Bruno
7698970f22
* Secrets: changes to allow a 3rd party keeper / secret references * fix test * make gofmt * lint * fix tests * assign aws secrets manager to @grafana/grafana-operator-experience-squad * rename Keeper.Reference to Keeper.RetrieveReference * rename ModelSecretsManager to ModelAWSSecretsManager * validator: ensure that only one of keeper.Spec.Aws.AccessKey or keeper.Spec.Aws.AssumeRole are set * move secrets manager dep / go mod tidy * move secrets manager dep * keeper validator: move 3rd party secret stores validation to their own functions * add github.com/aws/aws-sdk-go-v2/service/secretsmanager pkg/extensions/enterprise_imports * make update-workspace * undo go.mod changes in /apps * make update-workspace * fix test * add github.com/aws/aws-sdk-go-v2/service/secretsmanager to enterprise_imports * make update-workspace * gcworker: handle refs * make update-workspace * create toggle: FeatureStageExperimental * allow features.IsEnabled for now * format
80 lines
1.5 KiB
CUE
80 lines
1.5 KiB
CUE
package v1beta1
|
|
|
|
import "strings"
|
|
|
|
KeeperSpec: {
|
|
// Short description for the Keeper.
|
|
// +k8s:validation:minLength=1
|
|
// +k8s:validation:maxLength=253
|
|
description: string & strings.MinRunes(1) & strings.MaxRunes(253)
|
|
|
|
// AWS Keeper Configuration.
|
|
// +structType=atomic
|
|
// +optional
|
|
aws?: #AWSConfig
|
|
|
|
// Azure Keeper Configuration.
|
|
// +structType=atomic
|
|
// +optional
|
|
azure?: #AzureConfig
|
|
|
|
// GCP Keeper Configuration.
|
|
// +structType=atomic
|
|
// +optional
|
|
gcp?: #GCPConfig
|
|
|
|
// HashiCorp Vault Keeper Configuration.
|
|
// +structType=atomic
|
|
// +optional
|
|
hashiCorpVault?: #HashiCorpConfig
|
|
}
|
|
|
|
#AWSConfig: {
|
|
region: string
|
|
accessKey?: #AWSAccessKey
|
|
assumeRole?: #AWSAssumeRole
|
|
kmsKeyID?: string
|
|
}
|
|
|
|
#AWSAccessKey: {
|
|
accessKeyID: #CredentialValue
|
|
secretAccessKey: #CredentialValue
|
|
}
|
|
|
|
#AWSAssumeRole: {
|
|
assumeRoleArn: string
|
|
externalID: string
|
|
}
|
|
|
|
#AzureConfig: {
|
|
keyVaultName: string
|
|
tenantID: string
|
|
clientID: string
|
|
clientSecret: #CredentialValue
|
|
}
|
|
|
|
#GCPConfig: {
|
|
projectID: string
|
|
credentialsFile: string
|
|
}
|
|
|
|
#HashiCorpConfig: {
|
|
address: string
|
|
token: #CredentialValue
|
|
}
|
|
|
|
#CredentialValue: {
|
|
// The name of the secure value that holds the actual value.
|
|
// +optional
|
|
secureValueName: string
|
|
|
|
// The value is taken from the environment variable.
|
|
// +optional
|
|
valueFromEnv: string
|
|
|
|
// The value is taken from the Grafana config file.
|
|
// TODO: how do we explain that this is a path to the config file?
|
|
// +optional
|
|
valueFromConfig: string
|
|
}
|