diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bd057e93..4d719852 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ on: env: # Common versions - GO_VERSION: '1.20' + GO_VERSION: '1.19' GOLANGCI_VERSION: 'v1.53.3' DOCKER_BUILDX_VERSION: 'v0.8.2' diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 4aae1d97..83782682 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -8,5 +8,5 @@ jobs: e2e: uses: upbound/uptest/.github/workflows/pr-comment-trigger.yml@main secrets: - UPTEST_CLOUD_CREDENTIALS: ${{ secrets.UPTEST_CLOUD_CREDENTIALS }} + UPTEST_CLOUD_CREDENTIALS: "not used" UPTEST_DATASOURCE: ${{ secrets.UPTEST_DATASOURCE }} diff --git a/Makefile b/Makefile index be7f5721..5f26f1bb 100644 --- a/Makefile +++ b/Makefile @@ -38,8 +38,7 @@ NPROCS ?= 1 # to half the number of CPU cores. GO_TEST_PARALLEL := $(shell echo $$(( $(NPROCS) / 2 ))) -GO_REQUIRED_VERSION ?= 1.20 -GOLANGCILINT_VERSION ?= 1.53.3 +GO_REQUIRED_VERSION ?= 1.19 GO_STATIC_PACKAGES = $(GO_PROJECT)/cmd/provider $(GO_PROJECT)/cmd/generator GO_LDFLAGS += -X $(GO_PROJECT)/internal/version.Version=$(VERSION) GO_SUBDIRS += cmd internal apis @@ -53,7 +52,6 @@ UP_VERSION = v0.18.0 UP_CHANNEL = stable UPTEST_VERSION = v0.2.1 RELDIR = "examples/release" -UPTEST_EXAMPLE_LIST=${RELDIR}/mount/mount-generic-secrets.yaml,${RELDIR}/genericsecret/genericsecret.yaml,${RELDIR}/mount/mount-kv-v1.yaml,${RELDIR}/kvsecret/kvsecret.yaml,${RELDIR}/mount/mount-kv-v2.yaml,${RELDIR}/kvsecretv2/kvsecretv2.yaml,${RELDIR}/tokenauthbackendrole/tokenauthbackendrole.yaml,${RELDIR}/token/token.yaml,${RELDIR}/githubauthbackend/githubauthbackend.yaml,${RELDIR}/githubteam/githubteam.yaml -include build/makelib/k8s_tools.mk # ==================================================================================== diff --git a/cluster/test/setup.sh b/cluster/test/setup.sh index b41638f8..03485b1b 100755 --- a/cluster/test/setup.sh +++ b/cluster/test/setup.sh @@ -26,8 +26,6 @@ if [ -f "${KUBECONFIG_PATH}" ]; then chmod 0600 ${KUBECONFIG_PATH} fi -echo_info "Creating cloud credential secret..." -${KUBECTL} -n upbound-system create secret generic provider-secret --from-literal=credentials="{\"token\":\"${UPTEST_CLOUD_CREDENTIALS}\"}" --dry-run=client -o yaml | ${KUBECTL} apply -f - echo_info "Waiting until provider is healthy..." ${KUBECTL} wait provider.pkg --all --for condition=Healthy --timeout 5m @@ -123,17 +121,3 @@ spec: namespace: vault key: credentials EOF - -echo_info "Enabling GitHub Auth" -${KUBECTL} exec -n vault --stdin vault-0 -- vault login -tls-skip-verify $VAULT_ROOT_TOKEN -${KUBECTL} exec -n vault --stdin vault-0 -- vault auth enable github - -echo_info "Enabled Auth Methods" -${KUBECTL} exec -n vault --stdin vault-0 -- vault auth list - -# More useful setup info -# https://itnext.io/vault-cluster-with-auto-unseal-on-kubernetes-8e469f9cdcfd - -echo_step "Note: local-dev cluster will remain after tests" -echo_step_completed "Test setup complete" -echo_step "Running upjet vault tests" diff --git a/examples/release/authbackend/authbackend.yaml b/examples/auth/authbackend.yaml similarity index 100% rename from examples/release/authbackend/authbackend.yaml rename to examples/auth/authbackend.yaml diff --git a/examples/experimental/README.md b/examples/experimental/README.md deleted file mode 100644 index 5d6117fe..00000000 --- a/examples/experimental/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Experimental Examples - -These examples are not guaranteed to work. -They are inspirations that may have gaps. -The goal is for them to graduate to release -status at some point. diff --git a/examples/experimental/adsecretbackend/adsecretbackend.yaml b/examples/experimental/adsecretbackend/adsecretbackend.yaml deleted file mode 100644 index 772fdbc1..00000000 --- a/examples/experimental/adsecretbackend/adsecretbackend.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: ad.vault.upbound.io/v1alpha1 -# Creates an Active Directory Secret Backend for Vault. -# Active Directory secret backend rotates existing -# Active Directory service account passwords based -# on the TTL of the role. -kind: SecretBackend -metadata: - name: vault-secret-backend -spec: - forProvider: - description: "Managed with UXP Vault Provider (generated with Upjet)" - binddn: "CN=Administrator,CN=Users,DC=corp,DC=upbound,DC=io" - bindpassSecretRef: - key: bindpass - namespace: vault - name: bindpass - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/adsecretbackend/secret.yaml.tmpl b/examples/experimental/adsecretbackend/secret.yaml.tmpl deleted file mode 100644 index b0f24fe5..00000000 --- a/examples/experimental/adsecretbackend/secret.yaml.tmpl +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: ad-svc-account-password - namespace: vault -type: Opaque -stringData: - # WARNING: DO NOT CHECK REAL PASSWORDS INTO GIT - bindpass: | - { - "bindpass": "new-rotated-bind-password" - } diff --git a/examples/experimental/adsecretrole/adsecretrole.yaml b/examples/experimental/adsecretrole/adsecretrole.yaml deleted file mode 100644 index c8e8b7c5..00000000 --- a/examples/experimental/adsecretrole/adsecretrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: ad.vault.upbound.io/v1alpha1 -# Creates a role on an Active Directory Secret -# Backend for Vault. Roles are used to map -# credentials to existing Active Directory -# service accounts. -kind: SecretRole -metadata: - name: vault-secret-role -spec: - forProvider: - backend: "vault-secret-backend" - role: "customer-success" - serviceAccountName: "customer-success" - ttl: 60 - namespace: vault - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/alicloudauthbackendrole/alicloudauthbackendrole.yaml b/examples/experimental/alicloudauthbackendrole/alicloudauthbackendrole.yaml deleted file mode 100644 index c666490c..00000000 --- a/examples/experimental/alicloudauthbackendrole/alicloudauthbackendrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: alicloud.vault.upbound.io/v1alpha1 -# Provides a resource to create a role in an -# AliCloud auth backend within Vault. -kind: AuthBackendRole -metadata: - name: vault-alicloud-auth-backend-role -spec: - forProvider: - arn: "" - backend: "" - namespace: upbound-system - role: vault-secret-role - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/approleauthbackendlogin/approleauthbackendlogin.yaml b/examples/experimental/approleauthbackendlogin/approleauthbackendlogin.yaml deleted file mode 100644 index da95fa15..00000000 --- a/examples/experimental/approleauthbackendlogin/approleauthbackendlogin.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: approle.vault.upbound.io/v1alpha1 -# Logs into Vault using the AppRole auth backend. -# See the Vault documentation for more information. -# https://developer.hashicorp.com/vault/docs/auth/approle -kind: AuthBackendLogin -metadata: - name: vault-auth-backend-login -spec: - forProvider: - backend: "" - namespace: upbound-system - roleId: "vault-role-id" - secretId: "vault-secret-id" - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/approleauthbackendrole/approleauthbackendrole.yaml b/examples/experimental/approleauthbackendrole/approleauthbackendrole.yaml deleted file mode 100644 index 1dfafd8b..00000000 --- a/examples/experimental/approleauthbackendrole/approleauthbackendrole.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: approle.vault.upbound.io/v1alpha1 -kind: AuthBackendRole -metadata: - name: vault-auth-backend-role -spec: - forProvider: - backend: "github-auth-backend" - roleName: "example-role" - tokenPolicies: ["default"] - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/audit/audit.yaml b/examples/experimental/audit/audit.yaml deleted file mode 100644 index 35a7934c..00000000 --- a/examples/experimental/audit/audit.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: vault.vault.upbound.io/v1alpha1 -kind: Audit -metadata: - name: vault-audit -spec: - forProvider: - description: "Managed with UXP Vault Provider (generated with Upjet)" - type: "file" - local: false - options: {file_path=/var/vault_audit.log} - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/auditrequestheader/auditrequestheader.yaml b/examples/experimental/auditrequestheader/auditrequestheader.yaml deleted file mode 100644 index 9b52567f..00000000 --- a/examples/experimental/auditrequestheader/auditrequestheader.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: audit.vault.upbound.io/v1alpha1 -kind: RequestHeader -metadata: - name: audit-request-header -spec: - forProvider: - name: "X-Forwarded-For" - hmac: false - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/genericendpoint/genericendpoint.yaml b/examples/experimental/genericendpoint/genericendpoint.yaml deleted file mode 100644 index 4f26e7e4..00000000 --- a/examples/experimental/genericendpoint/genericendpoint.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: generic.vault.upbound.io/v1alpha1 -kind: Endpoint -metadata: - name: generic-endpoint -spec: - forProvider: - path: "generic-endpoint" - dataJsonSecretRef: - name: vault-creds - namespace: vault - key: credentials - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/githubuser/githubuser-humoflife-2.yaml b/examples/experimental/githubuser/githubuser-humoflife-2.yaml deleted file mode 100644 index 5789184e..00000000 --- a/examples/experimental/githubuser/githubuser-humoflife-2.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: github.vault.upbound.io/v1alpha1 -kind: User -metadata: - name: github-user-humoflife-2 -spec: - forProvider: - backend: "auth/github-specific" - user: humoflife - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/githubuser/githubuser-humoflife.yaml b/examples/experimental/githubuser/githubuser-humoflife.yaml deleted file mode 100644 index d6f1860f..00000000 --- a/examples/experimental/githubuser/githubuser-humoflife.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: github.vault.upbound.io/v1alpha1 -kind: User -metadata: - name: github-user-humoflife -spec: - forProvider: - backend: "github" - user: humoflife - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/jwtauthbackend/jwtauthbackend.yaml b/examples/experimental/jwtauthbackend/jwtauthbackend.yaml deleted file mode 100644 index 31f6a4a7..00000000 --- a/examples/experimental/jwtauthbackend/jwtauthbackend.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: jwt.vault.upbound.io/v1alpha1 -kind: Backend -metadata: - name: jwt-auth-backend -spec: - forProvider: - description: "JWT backend for UXP manageed Vault" - path: "oidc" - type: "oidc" - oidc_discovery_url: "INSERT_URL" - bound_issuer: "INSERT_URL" - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/jwtauthbackendrole/jwtauthbackendrole.yaml b/examples/experimental/jwtauthbackendrole/jwtauthbackendrole.yaml deleted file mode 100644 index 016fd20e..00000000 --- a/examples/experimental/jwtauthbackendrole/jwtauthbackendrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: jwt.vault.upbound.io/v1alpha1 -# Manages an JWT/OIDC auth backend role in a Vault server. -kind: AuthBackendRole -metadata: - name: jwt-auth-backend-role -spec: - forProvider: - backend: "jwt-auth-backend" - roleName: "jwt-role" - tokenPolicies: ["default", "dev", "prod"] - - boundAudiences: ["https://upbound.test"] - boundClaims: { - color: "red, green, blue" - } - userClaim: "https://vault/user" - roleType: "jwt" - roleType: "oidc" - providerConfigRef: - name: vault-provider-config diff --git a/examples/experimental/raftautopilot/raftautopilot.yaml b/examples/experimental/raftautopilot/raftautopilot.yaml deleted file mode 100644 index 82f816b7..00000000 --- a/examples/experimental/raftautopilot/raftautopilot.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: raft.vault.upbound.io/v1alpha1 -kind: Autopilot -metadata: - name: raft-autopilot -spec: - forProvider: - cleanupDeadServers: true - deadServerLastContactThreshold: "24h0m0s" - lastContactThreshold: "10s" - maxTrailingLogs: 1000 - minQuorum: 1 - serverStabilizationTime: "10s" - providerConfigRef: - name: vault-provider-config diff --git a/examples/genericsecret/genericsecret.yaml b/examples/genericsecret/genericsecret.yaml new file mode 100644 index 00000000..32f85072 --- /dev/null +++ b/examples/genericsecret/genericsecret.yaml @@ -0,0 +1,33 @@ +apiVersion: generic.vault.upbound.io/v1alpha1 +kind: Secret +metadata: + annotations: + meta.upbound.io/example-id: generic/v1alpha1/secret + labels: + testing.upbound.io/example-name: vault-creds + name: vault-creds +spec: + forProvider: + path: "generic/vault-creds" + dataJsonSecretRef: + name: vault-creds + namespace: vault + key: credentials + providerConfigRef: + name: vault-provider-config +--- +apiVersion: vault.vault.upbound.io/v1alpha1 +kind: Mount +metadata: + annotations: + meta.upbound.io/example-id: generic/v1alpha1/secret + labels: + testing.upbound.io/example-name: vault-creds + name: vault-creds-generic +spec: + deletionPolicy: Delete + forProvider: + path: "generic" + type: "generic" + providerConfigRef: + name: vault-provider-config diff --git a/examples/release/githubauthbackend/githubauthbackend.yaml b/examples/githubauthbackend/githubauthbackend.yaml similarity index 68% rename from examples/release/githubauthbackend/githubauthbackend.yaml rename to examples/githubauthbackend/githubauthbackend.yaml index ee4d1ce6..49bc57b6 100644 --- a/examples/release/githubauthbackend/githubauthbackend.yaml +++ b/examples/githubauthbackend/githubauthbackend.yaml @@ -1,6 +1,10 @@ apiVersion: github.vault.upbound.io/v1alpha1 kind: AuthBackend metadata: + annotations: + meta.upbound.io/example-id: github/v1alpha1/authbackend + labels: + testing.upbound.io/example-name: github-specific-auth-backend name: github-specific-auth-backend spec: forProvider: diff --git a/examples/githubteam/githubteam.yaml b/examples/githubteam/githubteam.yaml new file mode 100644 index 00000000..a6e56522 --- /dev/null +++ b/examples/githubteam/githubteam.yaml @@ -0,0 +1,29 @@ +apiVersion: github.vault.upbound.io/v1alpha1 +kind: Team +metadata: + annotations: + meta.upbound.io/example-id: github/v1alpha1/team + labels: + testing.upbound.io/example-name: github-team + name: github-team +spec: + forProvider: + backend: "github" + team: "everyone" + providerConfigRef: + name: vault-provider-config +--- +apiVersion: auth.vault.upbound.io/v1alpha1 +kind: Backend +metadata: + annotations: + meta.upbound.io/example-id: github/v1alpha1/team + labels: + testing.upbound.io/example-name: github-team + name: github-team +spec: + forProvider: + description: "GitHub generic auth backend for UXP manageed Vault" + type: "github" + providerConfigRef: + name: vault-provider-config diff --git a/examples/kvsecret/kvsecret.yaml b/examples/kvsecret/kvsecret.yaml new file mode 100644 index 00000000..e065fb2f --- /dev/null +++ b/examples/kvsecret/kvsecret.yaml @@ -0,0 +1,33 @@ +apiVersion: kv.vault.upbound.io/v1alpha1 +kind: Secret +metadata: + annotations: + meta.upbound.io/example-id: kv/v1alpha1/secret + labels: + testing.upbound.io/example-name: vault-creds + name: vault-creds +spec: + forProvider: + path: "kvv1/vault-creds" + dataJsonSecretRef: + name: vault-creds + namespace: vault + key: credentials + providerConfigRef: + name: vault-provider-config +--- +apiVersion: vault.vault.upbound.io/v1alpha1 +kind: Mount +metadata: + annotations: + meta.upbound.io/example-id: kv/v1alpha1/secret + labels: + testing.upbound.io/example-name: vault-creds + name: vault-creds-kv1 +spec: + deletionPolicy: Delete + forProvider: + path: "kvv1" + type: "kv-v1" + providerConfigRef: + name: vault-provider-config diff --git a/examples/kvsecretv2/kvsecretv2.yaml b/examples/kvsecretv2/kvsecretv2.yaml new file mode 100644 index 00000000..3fed7a2e --- /dev/null +++ b/examples/kvsecretv2/kvsecretv2.yaml @@ -0,0 +1,38 @@ +apiVersion: kv.vault.upbound.io/v1alpha1 +kind: SecretV2 +metadata: + annotations: + meta.upbound.io/example-id: kv/v1alpha1/secretv2 + labels: + testing.upbound.io/example-name: vault-creds + name: vault-creds +spec: + forProvider: + mount: "kvv2" + name: "vault-creds" + cas: 1 + customMetadata: + - maxVersions: 99 + deleteVersionAfter: 6000 + dataJsonSecretRef: + name: vault-creds + namespace: vault + key: credentials + providerConfigRef: + name: vault-provider-config +--- +apiVersion: vault.vault.upbound.io/v1alpha1 +kind: Mount +metadata: + annotations: + meta.upbound.io/example-id: kv/v1alpha1/secretv2 + labels: + testing.upbound.io/example-name: vault-creds + name: vault-creds-kv2 +spec: + deletionPolicy: Delete + forProvider: + path: "kvv2" + type: "kv-v2" + providerConfigRef: + name: vault-provider-config diff --git a/examples/release/mount/mount-generic-secrets.yaml b/examples/mount/mount-generic-secrets.yaml similarity index 59% rename from examples/release/mount/mount-generic-secrets.yaml rename to examples/mount/mount-generic-secrets.yaml index bdb4ee29..c46dce0d 100644 --- a/examples/release/mount/mount-generic-secrets.yaml +++ b/examples/mount/mount-generic-secrets.yaml @@ -1,7 +1,11 @@ apiVersion: vault.vault.upbound.io/v1alpha1 kind: Mount metadata: - name: generic-secret-mount + annotations: + meta.upbound.io/example-id: vault/v1alpha1/mount + labels: + testing.upbound.io/example-name: generic + name: generic spec: deletionPolicy: Delete forProvider: diff --git a/examples/release/mount/mount-kv-v1.yaml b/examples/mount/mount-kv-v1.yaml similarity index 59% rename from examples/release/mount/mount-kv-v1.yaml rename to examples/mount/mount-kv-v1.yaml index 482dd2a9..e49427b7 100644 --- a/examples/release/mount/mount-kv-v1.yaml +++ b/examples/mount/mount-kv-v1.yaml @@ -1,7 +1,11 @@ apiVersion: vault.vault.upbound.io/v1alpha1 kind: Mount metadata: - name: kv-v1-secret-mount + annotations: + meta.upbound.io/example-id: vault/v1alpha1/mount + labels: + testing.upbound.io/example-name: kv-v1 + name: kv-v1 spec: deletionPolicy: Delete forProvider: diff --git a/examples/release/mount/mount-kv-v2.yaml b/examples/mount/mount-kv-v2.yaml similarity index 59% rename from examples/release/mount/mount-kv-v2.yaml rename to examples/mount/mount-kv-v2.yaml index 8901f831..3812f31e 100644 --- a/examples/release/mount/mount-kv-v2.yaml +++ b/examples/mount/mount-kv-v2.yaml @@ -1,7 +1,11 @@ apiVersion: vault.vault.upbound.io/v1alpha1 kind: Mount metadata: - name: kv-v2-secret-mount + annotations: + meta.upbound.io/example-id: vault/v1alpha1/mount + labels: + testing.upbound.io/example-name: kv-v2 + name: kv-v2 spec: deletionPolicy: Delete forProvider: diff --git a/examples/release/providerconfig/.gitignore b/examples/providerconfig/.gitignore similarity index 100% rename from examples/release/providerconfig/.gitignore rename to examples/providerconfig/.gitignore diff --git a/examples/release/providerconfig/providerconfig.yaml b/examples/providerconfig/providerconfig.yaml similarity index 100% rename from examples/release/providerconfig/providerconfig.yaml rename to examples/providerconfig/providerconfig.yaml diff --git a/examples/release/providerconfig/secret.yaml.tmpl b/examples/providerconfig/secret.yaml.tmpl similarity index 100% rename from examples/release/providerconfig/secret.yaml.tmpl rename to examples/providerconfig/secret.yaml.tmpl diff --git a/examples/release/README.md b/examples/release/README.md deleted file mode 100644 index 9200bbed..00000000 --- a/examples/release/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# Release Examples - -These examples have been tested. -They may not be bug free, but they have -produced expected outcomes. - -Some of the examples may depend on others -as their prerequisites, e.g. submitting -a secret may require a mount path to be -created first. diff --git a/examples/release/genericsecret/genericsecret.yaml b/examples/release/genericsecret/genericsecret.yaml deleted file mode 100644 index 649cb2a5..00000000 --- a/examples/release/genericsecret/genericsecret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: generic.vault.upbound.io/v1alpha1 -kind: Secret -metadata: - name: vault-creds -spec: - forProvider: - path: "generic/vault-creds" - dataJsonSecretRef: - name: vault-creds - namespace: vault - key: credentials - providerConfigRef: - name: vault-provider-config diff --git a/examples/release/genericsecret/genericsecret2.yaml b/examples/release/genericsecret/genericsecret2.yaml deleted file mode 100644 index 91898abd..00000000 --- a/examples/release/genericsecret/genericsecret2.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: generic.vault.upbound.io/v1alpha1 -kind: Secret -metadata: - name: vault-creds-2 -spec: - forProvider: - path: "generic/vault-creds-2" - dataJsonSecretRef: - name: vault-creds - namespace: vault - key: credentials - providerConfigRef: - name: vault-provider-config diff --git a/examples/release/githubteam/githubteam.yaml b/examples/release/githubteam/githubteam.yaml deleted file mode 100644 index 29763f4c..00000000 --- a/examples/release/githubteam/githubteam.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: github.vault.upbound.io/v1alpha1 -kind: Team -metadata: - name: github-team -spec: - forProvider: - # Read the id from - # authbackend.github.vault.upbound.io/github-auth-backend - # status.atProvider.organizationId - backend: "github" - team: "everyone" - providerConfigRef: - name: vault-provider-config diff --git a/examples/release/kvsecret/kvsecret.yaml b/examples/release/kvsecret/kvsecret.yaml deleted file mode 100644 index df4d06f0..00000000 --- a/examples/release/kvsecret/kvsecret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kv.vault.upbound.io/v1alpha1 -kind: Secret -metadata: - name: vault-creds -spec: - forProvider: - path: "kvv1/vault-creds" - dataJsonSecretRef: - name: vault-creds - namespace: vault - key: credentials - providerConfigRef: - name: vault-provider-config diff --git a/examples/release/kvsecretv2/copy.yaml b/examples/release/kvsecretv2/copy.yaml deleted file mode 100644 index c4242447..00000000 --- a/examples/release/kvsecretv2/copy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kv.vault.upbound.io/v1alpha1 -kind: SecretV2 -metadata: - name: test -spec: - forProvider: - mount: "kvv2" - name: "test" - cas: 1 - customMetadata: - - maxVersions: 99 - deleteVersionAfter: 6000 - dataJsonSecretRef: - name: vault-creds - namespace: vault - key: credentials - providerConfigRef: - name: vault-provider-config diff --git a/examples/release/kvsecretv2/kvsecretv2.yaml b/examples/release/kvsecretv2/kvsecretv2.yaml deleted file mode 100644 index 049514b7..00000000 --- a/examples/release/kvsecretv2/kvsecretv2.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kv.vault.upbound.io/v1alpha1 -kind: SecretV2 -metadata: - name: vault-creds -spec: - forProvider: - mount: "kvv2" - name: "vault-creds" - cas: 1 - customMetadata: - - maxVersions: 99 - deleteVersionAfter: 6000 - dataJsonSecretRef: - name: vault-creds - namespace: vault - key: credentials - providerConfigRef: - name: vault-provider-config diff --git a/examples/release/token/token.yaml b/examples/release/token/token.yaml deleted file mode 100644 index a02846a8..00000000 --- a/examples/release/token/token.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: vault.vault.upbound.io/v1alpha1 -kind: Token -metadata: - name: vault-token -spec: - forProvider: - roleName: "app" - ttl: "24h" - renewMinLease: 43200 - renewIncrement: 86400 - providerConfigRef: - name: vault-provider-config diff --git a/examples/release/storeconfig/vault.yaml b/examples/storeconfig/vault.yaml similarity index 100% rename from examples/release/storeconfig/vault.yaml rename to examples/storeconfig/vault.yaml diff --git a/examples/token/token.yaml b/examples/token/token.yaml new file mode 100644 index 00000000..91065637 --- /dev/null +++ b/examples/token/token.yaml @@ -0,0 +1,31 @@ +apiVersion: vault.vault.upbound.io/v1alpha1 +kind: Token +metadata: +metadata: + annotations: + meta.upbound.io/example-id: vault/v1alpha1/token + labels: + testing.upbound.io/example-name: vault-token + name: vault-token +spec: + forProvider: + roleName: "app" + ttl: "24h" + renewMinLease: 43200 + renewIncrement: 86400 + providerConfigRef: + name: vault-provider-config +--- +apiVersion: token.vault.upbound.io/v1alpha1 +kind: AuthBackendRole +metadata: + annotations: + meta.upbound.io/example-id: vault/v1alpha1/token + labels: + testing.upbound.io/example-name: vault-token + name: vault-token +spec: + forProvider: + roleName: "app" + providerConfigRef: + name: vault-provider-config diff --git a/examples/release/tokenauthbackendrole/tokenauthbackendrole.yaml b/examples/tokenauthbackendrole/tokenauthbackendrole.yaml similarity index 53% rename from examples/release/tokenauthbackendrole/tokenauthbackendrole.yaml rename to examples/tokenauthbackendrole/tokenauthbackendrole.yaml index 03b44614..8288c77f 100644 --- a/examples/release/tokenauthbackendrole/tokenauthbackendrole.yaml +++ b/examples/tokenauthbackendrole/tokenauthbackendrole.yaml @@ -1,7 +1,11 @@ apiVersion: token.vault.upbound.io/v1alpha1 kind: AuthBackendRole metadata: - name: app + annotations: + meta.upbound.io/example-id: token/v1alpha1/authbackendrole + labels: + testing.upbound.io/example-name: example + name: example spec: forProvider: roleName: "app" diff --git a/go.mod b/go.mod index 5efdf78c..31fc27da 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/upbound/provider-vault -go 1.20 +go 1.19 require ( github.com/crossplane/crossplane-runtime v0.20.0