Skip to content

Commit

Permalink
Merge pull request #13 from coopnorge/pravindahal/feat/add-external-s…
Browse files Browse the repository at this point in the history 
…ecrets-kubernetes-client-v1
  • Loading branch information
@pravindahal
pravindahal authored Nov 5, 2024
2 parents 4c7402c + f64c958 commit 4590ff2
Show file tree
Hide file tree
Showing 4 changed files with 282 additions and 2 deletions.
1 change: 1 addition & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ RUN apk --no-cache add bats
COPY requirements.txt /code/
RUN pip install -r /code/requirements.txt
COPY openapi2jsonschema.py /code/
COPY fetch-schemas-api-platform.sh /code/
WORKDIR /code
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ docker build -t python-bats .
Then run

```
docker docker run -v $(pwd):/src -it python-bats bash
docker run -v $(pwd):/src -it python-bats bash
```

in the container run

```
./fetch-schemas-api-platform.sh <dest>
./fetch-schemas-api-platform.sh <dest>
```
273 changes: 273 additions & 0 deletions api-platform/externalsecret-kubernetes-client-v1.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,273 @@
{
"required": [
"spec"
],
"type": "object",
"properties": {
"spec": {
"type": "object",
"properties": {
"controllerId": {
"description": "The ID of controller instance that manages this ExternalSecret. This is needed in case there is more than a KES controller instances within the cluster.",
"type": "string"
},
"type": {
"type": "string",
"description": "DEPRECATED: Use spec.template.type"
},
"template": {
"description": "Template which will be deep merged without mutating any existing fields. into generated secret, can be used to set for example annotations or type on the generated secret",
"type": "object",
"x-kubernetes-preserve-unknown-fields": true
},
"backendType": {
"description": "Determines which backend to use for fetching secrets",
"type": "string",
"enum": [
"secretsManager",
"systemManager",
"vault",
"azureKeyVault",
"gcpSecretsManager",
"alicloudSecretsManager",
"ibmcloudSecretsManager",
"akeyless"
]
},
"vaultRole": {
"description": "Used by: vault",
"type": "string"
},
"vaultMountPoint": {
"description": "Used by: vault",
"type": "string"
},
"kvVersion": {
"description": "Vault K/V version either 1 or 2, default = 2",
"type": "integer",
"minimum": 1,
"maximum": 2
},
"keyVaultName": {
"description": "Used by: azureKeyVault",
"type": "string"
},
"dataFrom": {
"type": "array",
"items": {
"type": "string"
}
},
"dataFromWithOptions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"description": "Secret key in backend",
"type": "string"
},
"isBinary": {
"description": "Whether the backend secret shall be treated as binary data represented by a base64-encoded string. You must set this to true for any base64-encoded binary data in the backend - to ensure it is not encoded in base64 again. Default is false.",
"type": "boolean"
},
"versionStage": {
"description": "Used by: alicloudSecretsManager, secretsManager",
"type": "string"
},
"versionId": {
"description": "Used by: secretsManager",
"type": "string"
}
},
"required": [
"key"
],
"additionalProperties": false
}
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"description": "Secret key in backend",
"type": "string"
},
"name": {
"description": "Name set for this key in the generated secret",
"type": "string"
},
"property": {
"description": "Property to extract if secret in backend is a JSON object",
"type": "string"
},
"isBinary": {
"description": "Whether the backend secret shall be treated as binary data represented by a base64-encoded string. You must set this to true for any base64-encoded binary data in the backend - to ensure it is not encoded in base64 again. Default is false.",
"type": "boolean"
},
"path": {
"description": "Path from SSM to scrape secrets This will fetch all secrets and use the key from the secret as variable name",
"type": "string"
},
"recursive": {
"description": "Allow to recurse thru all child keys on a given path, default false",
"type": "boolean"
},
"secretType": {
"description": "Used by: ibmcloudSecretsManager Type of secret - one of username_password, iam_credentials or arbitrary",
"type": "string"
},
"version": {
"description": "Used by: gcpSecretsManager",
"type": "string",
"x-kubernetes-int-or-string": true
},
"versionStage": {
"description": "Used by: alicloudSecretsManager, secretsManager",
"type": "string"
},
"versionId": {
"description": "Used by: secretsManager",
"type": "string"
}
},
"oneOf": [
{
"required": [
"key",
"name"
]
},
{
"required": [
"path"
]
}
],
"additionalProperties": false
}
},
"roleArn": {
"type": "string",
"description": "Used by: alicloudSecretsManager, secretsManager, systemManager"
},
"region": {
"type": "string",
"description": "Used by: secretsManager, systemManager"
},
"projectId": {
"type": "string",
"description": "Used by: gcpSecretsManager"
},
"keyByName": {
"type": "boolean",
"description": "Whether to interpret the key as a secret name (if true) or ID (the default). Used by: ibmcloudSecretsManager"
}
},
"oneOf": [
{
"properties": {
"backendType": {
"enum": [
"secretsManager",
"systemManager"
]
}
}
},
{
"properties": {
"backendType": {
"enum": [
"vault"
]
}
}
},
{
"properties": {
"backendType": {
"enum": [
"azureKeyVault"
]
}
},
"required": [
"keyVaultName"
]
},
{
"properties": {
"backendType": {
"enum": [
"gcpSecretsManager"
]
}
}
},
{
"properties": {
"backendType": {
"enum": [
"alicloudSecretsManager"
]
}
}
},
{
"properties": {
"backendType": {
"enum": [
"ibmcloudSecretsManager"
]
}
}
},
{
"properties": {
"backendType": {
"enum": [
"akeyless"
]
}
}
}
],
"anyOf": [
{
"required": [
"data"
]
},
{
"required": [
"dataFrom"
]
},
{
"required": [
"dataFromWithOptions"
]
}
],
"additionalProperties": false
},
"status": {
"type": "object",
"properties": {
"lastSync": {
"type": "string"
},
"status": {
"type": "string"
},
"observedGeneration": {
"type": "number"
}
},
"additionalProperties": false
}
}
}
6 changes: 6 additions & 0 deletions fetch-schemas-api-platform.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@ ISTIO_URL=https://raw.githubusercontent.com/istio/istio/${ISTIO_VERSION}/manifes
EXTERNAL_SECRET_MANAGER_VERSION=v0.9.11
EXTERNAL_SECRET_MANAGER_URL=https://raw.githubusercontent.com/external-secrets/external-secrets/${EXTERNAL_SECRET_MANAGER_VERSION}/config/crds/bases/external-secrets.io_externalsecrets.yaml

OLD_EXTERNAL_SECRET_VERSION=8.5.5
OLD_EXTERNAL_SECRET_MANAGER_URL=https://raw.githubusercontent.com/external-secrets/kubernetes-external-secrets/${OLD_EXTERNAL_SECRET_VERSION}/charts/kubernetes-external-secrets/crds/kubernetes-client.io_externalsecrets_crd.yaml

echo $OLD_EXTERNAL_SECRET_MANAGER_URL

### SETUP
mkdir -p ${WORKDIR}
rm -fr ${WORKDIR}/*
Expand All @@ -24,5 +29,6 @@ pushd ${WORKDIR}

$SCHEMA_FETCH_SCRIPT $ISTIO_URL
$SCHEMA_FETCH_SCRIPT $EXTERNAL_SECRET_MANAGER_URL
$SCHEMA_FETCH_SCRIPT $OLD_EXTERNAL_SECRET_MANAGER_URL

popd

0 comments on commit 4590ff2

Please sign in to comment.