Skip to content

Commit

Permalink
operator vault-secrets-operator (0.9.0) (#4568)
Browse files Browse the repository at this point in the history
  • Loading branch information
@benashz
benashz authored Oct 9, 2024
1 parent 08cf80c commit 3d9fc9d
Show file tree
Hide file tree
Showing 15 changed files with 3,110 additions and 0 deletions.
115 changes: 115 additions & 0 deletions operators/vault-secrets-operator/0.9.0/manifests/secrets.hashicorp.com_hcpauths.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
creationTimestamp: null
labels:
app.kubernetes.io/component: controller-manager
name: hcpauths.secrets.hashicorp.com
spec:
group: secrets.hashicorp.com
names:
kind: HCPAuth
listKind: HCPAuthList
plural: hcpauths
singular: hcpauth
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: HCPAuth is the Schema for the hcpauths API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HCPAuthSpec defines the desired state of HCPAuth
properties:
allowedNamespaces:
description: |-
AllowedNamespaces Kubernetes Namespaces which are allow-listed for use with this AuthMethod.
This field allows administrators to customize which Kubernetes namespaces are authorized to
use with this AuthMethod. While Vault will still enforce its own rules, this has the added
configurability of restricting which HCPAuthMethods can be used by which namespaces.
Accepted values:
[]{"*"} - wildcard, all namespaces.
[]{"a", "b"} - list of namespaces.
unset - disallow all namespaces except the Operator's the HCPAuthMethod's namespace, this
is the default behavior.
items:
type: string
type: array
method:
default: servicePrincipal
description: Method to use when authenticating to Vault.
enum:
- servicePrincipal
type: string
organizationID:
description: OrganizationID of the HCP organization.
type: string
projectID:
description: ProjectID of the HCP project.
type: string
servicePrincipal:
description: |-
ServicePrincipal provides the necessary configuration for authenticating to
HCP using a service principal. For security reasons, only project-level
service principals should ever be used.
properties:
secretRef:
description: |-
SecretRef is the name of a Kubernetes secret in the consumer's
(VDS/VSS/PKI/HCP) namespace which provides the HCP ServicePrincipal clientID,
and clientSecret.
The secret data must have the following structure {
"clientID": "clientID",
"clientSecret": "clientSecret",
}
type: string
required:
- secretRef
type: object
required:
- organizationID
- projectID
type: object
status:
description: HCPAuthStatus defines the observed state of HCPAuth
properties:
error:
type: string
valid:
description: Valid auth mechanism.
type: boolean
required:
- error
- valid
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null
Loading

0 comments on commit 3d9fc9d

Please sign in to comment.