forked from 3scale-ops/external-secrets-operator
-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
- Loading branch information
Showing
35 changed files
with
482 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
200 changes: 200 additions & 0 deletions
200
bundle/manifests/generators.external-secrets.io_stssessiontokens.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,200 @@ | ||
| apiVersion: apiextensions.k8s.io/v1 | ||
| kind: CustomResourceDefinition | ||
| metadata: | ||
| annotations: | ||
| controller-gen.kubebuilder.io/version: v0.16.5 | ||
| creationTimestamp: null | ||
| labels: | ||
| external-secrets.io/component: controller | ||
| name: stssessiontokens.generators.external-secrets.io | ||
| spec: | ||
| conversion: | ||
| strategy: Webhook | ||
| webhook: | ||
| clientConfig: | ||
| service: | ||
| name: kubernetes | ||
| namespace: default | ||
| path: /convert | ||
| conversionReviewVersions: | ||
| - v1 | ||
| group: generators.external-secrets.io | ||
| names: | ||
| categories: | ||
| - external-secrets | ||
| - external-secrets-generators | ||
| kind: STSSessionToken | ||
| listKind: STSSessionTokenList | ||
| plural: stssessiontokens | ||
| shortNames: | ||
| - stssessiontoken | ||
| singular: stssessiontoken | ||
| scope: Namespaced | ||
| versions: | ||
| - name: v1alpha1 | ||
| schema: | ||
| openAPIV3Schema: | ||
| description: |- | ||
| STSSessionToken uses the GetSessionToken API to retrieve an authorization token. | ||
| The authorization token is valid for 12 hours. | ||
| The authorizationToken returned is a base64 encoded string that can be decoded. | ||
| For more information, see GetSessionToken (https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html). | ||
| properties: | ||
| apiVersion: | ||
| description: |- | ||
| APIVersion defines the versioned schema of this representation of an object. | ||
| Servers should convert recognized schemas to the latest internal value, and | ||
| may reject unrecognized values. | ||
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | ||
| type: string | ||
| kind: | ||
| description: |- | ||
| Kind is a string value representing the REST resource this object represents. | ||
| Servers may infer this from the endpoint the client submits requests to. | ||
| Cannot be updated. | ||
| In CamelCase. | ||
| More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | ||
| type: string | ||
| metadata: | ||
| type: object | ||
| spec: | ||
| properties: | ||
| auth: | ||
| description: Auth defines how to authenticate with AWS | ||
| properties: | ||
| jwt: | ||
| description: Authenticate against AWS using service account tokens. | ||
| properties: | ||
| serviceAccountRef: | ||
| description: A reference to a ServiceAccount resource. | ||
| properties: | ||
| audiences: | ||
| description: |- | ||
| Audience specifies the `aud` claim for the service account token | ||
| If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity | ||
| then this audiences will be appended to the list | ||
| items: | ||
| type: string | ||
| type: array | ||
| name: | ||
| description: The name of the ServiceAccount resource being | ||
| referred to. | ||
| type: string | ||
| namespace: | ||
| description: |- | ||
| Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults | ||
| to the namespace of the referent. | ||
| type: string | ||
| required: | ||
| - name | ||
| type: object | ||
| type: object | ||
| secretRef: | ||
| description: |- | ||
| AWSAuthSecretRef holds secret references for AWS credentials | ||
| both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. | ||
| properties: | ||
| accessKeyIDSecretRef: | ||
| description: The AccessKeyID is used for authentication | ||
| properties: | ||
| key: | ||
| description: |- | ||
| The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be | ||
| defaulted, in others it may be required. | ||
| type: string | ||
| name: | ||
| description: The name of the Secret resource being referred | ||
| to. | ||
| type: string | ||
| namespace: | ||
| description: |- | ||
| Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults | ||
| to the namespace of the referent. | ||
| type: string | ||
| type: object | ||
| secretAccessKeySecretRef: | ||
| description: The SecretAccessKey is used for authentication | ||
| properties: | ||
| key: | ||
| description: |- | ||
| The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be | ||
| defaulted, in others it may be required. | ||
| type: string | ||
| name: | ||
| description: The name of the Secret resource being referred | ||
| to. | ||
| type: string | ||
| namespace: | ||
| description: |- | ||
| Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults | ||
| to the namespace of the referent. | ||
| type: string | ||
| type: object | ||
| sessionTokenSecretRef: | ||
| description: |- | ||
| The SessionToken used for authentication | ||
| This must be defined if AccessKeyID and SecretAccessKey are temporary credentials | ||
| see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html | ||
| properties: | ||
| key: | ||
| description: |- | ||
| The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be | ||
| defaulted, in others it may be required. | ||
| type: string | ||
| name: | ||
| description: The name of the Secret resource being referred | ||
| to. | ||
| type: string | ||
| namespace: | ||
| description: |- | ||
| Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults | ||
| to the namespace of the referent. | ||
| type: string | ||
| type: object | ||
| type: object | ||
| type: object | ||
| region: | ||
| description: Region specifies the region to operate in. | ||
| type: string | ||
| requestParameters: | ||
| description: RequestParameters contains parameters that can be passed | ||
| to the STS service. | ||
| properties: | ||
| serialNumber: | ||
| description: |- | ||
| SerialNumber is the identification number of the MFA device that is associated with the IAM user who is making | ||
| the GetSessionToken call. | ||
| Possible values: hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device | ||
| (such as arn:aws:iam::123456789012:mfa/user) | ||
| type: string | ||
| sessionDuration: | ||
| description: |- | ||
| SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for | ||
| IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds | ||
| (12 hours) as the default. | ||
| format: int64 | ||
| type: integer | ||
| tokenCode: | ||
| description: TokenCode is the value provided by the MFA device, | ||
| if MFA is required. | ||
| type: string | ||
| type: object | ||
| role: | ||
| description: |- | ||
| You can assume a role before making calls to the | ||
| desired AWS service. | ||
| type: string | ||
| required: | ||
| - region | ||
| type: object | ||
| type: object | ||
| served: true | ||
| storage: true | ||
| subresources: | ||
| status: {} | ||
| status: | ||
| acceptedNames: | ||
| kind: "" | ||
| plural: "" | ||
| conditions: null | ||
| storedVersions: null |
Oops, something went wrong.