v1alpha1

package
v0.18.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 13, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

+groupName=policy.kubevault.com

Index

Constants

View Source 
const (
	ResourceKindVaultPolicy = "VaultPolicy"
	ResourceVaultPolicy     = "vaultpolicy"
	ResourceVaultPolicies   = "vaultpolicies"
)
View Source 
const (
	ResourceKindVaultPolicyBinding = "VaultPolicyBinding"
	ResourceVaultPolicyBinding     = "vaultpolicybinding"
	ResourceVaultPolicyBindings    = "vaultpolicybindings"
)

Variables

View Source 
var (
	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: policy.GroupName, Version: "v1alpha1"}

Functions

func GetOpenAPIDefinitions 

func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition

func Kind added in v0.8.0 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type AppRoleSubjectRef 

type AppRoleSubjectRef struct {
	// Specifies the path where approle auth is enabled
	// default : approle
	// +optional
	Path string `json:"path,omitempty"`

	// RoleName is the Name of the AppRole
	// This defaults to following format: k8s.${cluster}.${metadata.namespace}.${metadata.name}
	RoleName string `json:"roleName,omitempty"`

	// Require secret_id to be presented when logging in using this AppRole.
	BindSecretID bool `json:"bindSecretID"`

	// List of CIDR blocks; if set, specifies blocks of IP addresses which can perform the login operation.
	SecretIDBoundCidrs []string `json:"secretIdBoundCidrs,omitempty"`

	// Number of times any particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. A value of zero will allow unlimited uses.
	SecretIDNumUses int64 `json:"secretIdNumUses,omitempty"`

	// Duration in either an integer number of seconds (3600) or an integer time unit (60m) after which any SecretID expires.
	SecretIDTTL string `json:"secretIdTTL,omitempty"`

	// If set, the secret IDs generated using this role will be cluster local. This can only be set during role creation and once set, it can't be reset later.
	EnableLocalSecretIDs bool `json:"enableLocalSecretIds,omitempty"`

	// The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	TokenTTL int64 `json:"tokenTTL,omitempty"`

	// The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
	TokenMaxTTL int64 `json:"tokenMaxTTL,omitempty"`

	// List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies []string `json:"tokenPolicies,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	TokenBoundCidrs []string `json:"tokenBoundCidrs,omitempty"`

	// If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	TokenExplicitMaxTTL int64 `json:"tokenExplicitMaxTTL,omitempty"`

	// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy,omitempty"`

	// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses int64 `json:"tokenNumUses,omitempty"`

	// The period, if any, to set on the token.
	TokenPeriod int64 `json:"tokenPeriod,omitempty"`

	// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	TokenType string `json:"tokenType,omitempty"`
}

More info: https://www.vaultproject.io/api-docs/auth/approle#create-update-approle

func (*AppRoleSubjectRef) DeepCopy 

func (in *AppRoleSubjectRef) DeepCopy() *AppRoleSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppRoleSubjectRef.

func (*AppRoleSubjectRef) DeepCopyInto 

func (in *AppRoleSubjectRef) DeepCopyInto(out *AppRoleSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTOIDCSubjectRef added in v0.8.0 

type JWTOIDCSubjectRef struct {
	// Specifies the path where jwt/oidc auth is enabled
	Path string `json:"path"`

	// Name of the role.
	// This defaults to following format: k8s.${cluster}.${metadata.namespace}.${metadata.name}
	Name string `json:"name,omitempty"`

	// List of aud claims to match against. Any match is sufficient. Required for "jwt" roles, optional for "oidc" roles.
	BoundAudiences []string `json:"boundAudiences,omitempty"`

	// The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login. The claim value must be a string.
	UserClaim string `json:"userClaim"`

	// If set, requires that the sub claim matches this value.
	BoundSubject string `json:"boundSubject,omitempty"`

	// If set, a map of claims/values to match against. The expected value may be a single string or a list of strings. The interpretation of the bound claim values is configured with bound_claims_type.
	BoundClaims map[string]string `json:"boundClaims,omitempty"`

	// Configures the interpretation of the bound_claims values. If "string" (the default), the values will treated as string literals and must match exactly. If set to "glob", the values will be interpreted as globs, with * matching any number of characters.
	BoundClaimsType string `json:"boundClaimsType,omitempty"`

	// The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.
	GroupClaim string `json:"groupClaim,omitempty"`

	// If set, a map of claims (keys) to be copied to specified metadata fields (values).
	ClaimMappings map[string]string `json:"claimMappings,omitempty"`

	// If set, a list of OIDC scopes to be used with an OIDC role. The standard scope "openid" is automatically included and need not be specified.
	OIDCScopes []string `json:"oidcScopes,omitempty"`

	// The list of allowed values for redirect_uri during OIDC logins.
	AllowedRedirectUris []string `json:"allowedRedirectUris"`

	VerboseOIDCLogging bool `json:"verboseOidcLogging,omitempty"`

	// The incremental lifetime for generated tokens. This current value of this will be referenced at renewal time.
	TokenTTL int64 `json:"tokenTTL,omitempty"`

	// The maximum lifetime for generated tokens. This current value of this will be referenced at renewal time.
	TokenMaxTTL int64 `json:"tokenMaxTTL,omitempty"`

	// List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies []string `json:"tokenPolicies,omitempty"`

	// List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and ties the resulting token to these blocks as well.
	TokenBoundCidrs []string `json:"tokenBoundCidrs,omitempty"`

	// If set, will encode an explicit max TTL onto the token. This is a hard cap even if token_ttl and token_max_ttl would otherwise allow a renewal.
	TokenExplicitMaxTTL int64 `json:"tokenExplicitMaxTTL,omitempty"`

	// If set, the default policy will not be set on generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy bool `json:"tokenNoDefaultPolicy,omitempty"`

	// The maximum number of times a generated token may be used (within its lifetime); 0 means unlimited.
	TokenNumUses int64 `json:"tokenNumUses,omitempty"`

	// The period, if any, to set on the token.
	TokenPeriod int64 `json:"tokenPeriod,omitempty"`

	// The type of token that should be generated. Can be service, batch, or default to use the mount's tuned default (which unless changed will be service tokens). For token store roles, there are two additional possibilities: default-service and default-batch which specify the type to return unless the client requests a different type at generation time.
	TokenType string `json:"tokenType,omitempty"`
}

More info: https://www.vaultproject.io/api-docs/auth/jwt#create-role

func (*JWTOIDCSubjectRef) DeepCopy added in v0.8.0 

func (in *JWTOIDCSubjectRef) DeepCopy() *JWTOIDCSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTOIDCSubjectRef.

func (*JWTOIDCSubjectRef) DeepCopyInto added in v0.8.0 

func (in *JWTOIDCSubjectRef) DeepCopyInto(out *JWTOIDCSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesSubjectRef 

type KubernetesSubjectRef struct {
	// Specifies the path where kubernetes auth is enabled
	// default : kubernetes
	// +optional
	Path string `json:"path,omitempty"`

	// Name of the role
	Name string `json:"name,omitempty"`

	// Specifies the names of the service account to bind with policy
	ServiceAccountNames []string `json:"serviceAccountNames"`

	// Specifies the namespaces of the service account
	ServiceAccountNamespaces []string `json:"serviceAccountNamespaces"`

	// Specifies the TTL period of tokens issued using this role in seconds.
	// +optional
	TTL string `json:"ttl,omitempty"`

	// Specifies the maximum allowed lifetime of tokens issued in seconds using this role.
	// +optional
	MaxTTL string `json:"maxTTL,omitempty"`

	// If set, indicates that the token generated using this role should never expire.
	// The token should be renewed within the duration specified by this value.
	// At each renewal, the token's TTL will be set to the value of this parameter.
	// +optional
	Period string `json:"period,omitempty"`

	// Optional Audience claim to verify in the JWT.
	Audience string `json:"audience,omitempty"`
}

More info: https://www.vaultproject.io/api/auth/kubernetes/index.html#create-role

func (*KubernetesSubjectRef) DeepCopy 

func (in *KubernetesSubjectRef) DeepCopy() *KubernetesSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesSubjectRef.

func (*KubernetesSubjectRef) DeepCopyInto 

func (in *KubernetesSubjectRef) DeepCopyInto(out *KubernetesSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LdapGroupSubjectRef 

type LdapGroupSubjectRef struct {
	// Specifies the path where ldap groups auth is enabled
	// default : ldap/groups
	// +optional
	Path string `json:"path,omitempty"`

	// The name of the LDAP group
	Name string `json:"name"`

	// List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	Policies []string `json:"policies,omitempty"`
}

More info: https://www.vaultproject.io/api-docs/auth/ldap#create-update-ldap-group

func (*LdapGroupSubjectRef) DeepCopy 

func (in *LdapGroupSubjectRef) DeepCopy() *LdapGroupSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LdapGroupSubjectRef.

func (*LdapGroupSubjectRef) DeepCopyInto 

func (in *LdapGroupSubjectRef) DeepCopyInto(out *LdapGroupSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LdapUserSubjectRef 

type LdapUserSubjectRef struct {
	// Specifies the path where ldap groups auth is enabled
	// default : ldap/users
	// +optional
	Path string `json:"path,omitempty"`

	// The username of the LDAP user
	Username string `json:"username"`

	// List of policies to encode onto generated tokens. Depending on the auth method, this list may be supplemented by user/group/other values.
	Policies []string `json:"policies,omitempty"`

	// List of groups associated to the user.
	Groups []string `json:"groups,omitempty"`
}

More info: https://www.vaultproject.io/api-docs/auth/ldap#create-update-ldap-user

func (*LdapUserSubjectRef) DeepCopy 

func (in *LdapUserSubjectRef) DeepCopy() *LdapUserSubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LdapUserSubjectRef.

func (*LdapUserSubjectRef) DeepCopyInto 

func (in *LdapUserSubjectRef) DeepCopyInto(out *LdapUserSubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyBindingPhase 

type PolicyBindingPhase string

+kubebuilder:validation:Enum=Success;Failed 

const (
	PolicyBindingSuccess PolicyBindingPhase = "Success"
	PolicyBindingFailed  PolicyBindingPhase = "Failed"
)

type PolicyIdentifier 

type PolicyIdentifier struct {
	// Name is a Vault server policy name. This name should be returned by `vault read sys/policy` command.
	// More info: https://www.vaultproject.io/docs/concepts/policies.html#listing-policies
	Name string `json:"name,omitempty"`

	// Ref is name of a VaultPolicy crd object. Actual vault policy name is spec.vaultRoleName field.
	// More info: https://www.vaultproject.io/docs/concepts/policies.html#listing-policies
	Ref string `json:"ref,omitempty"`
}

func (*PolicyIdentifier) DeepCopy 

func (in *PolicyIdentifier) DeepCopy() *PolicyIdentifier

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyIdentifier.

func (*PolicyIdentifier) DeepCopyInto 

func (in *PolicyIdentifier) DeepCopyInto(out *PolicyIdentifier)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyPhase 

type PolicyPhase string

+kubebuilder:validation:Enum=Success;Failed 

const (
	PolicySuccess PolicyPhase = "Success"
	PolicyFailed  PolicyPhase = "Failed"
)

type ServiceAccountReference 

type ServiceAccountReference struct {
	Name      string `json:"name"`
	Namespace string `json:"namespace"`
}

ServiceAccountReference contains name and namespace of the service account

func (*ServiceAccountReference) DeepCopy 

func (in *ServiceAccountReference) DeepCopy() *ServiceAccountReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountReference.

func (*ServiceAccountReference) DeepCopyInto 

func (in *ServiceAccountReference) DeepCopyInto(out *ServiceAccountReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SubjectRef 

type SubjectRef struct {
	// Kubernetes refers to Vault users who are authenticated via Kubernetes auth method
	// More info: https://www.vaultproject.io/docs/auth/kubernetes.html#configuration
	Kubernetes *KubernetesSubjectRef `json:"kubernetes,omitempty"`
	// More info: https://www.vaultproject.io/docs/auth/approle#configuration
	AppRole *AppRoleSubjectRef `json:"appRole,omitempty"`
	// More info: https://www.vaultproject.io/api-docs/auth/ldap#configure-ldap
	LdapGroup *LdapGroupSubjectRef `json:"ldapGroup,omitempty"`
	LdapUser  *LdapUserSubjectRef  `json:"ldapUser,omitempty"`
	// More info: https://www.vaultproject.io/api-docs/auth/jwt#configure
	JWT  *JWTOIDCSubjectRef `json:"jwt,omitempty"`
	OIDC *JWTOIDCSubjectRef `json:"oidc,omitempty"`
}

func (*SubjectRef) DeepCopy 

func (in *SubjectRef) DeepCopy() *SubjectRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectRef.

func (*SubjectRef) DeepCopyInto 

func (in *SubjectRef) DeepCopyInto(out *SubjectRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPolicy 

type VaultPolicy struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              VaultPolicySpec   `json:"spec,omitempty"`
	Status            VaultPolicyStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=vaultpolicies,singular=vaultpolicy,shortName=vp,categories={vault,policy,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.phase" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (VaultPolicy) CustomResourceDefinition 

func (_ VaultPolicy) CustomResourceDefinition() *apiextensions.CustomResourceDefinition

func (*VaultPolicy) DeepCopy 

func (in *VaultPolicy) DeepCopy() *VaultPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicy.

func (*VaultPolicy) DeepCopyInto 

func (in *VaultPolicy) DeepCopyInto(out *VaultPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultPolicy) DeepCopyObject 

func (in *VaultPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (VaultPolicy) GetKey 

func (v VaultPolicy) GetKey() string

func (VaultPolicy) IsValid 

func (v VaultPolicy) IsValid() error

func (VaultPolicy) OffshootLabels 

func (v VaultPolicy) OffshootLabels() map[string]string

func (VaultPolicy) OffshootSelectors 

func (v VaultPolicy) OffshootSelectors() map[string]string

func (VaultPolicy) PolicyName 

func (v VaultPolicy) PolicyName() string

type VaultPolicyBinding 

type VaultPolicyBinding struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              VaultPolicyBindingSpec   `json:"spec,omitempty"`
	Status            VaultPolicyBindingStatus `json:"status,omitempty"`
}

+kubebuilder:object:root=true +kubebuilder:resource:path=vaultpolicybindings,singular=vaultpolicybinding,shortName=vpb,categories={vault,appscode,all} +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.phase" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"

func (VaultPolicyBinding) CustomResourceDefinition 

func (_ VaultPolicyBinding) CustomResourceDefinition() *apiextensions.CustomResourceDefinition

func (*VaultPolicyBinding) DeepCopy 

func (in *VaultPolicyBinding) DeepCopy() *VaultPolicyBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyBinding.

func (*VaultPolicyBinding) DeepCopyInto 

func (in *VaultPolicyBinding) DeepCopyInto(out *VaultPolicyBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultPolicyBinding) DeepCopyObject 

func (in *VaultPolicyBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (VaultPolicyBinding) GeneratePath 

func (v VaultPolicyBinding) GeneratePath(name, path, subPath string) string

func (VaultPolicyBinding) GeneratePayload 

func (v VaultPolicyBinding) GeneratePayload(i interface{}) (map[string]interface{}, error)

func (VaultPolicyBinding) GetKey 

func (v VaultPolicyBinding) GetKey() string

func (VaultPolicyBinding) IsValid 

func (v VaultPolicyBinding) IsValid() error

func (VaultPolicyBinding) OffshootLabels 

func (v VaultPolicyBinding) OffshootLabels() map[string]string

func (VaultPolicyBinding) OffshootSelectors 

func (v VaultPolicyBinding) OffshootSelectors() map[string]string

func (VaultPolicyBinding) PolicyBindingName 

func (v VaultPolicyBinding) PolicyBindingName() string

func (*VaultPolicyBinding) SetDefaults 

func (v *VaultPolicyBinding) SetDefaults()

type VaultPolicyBindingList 

type VaultPolicyBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultPolicyBinding `json:"items,omitempty"`
}

func (*VaultPolicyBindingList) DeepCopy 

func (in *VaultPolicyBindingList) DeepCopy() *VaultPolicyBindingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyBindingList.

func (*VaultPolicyBindingList) DeepCopyInto 

func (in *VaultPolicyBindingList) DeepCopyInto(out *VaultPolicyBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultPolicyBindingList) DeepCopyObject 

func (in *VaultPolicyBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultPolicyBindingSpec 

type VaultPolicyBindingSpec struct {
	// VaultRef is the name of a AppBinding referencing to a Vault Server
	VaultRef core.LocalObjectReference `json:"vaultRef"`

	// VaultRoleName is the role name which will be bound of the policies
	// This defaults to following format: k8s.${cluster}.${metadata.namespace}.${metadata.name}
	// xref: https://www.vaultproject.io/api/auth/kubernetes/index.html#create-role
	// +optional
	VaultRoleName string `json:"vaultRoleName,omitempty"`

	// Policies is a list of Vault policy identifiers.
	Policies []PolicyIdentifier `json:"policies"`

	// SubjectRef refers to Vault users who will be granted policies.
	SubjectRef `json:"subjectRef"`
}

links: https://www.vaultproject.io/api/auth/kubernetes/index.html#parameters-1

func (*VaultPolicyBindingSpec) DeepCopy 

func (in *VaultPolicyBindingSpec) DeepCopy() *VaultPolicyBindingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyBindingSpec.

func (*VaultPolicyBindingSpec) DeepCopyInto 

func (in *VaultPolicyBindingSpec) DeepCopyInto(out *VaultPolicyBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPolicyBindingStatus 

type VaultPolicyBindingStatus struct {
	// ObservedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Phase indicates whether successfully bind the policy to service account in vault or not or in progress
	// +optional
	Phase PolicyBindingPhase `json:"phase,omitempty"`

	// Represents the latest available observations of a VaultPolicyBinding.
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*VaultPolicyBindingStatus) DeepCopy 

func (in *VaultPolicyBindingStatus) DeepCopy() *VaultPolicyBindingStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyBindingStatus.

func (*VaultPolicyBindingStatus) DeepCopyInto 

func (in *VaultPolicyBindingStatus) DeepCopyInto(out *VaultPolicyBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPolicyList 

type VaultPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []VaultPolicy `json:"items,omitempty"`
}

func (*VaultPolicyList) DeepCopy 

func (in *VaultPolicyList) DeepCopy() *VaultPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyList.

func (*VaultPolicyList) DeepCopyInto 

func (in *VaultPolicyList) DeepCopyInto(out *VaultPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*VaultPolicyList) DeepCopyObject 

func (in *VaultPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type VaultPolicySpec 

type VaultPolicySpec struct {
	// VaultRef is the name of a AppBinding referencing to a Vault Server
	VaultRef core.LocalObjectReference `json:"vaultRef"`

	// VaultPolicyName is the policy name set inside Vault.
	// This defaults to following format: k8s.${cluster}.${metadata.namespace}.${metadata.name}
	// +optional
	VaultPolicyName string `json:"vaultPolicyName,omitempty"`

	// PolicyDocument specifies a vault policy in hcl format.
	// For example:
	// path "secret/*" {
	//   capabilities = ["create", "read", "update", "delete", "list"]
	// }
	// +optional
	PolicyDocument string `json:"policyDocument,omitempty"`

	// Policy specifies a vault policy in json format.
	// +optional
	// +kubebuilder:validation:EmbeddedResource
	// +kubebuilder:pruning:PreserveUnknownFields
	Policy *runtime.RawExtension `json:"policy,omitempty"`
}

More info: https://www.vaultproject.io/docs/concepts/policies.html

func (*VaultPolicySpec) DeepCopy 

func (in *VaultPolicySpec) DeepCopy() *VaultPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicySpec.

func (*VaultPolicySpec) DeepCopyInto 

func (in *VaultPolicySpec) DeepCopyInto(out *VaultPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultPolicyStatus 

type VaultPolicyStatus struct {
	// ObservedGeneration is the most recent generation observed for this resource. It corresponds to the
	// resource's generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Phase indicates whether the policy successfully applied in vault or not or in progress
	// +optional
	Phase PolicyPhase `json:"phase,omitempty"`

	// Represents the latest available observations of a VaultPolicy.
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*VaultPolicyStatus) DeepCopy 

func (in *VaultPolicyStatus) DeepCopy() *VaultPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultPolicyStatus.

func (*VaultPolicyStatus) DeepCopyInto 

func (in *VaultPolicyStatus) DeepCopyInto(out *VaultPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.