Skip to content

Commit

Permalink
operator vault-config-operator (0.8.25)
Browse files Browse the repository at this point in the history
  • Loading branch information
@raffaelespazzoli
raffaelespazzoli authored Dec 4, 2023
1 parent ee5602c commit efc0594
Show file tree
Hide file tree
Showing 39 changed files with 11,689 additions and 0 deletions.
21 changes: 21 additions & 0 deletions operators/vault-config-operator/0.8.25/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
FROM scratch

# Core bundle labels.
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=vault-config-operator
LABEL operators.operatorframework.io.bundle.channels.v1=alpha
LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.25.3
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3

# Labels for testing.
LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/

# Copy files to locations specified by labels.
COPY manifests /manifests/
COPY metadata /metadata/
COPY tests/scorecard /tests/scorecard/
301 changes: 301 additions & 0 deletions operators/vault-config-operator/0.8.25/manifests/redhatcop.redhat.io_authenginemounts.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,301 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.1
creationTimestamp: null
name: authenginemounts.redhatcop.redhat.io
spec:
group: redhatcop.redhat.io
names:
kind: AuthEngineMount
listKind: AuthEngineMountList
plural: authenginemounts
singular: authenginemount
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: AuthEngineMount is the Schema for the authenginemounts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AuthEngineMountSpec defines the desired state of AuthEngineMount
properties:
authentication:
description: Authentication is the kube auth configuration to be used
to execute this request
properties:
namespace:
description: Namespace is the Vault namespace to be used in all
the operations withing this connection/authentication. Only
available in Vault Enterprise.
type: string
path:
default: kubernetes
description: Path is the path of the role used for this kube auth
authentication. The operator will try to authenticate at {[namespace/]}auth/{spec.path}
pattern: ^(?:/?[\w;:@&=\$-\.\+]*)+/?
type: string
role:
description: Role the role to be used during authentication
type: string
serviceAccount:
default:
name: default
description: ServiceAccount is the service account used for the
kube auth authentication
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
type: object
config:
description: Config Specifies configuration options for this auth
method.
properties:
allowedResponseHeaders:
description: AllowedResponseHeaders list of headers to whitelist,
allowing a plugin to include them in the response. kubebuilder:validation:UniqueItems=true
items:
type: string
type: array
x-kubernetes-list-type: set
auditNonHMACRequestKeys:
description: AuditNonHMACRequestKeys list of keys that will not
be HMAC'd by audit devices in the request data object. kubebuilder:validation:UniqueItems:=true
items:
type: string
type: array
x-kubernetes-list-type: set
auditNonHMACResponseKeys:
description: AuditNonHMACResponseKeys list of keys that will not
be HMAC'd by audit devices in the response data object. kubebuilder:validation:UniqueItems=true
items:
type: string
type: array
x-kubernetes-list-type: set
defaultLeaseTTL:
description: DefaultLeaseTTL The default lease duration, specified
as a string duration like "5s" or "30m".
type: string
description:
description: Description another description...
type: string
listingVisibility:
default: hidden
description: ListingVisibility Specifies whether to show this
mount in the UI-specific listing endpoint. Valid values are
"unauth" or "hidden". If not set, behaves like "hidden"
enum:
- unauth
- hidden
type: string
maxLeaseTTL:
description: MaxLeaseTTL The maximum lease duration, specified
as a string duration like "5s" or "30m".
type: string
options:
additionalProperties:
type: string
description: Options undocumented
type: object
x-kubernetes-map-type: granular
passthroughRequestHeaders:
description: PassthroughRequestHeaders list of headers to whitelist
and pass from the request to the plugin. kubebuilder:validation:UniqueItems:=true
items:
type: string
type: array
x-kubernetes-list-type: set
tokenType:
description: TokenType undocumented
type: string
type: object
connection:
description: Connection represents the information needed to connect
to Vault. This operator uses the standard Vault environment variables
to connect to Vault. If you need to override those settings and
for example connect to a different Vault instance, you can do with
this section of the CR.
properties:
address:
description: 'Address Address of the Vault server expressed as
a URL and port, for example: https://127.0.0.1:8200/'
type: string
maxRetries:
description: MaxRetries Maximum number of retries when certain
error codes are encountered. The default is 2, for three total
attempts. Set this to 0 or less to disable retrying. Error codes
that are retried are 412 (client consistency requirement not
satisfied) and all 5xx except for 501 (not implemented).
type: integer
tLSConfig:
properties:
cacert:
description: Cacert Path to a PEM-encoded CA certificate file
on the local disk. This file is used to verify the Vault
server's SSL certificate. This environment variable takes
precedence over a cert passed via the secret.
type: string
skipVerify:
description: SkipVerify Do not verify Vault's presented certificate
before communicating with it. Setting this variable is not
recommended and voids Vault's security model.
type: boolean
tlsSecret:
description: 'TLSSecret namespace-local secret containing
the tls material for the connection. the expected keys for
the secret are: ca bundle -> "ca.crt", certificate -> "tls.crt",
key -> "tls.key"'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
x-kubernetes-map-type: atomic
tlsServerName:
description: TLSServerName Name to use as the SNI host when
connecting via TLS.
type: string
type: object
timeOut:
description: Timeout Timeout variable. The default value is 60s.
type: string
type: object
description:
description: Description Specifies a human-friendly description of
the auth method.
type: string
local:
description: Local Specifies if the auth method is local only. Local
auth methods are not replicated nor (if a secondary) removed by
replication. Logins via local auth methods do not make use of identity,
i.e. no entity or groups will be attached to the token.
type: boolean
name:
description: The name of the obejct created in Vault. If this is specified
it takes precedence over {metatada.name}
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
type: string
path:
description: Path at which this auth engine will be mounted The final
path in Vault will be {[spec.authentication.namespace]}/auth/{spec.path}/{metadata.name}.
The authentication role must have the following capabilities = [
"create", "read", "update", "delete"] on that path /sys/auth/{[spec.authentication.namespace]}/{spec.path}/{metadata.name}.
pattern: ^(?:/?[\w;:@&=\$-\.\+]*)+/?
type: string
sealwrap:
description: SealWrap Enable seal wrapping for the mount, causing
values stored by the mount to be wrapped by the seal's encryption
capability.
type: boolean
type:
description: Type Specifies the name of the authentication method
type, such as "github" or "token".
type: string
type: object
status:
description: AuthEngineMountStatus defines the observed state of AuthEngineMount
properties:
accessor:
type: string
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions: null
Loading

0 comments on commit efc0594

Please sign in to comment.