From 8b23b8675ed2baf58a90ff1c7d35dee1bffec009 Mon Sep 17 00:00:00 2001 From: Moritz Johner Date: Tue, 31 Oct 2023 13:47:35 +0100 Subject: [PATCH] feat: bump 0.9.8 Signed-off-by: Moritz Johner --- Makefile | 2 +- ...ecrets-operator.clusterserviceversion.yaml | 10 +-- ...nal-secrets.io_clusterexternalsecrets.yaml | 73 +++++++++++++++++- ...ternal-secrets.io_clustersecretstores.yaml | 18 ++++- .../external-secrets.io_externalsecrets.yaml | 77 +++++++++++++++++++ .../external-secrets.io_pushsecrets.yaml | 3 + .../external-secrets.io_secretstores.yaml | 18 ++++- config/manager/kustomization.yaml | 2 +- ...ecrets-operator.clusterserviceversion.yaml | 2 +- .../manifests/crds/clusterexternalsecret.yml | 66 +++++++++++++++- config/manifests/crds/clustersecretstore.yml | 8 +- config/manifests/crds/externalsecret.yml | 71 +++++++++++++++++ config/manifests/crds/pushsecret.yml | 3 + config/manifests/crds/secretstore.yml | 8 +- 14 files changed, 343 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 5c92987..109f182 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.9.7 +VERSION ?= 0.9.8 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") diff --git a/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml b/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml index 458cba5..4de4e41 100644 --- a/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml +++ b/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml @@ -671,8 +671,8 @@ metadata: capabilities: Deep Insights categories: Security certified: "false" - containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.7 - createdAt: "2023-10-21T17:04:24Z" + containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.8 + createdAt: "2023-10-31T12:45:51Z" description: Operator to configure external-secrets helm-chart based operator operatorframework.io/cluster-monitoring: "true" operators.openshift.io/infrastructure-features: '["Disconnected"]' @@ -682,7 +682,7 @@ metadata: labels: operatorframework.io/arch.amd64: supported operatorframework.io/os.linux: supported - name: external-secrets-operator.v0.9.7 + name: external-secrets-operator.v0.9.8 namespace: external-secrets spec: apiservicedefinitions: {} @@ -968,7 +968,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.7 + image: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.8 livenessProbe: httpGet: path: /healthz @@ -1066,4 +1066,4 @@ spec: provider: name: External Secrets url: https://external-secrets.io - version: 0.9.7 + version: 0.9.8 diff --git a/bundle/manifests/external-secrets.io_clusterexternalsecrets.yaml b/bundle/manifests/external-secrets.io_clusterexternalsecrets.yaml index 4f077c1..d6195b6 100644 --- a/bundle/manifests/external-secrets.io_clusterexternalsecrets.yaml +++ b/bundle/manifests/external-secrets.io_clusterexternalsecrets.yaml @@ -93,18 +93,30 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the @@ -180,18 +192,30 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the @@ -212,10 +236,18 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string name: description: Finds secrets based on the name. @@ -257,6 +289,19 @@ spec: - source - target type: object + transform: + description: Used to apply string transformation on + the secrets. The resulting key will be the output + of the template applied by the operation. + properties: + template: + description: Used to define the template to apply + on the secret name. `.value ` will specify the + secret name in the template. + type: string + required: + - template + type: object type: object type: array sourceRef: @@ -370,9 +415,18 @@ spec: type: object engineVersion: default: v2 + description: EngineVersion specifies the template engine + version that should be used to compile/execute the template + specified in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string mergePolicy: default: Replace + enum: + - Replace + - Merge type: string metadata: description: ExternalSecretTemplateMetadata defines metadata @@ -399,6 +453,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -421,6 +478,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -434,6 +494,10 @@ spec: type: object target: default: Data + enum: + - Data + - Annotations + - Labels type: string type: object type: array @@ -488,13 +552,18 @@ spec: type: object type: object x-kubernetes-map-type: atomic + namespaces: + description: Choose namespaces by name. This field is ORed with anything + that NamespaceSelector ends up choosing. + items: + type: string + type: array refreshTime: - description: The time in which the controller should reconcile it's + description: The time in which the controller should reconcile its objects and recheck namespaces for labels. type: string required: - externalSecretSpec - - namespaceSelector type: object status: description: ClusterExternalSecretStatus defines the observed state of diff --git a/bundle/manifests/external-secrets.io_clustersecretstores.yaml b/bundle/manifests/external-secrets.io_clustersecretstores.yaml index 7d8b220..01f98f7 100644 --- a/bundle/manifests/external-secrets.io_clustersecretstores.yaml +++ b/bundle/manifests/external-secrets.io_clustersecretstores.yaml @@ -888,8 +888,10 @@ spec: properties: auth: description: Auth configures how secret-manager authenticates - with the Oracle Vault. If empty, use the instance principal, - otherwise the user credentials specified in Auth. + with the Oracle Vault. If empty, instance principal is used. + Optionally, the authenticating principal type and/or user + data may be supplied for the use of workload identity and + user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -952,6 +954,12 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. + If left blank, the Auth struct will determine the principal + type. This optional field must be specified if using workload + identity. + type: string region: description: Region is the region where vault is located. type: string @@ -3026,6 +3034,12 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. + If left blank, the Auth struct will determine the principal + type. This optional field must be specified if using workload + identity. + type: string region: description: Region is the region where vault is located. type: string diff --git a/bundle/manifests/external-secrets.io_externalsecrets.yaml b/bundle/manifests/external-secrets.io_externalsecrets.yaml index 7db9f5a..49664a3 100644 --- a/bundle/manifests/external-secrets.io_externalsecrets.yaml +++ b/bundle/manifests/external-secrets.io_externalsecrets.yaml @@ -73,6 +73,9 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string key: description: Key is the key used in the Provider, mandatory @@ -105,6 +108,9 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string key: description: Key is the key used in the Provider, mandatory @@ -150,6 +156,10 @@ spec: default: Owner description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner' + enum: + - Owner + - Merge + - None type: string immutable: description: Immutable defines if the final secret will be immutable @@ -172,6 +182,9 @@ spec: description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string metadata: description: ExternalSecretTemplateMetadata defines metadata @@ -329,18 +342,30 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider @@ -416,18 +441,30 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider @@ -448,10 +485,18 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string name: description: Finds secrets based on the name. @@ -492,6 +537,19 @@ spec: - source - target type: object + transform: + description: Used to apply string transformation on the + secrets. The resulting key will be the output of the + template applied by the operation. + properties: + template: + description: Used to define the template to apply + on the secret name. `.value ` will specify the secret + name in the template. + type: string + required: + - template + type: object type: object type: array sourceRef: @@ -604,9 +662,18 @@ spec: type: object engineVersion: default: v2 + description: EngineVersion specifies the template engine version + that should be used to compile/execute the template specified + in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string mergePolicy: default: Replace + enum: + - Replace + - Merge type: string metadata: description: ExternalSecretTemplateMetadata defines metadata @@ -633,6 +700,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -655,6 +725,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -668,6 +741,10 @@ spec: type: object target: default: Data + enum: + - Data + - Annotations + - Labels type: string type: object type: array diff --git a/bundle/manifests/external-secrets.io_pushsecrets.yaml b/bundle/manifests/external-secrets.io_pushsecrets.yaml index b31b228..09671de 100644 --- a/bundle/manifests/external-secrets.io_pushsecrets.yaml +++ b/bundle/manifests/external-secrets.io_pushsecrets.yaml @@ -91,6 +91,9 @@ spec: default: None description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".' + enum: + - Delete + - None type: string refreshInterval: description: The Interval to which External Secrets will try to push diff --git a/bundle/manifests/external-secrets.io_secretstores.yaml b/bundle/manifests/external-secrets.io_secretstores.yaml index 95ce390..13a76d1 100644 --- a/bundle/manifests/external-secrets.io_secretstores.yaml +++ b/bundle/manifests/external-secrets.io_secretstores.yaml @@ -888,8 +888,10 @@ spec: properties: auth: description: Auth configures how secret-manager authenticates - with the Oracle Vault. If empty, use the instance principal, - otherwise the user credentials specified in Auth. + with the Oracle Vault. If empty, instance principal is used. + Optionally, the authenticating principal type and/or user + data may be supplied for the use of workload identity and + user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -952,6 +954,12 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. + If left blank, the Auth struct will determine the principal + type. This optional field must be specified if using workload + identity. + type: string region: description: Region is the region where vault is located. type: string @@ -3026,6 +3034,12 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. + If left blank, the Auth struct will determine the principal + type. This optional field must be specified if using workload + identity. + type: string region: description: Region is the region where vault is located. type: string diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 3cdd86f..266c98c 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: ghcr.io/external-secrets/external-secrets-helm-operator - newTag: v0.9.7 + newTag: v0.9.8 diff --git a/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml b/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml index 8febae9..919c33e 100644 --- a/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml @@ -6,7 +6,7 @@ metadata: capabilities: Deep Insights categories: Security certified: "false" - containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.7 + containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.8 createdAt: "2021-11-22 00:00:00" description: Operator to configure external-secrets helm-chart based operator operatorframework.io/cluster-monitoring: "true" diff --git a/config/manifests/crds/clusterexternalsecret.yml b/config/manifests/crds/clusterexternalsecret.yml index dcbc7a4..38f7550 100644 --- a/config/manifests/crds/clusterexternalsecret.yml +++ b/config/manifests/crds/clusterexternalsecret.yml @@ -72,16 +72,28 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider value (if a map), if supported @@ -144,16 +156,28 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider value (if a map), if supported @@ -170,10 +194,18 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string name: description: Finds secrets based on the name. @@ -208,6 +240,15 @@ spec: - source - target type: object + transform: + description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation. + properties: + template: + description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template. + type: string + required: + - template + type: object type: object type: array sourceRef: @@ -300,9 +341,16 @@ spec: type: object engineVersion: default: v2 + description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string mergePolicy: default: Replace + enum: + - Replace + - Merge type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. @@ -328,6 +376,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -350,6 +401,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -363,6 +417,10 @@ spec: type: object target: default: Data + enum: + - Data + - Annotations + - Labels type: string type: object type: array @@ -402,12 +460,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + namespaces: + description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing. + items: + type: string + type: array refreshTime: - description: The time in which the controller should reconcile it's objects and recheck namespaces for labels. + description: The time in which the controller should reconcile its objects and recheck namespaces for labels. type: string required: - externalSecretSpec - - namespaceSelector type: object status: description: ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret. diff --git a/config/manifests/crds/clustersecretstore.yml b/config/manifests/crds/clustersecretstore.yml index ec1a2ac..8db60da 100644 --- a/config/manifests/crds/clustersecretstore.yml +++ b/config/manifests/crds/clustersecretstore.yml @@ -650,7 +650,7 @@ spec: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth. + description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -696,6 +696,9 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string @@ -2214,6 +2217,9 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string diff --git a/config/manifests/crds/externalsecret.yml b/config/manifests/crds/externalsecret.yml index c2d9814..2a2c6ef 100644 --- a/config/manifests/crds/externalsecret.yml +++ b/config/manifests/crds/externalsecret.yml @@ -55,6 +55,9 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string key: description: Key is the key used in the Provider, mandatory @@ -83,6 +86,9 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string key: description: Key is the key used in the Provider, mandatory @@ -119,6 +125,10 @@ spec: creationPolicy: default: Owner description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner' + enum: + - Owner + - Merge + - None type: string immutable: description: Immutable defines if the final secret will be immutable @@ -136,6 +146,9 @@ spec: engineVersion: default: v1 description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. @@ -281,16 +294,28 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider value (if a map), if supported @@ -353,16 +378,28 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider value (if a map), if supported @@ -379,10 +416,18 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string name: description: Finds secrets based on the name. @@ -417,6 +462,15 @@ spec: - source - target type: object + transform: + description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation. + properties: + template: + description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template. + type: string + required: + - template + type: object type: object type: array sourceRef: @@ -509,9 +563,16 @@ spec: type: object engineVersion: default: v2 + description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string mergePolicy: default: Replace + enum: + - Replace + - Merge type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. @@ -537,6 +598,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -559,6 +623,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -572,6 +639,10 @@ spec: type: object target: default: Data + enum: + - Data + - Annotations + - Labels type: string type: object type: array diff --git a/config/manifests/crds/pushsecret.yml b/config/manifests/crds/pushsecret.yml index 472189e..8926016 100644 --- a/config/manifests/crds/pushsecret.yml +++ b/config/manifests/crds/pushsecret.yml @@ -73,6 +73,9 @@ spec: deletionPolicy: default: None description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".' + enum: + - Delete + - None type: string refreshInterval: description: The Interval to which External Secrets will try to push a secret definition diff --git a/config/manifests/crds/secretstore.yml b/config/manifests/crds/secretstore.yml index 735bd9a..7636f57 100644 --- a/config/manifests/crds/secretstore.yml +++ b/config/manifests/crds/secretstore.yml @@ -650,7 +650,7 @@ spec: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth. + description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -696,6 +696,9 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string @@ -2214,6 +2217,9 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string