Skip to content

Commit

Permalink
update: source github.com/jsonnet-libs/k8s@d8bff1bf
Browse files Browse the repository at this point in the history
  • Loading branch information
@VSpike @jsonnet-libs-bot
VSpike authored and jsonnet-libs-bot committed Feb 9, 2024
1 parent 750e23f commit 2ca8e20
Show file tree
Hide file tree
Showing 30 changed files with 2,958 additions and 42 deletions.
49 changes: 48 additions & 1 deletion 0.1.0/_gen/secrets/v1beta1/hcpVaultSecretsApp.libsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,51 @@
spec: {
'#destination':: d.obj(help='"Destination provides configuration necessary for syncing the HCP Vault Application secrets to Kubernetes."'),
destination: {
'#transformation':: d.obj(help='"Transformation provides configuration for transforming the secret data before it is stored in the Destination."'),
transformation: {
'#transformationRefs':: d.obj(help='"TransformationRefs contain references to template configuration from SecretTransformation."'),
transformationRefs: {
'#templateRefs':: d.obj(help='"TemplateRefs map to a Template found in this TransformationRef. If empty, then all templates from the SecretTransformation will be rendered to the K8s Secret."'),
templateRefs: {
'#withKeyOverride':: d.fn(help='"KeyOverride to the rendered template in the Destination secret. If Key is empty, then the Key from reference spec will be used. Set this to override the Key set from the reference spec."', args=[d.arg(name='keyOverride', type=d.T.string)]),
withKeyOverride(keyOverride): { keyOverride: keyOverride },
'#withName':: d.fn(help='"Name of the Template in SecretTransformationSpec.Templates. the rendered secret data."', args=[d.arg(name='name', type=d.T.string)]),
withName(name): { name: name },
},
'#withIgnoreExcludes':: d.fn(help="\"IgnoreExcludes controls whether to use the SecretTransformation's Excludes data key filters.\"", args=[d.arg(name='ignoreExcludes', type=d.T.boolean)]),
withIgnoreExcludes(ignoreExcludes): { ignoreExcludes: ignoreExcludes },
'#withIgnoreIncludes':: d.fn(help="\"IgnoreIncludes controls whether to use the SecretTransformation's Includes data key filters.\"", args=[d.arg(name='ignoreIncludes', type=d.T.boolean)]),
withIgnoreIncludes(ignoreIncludes): { ignoreIncludes: ignoreIncludes },
'#withName':: d.fn(help='"Name of the SecretTransformation resource."', args=[d.arg(name='name', type=d.T.string)]),
withName(name): { name: name },
'#withNamespace':: d.fn(help='"Namespace of the SecretTransformation resource."', args=[d.arg(name='namespace', type=d.T.string)]),
withNamespace(namespace): { namespace: namespace },
'#withTemplateRefs':: d.fn(help='"TemplateRefs map to a Template found in this TransformationRef. If empty, then all templates from the SecretTransformation will be rendered to the K8s Secret."', args=[d.arg(name='templateRefs', type=d.T.array)]),
withTemplateRefs(templateRefs): { templateRefs: if std.isArray(v=templateRefs) then templateRefs else [templateRefs] },
'#withTemplateRefsMixin':: d.fn(help='"TemplateRefs map to a Template found in this TransformationRef. If empty, then all templates from the SecretTransformation will be rendered to the K8s Secret."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='templateRefs', type=d.T.array)]),
withTemplateRefsMixin(templateRefs): { templateRefs+: if std.isArray(v=templateRefs) then templateRefs else [templateRefs] },
},
'#withExcludeRaw':: d.fn(help="\"ExcludeRaw data from the destination Secret. Exclusion policy can be set globally by including 'exclude-raw` in the '--global-transformation-options' command line flag. If set, the command line flag always takes precedence over this configuration.\"", args=[d.arg(name='excludeRaw', type=d.T.boolean)]),
withExcludeRaw(excludeRaw): { spec+: { destination+: { transformation+: { excludeRaw: excludeRaw } } } },
'#withExcludes':: d.fn(help='"Excludes contains regex patterns used to filter top-level source secret data fields for exclusion from the final K8s Secret data. These pattern filters are never applied to templated fields as defined in Templates. They are always applied before any inclusion patterns. To exclude all source secret data fields, you can configure the single pattern \\".*\\"."', args=[d.arg(name='excludes', type=d.T.array)]),
withExcludes(excludes): { spec+: { destination+: { transformation+: { excludes: if std.isArray(v=excludes) then excludes else [excludes] } } } },
'#withExcludesMixin':: d.fn(help='"Excludes contains regex patterns used to filter top-level source secret data fields for exclusion from the final K8s Secret data. These pattern filters are never applied to templated fields as defined in Templates. They are always applied before any inclusion patterns. To exclude all source secret data fields, you can configure the single pattern \\".*\\"."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='excludes', type=d.T.array)]),
withExcludesMixin(excludes): { spec+: { destination+: { transformation+: { excludes+: if std.isArray(v=excludes) then excludes else [excludes] } } } },
'#withIncludes':: d.fn(help='"Includes contains regex patterns used to filter top-level source secret data fields for inclusion in the final K8s Secret data. These pattern filters are never applied to templated fields as defined in Templates. They are always applied last."', args=[d.arg(name='includes', type=d.T.array)]),
withIncludes(includes): { spec+: { destination+: { transformation+: { includes: if std.isArray(v=includes) then includes else [includes] } } } },
'#withIncludesMixin':: d.fn(help='"Includes contains regex patterns used to filter top-level source secret data fields for inclusion in the final K8s Secret data. These pattern filters are never applied to templated fields as defined in Templates. They are always applied last."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='includes', type=d.T.array)]),
withIncludesMixin(includes): { spec+: { destination+: { transformation+: { includes+: if std.isArray(v=includes) then includes else [includes] } } } },
'#withResync':: d.fn(help='"Resync the Secret on updates to any configured TransformationRefs."', args=[d.arg(name='resync', type=d.T.boolean)]),
withResync(resync): { spec+: { destination+: { transformation+: { resync: resync } } } },
'#withTemplates':: d.fn(help='"Templates maps a template name to its Template. Templates are always included in the rendered K8s Secret, and take precedence over templates defined in a SecretTransformation."', args=[d.arg(name='templates', type=d.T.object)]),
withTemplates(templates): { spec+: { destination+: { transformation+: { templates: templates } } } },
'#withTemplatesMixin':: d.fn(help='"Templates maps a template name to its Template. Templates are always included in the rendered K8s Secret, and take precedence over templates defined in a SecretTransformation."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='templates', type=d.T.object)]),
withTemplatesMixin(templates): { spec+: { destination+: { transformation+: { templates+: templates } } } },
'#withTransformationRefs':: d.fn(help='"TransformationRefs contain references to template configuration from SecretTransformation."', args=[d.arg(name='transformationRefs', type=d.T.array)]),
withTransformationRefs(transformationRefs): { spec+: { destination+: { transformation+: { transformationRefs: if std.isArray(v=transformationRefs) then transformationRefs else [transformationRefs] } } } },
'#withTransformationRefsMixin':: d.fn(help='"TransformationRefs contain references to template configuration from SecretTransformation."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='transformationRefs', type=d.T.array)]),
withTransformationRefsMixin(transformationRefs): { spec+: { destination+: { transformation+: { transformationRefs+: if std.isArray(v=transformationRefs) then transformationRefs else [transformationRefs] } } } },
},
'#withAnnotations':: d.fn(help='"Annotations to apply to the Secret. Requires Create to be set to true."', args=[d.arg(name='annotations', type=d.T.object)]),
withAnnotations(annotations): { spec+: { destination+: { annotations: annotations } } },
'#withAnnotationsMixin':: d.fn(help='"Annotations to apply to the Secret. Requires Create to be set to true."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]),
Expand All @@ -63,6 +108,8 @@
withLabelsMixin(labels): { spec+: { destination+: { labels+: labels } } },
'#withName':: d.fn(help='"Name of the Secret"', args=[d.arg(name='name', type=d.T.string)]),
withName(name): { spec+: { destination+: { name: name } } },
'#withOverwrite':: d.fn(help='"Overwrite the destination Secret if it exists and Create is true. This is useful when migrating to VSO from a previous secret deployment strategy."', args=[d.arg(name='overwrite', type=d.T.boolean)]),
withOverwrite(overwrite): { spec+: { destination+: { overwrite: overwrite } } },
'#withType':: d.fn(help='"Type of Kubernetes Secret. Requires Create to be set to true. Defaults to Opaque."', args=[d.arg(name='type', type=d.T.string)]),
withType(type): { spec+: { destination+: { type: type } } },
},
Expand All @@ -75,7 +122,7 @@
},
'#withAppName':: d.fn(help='"AppName of the Vault Secrets Application that is to be synced."', args=[d.arg(name='appName', type=d.T.string)]),
withAppName(appName): { spec+: { appName: appName } },
'#withHcpAuthRef':: d.fn(help='"HCPAuthRef to the HCPAuth resource, can be prefixed with a namespace, eg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to the namespace of the HCPAuth CR. If no value is specified for HCPAuthRef the Operator will default to the `default` HCPAuth, configured in its own Kubernetes namespace. HCPAuthRef string `json:\\"hcpAuthRef,omitempty\\"`"', args=[d.arg(name='hcpAuthRef', type=d.T.string)]),
'#withHcpAuthRef':: d.fn(help="\"HCPAuthRef to the HCPAuth resource, can be prefixed with a namespace, eg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to the namespace of the HCPAuth CR. If no value is specified for HCPAuthRef the Operator will default to the `default` HCPAuth, configured in the operator's namespace.\"", args=[d.arg(name='hcpAuthRef', type=d.T.string)]),
withHcpAuthRef(hcpAuthRef): { spec+: { hcpAuthRef: hcpAuthRef } },
'#withRefreshAfter':: d.fn(help='"RefreshAfter a period of time, in duration notation e.g. 30s, 1m, 24h"', args=[d.arg(name='refreshAfter', type=d.T.string)]),
withRefreshAfter(refreshAfter): { spec+: { refreshAfter: refreshAfter } },
Expand Down
6 changes: 3 additions & 3 deletions 0.1.0/_gen/secrets/v1beta1/vaultAuth.libsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@
withRegion(region): { spec+: { aws+: { region: region } } },
'#withRole':: d.fn(help='"Vault role to use for authenticating"', args=[d.arg(name='role', type=d.T.string)]),
withRole(role): { spec+: { aws+: { role: role } } },
'#withSecretRef':: d.fn(help='"SecretRef is the name of a Kubernetes Secret which holds credentials for AWS. Expected keys include `access_key_id`, `secret_access_key`, `session_token`"', args=[d.arg(name='secretRef', type=d.T.string)]),
'#withSecretRef':: d.fn(help="\"SecretRef is the name of a Kubernetes Secret in the consumer's (VDS/VSS/PKI) namespace which holds credentials for AWS. Expected keys include `access_key_id`, `secret_access_key`, `session_token`\"", args=[d.arg(name='secretRef', type=d.T.string)]),
withSecretRef(secretRef): { spec+: { aws+: { secretRef: secretRef } } },
'#withSessionName':: d.fn(help='"The role session name to use when creating a webidentity provider"', args=[d.arg(name='sessionName', type=d.T.string)]),
withSessionName(sessionName): { spec+: { aws+: { sessionName: sessionName } } },
Expand Down Expand Up @@ -111,7 +111,7 @@
withAudiencesMixin(audiences): { spec+: { kubernetes+: { audiences+: if std.isArray(v=audiences) then audiences else [audiences] } } },
'#withRole':: d.fn(help='"Role to use for authenticating to Vault."', args=[d.arg(name='role', type=d.T.string)]),
withRole(role): { spec+: { kubernetes+: { role: role } } },
'#withServiceAccount':: d.fn(help="\"ServiceAccount to use when authenticating to Vault's kubernetes authentication backend.\"", args=[d.arg(name='serviceAccount', type=d.T.string)]),
'#withServiceAccount':: d.fn(help="\"ServiceAccount to use when authenticating to Vault's authentication backend. This must reside in the consuming secret's (VDS/VSS/PKI) namespace.\"", args=[d.arg(name='serviceAccount', type=d.T.string)]),
withServiceAccount(serviceAccount): { spec+: { kubernetes+: { serviceAccount: serviceAccount } } },
'#withTokenExpirationSeconds':: d.fn(help='"TokenExpirationSeconds to set the ServiceAccount token."', args=[d.arg(name='tokenExpirationSeconds', type=d.T.integer)]),
withTokenExpirationSeconds(tokenExpirationSeconds): { spec+: { kubernetes+: { tokenExpirationSeconds: tokenExpirationSeconds } } },
Expand Down Expand Up @@ -141,7 +141,7 @@
withParams(params): { spec+: { params: params } },
'#withParamsMixin':: d.fn(help='"Params to use when authenticating to Vault"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='params', type=d.T.object)]),
withParamsMixin(params): { spec+: { params+: params } },
'#withVaultConnectionRef':: d.fn(help='"VaultConnectionRef to the VaultConnection resource, can be prefixed with a namespace, eg: `namespaceA/vaultConnectionRefB`. If no namespace prefix is provided it will default to namespace of the VaultConnection CR. If no value is specified for VaultConnectionRef the Operator will default to\\t`default` VaultConnection, configured in its own Kubernetes namespace."', args=[d.arg(name='vaultConnectionRef', type=d.T.string)]),
'#withVaultConnectionRef':: d.fn(help="\"VaultConnectionRef to the VaultConnection resource, can be prefixed with a namespace, eg: `namespaceA/vaultConnectionRefB`. If no namespace prefix is provided it will default to namespace of the VaultConnection CR. If no value is specified for VaultConnectionRef the Operator will default to the `default` VaultConnection, configured in the operator's namespace.\"", args=[d.arg(name='vaultConnectionRef', type=d.T.string)]),
withVaultConnectionRef(vaultConnectionRef): { spec+: { vaultConnectionRef: vaultConnectionRef } },
},
'#mixin': 'ignore',
Expand Down
Loading

0 comments on commit 2ca8e20

Please sign in to comment.