-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add externalsecret-kubernetes-client-v1
- Loading branch information
1 parent
4c7402c
commit 6c04df4
Showing
2 changed files
with
279 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,273 @@ | ||
| { | ||
| "required": [ | ||
| "spec" | ||
| ], | ||
| "type": "object", | ||
| "properties": { | ||
| "spec": { | ||
| "type": "object", | ||
| "properties": { | ||
| "controllerId": { | ||
| "description": "The ID of controller instance that manages this ExternalSecret. This is needed in case there is more than a KES controller instances within the cluster.", | ||
| "type": "string" | ||
| }, | ||
| "type": { | ||
| "type": "string", | ||
| "description": "DEPRECATED: Use spec.template.type" | ||
| }, | ||
| "template": { | ||
| "description": "Template which will be deep merged without mutating any existing fields. into generated secret, can be used to set for example annotations or type on the generated secret", | ||
| "type": "object", | ||
| "x-kubernetes-preserve-unknown-fields": true | ||
| }, | ||
| "backendType": { | ||
| "description": "Determines which backend to use for fetching secrets", | ||
| "type": "string", | ||
| "enum": [ | ||
| "secretsManager", | ||
| "systemManager", | ||
| "vault", | ||
| "azureKeyVault", | ||
| "gcpSecretsManager", | ||
| "alicloudSecretsManager", | ||
| "ibmcloudSecretsManager", | ||
| "akeyless" | ||
| ] | ||
| }, | ||
| "vaultRole": { | ||
| "description": "Used by: vault", | ||
| "type": "string" | ||
| }, | ||
| "vaultMountPoint": { | ||
| "description": "Used by: vault", | ||
| "type": "string" | ||
| }, | ||
| "kvVersion": { | ||
| "description": "Vault K/V version either 1 or 2, default = 2", | ||
| "type": "integer", | ||
| "minimum": 1, | ||
| "maximum": 2 | ||
| }, | ||
| "keyVaultName": { | ||
| "description": "Used by: azureKeyVault", | ||
| "type": "string" | ||
| }, | ||
| "dataFrom": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "dataFromWithOptions": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "key": { | ||
| "description": "Secret key in backend", | ||
| "type": "string" | ||
| }, | ||
| "isBinary": { | ||
| "description": "Whether the backend secret shall be treated as binary data represented by a base64-encoded string. You must set this to true for any base64-encoded binary data in the backend - to ensure it is not encoded in base64 again. Default is false.", | ||
| "type": "boolean" | ||
| }, | ||
| "versionStage": { | ||
| "description": "Used by: alicloudSecretsManager, secretsManager", | ||
| "type": "string" | ||
| }, | ||
| "versionId": { | ||
| "description": "Used by: secretsManager", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "required": [ | ||
| "key" | ||
| ], | ||
| "additionalProperties": false | ||
| } | ||
| }, | ||
| "data": { | ||
| "type": "array", | ||
| "items": { | ||
| "type": "object", | ||
| "properties": { | ||
| "key": { | ||
| "description": "Secret key in backend", | ||
| "type": "string" | ||
| }, | ||
| "name": { | ||
| "description": "Name set for this key in the generated secret", | ||
| "type": "string" | ||
| }, | ||
| "property": { | ||
| "description": "Property to extract if secret in backend is a JSON object", | ||
| "type": "string" | ||
| }, | ||
| "isBinary": { | ||
| "description": "Whether the backend secret shall be treated as binary data represented by a base64-encoded string. You must set this to true for any base64-encoded binary data in the backend - to ensure it is not encoded in base64 again. Default is false.", | ||
| "type": "boolean" | ||
| }, | ||
| "path": { | ||
| "description": "Path from SSM to scrape secrets This will fetch all secrets and use the key from the secret as variable name", | ||
| "type": "string" | ||
| }, | ||
| "recursive": { | ||
| "description": "Allow to recurse thru all child keys on a given path, default false", | ||
| "type": "boolean" | ||
| }, | ||
| "secretType": { | ||
| "description": "Used by: ibmcloudSecretsManager Type of secret - one of username_password, iam_credentials or arbitrary", | ||
| "type": "string" | ||
| }, | ||
| "version": { | ||
| "description": "Used by: gcpSecretsManager", | ||
| "type": "string", | ||
| "x-kubernetes-int-or-string": true | ||
| }, | ||
| "versionStage": { | ||
| "description": "Used by: alicloudSecretsManager, secretsManager", | ||
| "type": "string" | ||
| }, | ||
| "versionId": { | ||
| "description": "Used by: secretsManager", | ||
| "type": "string" | ||
| } | ||
| }, | ||
| "oneOf": [ | ||
| { | ||
| "required": [ | ||
| "key", | ||
| "name" | ||
| ] | ||
| }, | ||
| { | ||
| "required": [ | ||
| "path" | ||
| ] | ||
| } | ||
| ], | ||
| "additionalProperties": false | ||
| } | ||
| }, | ||
| "roleArn": { | ||
| "type": "string", | ||
| "description": "Used by: alicloudSecretsManager, secretsManager, systemManager" | ||
| }, | ||
| "region": { | ||
| "type": "string", | ||
| "description": "Used by: secretsManager, systemManager" | ||
| }, | ||
| "projectId": { | ||
| "type": "string", | ||
| "description": "Used by: gcpSecretsManager" | ||
| }, | ||
| "keyByName": { | ||
| "type": "boolean", | ||
| "description": "Whether to interpret the key as a secret name (if true) or ID (the default). Used by: ibmcloudSecretsManager" | ||
| } | ||
| }, | ||
| "oneOf": [ | ||
| { | ||
| "properties": { | ||
| "backendType": { | ||
| "enum": [ | ||
| "secretsManager", | ||
| "systemManager" | ||
| ] | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "properties": { | ||
| "backendType": { | ||
| "enum": [ | ||
| "vault" | ||
| ] | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "properties": { | ||
| "backendType": { | ||
| "enum": [ | ||
| "azureKeyVault" | ||
| ] | ||
| } | ||
| }, | ||
| "required": [ | ||
| "keyVaultName" | ||
| ] | ||
| }, | ||
| { | ||
| "properties": { | ||
| "backendType": { | ||
| "enum": [ | ||
| "gcpSecretsManager" | ||
| ] | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "properties": { | ||
| "backendType": { | ||
| "enum": [ | ||
| "alicloudSecretsManager" | ||
| ] | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "properties": { | ||
| "backendType": { | ||
| "enum": [ | ||
| "ibmcloudSecretsManager" | ||
| ] | ||
| } | ||
| } | ||
| }, | ||
| { | ||
| "properties": { | ||
| "backendType": { | ||
| "enum": [ | ||
| "akeyless" | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| ], | ||
| "anyOf": [ | ||
| { | ||
| "required": [ | ||
| "data" | ||
| ] | ||
| }, | ||
| { | ||
| "required": [ | ||
| "dataFrom" | ||
| ] | ||
| }, | ||
| { | ||
| "required": [ | ||
| "dataFromWithOptions" | ||
| ] | ||
| } | ||
| ], | ||
| "additionalProperties": false | ||
| }, | ||
| "status": { | ||
| "type": "object", | ||
| "properties": { | ||
| "lastSync": { | ||
| "type": "string" | ||
| }, | ||
| "status": { | ||
| "type": "string" | ||
| }, | ||
| "observedGeneration": { | ||
| "type": "number" | ||
| } | ||
| }, | ||
| "additionalProperties": false | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters