Skip to content

Commit

Permalink
secrets are now only created at the top level
Browse files Browse the repository at this point in the history
  • Loading branch information
@manedurphy
manedurphy committed Mar 20, 2022
1 parent 32721b9 commit 5930d40
Show file tree
Hide file tree
Showing 11 changed files with 352 additions and 917 deletions.
6 changes: 3 additions & 3 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,15 +287,15 @@ endif

.PHONY: e2e-provider-container
e2e-provider-container:
docker buildx build --no-cache --output=type=docker -t $(E2E_PROVIDER_IMAGE_TAG) -f test/e2eprovider/Dockerfile --progress=plain .
docker buildx build --no-cache -t $(E2E_PROVIDER_IMAGE_TAG) -f test/e2eprovider/Dockerfile --progress=plain .

.PHONY: container
container: crd-container
docker buildx build --no-cache --output=type=docker --build-arg IMAGE_VERSION=$(IMAGE_VERSION) -t $(IMAGE_TAG) -f docker/Dockerfile --progress=plain .
docker buildx build --no-cache --build-arg IMAGE_VERSION=$(IMAGE_VERSION) -t $(IMAGE_TAG) -f docker/Dockerfile --progress=plain .

.PHONY: crd-container
crd-container: build-crds
docker buildx build --no-cache --output=type=docker -t $(CRD_IMAGE_TAG) -f docker/crd.Dockerfile --progress=plain _output/crds/
docker buildx build --no-cache -t $(CRD_IMAGE_TAG) -f docker/crd.Dockerfile --progress=plain _output/crds/

.PHONY: crd-container-linux
crd-container-linux: build-crds docker-buildx-builder
Expand Down
2 changes: 0 additions & 2 deletions apis/v1/secretproviderclass_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@ type SecretObject struct {
// annotations of k8s secret object
Annotations map[string]string `json:"annotations,omitempty"`
Data []*SecretObjectData `json:"data,omitempty"`
// SyncAll syncs all secrets defined in the parameters field of SecretProviderClass
SyncAll bool `json:"syncAll,omitempty"`
}

type SyncOptions struct {
Expand Down
16 changes: 16 additions & 0 deletions apis/v1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

280 changes: 102 additions & 178 deletions charts/secrets-store-csi-driver/crds/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
Expand All @@ -15,49 +16,81 @@ spec:
singular: secretproviderclass
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description:
SecretProviderClass is the Schema for the secretproviderclasses
API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
description: Configuration for specific provider
type: object
provider:
description: Configuration for provider name
- name: v1
schema:
openAPIV3Schema:
description: SecretProviderClass is the Schema for the secretproviderclasses
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
syncOptions:
description: SyncOptions defines the secret type when syncing all secrets listed in the parameters field
description: Configuration for specific provider
type: object
provider:
description: Configuration for provider name
type: string
secretObjects:
items:
description: SecretObject defines the desired state of synced K8s
secret objects
properties:
syncAll:
description: SyncAll as true will sync all secrets defined in the parameters field to K8s
type: boolean
annotations:
additionalProperties:
type: string
description: annotations of k8s secret object
type: object
data:
items:
description: SecretObjectData defines the desired state of
synced K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
syncOptions:
properties:
syncAll:
description: syncs all secrets listed in the parameters field
of SecretProviderClass
type: boolean
type:
description: type of K8s secret object
type: string
type: object
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
Expand Down Expand Up @@ -133,150 +166,41 @@ spec:
description: name of the object to sync
type: string
type: object
syncAll:
description: SyncAll can sync all secrets defined in the parameters field of SecretProviderClass
type: boolean
data:
items:
description:
SecretObjectData defines the desired state of
synced K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
properties:
byPod:
items:
description:
ByPodStatus defines the state of SecretProviderClass
as seen by an individual controller
properties:
id:
description: id of the pod that wrote the status
type: string
namespace:
description: namespace of the pod that wrote the status
type: array
labels:
additionalProperties:
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
- name: v1alpha1
schema:
openAPIV3Schema:
description:
SecretProviderClass is the Schema for the secretproviderclasses
API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description: SecretProviderClassSpec defines the desired state of SecretProviderClass
properties:
parameters:
additionalProperties:
type: string
description: Configuration for specific provider
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
provider:
description: Configuration for provider name
type: string
secretObjects:
items:
description:
SecretObject defines the desired state of synced K8s
secret objects
properties:
annotations:
additionalProperties:
type: string
description: annotations of k8s secret object
type: object
data:
items:
description:
SecretObjectData defines the desired state of
synced K8s secret object data
properties:
key:
description: data field to populate
type: string
objectName:
description: name of the object to sync
type: string
type: object
type: array
labels:
additionalProperties:
type: string
description: labels of K8s secret object
type: object
secretName:
description: name of the K8s secret object
type: string
type:
description: type of K8s secret object
type: string
type: object
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
properties:
byPod:
items:
description:
ByPodStatus defines the state of SecretProviderClass
as seen by an individual controller
properties:
id:
description: id of the pod that wrote the status
type: string
namespace:
description: namespace of the pod that wrote the status
type: string
type: object
type: array
type: object
type: object
served: true
storage: false
type: array
type: object
status:
description: SecretProviderClassStatus defines the observed state of SecretProviderClass
properties:
byPod:
items:
description: ByPodStatus defines the state of SecretProviderClass
as seen by an individual controller
properties:
id:
description: id of the pod that wrote the status
type: string
namespace:
description: namespace of the pod that wrote the status
type: string
type: object
type: array
type: object
type: object
served: true
storage: false
status:
acceptedNames:
kind: ""
Expand Down
Loading

0 comments on commit 5930d40

Please sign in to comment.