (*SecretRole) GetDeletionPolicy 

func (mg *SecretRole) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this SecretRole.

func (*SecretRole) GetID 

func (tr *SecretRole) GetID() string

GetID returns ID of underlying Terraform resource of this SecretRole

func (*SecretRole) GetInitParameters added in v0.2.0 

func (tr *SecretRole) GetInitParameters() (map[string]any, error)

GetInitParameters of this SecretRole

func (*SecretRole) GetManagementPolicies added in v0.2.0 

func (mg *SecretRole) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this SecretRole.

func (*SecretRole) GetObservation 

func (tr *SecretRole) GetObservation() (map[string]any, error)

GetObservation of this SecretRole

func (*SecretRole) GetParameters 

func (tr *SecretRole) GetParameters() (map[string]any, error)

GetParameters of this SecretRole

func (*SecretRole) GetProviderConfigReference 

func (mg *SecretRole) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this SecretRole.

func (*SecretRole) GetProviderReference 

func (mg *SecretRole) GetProviderReference() *xpv1.Reference

GetProviderReference of this SecretRole. Deprecated: Use GetProviderConfigReference.

func (*SecretRole) GetPublishConnectionDetailsTo 

func (mg *SecretRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this SecretRole.

func (*SecretRole) GetTerraformResourceType 

func (mg *SecretRole) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this SecretRole

func (*SecretRole) GetTerraformSchemaVersion 

func (tr *SecretRole) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*SecretRole) GetWriteConnectionSecretToReference 

func (mg *SecretRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this SecretRole.

func (*SecretRole) LateInitialize 

func (tr *SecretRole) LateInitialize(attrs []byte) (bool, error)

LateInitialize this SecretRole using its observed tfState. returns True if there are any spec changes for the resource.

func (*SecretRole) SetConditions 

func (mg *SecretRole) SetConditions(c ...xpv1.Condition)

SetConditions of this SecretRole.

func (*SecretRole) SetDeletionPolicy 

func (mg *SecretRole) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this SecretRole.

func (*SecretRole) SetManagementPolicies added in v0.2.0 

func (mg *SecretRole) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this SecretRole.

func (*SecretRole) SetObservation 

func (tr *SecretRole) SetObservation(obs map[string]any) error

SetObservation for this SecretRole

func (*SecretRole) SetParameters 

func (tr *SecretRole) SetParameters(params map[string]any) error

SetParameters for this SecretRole

func (*SecretRole) SetProviderConfigReference 

func (mg *SecretRole) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this SecretRole.

func (*SecretRole) SetProviderReference 

func (mg *SecretRole) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this SecretRole. Deprecated: Use SetProviderConfigReference.

func (*SecretRole) SetPublishConnectionDetailsTo 

func (mg *SecretRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this SecretRole.

func (*SecretRole) SetWriteConnectionSecretToReference 

func (mg *SecretRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this SecretRole.

type SecretRoleInitParameters added in v0.2.0 

type SecretRoleInitParameters struct {

	// The path the AD secret backend is mounted at,
	// with no leading or trailing /s.
	// The mount path for the AD backend.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The name to identify this role within the backend.
	// Must be unique within the backend.
	// Name of the role.
	Role *string `json:"role,omitempty" tf:"role,omitempty"`

	// Specifies the name of the Active Directory service
	// account mapped to this role.
	// The username/logon name for the service account with which this role will be associated.
	ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"`

	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	// In seconds, the default password time-to-live.
	TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"`
}

func (*SecretRoleInitParameters) DeepCopy added in v0.2.0 

func (in *SecretRoleInitParameters) DeepCopy() *SecretRoleInitParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleInitParameters.

func (*SecretRoleInitParameters) DeepCopyInto added in v0.2.0 

func (in *SecretRoleInitParameters) DeepCopyInto(out *SecretRoleInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretRoleList 

type SecretRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretRole `json:"items"`
}

SecretRoleList contains a list of SecretRoles

func (*SecretRoleList) DeepCopy 

func (in *SecretRoleList) DeepCopy() *SecretRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleList.

func (*SecretRoleList) DeepCopyInto 

func (in *SecretRoleList) DeepCopyInto(out *SecretRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretRoleList) DeepCopyObject 

func (in *SecretRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretRoleList) GetItems 

func (l *SecretRoleList) GetItems() []resource.Managed

GetItems of this SecretRoleList.

type SecretRoleObservation 

type SecretRoleObservation struct {

	// The path the AD secret backend is mounted at,
	// with no leading or trailing /s.
	// The mount path for the AD backend.
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// Timestamp of the last password rotation by Vault.
	// Last time Vault rotated this service account's password.
	LastVaultRotation *string `json:"lastVaultRotation,omitempty" tf:"last_vault_rotation,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// Timestamp of the last password set by Vault.
	// Last time Vault set this service account's password.
	PasswordLastSet *string `json:"passwordLastSet,omitempty" tf:"password_last_set,omitempty"`

	// The name to identify this role within the backend.
	// Must be unique within the backend.
	// Name of the role.
	Role *string `json:"role,omitempty" tf:"role,omitempty"`

	// Specifies the name of the Active Directory service
	// account mapped to this role.
	// The username/logon name for the service account with which this role will be associated.
	ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"`

	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	// In seconds, the default password time-to-live.
	TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"`
}

func (*SecretRoleObservation) DeepCopy 

func (in *SecretRoleObservation) DeepCopy() *SecretRoleObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleObservation.

func (*SecretRoleObservation) DeepCopyInto 

func (in *SecretRoleObservation) DeepCopyInto(out *SecretRoleObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretRoleParameters 

type SecretRoleParameters struct {

	// The path the AD secret backend is mounted at,
	// with no leading or trailing /s.
	// The mount path for the AD backend.
	// +kubebuilder:validation:Optional
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The namespace is always relative to the provider's configured namespace.
	// Available only for Vault Enterprise.
	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The name to identify this role within the backend.
	// Must be unique within the backend.
	// Name of the role.
	// +kubebuilder:validation:Optional
	Role *string `json:"role,omitempty" tf:"role,omitempty"`

	// Specifies the name of the Active Directory service
	// account mapped to this role.
	// The username/logon name for the service account with which this role will be associated.
	// +kubebuilder:validation:Optional
	ServiceAccountName *string `json:"serviceAccountName,omitempty" tf:"service_account_name,omitempty"`

	// The password time-to-live in seconds. Defaults to the configuration
	// ttl if not provided.
	// In seconds, the default password time-to-live.
	// +kubebuilder:validation:Optional
	TTL *float64 `json:"ttl,omitempty" tf:"ttl,omitempty"`
}

func (*SecretRoleParameters) DeepCopy 

func (in *SecretRoleParameters) DeepCopy() *SecretRoleParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleParameters.

func (*SecretRoleParameters) DeepCopyInto 

func (in *SecretRoleParameters) DeepCopyInto(out *SecretRoleParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretRoleSpec 

type SecretRoleSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     SecretRoleParameters `json:"forProvider"`
	// THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored
	// unless the relevant Crossplane feature flag is enabled, and may be
	// changed or removed without notice.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider SecretRoleInitParameters `json:"initProvider,omitempty"`
}

SecretRoleSpec defines the desired state of SecretRole

func (*SecretRoleSpec) DeepCopy 

func (in *SecretRoleSpec) DeepCopy() *SecretRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleSpec.

func (*SecretRoleSpec) DeepCopyInto 

func (in *SecretRoleSpec) DeepCopyInto(out *SecretRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretRoleStatus 

type SecretRoleStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        SecretRoleObservation `json:"atProvider,omitempty"`
}

SecretRoleStatus defines the observed state of SecretRole.

func (*SecretRoleStatus) DeepCopy 

func (in *SecretRoleStatus) DeepCopy() *SecretRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretRoleStatus.

func (*SecretRoleStatus) DeepCopyInto 

func (in *SecretRoleStatus) DeepCopyInto(out *SecretRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.