diff --git a/api-platform/externalsecret-kubernetes-client-v1.json b/api-platform/externalsecret-kubernetes-client-v1.json new file mode 100644 index 0000000..00cca0f --- /dev/null +++ b/api-platform/externalsecret-kubernetes-client-v1.json @@ -0,0 +1,273 @@ +{ + "required": [ + "spec" + ], + "type": "object", + "properties": { + "spec": { + "type": "object", + "properties": { + "controllerId": { + "description": "The ID of controller instance that manages this ExternalSecret. This is needed in case there is more than a KES controller instances within the cluster.", + "type": "string" + }, + "type": { + "type": "string", + "description": "DEPRECATED: Use spec.template.type" + }, + "template": { + "description": "Template which will be deep merged without mutating any existing fields. into generated secret, can be used to set for example annotations or type on the generated secret", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "backendType": { + "description": "Determines which backend to use for fetching secrets", + "type": "string", + "enum": [ + "secretsManager", + "systemManager", + "vault", + "azureKeyVault", + "gcpSecretsManager", + "alicloudSecretsManager", + "ibmcloudSecretsManager", + "akeyless" + ] + }, + "vaultRole": { + "description": "Used by: vault", + "type": "string" + }, + "vaultMountPoint": { + "description": "Used by: vault", + "type": "string" + }, + "kvVersion": { + "description": "Vault K/V version either 1 or 2, default = 2", + "type": "integer", + "minimum": 1, + "maximum": 2 + }, + "keyVaultName": { + "description": "Used by: azureKeyVault", + "type": "string" + }, + "dataFrom": { + "type": "array", + "items": { + "type": "string" + } + }, + "dataFromWithOptions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "description": "Secret key in backend", + "type": "string" + }, + "isBinary": { + "description": "Whether the backend secret shall be treated as binary data represented by a base64-encoded string. You must set this to true for any base64-encoded binary data in the backend - to ensure it is not encoded in base64 again. Default is false.", + "type": "boolean" + }, + "versionStage": { + "description": "Used by: alicloudSecretsManager, secretsManager", + "type": "string" + }, + "versionId": { + "description": "Used by: secretsManager", + "type": "string" + } + }, + "required": [ + "key" + ], + "additionalProperties": false + } + }, + "data": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "description": "Secret key in backend", + "type": "string" + }, + "name": { + "description": "Name set for this key in the generated secret", + "type": "string" + }, + "property": { + "description": "Property to extract if secret in backend is a JSON object", + "type": "string" + }, + "isBinary": { + "description": "Whether the backend secret shall be treated as binary data represented by a base64-encoded string. You must set this to true for any base64-encoded binary data in the backend - to ensure it is not encoded in base64 again. Default is false.", + "type": "boolean" + }, + "path": { + "description": "Path from SSM to scrape secrets This will fetch all secrets and use the key from the secret as variable name", + "type": "string" + }, + "recursive": { + "description": "Allow to recurse thru all child keys on a given path, default false", + "type": "boolean" + }, + "secretType": { + "description": "Used by: ibmcloudSecretsManager Type of secret - one of username_password, iam_credentials or arbitrary", + "type": "string" + }, + "version": { + "description": "Used by: gcpSecretsManager", + "type": "string", + "x-kubernetes-int-or-string": true + }, + "versionStage": { + "description": "Used by: alicloudSecretsManager, secretsManager", + "type": "string" + }, + "versionId": { + "description": "Used by: secretsManager", + "type": "string" + } + }, + "oneOf": [ + { + "required": [ + "key", + "name" + ] + }, + { + "required": [ + "path" + ] + } + ], + "additionalProperties": false + } + }, + "roleArn": { + "type": "string", + "description": "Used by: alicloudSecretsManager, secretsManager, systemManager" + }, + "region": { + "type": "string", + "description": "Used by: secretsManager, systemManager" + }, + "projectId": { + "type": "string", + "description": "Used by: gcpSecretsManager" + }, + "keyByName": { + "type": "boolean", + "description": "Whether to interpret the key as a secret name (if true) or ID (the default). Used by: ibmcloudSecretsManager" + } + }, + "oneOf": [ + { + "properties": { + "backendType": { + "enum": [ + "secretsManager", + "systemManager" + ] + } + } + }, + { + "properties": { + "backendType": { + "enum": [ + "vault" + ] + } + } + }, + { + "properties": { + "backendType": { + "enum": [ + "azureKeyVault" + ] + } + }, + "required": [ + "keyVaultName" + ] + }, + { + "properties": { + "backendType": { + "enum": [ + "gcpSecretsManager" + ] + } + } + }, + { + "properties": { + "backendType": { + "enum": [ + "alicloudSecretsManager" + ] + } + } + }, + { + "properties": { + "backendType": { + "enum": [ + "ibmcloudSecretsManager" + ] + } + } + }, + { + "properties": { + "backendType": { + "enum": [ + "akeyless" + ] + } + } + } + ], + "anyOf": [ + { + "required": [ + "data" + ] + }, + { + "required": [ + "dataFrom" + ] + }, + { + "required": [ + "dataFromWithOptions" + ] + } + ], + "additionalProperties": false + }, + "status": { + "type": "object", + "properties": { + "lastSync": { + "type": "string" + }, + "status": { + "type": "string" + }, + "observedGeneration": { + "type": "number" + } + }, + "additionalProperties": false + } + } +} diff --git a/fetch-schemas-api-platform.sh b/fetch-schemas-api-platform.sh index 3b3ee5f..d3ede06 100755 --- a/fetch-schemas-api-platform.sh +++ b/fetch-schemas-api-platform.sh @@ -16,6 +16,11 @@ ISTIO_URL=https://raw.githubusercontent.com/istio/istio/${ISTIO_VERSION}/manifes EXTERNAL_SECRET_MANAGER_VERSION=v0.9.11 EXTERNAL_SECRET_MANAGER_URL=https://raw.githubusercontent.com/external-secrets/external-secrets/${EXTERNAL_SECRET_MANAGER_VERSION}/config/crds/bases/external-secrets.io_externalsecrets.yaml +OLD_EXTERNAL_SECRET_VERSION=8.5.5 +OLD_EXTERNAL_SECRET_MANAGER_URL=https://raw.githubusercontent.com/external-secrets/kubernetes-external-secrets/${OLD_EXTERNAL_SECRET_VERSION}/charts/kubernetes-external-secrets/crds/kubernetes-client.io_externalsecrets_crd.yaml + +echo $OLD_EXTERNAL_SECRET_MANAGER_URL + ### SETUP mkdir -p ${WORKDIR} rm -fr ${WORKDIR}/* @@ -24,5 +29,6 @@ pushd ${WORKDIR} $SCHEMA_FETCH_SCRIPT $ISTIO_URL $SCHEMA_FETCH_SCRIPT $EXTERNAL_SECRET_MANAGER_URL +$SCHEMA_FETCH_SCRIPT $OLD_EXTERNAL_SECRET_MANAGER_URL popd