diff --git a/apis/ad/v1alpha1/zz_generated.deepcopy.go b/apis/ad/v1alpha1/zz_generated.deepcopy.go index bb0e6285..4fd3e705 100644 --- a/apis/ad/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ad/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/ad/v1alpha1/zz_generated.managed.go b/apis/ad/v1alpha1/zz_generated.managed.go index 3577b829..8824bcb4 100644 --- a/apis/ad/v1alpha1/zz_generated.managed.go +++ b/apis/ad/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretRole. func (mg *SecretRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretRole. func (mg *SecretRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/alicloud/v1alpha1/zz_generated.deepcopy.go b/apis/alicloud/v1alpha1/zz_generated.deepcopy.go index 811d680a..35a06551 100644 --- a/apis/alicloud/v1alpha1/zz_generated.deepcopy.go +++ b/apis/alicloud/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/alicloud/v1alpha1/zz_generated.managed.go b/apis/alicloud/v1alpha1/zz_generated.managed.go index 836c358b..e2e30b5e 100644 --- a/apis/alicloud/v1alpha1/zz_generated.managed.go +++ b/apis/alicloud/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/approle/v1alpha1/zz_generated.deepcopy.go b/apis/approle/v1alpha1/zz_generated.deepcopy.go index cb611e91..bdce2752 100644 --- a/apis/approle/v1alpha1/zz_generated.deepcopy.go +++ b/apis/approle/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -139,7 +138,8 @@ func (in *AuthBackendLoginObservation) DeepCopyInto(out *AuthBackendLoginObserva if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/approle/v1alpha1/zz_generated.managed.go b/apis/approle/v1alpha1/zz_generated.managed.go index c4f83732..3c443c39 100644 --- a/apis/approle/v1alpha1/zz_generated.managed.go +++ b/apis/approle/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackendLogin) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendLogin. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendLogin) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendLogin. func (mg *AuthBackendLogin) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackendLogin) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendLogin. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendLogin) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendLogin. func (mg *AuthBackendLogin) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *AuthBackendRoleSecretID) GetProviderConfigReference() *xpv1.Reference return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRoleSecretID. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRoleSecretID) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRoleSecretID. func (mg *AuthBackendRoleSecretID) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *AuthBackendRoleSecretID) SetProviderConfigReference(r *xpv1.Reference) mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRoleSecretID. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRoleSecretID) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRoleSecretID. func (mg *AuthBackendRoleSecretID) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/audit/v1alpha1/zz_generated.deepcopy.go b/apis/audit/v1alpha1/zz_generated.deepcopy.go index cfd34743..781cda81 100644 --- a/apis/audit/v1alpha1/zz_generated.deepcopy.go +++ b/apis/audit/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/audit/v1alpha1/zz_generated.managed.go b/apis/audit/v1alpha1/zz_generated.managed.go index 8a9203bb..36b6e31a 100644 --- a/apis/audit/v1alpha1/zz_generated.managed.go +++ b/apis/audit/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *RequestHeader) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this RequestHeader. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *RequestHeader) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this RequestHeader. func (mg *RequestHeader) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *RequestHeader) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this RequestHeader. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *RequestHeader) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this RequestHeader. func (mg *RequestHeader) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/auth/v1alpha1/zz_generated.deepcopy.go b/apis/auth/v1alpha1/zz_generated.deepcopy.go index 1eb5e9be..d87b642a 100644 --- a/apis/auth/v1alpha1/zz_generated.deepcopy.go +++ b/apis/auth/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/auth/v1alpha1/zz_generated.managed.go b/apis/auth/v1alpha1/zz_generated.managed.go index 305ee420..30838c22 100644 --- a/apis/auth/v1alpha1/zz_generated.managed.go +++ b/apis/auth/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Backend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Backend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Backend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Backend. func (mg *Backend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Backend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Backend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Backend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Backend. func (mg *Backend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/aws/v1alpha1/zz_generated.deepcopy.go b/apis/aws/v1alpha1/zz_generated.deepcopy.go index ff2f2558..11341a7c 100644 --- a/apis/aws/v1alpha1/zz_generated.deepcopy.go +++ b/apis/aws/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -1176,7 +1175,8 @@ func (in *AuthBackendLoginObservation) DeepCopyInto(out *AuthBackendLoginObserva if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/aws/v1alpha1/zz_generated.managed.go b/apis/aws/v1alpha1/zz_generated.managed.go index 7519b349..97754545 100644 --- a/apis/aws/v1alpha1/zz_generated.managed.go +++ b/apis/aws/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackendCert) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendCert. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendCert) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendCert. func (mg *AuthBackendCert) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackendCert) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendCert. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendCert) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendCert. func (mg *AuthBackendCert) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *AuthBackendClient) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendClient. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendClient) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendClient. func (mg *AuthBackendClient) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *AuthBackendClient) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendClient. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendClient) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendClient. func (mg *AuthBackendClient) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *AuthBackendConfigIdentity) GetProviderConfigReference() *xpv1.Referenc return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendConfigIdentity. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendConfigIdentity) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendConfigIdentity. func (mg *AuthBackendConfigIdentity) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *AuthBackendConfigIdentity) SetProviderConfigReference(r *xpv1.Referenc mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendConfigIdentity. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendConfigIdentity) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendConfigIdentity. func (mg *AuthBackendConfigIdentity) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *AuthBackendIdentityWhitelist) GetProviderConfigReference() *xpv1.Refer return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendIdentityWhitelist. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendIdentityWhitelist) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendIdentityWhitelist. func (mg *AuthBackendIdentityWhitelist) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *AuthBackendIdentityWhitelist) SetProviderConfigReference(r *xpv1.Refer mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendIdentityWhitelist. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendIdentityWhitelist) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendIdentityWhitelist. func (mg *AuthBackendIdentityWhitelist) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -331,14 +267,6 @@ func (mg *AuthBackendLogin) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendLogin. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendLogin) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendLogin. func (mg *AuthBackendLogin) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -369,14 +297,6 @@ func (mg *AuthBackendLogin) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendLogin. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendLogin) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendLogin. func (mg *AuthBackendLogin) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -407,14 +327,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -445,14 +357,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -483,14 +387,6 @@ func (mg *AuthBackendRoleTag) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRoleTag. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRoleTag) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRoleTag. func (mg *AuthBackendRoleTag) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -521,14 +417,6 @@ func (mg *AuthBackendRoleTag) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRoleTag. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRoleTag) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRoleTag. func (mg *AuthBackendRoleTag) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -559,14 +447,6 @@ func (mg *AuthBackendRoletagBlacklist) GetProviderConfigReference() *xpv1.Refere return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRoletagBlacklist. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRoletagBlacklist) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRoletagBlacklist. func (mg *AuthBackendRoletagBlacklist) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -597,14 +477,6 @@ func (mg *AuthBackendRoletagBlacklist) SetProviderConfigReference(r *xpv1.Refere mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRoletagBlacklist. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRoletagBlacklist) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRoletagBlacklist. func (mg *AuthBackendRoletagBlacklist) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -635,14 +507,6 @@ func (mg *AuthBackendStsRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendStsRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendStsRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendStsRole. func (mg *AuthBackendStsRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -673,14 +537,6 @@ func (mg *AuthBackendStsRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendStsRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendStsRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendStsRole. func (mg *AuthBackendStsRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -711,14 +567,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -749,14 +597,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -787,14 +627,6 @@ func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -825,14 +657,6 @@ func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/azure/v1alpha1/zz_generated.deepcopy.go b/apis/azure/v1alpha1/zz_generated.deepcopy.go index 595801e2..b25a5e77 100644 --- a/apis/azure/v1alpha1/zz_generated.deepcopy.go +++ b/apis/azure/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/azure/v1alpha1/zz_generated.managed.go b/apis/azure/v1alpha1/zz_generated.managed.go index 84919699..b73e6e6f 100644 --- a/apis/azure/v1alpha1/zz_generated.managed.go +++ b/apis/azure/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackendConfig) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendConfig. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendConfig) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendConfig. func (mg *AuthBackendConfig) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackendConfig) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendConfig. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendConfig) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendConfig. func (mg *AuthBackendConfig) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/cert/v1alpha1/zz_generated.deepcopy.go b/apis/cert/v1alpha1/zz_generated.deepcopy.go index 31654b24..65d0786b 100644 --- a/apis/cert/v1alpha1/zz_generated.deepcopy.go +++ b/apis/cert/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/cert/v1alpha1/zz_generated.managed.go b/apis/cert/v1alpha1/zz_generated.managed.go index 836c358b..e2e30b5e 100644 --- a/apis/cert/v1alpha1/zz_generated.managed.go +++ b/apis/cert/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/consul/v1alpha1/zz_generated.deepcopy.go b/apis/consul/v1alpha1/zz_generated.deepcopy.go index 0bb69d13..6ed93099 100644 --- a/apis/consul/v1alpha1/zz_generated.deepcopy.go +++ b/apis/consul/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/consul/v1alpha1/zz_generated.managed.go b/apis/consul/v1alpha1/zz_generated.managed.go index d73589a2..c96d3bed 100644 --- a/apis/consul/v1alpha1/zz_generated.managed.go +++ b/apis/consul/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/database/v1alpha1/zz_generated.deepcopy.go b/apis/database/v1alpha1/zz_generated.deepcopy.go index fdf9c0f4..faa5e767 100644 --- a/apis/database/v1alpha1/zz_generated.deepcopy.go +++ b/apis/database/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -2733,7 +2732,8 @@ func (in *SecretBackendConnectionInitParameters) DeepCopyInto(out *SecretBackend if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -2968,7 +2968,8 @@ func (in *SecretBackendConnectionObservation) DeepCopyInto(out *SecretBackendCon if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -3176,7 +3177,8 @@ func (in *SecretBackendConnectionParameters) DeepCopyInto(out *SecretBackendConn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -3427,7 +3429,8 @@ func (in *SecretBackendRoleInitParameters) DeepCopyInto(out *SecretBackendRoleIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -3568,7 +3571,8 @@ func (in *SecretBackendRoleObservation) DeepCopyInto(out *SecretBackendRoleObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -3682,7 +3686,8 @@ func (in *SecretBackendRoleParameters) DeepCopyInto(out *SecretBackendRoleParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -4150,7 +4155,8 @@ func (in *SecretsMountCassandraInitParameters) DeepCopyInto(out *SecretsMountCas if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -4258,7 +4264,8 @@ func (in *SecretsMountCassandraObservation) DeepCopyInto(out *SecretsMountCassan if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -4366,7 +4373,8 @@ func (in *SecretsMountCassandraParameters) DeepCopyInto(out *SecretsMountCassand if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -4489,7 +4497,8 @@ func (in *SecretsMountCouchbaseInitParameters) DeepCopyInto(out *SecretsMountCou if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -4592,7 +4601,8 @@ func (in *SecretsMountCouchbaseObservation) DeepCopyInto(out *SecretsMountCouchb if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -4700,7 +4710,8 @@ func (in *SecretsMountCouchbaseParameters) DeepCopyInto(out *SecretsMountCouchba if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -4819,7 +4830,8 @@ func (in *SecretsMountElasticsearchInitParameters) DeepCopyInto(out *SecretsMoun if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -4931,7 +4943,8 @@ func (in *SecretsMountElasticsearchObservation) DeepCopyInto(out *SecretsMountEl if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -5043,7 +5056,8 @@ func (in *SecretsMountElasticsearchParameters) DeepCopyInto(out *SecretsMountEla if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -5141,7 +5155,8 @@ func (in *SecretsMountHanaInitParameters) DeepCopyInto(out *SecretsMountHanaInit if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -5238,7 +5253,8 @@ func (in *SecretsMountHanaObservation) DeepCopyInto(out *SecretsMountHanaObserva if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -5335,7 +5351,8 @@ func (in *SecretsMountHanaParameters) DeepCopyInto(out *SecretsMountHanaParamete if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -5437,7 +5454,8 @@ func (in *SecretsMountInfluxdbInitParameters) DeepCopyInto(out *SecretsMountInfl if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -5539,7 +5557,8 @@ func (in *SecretsMountInfluxdbObservation) DeepCopyInto(out *SecretsMountInfluxd if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -5641,7 +5660,8 @@ func (in *SecretsMountInfluxdbParameters) DeepCopyInto(out *SecretsMountInfluxdb if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -5885,7 +5905,8 @@ func (in *SecretsMountInitParameters) DeepCopyInto(out *SecretsMountInitParamete if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6015,7 +6036,8 @@ func (in *SecretsMountMongodbInitParameters) DeepCopyInto(out *SecretsMountMongo if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6112,7 +6134,8 @@ func (in *SecretsMountMongodbObservation) DeepCopyInto(out *SecretsMountMongodbO if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6209,7 +6232,8 @@ func (in *SecretsMountMongodbParameters) DeepCopyInto(out *SecretsMountMongodbPa if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6306,7 +6330,8 @@ func (in *SecretsMountMongodbatlasInitParameters) DeepCopyInto(out *SecretsMount if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6383,7 +6408,8 @@ func (in *SecretsMountMongodbatlasObservation) DeepCopyInto(out *SecretsMountMon if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6460,7 +6486,8 @@ func (in *SecretsMountMongodbatlasParameters) DeepCopyInto(out *SecretsMountMong if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6548,7 +6575,8 @@ func (in *SecretsMountMssqlInitParameters) DeepCopyInto(out *SecretsMountMssqlIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6655,7 +6683,8 @@ func (in *SecretsMountMssqlObservation) DeepCopyInto(out *SecretsMountMssqlObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6762,7 +6791,8 @@ func (in *SecretsMountMssqlParameters) DeepCopyInto(out *SecretsMountMssqlParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6874,7 +6904,8 @@ func (in *SecretsMountMySQLAuroraInitParameters) DeepCopyInto(out *SecretsMountM if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -6981,7 +7012,8 @@ func (in *SecretsMountMySQLAuroraObservation) DeepCopyInto(out *SecretsMountMySQ if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7088,7 +7120,8 @@ func (in *SecretsMountMySQLAuroraParameters) DeepCopyInto(out *SecretsMountMySQL if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7210,7 +7243,8 @@ func (in *SecretsMountMySQLInitParameters) DeepCopyInto(out *SecretsMountMySQLIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7317,7 +7351,8 @@ func (in *SecretsMountMySQLLegacyInitParameters) DeepCopyInto(out *SecretsMountM if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7424,7 +7459,8 @@ func (in *SecretsMountMySQLLegacyObservation) DeepCopyInto(out *SecretsMountMySQ if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7531,7 +7567,8 @@ func (in *SecretsMountMySQLLegacyParameters) DeepCopyInto(out *SecretsMountMySQL if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7653,7 +7690,8 @@ func (in *SecretsMountMySQLObservation) DeepCopyInto(out *SecretsMountMySQLObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7760,7 +7798,8 @@ func (in *SecretsMountMySQLParameters) DeepCopyInto(out *SecretsMountMySQLParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7882,7 +7921,8 @@ func (in *SecretsMountMySQLRDSInitParameters) DeepCopyInto(out *SecretsMountMySQ if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -7989,7 +8029,8 @@ func (in *SecretsMountMySQLRDSObservation) DeepCopyInto(out *SecretsMountMySQLRD if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -8096,7 +8137,8 @@ func (in *SecretsMountMySQLRDSParameters) DeepCopyInto(out *SecretsMountMySQLRDS if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -8359,7 +8401,8 @@ func (in *SecretsMountObservation) DeepCopyInto(out *SecretsMountObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -8457,7 +8500,8 @@ func (in *SecretsMountOracleInitParameters) DeepCopyInto(out *SecretsMountOracle if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -8564,7 +8608,8 @@ func (in *SecretsMountOracleObservation) DeepCopyInto(out *SecretsMountOracleObs if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -8671,7 +8716,8 @@ func (in *SecretsMountOracleParameters) DeepCopyInto(out *SecretsMountOraclePara if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -8914,7 +8960,8 @@ func (in *SecretsMountParameters) DeepCopyInto(out *SecretsMountParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9017,7 +9064,8 @@ func (in *SecretsMountPostgresqlInitParameters) DeepCopyInto(out *SecretsMountPo if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9124,7 +9172,8 @@ func (in *SecretsMountPostgresqlObservation) DeepCopyInto(out *SecretsMountPostg if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9231,7 +9280,8 @@ func (in *SecretsMountPostgresqlParameters) DeepCopyInto(out *SecretsMountPostgr if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9338,7 +9388,8 @@ func (in *SecretsMountRedisElasticacheInitParameters) DeepCopyInto(out *SecretsM if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9415,7 +9466,8 @@ func (in *SecretsMountRedisElasticacheObservation) DeepCopyInto(out *SecretsMoun if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9492,7 +9544,8 @@ func (in *SecretsMountRedisElasticacheParameters) DeepCopyInto(out *SecretsMount if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9584,7 +9637,8 @@ func (in *SecretsMountRedisInitParameters) DeepCopyInto(out *SecretsMountRedisIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9681,7 +9735,8 @@ func (in *SecretsMountRedisObservation) DeepCopyInto(out *SecretsMountRedisObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9778,7 +9833,8 @@ func (in *SecretsMountRedisParameters) DeepCopyInto(out *SecretsMountRedisParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9876,7 +9932,8 @@ func (in *SecretsMountRedshiftInitParameters) DeepCopyInto(out *SecretsMountReds if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -9978,7 +10035,8 @@ func (in *SecretsMountRedshiftObservation) DeepCopyInto(out *SecretsMountRedshif if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -10080,7 +10138,8 @@ func (in *SecretsMountRedshiftParameters) DeepCopyInto(out *SecretsMountRedshift if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -10187,7 +10246,8 @@ func (in *SecretsMountSnowflakeInitParameters) DeepCopyInto(out *SecretsMountSno if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -10284,7 +10344,8 @@ func (in *SecretsMountSnowflakeObservation) DeepCopyInto(out *SecretsMountSnowfl if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -10381,7 +10442,8 @@ func (in *SecretsMountSnowflakeParameters) DeepCopyInto(out *SecretsMountSnowfla if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/database/v1alpha1/zz_generated.managed.go b/apis/database/v1alpha1/zz_generated.managed.go index cc4d23c1..c3e417c0 100644 --- a/apis/database/v1alpha1/zz_generated.managed.go +++ b/apis/database/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackendConnection) GetProviderConfigReference() *xpv1.Reference return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendConnection. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendConnection) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendConnection. func (mg *SecretBackendConnection) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackendConnection) SetProviderConfigReference(r *xpv1.Reference) mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendConnection. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendConnection) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendConnection. func (mg *SecretBackendConnection) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *SecretBackendStaticRole) GetProviderConfigReference() *xpv1.Reference return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendStaticRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendStaticRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendStaticRole. func (mg *SecretBackendStaticRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *SecretBackendStaticRole) SetProviderConfigReference(r *xpv1.Reference) mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendStaticRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendStaticRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendStaticRole. func (mg *SecretBackendStaticRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *SecretsMount) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretsMount. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretsMount) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretsMount. func (mg *SecretsMount) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *SecretsMount) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretsMount. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretsMount) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretsMount. func (mg *SecretsMount) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/egp/v1alpha1/zz_generated.deepcopy.go b/apis/egp/v1alpha1/zz_generated.deepcopy.go index b19ca8f6..be07bc15 100644 --- a/apis/egp/v1alpha1/zz_generated.deepcopy.go +++ b/apis/egp/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/egp/v1alpha1/zz_generated.managed.go b/apis/egp/v1alpha1/zz_generated.managed.go index a29e31ba..4bca39f2 100644 --- a/apis/egp/v1alpha1/zz_generated.managed.go +++ b/apis/egp/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Policy) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Policy. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Policy) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Policy. func (mg *Policy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Policy) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Policy. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Policy) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Policy. func (mg *Policy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/gcp/v1alpha1/zz_generated.deepcopy.go b/apis/gcp/v1alpha1/zz_generated.deepcopy.go index 0b0ed067..06a21dc6 100644 --- a/apis/gcp/v1alpha1/zz_generated.deepcopy.go +++ b/apis/gcp/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/gcp/v1alpha1/zz_generated.managed.go b/apis/gcp/v1alpha1/zz_generated.managed.go index f5036998..be5cfe91 100644 --- a/apis/gcp/v1alpha1/zz_generated.managed.go +++ b/apis/gcp/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *SecretImpersonatedAccount) GetProviderConfigReference() *xpv1.Referenc return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretImpersonatedAccount. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretImpersonatedAccount) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretImpersonatedAccount. func (mg *SecretImpersonatedAccount) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *SecretImpersonatedAccount) SetProviderConfigReference(r *xpv1.Referenc mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretImpersonatedAccount. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretImpersonatedAccount) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretImpersonatedAccount. func (mg *SecretImpersonatedAccount) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -331,14 +267,6 @@ func (mg *SecretRoleset) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretRoleset. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretRoleset) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretRoleset. func (mg *SecretRoleset) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -369,14 +297,6 @@ func (mg *SecretRoleset) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretRoleset. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretRoleset) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretRoleset. func (mg *SecretRoleset) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -407,14 +327,6 @@ func (mg *SecretStaticAccount) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretStaticAccount. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretStaticAccount) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretStaticAccount. func (mg *SecretStaticAccount) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -445,14 +357,6 @@ func (mg *SecretStaticAccount) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretStaticAccount. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretStaticAccount) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretStaticAccount. func (mg *SecretStaticAccount) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/generic/v1alpha1/zz_generated.deepcopy.go b/apis/generic/v1alpha1/zz_generated.deepcopy.go index 4121291d..be8a8556 100644 --- a/apis/generic/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generic/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -164,7 +163,8 @@ func (in *EndpointObservation) DeepCopyInto(out *EndpointObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/generic/v1alpha1/zz_generated.managed.go b/apis/generic/v1alpha1/zz_generated.managed.go index 8a98897d..a3a2873c 100644 --- a/apis/generic/v1alpha1/zz_generated.managed.go +++ b/apis/generic/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Endpoint) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Endpoint. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Endpoint) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Endpoint. func (mg *Endpoint) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Endpoint) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Endpoint. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Endpoint) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Endpoint. func (mg *Endpoint) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *Secret) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Secret. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Secret) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Secret. func (mg *Secret) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *Secret) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Secret. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Secret) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Secret. func (mg *Secret) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/github/v1alpha1/zz_generated.deepcopy.go b/apis/github/v1alpha1/zz_generated.deepcopy.go index 49d66b3b..3877c994 100644 --- a/apis/github/v1alpha1/zz_generated.deepcopy.go +++ b/apis/github/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/github/v1alpha1/zz_generated.managed.go b/apis/github/v1alpha1/zz_generated.managed.go index 611d2586..88f24c58 100644 --- a/apis/github/v1alpha1/zz_generated.managed.go +++ b/apis/github/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *Team) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Team. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Team) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Team. func (mg *Team) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *Team) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Team. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Team) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Team. func (mg *Team) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *User) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this User. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *User) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this User. func (mg *User) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *User) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this User. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *User) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this User. func (mg *User) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/identity/v1alpha1/zz_generated.deepcopy.go b/apis/identity/v1alpha1/zz_generated.deepcopy.go index 0c816799..5b2e9256 100644 --- a/apis/identity/v1alpha1/zz_generated.deepcopy.go +++ b/apis/identity/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -83,7 +82,8 @@ func (in *EntityAliasInitParameters) DeepCopyInto(out *EntityAliasInitParameters if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -165,7 +165,8 @@ func (in *EntityAliasObservation) DeepCopyInto(out *EntityAliasObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -220,7 +221,8 @@ func (in *EntityAliasParameters) DeepCopyInto(out *EntityAliasParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -310,7 +312,8 @@ func (in *EntityInitParameters) DeepCopyInto(out *EntityInitParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -408,7 +411,8 @@ func (in *EntityObservation) DeepCopyInto(out *EntityObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -469,7 +473,8 @@ func (in *EntityParameters) DeepCopyInto(out *EntityParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1050,7 +1055,8 @@ func (in *GroupInitParameters) DeepCopyInto(out *GroupInitParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1629,7 +1635,8 @@ func (in *GroupObservation) DeepCopyInto(out *GroupObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1722,7 +1729,8 @@ func (in *GroupParameters) DeepCopyInto(out *GroupParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/identity/v1alpha1/zz_generated.managed.go b/apis/identity/v1alpha1/zz_generated.managed.go index 35ee8551..0d927ed9 100644 --- a/apis/identity/v1alpha1/zz_generated.managed.go +++ b/apis/identity/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Entity) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Entity. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Entity) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Entity. func (mg *Entity) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Entity) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Entity. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Entity) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Entity. func (mg *Entity) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *EntityAlias) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this EntityAlias. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *EntityAlias) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this EntityAlias. func (mg *EntityAlias) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *EntityAlias) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this EntityAlias. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *EntityAlias) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this EntityAlias. func (mg *EntityAlias) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *EntityPolicies) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this EntityPolicies. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *EntityPolicies) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this EntityPolicies. func (mg *EntityPolicies) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *EntityPolicies) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this EntityPolicies. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *EntityPolicies) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this EntityPolicies. func (mg *EntityPolicies) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *Group) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Group. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Group) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Group. func (mg *Group) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *Group) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Group. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Group) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Group. func (mg *Group) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -331,14 +267,6 @@ func (mg *GroupAlias) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this GroupAlias. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *GroupAlias) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this GroupAlias. func (mg *GroupAlias) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -369,14 +297,6 @@ func (mg *GroupAlias) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this GroupAlias. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *GroupAlias) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this GroupAlias. func (mg *GroupAlias) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -407,14 +327,6 @@ func (mg *GroupMemberEntityIds) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this GroupMemberEntityIds. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *GroupMemberEntityIds) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this GroupMemberEntityIds. func (mg *GroupMemberEntityIds) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -445,14 +357,6 @@ func (mg *GroupMemberEntityIds) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this GroupMemberEntityIds. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *GroupMemberEntityIds) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this GroupMemberEntityIds. func (mg *GroupMemberEntityIds) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -483,14 +387,6 @@ func (mg *GroupMemberGroupIds) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this GroupMemberGroupIds. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *GroupMemberGroupIds) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this GroupMemberGroupIds. func (mg *GroupMemberGroupIds) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -521,14 +417,6 @@ func (mg *GroupMemberGroupIds) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this GroupMemberGroupIds. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *GroupMemberGroupIds) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this GroupMemberGroupIds. func (mg *GroupMemberGroupIds) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -559,14 +447,6 @@ func (mg *GroupPolicies) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this GroupPolicies. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *GroupPolicies) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this GroupPolicies. func (mg *GroupPolicies) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -597,14 +477,6 @@ func (mg *GroupPolicies) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this GroupPolicies. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *GroupPolicies) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this GroupPolicies. func (mg *GroupPolicies) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -635,14 +507,6 @@ func (mg *MfaDuo) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this MfaDuo. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *MfaDuo) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this MfaDuo. func (mg *MfaDuo) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -673,14 +537,6 @@ func (mg *MfaDuo) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this MfaDuo. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *MfaDuo) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this MfaDuo. func (mg *MfaDuo) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -711,14 +567,6 @@ func (mg *MfaLoginEnforcement) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this MfaLoginEnforcement. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *MfaLoginEnforcement) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this MfaLoginEnforcement. func (mg *MfaLoginEnforcement) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -749,14 +597,6 @@ func (mg *MfaLoginEnforcement) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this MfaLoginEnforcement. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *MfaLoginEnforcement) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this MfaLoginEnforcement. func (mg *MfaLoginEnforcement) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -787,14 +627,6 @@ func (mg *MfaOkta) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this MfaOkta. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *MfaOkta) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this MfaOkta. func (mg *MfaOkta) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -825,14 +657,6 @@ func (mg *MfaOkta) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this MfaOkta. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *MfaOkta) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this MfaOkta. func (mg *MfaOkta) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -863,14 +687,6 @@ func (mg *MfaPingid) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this MfaPingid. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *MfaPingid) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this MfaPingid. func (mg *MfaPingid) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -901,14 +717,6 @@ func (mg *MfaPingid) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this MfaPingid. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *MfaPingid) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this MfaPingid. func (mg *MfaPingid) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -939,14 +747,6 @@ func (mg *MfaTotp) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this MfaTotp. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *MfaTotp) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this MfaTotp. func (mg *MfaTotp) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -977,14 +777,6 @@ func (mg *MfaTotp) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this MfaTotp. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *MfaTotp) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this MfaTotp. func (mg *MfaTotp) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -1015,14 +807,6 @@ func (mg *Oidc) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Oidc. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Oidc) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Oidc. func (mg *Oidc) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -1053,14 +837,6 @@ func (mg *Oidc) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Oidc. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Oidc) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Oidc. func (mg *Oidc) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -1091,14 +867,6 @@ func (mg *OidcAssignment) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this OidcAssignment. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *OidcAssignment) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this OidcAssignment. func (mg *OidcAssignment) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -1129,14 +897,6 @@ func (mg *OidcAssignment) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this OidcAssignment. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *OidcAssignment) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this OidcAssignment. func (mg *OidcAssignment) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -1167,14 +927,6 @@ func (mg *OidcClient) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this OidcClient. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *OidcClient) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this OidcClient. func (mg *OidcClient) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -1205,14 +957,6 @@ func (mg *OidcClient) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this OidcClient. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *OidcClient) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this OidcClient. func (mg *OidcClient) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -1243,14 +987,6 @@ func (mg *OidcKey) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this OidcKey. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *OidcKey) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this OidcKey. func (mg *OidcKey) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -1281,14 +1017,6 @@ func (mg *OidcKey) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this OidcKey. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *OidcKey) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this OidcKey. func (mg *OidcKey) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -1319,14 +1047,6 @@ func (mg *OidcKeyAllowedClientID) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this OidcKeyAllowedClientID. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *OidcKeyAllowedClientID) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this OidcKeyAllowedClientID. func (mg *OidcKeyAllowedClientID) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -1357,14 +1077,6 @@ func (mg *OidcKeyAllowedClientID) SetProviderConfigReference(r *xpv1.Reference) mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this OidcKeyAllowedClientID. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *OidcKeyAllowedClientID) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this OidcKeyAllowedClientID. func (mg *OidcKeyAllowedClientID) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -1395,14 +1107,6 @@ func (mg *OidcProvider) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this OidcProvider. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *OidcProvider) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this OidcProvider. func (mg *OidcProvider) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -1433,14 +1137,6 @@ func (mg *OidcProvider) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this OidcProvider. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *OidcProvider) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this OidcProvider. func (mg *OidcProvider) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -1471,14 +1167,6 @@ func (mg *OidcRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this OidcRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *OidcRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this OidcRole. func (mg *OidcRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -1509,14 +1197,6 @@ func (mg *OidcRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this OidcRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *OidcRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this OidcRole. func (mg *OidcRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -1547,14 +1227,6 @@ func (mg *OidcScope) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this OidcScope. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *OidcScope) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this OidcScope. func (mg *OidcScope) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -1585,14 +1257,6 @@ func (mg *OidcScope) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this OidcScope. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *OidcScope) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this OidcScope. func (mg *OidcScope) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/jwt/v1alpha1/zz_generated.deepcopy.go b/apis/jwt/v1alpha1/zz_generated.deepcopy.go index a46c37db..8f15021d 100644 --- a/apis/jwt/v1alpha1/zz_generated.deepcopy.go +++ b/apis/jwt/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -155,7 +154,8 @@ func (in *AuthBackendInitParameters) DeepCopyInto(out *AuthBackendInitParameters if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -342,7 +342,8 @@ func (in *AuthBackendObservation) DeepCopyInto(out *AuthBackendObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -492,7 +493,8 @@ func (in *AuthBackendParameters) DeepCopyInto(out *AuthBackendParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -588,7 +590,8 @@ func (in *AuthBackendRoleInitParameters) DeepCopyInto(out *AuthBackendRoleInitPa if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -613,7 +616,8 @@ func (in *AuthBackendRoleInitParameters) DeepCopyInto(out *AuthBackendRoleInitPa if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -830,7 +834,8 @@ func (in *AuthBackendRoleObservation) DeepCopyInto(out *AuthBackendRoleObservati if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -855,7 +860,8 @@ func (in *AuthBackendRoleObservation) DeepCopyInto(out *AuthBackendRoleObservati if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1045,7 +1051,8 @@ func (in *AuthBackendRoleParameters) DeepCopyInto(out *AuthBackendRoleParameters if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1070,7 +1077,8 @@ func (in *AuthBackendRoleParameters) DeepCopyInto(out *AuthBackendRoleParameters if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/jwt/v1alpha1/zz_generated.managed.go b/apis/jwt/v1alpha1/zz_generated.managed.go index 3f2960fc..99c794ab 100644 --- a/apis/jwt/v1alpha1/zz_generated.managed.go +++ b/apis/jwt/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/kmip/v1alpha1/zz_generated.deepcopy.go b/apis/kmip/v1alpha1/zz_generated.deepcopy.go index b767e773..3df18add 100644 --- a/apis/kmip/v1alpha1/zz_generated.deepcopy.go +++ b/apis/kmip/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/kmip/v1alpha1/zz_generated.managed.go b/apis/kmip/v1alpha1/zz_generated.managed.go index fcadd298..3b19c34d 100644 --- a/apis/kmip/v1alpha1/zz_generated.managed.go +++ b/apis/kmip/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretRole. func (mg *SecretRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretRole. func (mg *SecretRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *SecretScope) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretScope. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretScope) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretScope. func (mg *SecretScope) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *SecretScope) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretScope. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretScope) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretScope. func (mg *SecretScope) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/kubernetes/v1alpha1/zz_generated.deepcopy.go b/apis/kubernetes/v1alpha1/zz_generated.deepcopy.go index d78ed8c4..34fcee7e 100644 --- a/apis/kubernetes/v1alpha1/zz_generated.deepcopy.go +++ b/apis/kubernetes/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -873,7 +872,8 @@ func (in *SecretBackendInitParameters) DeepCopyInto(out *SecretBackendInitParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1033,7 +1033,8 @@ func (in *SecretBackendObservation) DeepCopyInto(out *SecretBackendObservation) if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1151,7 +1152,8 @@ func (in *SecretBackendParameters) DeepCopyInto(out *SecretBackendParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1239,7 +1241,8 @@ func (in *SecretBackendRoleInitParameters) DeepCopyInto(out *SecretBackendRoleIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1254,7 +1257,8 @@ func (in *SecretBackendRoleInitParameters) DeepCopyInto(out *SecretBackendRoleIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1377,7 +1381,8 @@ func (in *SecretBackendRoleObservation) DeepCopyInto(out *SecretBackendRoleObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1392,7 +1397,8 @@ func (in *SecretBackendRoleObservation) DeepCopyInto(out *SecretBackendRoleObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1488,7 +1494,8 @@ func (in *SecretBackendRoleParameters) DeepCopyInto(out *SecretBackendRoleParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1503,7 +1510,8 @@ func (in *SecretBackendRoleParameters) DeepCopyInto(out *SecretBackendRoleParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/kubernetes/v1alpha1/zz_generated.managed.go b/apis/kubernetes/v1alpha1/zz_generated.managed.go index 84919699..b73e6e6f 100644 --- a/apis/kubernetes/v1alpha1/zz_generated.managed.go +++ b/apis/kubernetes/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackendConfig) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendConfig. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendConfig) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendConfig. func (mg *AuthBackendConfig) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackendConfig) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendConfig. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendConfig) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendConfig. func (mg *AuthBackendConfig) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/kv/v1alpha1/zz_generated.deepcopy.go b/apis/kv/v1alpha1/zz_generated.deepcopy.go index e2e213f5..1b276803 100644 --- a/apis/kv/v1alpha1/zz_generated.deepcopy.go +++ b/apis/kv/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -29,7 +28,8 @@ func (in *CustomMetadataInitParameters) DeepCopyInto(out *CustomMetadataInitPara if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -74,7 +74,8 @@ func (in *CustomMetadataObservation) DeepCopyInto(out *CustomMetadataObservation if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -119,7 +120,8 @@ func (in *CustomMetadataParameters) DeepCopyInto(out *CustomMetadataParameters) if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -617,7 +619,8 @@ func (in *SecretV2InitParameters) DeepCopyInto(out *SecretV2InitParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -706,7 +709,8 @@ func (in *SecretV2Observation) DeepCopyInto(out *SecretV2Observation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -736,7 +740,8 @@ func (in *SecretV2Observation) DeepCopyInto(out *SecretV2Observation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -809,7 +814,8 @@ func (in *SecretV2Parameters) DeepCopyInto(out *SecretV2Parameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/kv/v1alpha1/zz_generated.managed.go b/apis/kv/v1alpha1/zz_generated.managed.go index 95e2488e..8bad3aa3 100644 --- a/apis/kv/v1alpha1/zz_generated.managed.go +++ b/apis/kv/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Secret) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Secret. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Secret) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Secret. func (mg *Secret) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Secret) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Secret. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Secret) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Secret. func (mg *Secret) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretBackendV2) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendV2. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendV2) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendV2. func (mg *SecretBackendV2) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretBackendV2) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendV2. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendV2) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendV2. func (mg *SecretBackendV2) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *SecretV2) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretV2. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretV2) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretV2. func (mg *SecretV2) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *SecretV2) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretV2. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretV2) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretV2. func (mg *SecretV2) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/ldap/v1alpha1/zz_generated.deepcopy.go b/apis/ldap/v1alpha1/zz_generated.deepcopy.go index 3e1fa648..5d831cc7 100644 --- a/apis/ldap/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ldap/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/ldap/v1alpha1/zz_generated.managed.go b/apis/ldap/v1alpha1/zz_generated.managed.go index ae342697..82176535 100644 --- a/apis/ldap/v1alpha1/zz_generated.managed.go +++ b/apis/ldap/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *AuthBackendGroup) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendGroup. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendGroup) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendGroup. func (mg *AuthBackendGroup) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *AuthBackendGroup) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendGroup. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendGroup) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendGroup. func (mg *AuthBackendGroup) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *AuthBackendUser) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendUser. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendUser) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendUser. func (mg *AuthBackendUser) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *AuthBackendUser) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendUser. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendUser) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendUser. func (mg *AuthBackendUser) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/managed/v1alpha1/zz_generated.deepcopy.go b/apis/managed/v1alpha1/zz_generated.deepcopy.go index 25e6da5c..7eadba8d 100644 --- a/apis/managed/v1alpha1/zz_generated.deepcopy.go +++ b/apis/managed/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/managed/v1alpha1/zz_generated.managed.go b/apis/managed/v1alpha1/zz_generated.managed.go index 8c52fe3a..8ade75ab 100644 --- a/apis/managed/v1alpha1/zz_generated.managed.go +++ b/apis/managed/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Keys) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Keys. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Keys) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Keys. func (mg *Keys) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Keys) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Keys. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Keys) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Keys. func (mg *Keys) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/mfa/v1alpha1/zz_generated.deepcopy.go b/apis/mfa/v1alpha1/zz_generated.deepcopy.go index 48961054..ff1bf2f2 100644 --- a/apis/mfa/v1alpha1/zz_generated.deepcopy.go +++ b/apis/mfa/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/mfa/v1alpha1/zz_generated.managed.go b/apis/mfa/v1alpha1/zz_generated.managed.go index feb9c049..53583a18 100644 --- a/apis/mfa/v1alpha1/zz_generated.managed.go +++ b/apis/mfa/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Duo) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Duo. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Duo) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Duo. func (mg *Duo) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Duo) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Duo. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Duo) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Duo. func (mg *Duo) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *Okta) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Okta. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Okta) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Okta. func (mg *Okta) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *Okta) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Okta. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Okta) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Okta. func (mg *Okta) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *Pingid) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Pingid. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Pingid) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Pingid. func (mg *Pingid) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *Pingid) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Pingid. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Pingid) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Pingid. func (mg *Pingid) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *Totp) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Totp. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Totp) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Totp. func (mg *Totp) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *Totp) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Totp. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Totp) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Totp. func (mg *Totp) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/mongodbatlas/v1alpha1/zz_generated.deepcopy.go b/apis/mongodbatlas/v1alpha1/zz_generated.deepcopy.go index 71f2aaf2..9541311d 100644 --- a/apis/mongodbatlas/v1alpha1/zz_generated.deepcopy.go +++ b/apis/mongodbatlas/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/mongodbatlas/v1alpha1/zz_generated.managed.go b/apis/mongodbatlas/v1alpha1/zz_generated.managed.go index 3577b829..8824bcb4 100644 --- a/apis/mongodbatlas/v1alpha1/zz_generated.managed.go +++ b/apis/mongodbatlas/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretRole. func (mg *SecretRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretRole. func (mg *SecretRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/nomad/v1alpha1/zz_generated.deepcopy.go b/apis/nomad/v1alpha1/zz_generated.deepcopy.go index f7f3f7bf..81d90dce 100644 --- a/apis/nomad/v1alpha1/zz_generated.deepcopy.go +++ b/apis/nomad/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/nomad/v1alpha1/zz_generated.managed.go b/apis/nomad/v1alpha1/zz_generated.managed.go index 3577b829..8824bcb4 100644 --- a/apis/nomad/v1alpha1/zz_generated.managed.go +++ b/apis/nomad/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretRole. func (mg *SecretRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretRole. func (mg *SecretRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/okta/v1alpha1/zz_generated.deepcopy.go b/apis/okta/v1alpha1/zz_generated.deepcopy.go index bafc3955..b51264ba 100644 --- a/apis/okta/v1alpha1/zz_generated.deepcopy.go +++ b/apis/okta/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/okta/v1alpha1/zz_generated.managed.go b/apis/okta/v1alpha1/zz_generated.managed.go index ae342697..82176535 100644 --- a/apis/okta/v1alpha1/zz_generated.managed.go +++ b/apis/okta/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackend. func (mg *AuthBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *AuthBackendGroup) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendGroup. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendGroup) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendGroup. func (mg *AuthBackendGroup) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *AuthBackendGroup) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendGroup. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendGroup) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendGroup. func (mg *AuthBackendGroup) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *AuthBackendUser) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendUser. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendUser) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendUser. func (mg *AuthBackendUser) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *AuthBackendUser) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendUser. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendUser) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendUser. func (mg *AuthBackendUser) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/password/v1alpha1/zz_generated.deepcopy.go b/apis/password/v1alpha1/zz_generated.deepcopy.go index 5ec54fe4..bf805f43 100644 --- a/apis/password/v1alpha1/zz_generated.deepcopy.go +++ b/apis/password/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/password/v1alpha1/zz_generated.managed.go b/apis/password/v1alpha1/zz_generated.managed.go index a29e31ba..4bca39f2 100644 --- a/apis/password/v1alpha1/zz_generated.managed.go +++ b/apis/password/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Policy) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Policy. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Policy) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Policy. func (mg *Policy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Policy) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Policy. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Policy) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Policy. func (mg *Policy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/pki/v1alpha1/zz_generated.deepcopy.go b/apis/pki/v1alpha1/zz_generated.deepcopy.go index a2e2b165..6d1f36d6 100644 --- a/apis/pki/v1alpha1/zz_generated.deepcopy.go +++ b/apis/pki/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/pki/v1alpha1/zz_generated.managed.go b/apis/pki/v1alpha1/zz_generated.managed.go index b3b8be72..ef8f5139 100644 --- a/apis/pki/v1alpha1/zz_generated.managed.go +++ b/apis/pki/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackendCert) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendCert. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendCert) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendCert. func (mg *SecretBackendCert) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackendCert) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendCert. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendCert) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendCert. func (mg *SecretBackendCert) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretBackendConfigCA) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendConfigCA. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendConfigCA) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendConfigCA. func (mg *SecretBackendConfigCA) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretBackendConfigCA) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendConfigCA. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendConfigCA) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendConfigCA. func (mg *SecretBackendConfigCA) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *SecretBackendConfigUrls) GetProviderConfigReference() *xpv1.Reference return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendConfigUrls. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendConfigUrls) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendConfigUrls. func (mg *SecretBackendConfigUrls) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *SecretBackendConfigUrls) SetProviderConfigReference(r *xpv1.Reference) mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendConfigUrls. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendConfigUrls) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendConfigUrls. func (mg *SecretBackendConfigUrls) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *SecretBackendCrlConfig) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendCrlConfig. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendCrlConfig) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendCrlConfig. func (mg *SecretBackendCrlConfig) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *SecretBackendCrlConfig) SetProviderConfigReference(r *xpv1.Reference) mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendCrlConfig. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendCrlConfig) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendCrlConfig. func (mg *SecretBackendCrlConfig) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -331,14 +267,6 @@ func (mg *SecretBackendIntermediateCertRequest) GetProviderConfigReference() *xp return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendIntermediateCertRequest. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendIntermediateCertRequest) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendIntermediateCertRequest. func (mg *SecretBackendIntermediateCertRequest) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -369,14 +297,6 @@ func (mg *SecretBackendIntermediateCertRequest) SetProviderConfigReference(r *xp mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendIntermediateCertRequest. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendIntermediateCertRequest) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendIntermediateCertRequest. func (mg *SecretBackendIntermediateCertRequest) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -407,14 +327,6 @@ func (mg *SecretBackendIntermediateSetSigned) GetProviderConfigReference() *xpv1 return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendIntermediateSetSigned. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendIntermediateSetSigned) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendIntermediateSetSigned. func (mg *SecretBackendIntermediateSetSigned) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -445,14 +357,6 @@ func (mg *SecretBackendIntermediateSetSigned) SetProviderConfigReference(r *xpv1 mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendIntermediateSetSigned. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendIntermediateSetSigned) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendIntermediateSetSigned. func (mg *SecretBackendIntermediateSetSigned) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -483,14 +387,6 @@ func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -521,14 +417,6 @@ func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -559,14 +447,6 @@ func (mg *SecretBackendRootCert) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRootCert. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRootCert) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRootCert. func (mg *SecretBackendRootCert) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -597,14 +477,6 @@ func (mg *SecretBackendRootCert) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRootCert. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRootCert) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRootCert. func (mg *SecretBackendRootCert) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -635,14 +507,6 @@ func (mg *SecretBackendRootSignIntermediate) GetProviderConfigReference() *xpv1. return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRootSignIntermediate. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRootSignIntermediate) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRootSignIntermediate. func (mg *SecretBackendRootSignIntermediate) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -673,14 +537,6 @@ func (mg *SecretBackendRootSignIntermediate) SetProviderConfigReference(r *xpv1. mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRootSignIntermediate. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRootSignIntermediate) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRootSignIntermediate. func (mg *SecretBackendRootSignIntermediate) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -711,14 +567,6 @@ func (mg *SecretBackendSign) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendSign. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendSign) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendSign. func (mg *SecretBackendSign) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -749,14 +597,6 @@ func (mg *SecretBackendSign) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendSign. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendSign) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendSign. func (mg *SecretBackendSign) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/quota/v1alpha1/zz_generated.deepcopy.go b/apis/quota/v1alpha1/zz_generated.deepcopy.go index 9acce5f3..491deef4 100644 --- a/apis/quota/v1alpha1/zz_generated.deepcopy.go +++ b/apis/quota/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/quota/v1alpha1/zz_generated.managed.go b/apis/quota/v1alpha1/zz_generated.managed.go index d84dfeba..60e328a1 100644 --- a/apis/quota/v1alpha1/zz_generated.managed.go +++ b/apis/quota/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *LeaseCount) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this LeaseCount. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *LeaseCount) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this LeaseCount. func (mg *LeaseCount) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *LeaseCount) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this LeaseCount. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *LeaseCount) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this LeaseCount. func (mg *LeaseCount) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *RateLimit) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this RateLimit. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *RateLimit) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this RateLimit. func (mg *RateLimit) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *RateLimit) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this RateLimit. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *RateLimit) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this RateLimit. func (mg *RateLimit) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/rabbitmq/v1alpha1/zz_generated.deepcopy.go b/apis/rabbitmq/v1alpha1/zz_generated.deepcopy.go index 46aea536..b0cfa7ca 100644 --- a/apis/rabbitmq/v1alpha1/zz_generated.deepcopy.go +++ b/apis/rabbitmq/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/rabbitmq/v1alpha1/zz_generated.managed.go b/apis/rabbitmq/v1alpha1/zz_generated.managed.go index d73589a2..c96d3bed 100644 --- a/apis/rabbitmq/v1alpha1/zz_generated.managed.go +++ b/apis/rabbitmq/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackend. func (mg *SecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/raft/v1alpha1/zz_generated.deepcopy.go b/apis/raft/v1alpha1/zz_generated.deepcopy.go index aab9d1a3..dc4e4abd 100644 --- a/apis/raft/v1alpha1/zz_generated.deepcopy.go +++ b/apis/raft/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/raft/v1alpha1/zz_generated.managed.go b/apis/raft/v1alpha1/zz_generated.managed.go index 287cbcd7..bd3df73f 100644 --- a/apis/raft/v1alpha1/zz_generated.managed.go +++ b/apis/raft/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Autopilot) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Autopilot. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Autopilot) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Autopilot. func (mg *Autopilot) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Autopilot) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Autopilot. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Autopilot) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Autopilot. func (mg *Autopilot) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SnapshotAgentConfig) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SnapshotAgentConfig. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SnapshotAgentConfig) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SnapshotAgentConfig. func (mg *SnapshotAgentConfig) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SnapshotAgentConfig) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SnapshotAgentConfig. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SnapshotAgentConfig) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SnapshotAgentConfig. func (mg *SnapshotAgentConfig) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/rgp/v1alpha1/zz_generated.deepcopy.go b/apis/rgp/v1alpha1/zz_generated.deepcopy.go index eb3f7c03..59d05b41 100644 --- a/apis/rgp/v1alpha1/zz_generated.deepcopy.go +++ b/apis/rgp/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/rgp/v1alpha1/zz_generated.managed.go b/apis/rgp/v1alpha1/zz_generated.managed.go index a29e31ba..4bca39f2 100644 --- a/apis/rgp/v1alpha1/zz_generated.managed.go +++ b/apis/rgp/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Policy) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Policy. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Policy) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Policy. func (mg *Policy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Policy) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Policy. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Policy) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Policy. func (mg *Policy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/ssh/v1alpha1/zz_generated.deepcopy.go b/apis/ssh/v1alpha1/zz_generated.deepcopy.go index da88a3e9..4ccf9280 100644 --- a/apis/ssh/v1alpha1/zz_generated.deepcopy.go +++ b/apis/ssh/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -411,7 +410,8 @@ func (in *SecretBackendRoleInitParameters) DeepCopyInto(out *SecretBackendRoleIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(float64) **out = **in } @@ -446,7 +446,8 @@ func (in *SecretBackendRoleInitParameters) DeepCopyInto(out *SecretBackendRoleIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -461,7 +462,8 @@ func (in *SecretBackendRoleInitParameters) DeepCopyInto(out *SecretBackendRoleIn if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -625,7 +627,8 @@ func (in *SecretBackendRoleObservation) DeepCopyInto(out *SecretBackendRoleObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(float64) **out = **in } @@ -660,7 +663,8 @@ func (in *SecretBackendRoleObservation) DeepCopyInto(out *SecretBackendRoleObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -675,7 +679,8 @@ func (in *SecretBackendRoleObservation) DeepCopyInto(out *SecretBackendRoleObser if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -812,7 +817,8 @@ func (in *SecretBackendRoleParameters) DeepCopyInto(out *SecretBackendRoleParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(float64) **out = **in } @@ -847,7 +853,8 @@ func (in *SecretBackendRoleParameters) DeepCopyInto(out *SecretBackendRoleParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -862,7 +869,8 @@ func (in *SecretBackendRoleParameters) DeepCopyInto(out *SecretBackendRoleParame if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/ssh/v1alpha1/zz_generated.managed.go b/apis/ssh/v1alpha1/zz_generated.managed.go index b47698da..5e804e7c 100644 --- a/apis/ssh/v1alpha1/zz_generated.managed.go +++ b/apis/ssh/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackendCA) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendCA. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendCA) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendCA. func (mg *SecretBackendCA) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackendCA) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendCA. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendCA) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendCA. func (mg *SecretBackendCA) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *SecretBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *SecretBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendRole. func (mg *SecretBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/terraform/v1alpha1/zz_generated.deepcopy.go b/apis/terraform/v1alpha1/zz_generated.deepcopy.go index 7dbf8efe..e96a8efe 100644 --- a/apis/terraform/v1alpha1/zz_generated.deepcopy.go +++ b/apis/terraform/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/terraform/v1alpha1/zz_generated.managed.go b/apis/terraform/v1alpha1/zz_generated.managed.go index 7d8e2ab2..1e20893f 100644 --- a/apis/terraform/v1alpha1/zz_generated.managed.go +++ b/apis/terraform/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *CloudSecretBackend) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this CloudSecretBackend. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *CloudSecretBackend) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this CloudSecretBackend. func (mg *CloudSecretBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *CloudSecretBackend) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this CloudSecretBackend. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *CloudSecretBackend) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this CloudSecretBackend. func (mg *CloudSecretBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *CloudSecretCreds) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this CloudSecretCreds. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *CloudSecretCreds) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this CloudSecretCreds. func (mg *CloudSecretCreds) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *CloudSecretCreds) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this CloudSecretCreds. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *CloudSecretCreds) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this CloudSecretCreds. func (mg *CloudSecretCreds) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *CloudSecretRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this CloudSecretRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *CloudSecretRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this CloudSecretRole. func (mg *CloudSecretRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *CloudSecretRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this CloudSecretRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *CloudSecretRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this CloudSecretRole. func (mg *CloudSecretRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/token/v1alpha1/zz_generated.deepcopy.go b/apis/token/v1alpha1/zz_generated.deepcopy.go index 2704388b..d5cd407e 100644 --- a/apis/token/v1alpha1/zz_generated.deepcopy.go +++ b/apis/token/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/token/v1alpha1/zz_generated.managed.go b/apis/token/v1alpha1/zz_generated.managed.go index 836c358b..e2e30b5e 100644 --- a/apis/token/v1alpha1/zz_generated.managed.go +++ b/apis/token/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this AuthBackendRole. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this AuthBackendRole. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this AuthBackendRole. func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/transform/v1alpha1/zz_generated.deepcopy.go b/apis/transform/v1alpha1/zz_generated.deepcopy.go index 3950a775..e83bcabf 100644 --- a/apis/transform/v1alpha1/zz_generated.deepcopy.go +++ b/apis/transform/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -482,7 +481,8 @@ func (in *TemplateInitParameters) DeepCopyInto(out *TemplateInitParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -579,7 +579,8 @@ func (in *TemplateObservation) DeepCopyInto(out *TemplateObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -649,7 +650,8 @@ func (in *TemplateParameters) DeepCopyInto(out *TemplateParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/transform/v1alpha1/zz_generated.managed.go b/apis/transform/v1alpha1/zz_generated.managed.go index fc7369b7..6661bde0 100644 --- a/apis/transform/v1alpha1/zz_generated.managed.go +++ b/apis/transform/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Alphabet) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Alphabet. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Alphabet) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Alphabet. func (mg *Alphabet) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Alphabet) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Alphabet. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Alphabet) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Alphabet. func (mg *Alphabet) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *Role) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Role. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Role) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Role. func (mg *Role) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *Role) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Role. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Role) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Role. func (mg *Role) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *Template) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Template. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Template) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Template. func (mg *Template) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *Template) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Template. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Template) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Template. func (mg *Template) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *Transformation) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Transformation. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Transformation) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Transformation. func (mg *Transformation) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *Transformation) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Transformation. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Transformation) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Transformation. func (mg *Transformation) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/transit/v1alpha1/zz_generated.deepcopy.go b/apis/transit/v1alpha1/zz_generated.deepcopy.go index b3925ed3..a03bc69f 100644 --- a/apis/transit/v1alpha1/zz_generated.deepcopy.go +++ b/apis/transit/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -222,7 +221,8 @@ func (in *SecretBackendKeyObservation) DeepCopyInto(out *SecretBackendKeyObserva if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/transit/v1alpha1/zz_generated.managed.go b/apis/transit/v1alpha1/zz_generated.managed.go index 82c6ccad..f86b4cb9 100644 --- a/apis/transit/v1alpha1/zz_generated.managed.go +++ b/apis/transit/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *SecretBackendKey) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this SecretBackendKey. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *SecretBackendKey) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this SecretBackendKey. func (mg *SecretBackendKey) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *SecretBackendKey) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this SecretBackendKey. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *SecretBackendKey) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this SecretBackendKey. func (mg *SecretBackendKey) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index 9d284bac..86f2d294 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/v1beta1/zz_generated.deepcopy.go b/apis/v1beta1/zz_generated.deepcopy.go index 8814f54a..5a168606 100644 --- a/apis/v1beta1/zz_generated.deepcopy.go +++ b/apis/v1beta1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. diff --git a/apis/vault/v1alpha1/zz_generated.deepcopy.go b/apis/vault/v1alpha1/zz_generated.deepcopy.go index 82ee91e9..80701fc1 100644 --- a/apis/vault/v1alpha1/zz_generated.deepcopy.go +++ b/apis/vault/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2022 Upbound Inc. @@ -66,7 +65,8 @@ func (in *AuditInitParameters) DeepCopyInto(out *AuditInitParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -158,7 +158,8 @@ func (in *AuditObservation) DeepCopyInto(out *AuditObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -213,7 +214,8 @@ func (in *AuditParameters) DeepCopyInto(out *AuditParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -378,7 +380,8 @@ func (in *MountInitParameters) DeepCopyInto(out *MountInitParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -528,7 +531,8 @@ func (in *MountObservation) DeepCopyInto(out *MountObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -636,7 +640,8 @@ func (in *MountParameters) DeepCopyInto(out *MountParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -743,7 +748,8 @@ func (in *NamespaceInitParameters) DeepCopyInto(out *NamespaceInitParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -820,7 +826,8 @@ func (in *NamespaceObservation) DeepCopyInto(out *NamespaceObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -875,7 +882,8 @@ func (in *NamespaceParameters) DeepCopyInto(out *NamespaceParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1181,7 +1189,8 @@ func (in *TokenInitParameters) DeepCopyInto(out *TokenInitParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1334,7 +1343,8 @@ func (in *TokenObservation) DeepCopyInto(out *TokenObservation) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } @@ -1440,7 +1450,8 @@ func (in *TokenParameters) DeepCopyInto(out *TokenParameters) { if val == nil { (*out)[key] = nil } else { - in, out := &val, &outVal + inVal := (*in)[key] + in, out := &inVal, &outVal *out = new(string) **out = **in } diff --git a/apis/vault/v1alpha1/zz_generated.managed.go b/apis/vault/v1alpha1/zz_generated.managed.go index 5f156001..46d850bc 100644 --- a/apis/vault/v1alpha1/zz_generated.managed.go +++ b/apis/vault/v1alpha1/zz_generated.managed.go @@ -27,14 +27,6 @@ func (mg *Audit) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Audit. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Audit) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Audit. func (mg *Audit) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -65,14 +57,6 @@ func (mg *Audit) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Audit. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Audit) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Audit. func (mg *Audit) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -103,14 +87,6 @@ func (mg *Mount) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Mount. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Mount) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Mount. func (mg *Mount) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -141,14 +117,6 @@ func (mg *Mount) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Mount. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Mount) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Mount. func (mg *Mount) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -179,14 +147,6 @@ func (mg *Namespace) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Namespace. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Namespace) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Namespace. func (mg *Namespace) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -217,14 +177,6 @@ func (mg *Namespace) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Namespace. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Namespace) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Namespace. func (mg *Namespace) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -255,14 +207,6 @@ func (mg *Policy) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Policy. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Policy) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Policy. func (mg *Policy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -293,14 +237,6 @@ func (mg *Policy) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Policy. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Policy) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Policy. func (mg *Policy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r @@ -331,14 +267,6 @@ func (mg *Token) GetProviderConfigReference() *xpv1.Reference { return mg.Spec.ProviderConfigReference } -/* -GetProviderReference of this Token. -Deprecated: Use GetProviderConfigReference. -*/ -func (mg *Token) GetProviderReference() *xpv1.Reference { - return mg.Spec.ProviderReference -} - // GetPublishConnectionDetailsTo of this Token. func (mg *Token) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo { return mg.Spec.PublishConnectionDetailsTo @@ -369,14 +297,6 @@ func (mg *Token) SetProviderConfigReference(r *xpv1.Reference) { mg.Spec.ProviderConfigReference = r } -/* -SetProviderReference of this Token. -Deprecated: Use SetProviderConfigReference. -*/ -func (mg *Token) SetProviderReference(r *xpv1.Reference) { - mg.Spec.ProviderReference = r -} - // SetPublishConnectionDetailsTo of this Token. func (mg *Token) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo) { mg.Spec.PublishConnectionDetailsTo = r diff --git a/cmd/provider/main.go b/cmd/provider/main.go index 7ce76cec..087539fe 100644 --- a/cmd/provider/main.go +++ b/cmd/provider/main.go @@ -25,6 +25,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/leaderelection/resourcelock" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/log/zap" "github.com/upbound/provider-vault/apis" @@ -70,9 +71,10 @@ func main() { kingpin.FatalIfError(err, "Cannot get API server rest config") mgr, err := ctrl.NewManager(cfg, ctrl.Options{ + Cache: cache.Options{SyncPeriod: syncPeriod}, + LeaderElection: *leaderElection, LeaderElectionID: "crossplane-leader-election-provider-vault", - SyncPeriod: syncPeriod, LeaderElectionResourceLock: resourcelock.LeasesResourceLock, LeaseDuration: func() *time.Duration { d := 60 * time.Second; return &d }(), RenewDeadline: func() *time.Duration { d := 50 * time.Second; return &d }(), diff --git a/config/schema.json b/config/schema.json index 23b07562..0482768b 100644 --- a/config/schema.json +++ b/config/schema.json @@ -1 +1 @@ -{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/vault":{"provider":{"version":0,"block":{"attributes":{"add_address_to_env":{"type":"string","description":"If true, adds the value of the `address` argument to the Terraform process environment.","description_kind":"plain","optional":true},"address":{"type":"string","description":"URL of the root of the target Vault server.","description_kind":"plain","required":true},"ca_cert_dir":{"type":"string","description":"Path to directory containing CA certificate files to validate the server's certificate.","description_kind":"plain","optional":true},"ca_cert_file":{"type":"string","description":"Path to a CA certificate file to validate the server's certificate.","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum TTL for secret leases requested by this provider.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"Maximum number of retries when a 5xx error code is encountered.","description_kind":"plain","optional":true},"max_retries_ccc":{"type":"number","description":"Maximum number of retries for Client Controlled Consistency related operations","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The namespace to use. Available only for Vault Enterprise.","description_kind":"plain","optional":true},"set_namespace_from_token":{"type":"bool","description":"In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.","description_kind":"plain","optional":true},"skip_child_token":{"type":"bool","description":"Set this to true to prevent the creation of ephemeral child token used by this provider.","description_kind":"plain","optional":true},"skip_get_vault_version":{"type":"bool","description":"Skip the dynamic fetching of the Vault server version.","description_kind":"plain","optional":true},"skip_tls_verify":{"type":"bool","description":"Set this to true only if the target Vault server is an insecure development instance.","description_kind":"plain","optional":true},"tls_server_name":{"type":"string","description":"Name to use as the SNI host when connecting via TLS.","description_kind":"plain","optional":true},"token":{"type":"string","description":"Token to use to authenticate to Vault.","description_kind":"plain","optional":true},"token_name":{"type":"string","description":"Token name to use for creating the Vault child token.","description_kind":"plain","optional":true},"vault_version_override":{"type":"string","description":"Override the Vault server version, which is normally determined dynamically from the target Vault server","description_kind":"plain","optional":true}},"block_types":{"auth_login":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description_kind":"plain","optional":true,"sensitive":true},"path":{"type":"string","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault with an existing auth method using auth/\u003cmount\u003e/login","description_kind":"plain"},"max_items":1},"auth_login_aws":{"nesting_mode":"list","block":{"attributes":{"aws_access_key_id":{"type":"string","description":"The AWS access key ID.","description_kind":"plain","optional":true},"aws_iam_endpoint":{"type":"string","description":"The IAM endpoint URL.","description_kind":"plain","optional":true},"aws_profile":{"type":"string","description":"The name of the AWS profile.","description_kind":"plain","optional":true},"aws_region":{"type":"string","description":"The AWS region.","description_kind":"plain","optional":true},"aws_role_arn":{"type":"string","description":"The ARN of the AWS Role to assume.Used during STS AssumeRole","description_kind":"plain","optional":true},"aws_role_session_name":{"type":"string","description":"Specifies the name to attach to the AWS role session. Used during STS AssumeRole","description_kind":"plain","optional":true},"aws_secret_access_key":{"type":"string","description":"The AWS secret access key.","description_kind":"plain","optional":true},"aws_session_token":{"type":"string","description":"The AWS session token.","description_kind":"plain","optional":true},"aws_shared_credentials_file":{"type":"string","description":"Path to the AWS shared credentials file.","description_kind":"plain","optional":true},"aws_sts_endpoint":{"type":"string","description":"The STS endpoint URL.","description_kind":"plain","optional":true},"aws_web_identity_token_file":{"type":"string","description":"Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The Vault header value to include in the STS signing request.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"The Vault role to use when logging into Vault.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the AWS method","description_kind":"plain"},"max_items":1},"auth_login_azure":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The identity's client ID.","description_kind":"plain","optional":true},"jwt":{"type":"string","description":"A signed JSON Web Token. If not specified on will be created automatically","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"resource_group_name":{"type":"string","description":"The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.","description_kind":"plain","required":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"scope":{"type":"string","description":"The scopes to include in the token request.","description_kind":"plain","optional":true},"subscription_id":{"type":"string","description":"The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"Provides the tenant ID to use in a multi-tenant authentication scenario.","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true},"vm_name":{"type":"string","description":"The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.","description_kind":"plain","optional":true},"vmss_name":{"type":"string","description":"The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.","description_kind":"plain","optional":true}},"description":"Login to vault using the azure method","description_kind":"plain"},"max_items":1},"auth_login_cert":{"nesting_mode":"list","block":{"attributes":{"cert_file":{"type":"string","description":"Path to a file containing the client certificate.","description_kind":"plain","required":true},"key_file":{"type":"string","description":"Path to a file containing the private key that the certificate was issued for.","description_kind":"plain","required":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the certificate's role","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the cert method","description_kind":"plain"},"max_items":1},"auth_login_gcp":{"nesting_mode":"list","block":{"attributes":{"credentials":{"type":"string","description":"Path to the Google Cloud credentials file.","description_kind":"plain","optional":true},"jwt":{"type":"string","description":"A signed JSON Web Token.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"IAM service account.","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the gcp method","description_kind":"plain"},"max_items":1},"auth_login_jwt":{"nesting_mode":"list","block":{"attributes":{"jwt":{"type":"string","description":"A signed JSON Web Token.","description_kind":"plain","required":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the jwt method","description_kind":"plain"},"max_items":1},"auth_login_kerberos":{"nesting_mode":"list","block":{"attributes":{"disable_fast_negotiation":{"type":"bool","description":"Disable the Kerberos FAST negotiation.","description_kind":"plain","optional":true},"keytab_path":{"type":"string","description":"The Kerberos keytab file containing the entry of the login entity.","description_kind":"plain","optional":true},"krb5conf_path":{"type":"string","description":"A valid Kerberos configuration file e.g. /etc/krb5.conf.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"realm":{"type":"string","description":"The Kerberos server's authoritative authentication domain","description_kind":"plain","optional":true},"remove_instance_name":{"type":"bool","description":"Strip the host from the username found in the keytab.","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service principle name.","description_kind":"plain","optional":true},"token":{"type":"string","description":"Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to login into Kerberos with.","description_kind":"plain","optional":true}},"description":"Login to vault using the kerberos method","description_kind":"plain"},"max_items":1},"auth_login_oci":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Authentication type to use when getting OCI credentials.","description_kind":"plain","required":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the OCI method","description_kind":"plain"},"max_items":1},"auth_login_oidc":{"nesting_mode":"list","block":{"attributes":{"callback_address":{"type":"string","description":"The callback address. Must be a valid URI without the path.","description_kind":"plain","optional":true},"callback_listener_address":{"type":"string","description":"The callback listener's address. Must be a valid URI without the path.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the oidc method","description_kind":"plain"},"max_items":1},"auth_login_radius":{"nesting_mode":"list","block":{"attributes":{"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"password":{"type":"string","description":"The Radius password for username.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true},"username":{"type":"string","description":"The Radius username.","description_kind":"plain","required":true}},"description":"Login to vault using the radius method","description_kind":"plain"},"max_items":1},"auth_login_token_file":{"nesting_mode":"list","block":{"attributes":{"filename":{"type":"string","description":"The name of a file containing a single line that is a valid Vault token","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using ","description_kind":"plain"},"max_items":1},"auth_login_userpass":{"nesting_mode":"list","block":{"attributes":{"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"password":{"type":"string","description":"Login with password","description_kind":"plain","optional":true},"password_file":{"type":"string","description":"Login with password from a file","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true},"username":{"type":"string","description":"Login with username","description_kind":"plain","required":true}},"description":"Login to vault using the userpass method","description_kind":"plain"},"max_items":1},"client_auth":{"nesting_mode":"list","block":{"attributes":{"cert_file":{"type":"string","description":"Path to a file containing the client certificate.","description_kind":"plain","optional":true},"key_file":{"type":"string","description":"Path to a file containing the private key that the certificate was issued for.","description_kind":"plain","optional":true}},"description":"Client authentication credentials.","description_kind":"plain","deprecated":true},"max_items":1},"headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header value","description_kind":"plain","required":true}},"description":"The headers to send with each Vault request.","description_kind":"plain"}}},"description_kind":"plain"}},"resource_schemas":{"vault_ad_secret_backend":{"version":1,"block":{"attributes":{"anonymous_group_search":{"type":"bool","description":"Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The mount path for a backend, for example, the path given in \"$ vault auth enable -path=my-ad ad\".","description_kind":"plain","optional":true},"binddn":{"type":"string","description":"Distinguished name of object to bind when performing user and group search.","description_kind":"plain","required":true},"bindpass":{"type":"string","description":"LDAP password for searching for the user DN.","description_kind":"plain","required":true,"sensitive":true},"case_sensitive_names":{"type":"bool","description":"If true, case sensitivity will be used when comparing usernames and groups for matching policies.","description_kind":"plain","optional":true},"certificate":{"type":"string","description":"CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.","description_kind":"plain","optional":true},"client_tls_cert":{"type":"string","description":"Client certificate to provide to the LDAP server, must be x509 PEM encoded.","description_kind":"plain","optional":true,"sensitive":true},"client_tls_key":{"type":"string","description":"Client certificate key to provide to the LDAP server, must be x509 PEM encoded.","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"deny_null_bind":{"type":"bool","description":"Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"discoverdn":{"type":"bool","description":"Use anonymous bind to discover the bind DN of a user.","description_kind":"plain","optional":true},"formatter":{"type":"string","description":"Text to insert the password into, ex. \"customPrefix{{PASSWORD}}customSuffix\".","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"groupattr":{"type":"string","description":"LDAP attribute to follow on objects returned by \u003cgroupfilter\u003e in order to enumerate user group membership. Examples: \"cn\" or \"memberOf\", etc. Default: cn","description_kind":"plain","optional":true},"groupdn":{"type":"string","description":"LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)","description_kind":"plain","optional":true},"groupfilter":{"type":"string","description":"Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (\u0026(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"insecure_tls":{"type":"bool","description":"Skip LDAP server SSL Certificate verification - insecure and not recommended for production use.","description_kind":"plain","optional":true},"last_rotation_tolerance":{"type":"number","description":"The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band.","description_kind":"plain","optional":true,"computed":true},"length":{"type":"number","description":"The desired length of passwords that Vault generates.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"local":{"type":"bool","description":"Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"In seconds, the maximum password time-to-live.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password_policy":{"type":"string","description":"Name of the password policy to use to generate passwords.","description_kind":"plain","optional":true},"request_timeout":{"type":"number","description":"Timeout, in seconds, for the connection when making requests against the server before returning back an error.","description_kind":"plain","optional":true},"starttls":{"type":"bool","description":"Issue a StartTLS command after establishing unencrypted connection.","description_kind":"plain","optional":true,"computed":true},"tls_max_version":{"type":"string","description":"Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'","description_kind":"plain","optional":true,"computed":true},"tls_min_version":{"type":"string","description":"Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'","description_kind":"plain","optional":true,"computed":true},"ttl":{"type":"number","description":"In seconds, the default password time-to-live.","description_kind":"plain","optional":true,"computed":true},"upndomain":{"type":"string","description":"Enables userPrincipalDomain login with [username]@UPNDomain.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.","description_kind":"plain","optional":true},"use_pre111_group_cn_behavior":{"type":"bool","description":"In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.","description_kind":"plain","optional":true,"computed":true},"use_token_groups":{"type":"bool","description":"If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.","description_kind":"plain","optional":true},"userattr":{"type":"string","description":"Attribute used for users (default: cn)","description_kind":"plain","optional":true},"userdn":{"type":"string","description":"LDAP domain to use for users (eg: ou=People,dc=example,dc=org)","description_kind":"plain","optional":true}},"description_kind":"plain","deprecated":true}},"vault_ad_secret_library":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The mount path for the AD backend.","description_kind":"plain","required":true},"disable_check_in_enforcement":{"type":"bool","description":"Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"The maximum amount of time, in seconds, a check-out last with renewal before Vault automatically checks it back in.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the set of service accounts.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"service_account_names":{"type":["list","string"],"description":"The names of all the service accounts that can be checked out from this set. These service accounts must already exist in Active Directory.","description_kind":"plain","required":true},"ttl":{"type":"number","description":"The amount of time, in seconds, a single check-out lasts before Vault automatically checks it back in.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain","deprecated":true}},"vault_ad_secret_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The mount path for the AD backend.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_vault_rotation":{"type":"string","description":"Last time Vault rotated this service account's password.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password_last_set":{"type":"string","description":"Last time Vault set this service account's password.","description_kind":"plain","computed":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"service_account_name":{"type":"string","description":"The username/logon name for the service account with which this role will be associated.","description_kind":"plain","required":true},"ttl":{"type":"number","description":"In seconds, the default password time-to-live.","description_kind":"plain","optional":true}},"description_kind":"plain","deprecated":true}},"vault_alicloud_auth_backend_role":{"version":0,"block":{"attributes":{"arn":{"type":"string","description":"The role's arn.","description_kind":"plain","required":true},"backend":{"type":"string","description":"Auth backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role. Must correspond with the name of the role reflected in the arn.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_approle_auth_backend_login":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor for the token.","description_kind":"plain","computed":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"client_token":{"type":"string","description":"The token.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"How long the token is valid for.","description_kind":"plain","computed":true},"lease_started":{"type":"string","description":"The timestamp the lease started on, as determined by the machine running Terraform.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata associated with the token.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"Policies set on the token.","description_kind":"plain","computed":true},"renewable":{"type":"bool","description":"Whether the token is renewable or not.","description_kind":"plain","computed":true},"role_id":{"type":"string","description":"The RoleID to log in with.","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The SecretID to log in with.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_approle_auth_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bind_secret_id":{"type":"bool","description":"Whether or not to require secret_id to be present when logging in using this AppRole.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_id":{"type":"string","description":"The RoleID of the role. Autogenerated if not set.","description_kind":"plain","optional":true,"computed":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"secret_id_bound_cidrs":{"type":["set","string"],"description":"List of CIDR blocks that can log in using the AppRole.","description_kind":"plain","optional":true},"secret_id_num_uses":{"type":"number","description":"Number of times which a particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. Leaving this unset or setting it to 0 will allow unlimited uses.","description_kind":"plain","optional":true},"secret_id_ttl":{"type":"number","description":"Number of seconds a SecretID remains valid for.","description_kind":"plain","optional":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_approle_auth_backend_role_secret_id":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"The unique ID used to access this SecretID.","description_kind":"plain","computed":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"cidr_list":{"type":["set","string"],"description":"List of CIDR blocks that can log in using the SecretID.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":"string","description":"JSON-encoded secret data to write.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The SecretID to be managed. If not specified, Vault auto-generates one.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"with_wrapped_accessor":{"type":"bool","description":"Use the wrapped secret-id accessor as the id of this resource. If false, a fresh secret-id will be regenerated whenever the wrapping token is expired or invalidated through unwrapping.","description_kind":"plain","optional":true},"wrapping_accessor":{"type":"string","description":"The wrapped SecretID accessor.","description_kind":"plain","computed":true},"wrapping_token":{"type":"string","description":"The wrapped SecretID token.","description_kind":"plain","computed":true,"sensitive":true},"wrapping_ttl":{"type":"string","description":"The TTL duration of the wrapped SecretID.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_audit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human-friendly description of the audit device.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the audit device is a local only. Local audit devices are not replicated nor (if a secondary) removed by replication.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Configuration options to pass to the audit device itself.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path in which to enable the audit device.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of the audit device, such as 'file'.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_audit_request_header":{"version":0,"block":{"attributes":{"hmac":{"type":"bool","description":"Whether this header's value should be HMAC'd in the audit logs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the request header to audit.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the auth backend","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the auth backend","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"path to mount the backend. This defaults to the type.","description_kind":"plain","optional":true,"computed":true},"tune":{"type":["set",["object",{"allowed_response_headers":["list","string"],"audit_non_hmac_request_keys":["list","string"],"audit_non_hmac_response_keys":["list","string"],"default_lease_ttl":"string","listing_visibility":"string","max_lease_ttl":"string","passthrough_request_headers":["list","string"],"token_type":"string"}]],"description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Name of the auth backend","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_aws_auth_backend_cert":{"version":0,"block":{"attributes":{"aws_public_cert":{"type":"string","description":"Base64 encoded AWS Public key required to verify PKCS7 signature of the EC2 instance metadata.","description_kind":"plain","required":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"cert_name":{"type":"string","description":"Name of the certificate to configure.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of document that can be verified using the certificate. Must be either \"pkcs7\" or \"identity\".","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_client":{"version":0,"block":{"attributes":{"access_key":{"type":"string","description":"AWS Access key with permissions to query AWS APIs.","description_kind":"plain","optional":true,"sensitive":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"ec2_endpoint":{"type":"string","description":"URL to override the default generated endpoint for making AWS EC2 API calls.","description_kind":"plain","optional":true},"iam_endpoint":{"type":"string","description":"URL to override the default generated endpoint for making AWS IAM API calls.","description_kind":"plain","optional":true},"iam_server_id_header_value":{"type":"string","description":"The value to require in the X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests that are used in the iam auth method.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"AWS Secret key with permissions to query AWS APIs.","description_kind":"plain","optional":true,"sensitive":true},"sts_endpoint":{"type":"string","description":"URL to override the default generated endpoint for making AWS STS API calls.","description_kind":"plain","optional":true},"sts_region":{"type":"string","description":"Region to override the default region for making AWS STS API calls.","description_kind":"plain","optional":true},"use_sts_region_from_client":{"type":"bool","description":"If set, will override sts_region and use the region from the client request's header","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_aws_auth_backend_config_identity":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"ec2_alias":{"type":"string","description":"Configures how to generate the identity alias when using the ec2 auth method.","description_kind":"plain","optional":true},"ec2_metadata":{"type":["set","string"],"description":"The metadata to include on the token returned by the login endpoint.","description_kind":"plain","optional":true},"iam_alias":{"type":"string","description":"How to generate the identity alias when using the iam auth method.","description_kind":"plain","optional":true},"iam_metadata":{"type":["set","string"],"description":"The metadata to include on the token returned by the login endpoint.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_identity_whitelist":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"disable_periodic_tidy":{"type":"bool","description":"If true, disables the periodic tidying of the identiy whitelist entries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"safety_buffer":{"type":"number","description":"The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_login":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor returned from Vault for this token.","description_kind":"plain","computed":true},"auth_type":{"type":"string","description":"The auth method used to generate this token.","description_kind":"plain","computed":true},"backend":{"type":"string","description":"AWS Auth Backend to read the token from.","description_kind":"plain","optional":true},"client_token":{"type":"string","description":"The token returned by Vault.","description_kind":"plain","computed":true,"sensitive":true},"iam_http_request_method":{"type":"string","description":"The HTTP method used in the signed request.","description_kind":"plain","optional":true},"iam_request_body":{"type":"string","description":"The Base64-encoded body of the signed request.","description_kind":"plain","optional":true},"iam_request_headers":{"type":"string","description":"The Base64-encoded, JSON serialized representation of the sts:GetCallerIdentity HTTP request headers.","description_kind":"plain","optional":true},"iam_request_url":{"type":"string","description":"The Base64-encoded HTTP URL used in the signed request.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity":{"type":"string","description":"Base64-encoded EC2 instance identity document to authenticate with.","description_kind":"plain","optional":true},"lease_duration":{"type":"number","description":"Lease duration in seconds relative to the time in lease_start_time.","description_kind":"plain","computed":true},"lease_start_time":{"type":"string","description":"Time at which the lease was read, using the clock of the system where Terraform was running","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"The metadata reported by the Vault server.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"nonce":{"type":"string","description":"The nonce to be used for subsequent login requests.","description_kind":"plain","optional":true,"computed":true},"pkcs7":{"type":"string","description":"PKCS7 signature of the identity document to authenticate with, with all newline characters removed.","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"The policies assigned to this token.","description_kind":"plain","computed":true},"renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"role":{"type":"string","description":"AWS Auth Role to read the token from.","description_kind":"plain","optional":true,"computed":true},"signature":{"type":"string","description":"Base64-encoded SHA256 RSA signature of the instance identtiy document to authenticate with.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_role":{"version":0,"block":{"attributes":{"allow_instance_migration":{"type":"bool","description":"When true, allows migration of the underlying instance where the client resides. Use with caution.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"The auth type permitted for this role.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bound_account_ids":{"type":["set","string"],"description":"Only EC2 instances with this account ID in their identity document will be permitted to log in.","description_kind":"plain","optional":true},"bound_ami_ids":{"type":["set","string"],"description":"Only EC2 instances using this AMI ID will be permitted to log in.","description_kind":"plain","optional":true},"bound_ec2_instance_ids":{"type":["set","string"],"description":"Only EC2 instances that match this instance ID will be permitted to log in.","description_kind":"plain","optional":true},"bound_iam_instance_profile_arns":{"type":["set","string"],"description":"Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in.","description_kind":"plain","optional":true},"bound_iam_principal_arns":{"type":["set","string"],"description":"The IAM principal that must be authenticated using the iam auth method.","description_kind":"plain","optional":true},"bound_iam_role_arns":{"type":["set","string"],"description":"Only EC2 instances that match this IAM role ARN will be permitted to log in.","description_kind":"plain","optional":true},"bound_regions":{"type":["set","string"],"description":"Only EC2 instances in this region will be permitted to log in.","description_kind":"plain","optional":true},"bound_subnet_ids":{"type":["set","string"],"description":"Only EC2 instances associated with this subnet ID will be permitted to log in.","description_kind":"plain","optional":true},"bound_vpc_ids":{"type":["set","string"],"description":"Only EC2 instances associated with this VPC ID will be permitted to log in.","description_kind":"plain","optional":true},"disallow_reauthentication":{"type":"bool","description":"When true, only allows a single token to be granted per instance ID.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inferred_aws_region":{"type":"string","description":"The region to search for the inferred entities in.","description_kind":"plain","optional":true},"inferred_entity_type":{"type":"string","description":"The type of inferencing Vault should do.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"resolve_aws_unique_ids":{"type":"bool","description":"Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID. When true, deleting a principal and recreating it with the same name won't automatically grant the new principal the same roles in Vault that the old principal had.","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The Vault generated role ID.","description_kind":"plain","computed":true},"role_tag":{"type":"string","description":"The key of the tag on EC2 instance to use for role tags.","description_kind":"plain","optional":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_role_tag":{"version":0,"block":{"attributes":{"allow_instance_migration":{"type":"bool","description":"Allows migration of the underlying instance where the client resides.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"AWS auth backend to read tags from.","description_kind":"plain","optional":true},"disallow_reauthentication":{"type":"bool","description":"Only allow a single token to be granted per instance ID.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"Instance ID for which this tag is intended. The created tag can only be used by the instance with the given ID.","description_kind":"plain","optional":true},"max_ttl":{"type":"string","description":"The maximum allowed lifetime of tokens issued using this role.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be associated with the tag.","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","computed":true},"tag_value":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_aws_auth_backend_roletag_blacklist":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","required":true},"disable_periodic_tidy":{"type":"bool","description":"If true, disables the periodic tidying of the roletag blacklist entries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"safety_buffer":{"type":"number","description":"The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_sts_role":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description":"AWS account ID to be associated with STS role.","description_kind":"plain","required":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"sts_role":{"type":"string","description":"AWS ARN for STS role to be assumed when interacting with the account specified.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_aws_secret_backend":{"version":1,"block":{"attributes":{"access_key":{"type":"string","description":"The AWS Access Key ID to use when generating new credentials.","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"iam_endpoint":{"type":"string","description":"Specifies a custom HTTP IAM endpoint to use.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_token_audience":{"type":"string","description":"The audience claim value.","description_kind":"plain","optional":true},"identity_token_key":{"type":"string","description":"The key to use for signing identity tokens.","description_kind":"plain","optional":true},"identity_token_ttl":{"type":"number","description":"The TTL of generated identity tokens in seconds.","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the secret backend is local only","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to mount the backend at.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The AWS region to make API calls against. Defaults to us-east-1.","description_kind":"plain","optional":true,"computed":true},"role_arn":{"type":"string","description":"Role ARN to assume for plugin identity token federation.","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"The AWS Secret Access Key to use when generating new credentials.","description_kind":"plain","optional":true,"sensitive":true},"sts_endpoint":{"type":"string","description":"Specifies a custom HTTP STS endpoint to use.","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_aws_secret_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the AWS Secret Backend the role belongs to.","description_kind":"plain","required":true},"credential_type":{"type":"string","description":"Role credential type.","description_kind":"plain","required":true},"default_sts_ttl":{"type":"number","description":"The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.","description_kind":"plain","optional":true,"computed":true},"iam_groups":{"type":["set","string"],"description":"A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_sts_ttl":{"type":"number","description":"The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"permissions_boundary_arn":{"type":"string","description":"The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached.","description_kind":"plain","optional":true},"policy_arns":{"type":["set","string"],"description":"ARN for an existing IAM policy the role should use.","description_kind":"plain","optional":true},"policy_document":{"type":"string","description":"IAM policy the role should use in JSON format.","description_kind":"plain","optional":true},"role_arns":{"type":["set","string"],"description":"ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'","description_kind":"plain","optional":true},"user_path":{"type":"string","description":"The path for the user name. Valid only when credential_type is iam_user. Default is /","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_secret_backend_static_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path where the AWS secrets backend is mounted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"rotation_period":{"type":"number","description":"How often Vault should rotate the password of the user entry.","description_kind":"plain","required":true},"username":{"type":"string","description":"The username of the existing AWS IAM user to manage password rotation for.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_azure_auth_backend_config":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.","description_kind":"plain","optional":true,"sensitive":true},"client_secret":{"type":"string","description":"The client secret for credentials to query the Azure APIs","description_kind":"plain","optional":true,"sensitive":true},"environment":{"type":"string","description":"The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"resource":{"type":"string","description":"The configured URL for the application registered in Azure Active Directory.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"The tenant id for the Azure Active Directory organization.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}},"vault_azure_auth_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bound_group_ids":{"type":["list","string"],"description":"The list of group ids that login is restricted to.","description_kind":"plain","optional":true},"bound_locations":{"type":["list","string"],"description":"The list of locations that login is restricted to.","description_kind":"plain","optional":true},"bound_resource_groups":{"type":["list","string"],"description":"The list of resource groups that login is restricted to.","description_kind":"plain","optional":true},"bound_scale_sets":{"type":["list","string"],"description":"The list of scale set names that the login is restricted to.","description_kind":"plain","optional":true},"bound_service_principal_ids":{"type":["list","string"],"description":"The list of Service Principal IDs that login is restricted to.","description_kind":"plain","optional":true},"bound_subscription_ids":{"type":["list","string"],"description":"The list of subscription IDs that login is restricted to.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_azure_secret_backend":{"version":1,"block":{"attributes":{"client_id":{"type":"string","description":"The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.","description_kind":"plain","optional":true,"sensitive":true},"client_secret":{"type":"string","description":"The client secret for credentials to query the Azure APIs","description_kind":"plain","optional":true,"sensitive":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to mount the backend at.","description_kind":"plain","optional":true},"subscription_id":{"type":"string","description":"The subscription id for the Azure Active Directory.","description_kind":"plain","required":true,"sensitive":true},"tenant_id":{"type":"string","description":"The tenant id for the Azure Active Directory organization.","description_kind":"plain","required":true,"sensitive":true},"use_microsoft_graph_api":{"type":"bool","description":"Use the Microsoft Graph API. Should be set to true on vault-1.10+","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_azure_secret_backend_role":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"Application Object ID for an existing service principal that will be used instead of creating dynamic service principals.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"permanently_delete":{"type":"bool","description":"Indicates whether the applications and service principals created by Vault will be permanently deleted when the corresponding leases expire.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Name of the role to create","description_kind":"plain","required":true},"sign_in_audience":{"type":"string","description":"Specifies the security principal types that are allowed to sign in to the application. Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Comma-separated strings of Azure tags to attach to an application.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true}},"block_types":{"azure_groups":{"nesting_mode":"set","block":{"attributes":{"group_name":{"type":"string","description_kind":"plain","required":true},"object_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"azure_roles":{"nesting_mode":"set","block":{"attributes":{"role_id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"vault_cert_auth_backend_role":{"version":1,"block":{"attributes":{"allowed_common_names":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"allowed_dns_sans":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"allowed_email_sans":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"allowed_names":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"allowed_organization_units":{"type":["set","string"],"description_kind":"plain","deprecated":true,"optional":true,"computed":true},"allowed_organizational_units":{"type":["set","string"],"description_kind":"plain","optional":true},"allowed_uri_sans":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"backend":{"type":"string","description_kind":"plain","optional":true},"certificate":{"type":"string","description_kind":"plain","required":true},"display_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"ocsp_ca_certificates":{"type":"string","description":"Any additional CA certificates needed to verify OCSP responses. Provided as base64 encoded PEM data.","description_kind":"plain","optional":true},"ocsp_enabled":{"type":"bool","description":"If enabled, validate certificates' revocation status using OCSP.","description_kind":"plain","optional":true,"computed":true},"ocsp_fail_open":{"type":"bool","description":"If true and an OCSP response cannot be fetched or is of an unknown status, the login will proceed as if the certificate has not been revoked.","description_kind":"plain","optional":true,"computed":true},"ocsp_query_all_servers":{"type":"bool","description":"If set to true, rather than accepting the first successful OCSP response, query all servers and consider the certificate valid only if all servers agree.","description_kind":"plain","optional":true,"computed":true},"ocsp_servers_override":{"type":["set","string"],"description":"A comma-separated list of OCSP server addresses. If unset, the OCSP server is determined from the AuthorityInformationAccess extension on the certificate being inspected.","description_kind":"plain","optional":true},"required_extensions":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_consul_secret_backend":{"version":1,"block":{"attributes":{"address":{"type":"string","description":"Specifies the address of the Consul instance, provided as \"host:port\" like \"127.0.0.1:8500\".","description_kind":"plain","required":true},"bootstrap":{"type":"bool","description":"Denotes a backend resource that is used to bootstrap the Consul ACL system. Only one resource may be used to bootstrap.","description_kind":"plain","optional":true},"ca_cert":{"type":"string","description":"CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded.","description_kind":"plain","optional":true},"client_cert":{"type":"string","description":"Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the secret backend is local only","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Unique name of the Vault Consul mount to configure","description_kind":"plain","optional":true},"scheme":{"type":"string","description":"Specifies the URL scheme to use. Defaults to \"http\".","description_kind":"plain","optional":true},"token":{"type":"string","description":"Specifies the Consul token to use when managing or issuing new tokens.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_consul_secret_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Consul Secret Backend the role belongs to.","description_kind":"plain","optional":true},"consul_namespace":{"type":"string","description":"The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+","description_kind":"plain","optional":true,"computed":true},"consul_policies":{"type":["set","string"],"description":"List of Consul policies to associate with this role","description_kind":"plain","optional":true},"consul_roles":{"type":["set","string"],"description":"Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Indicates that the token should not be replicated globally and instead be local to the current datacenter.","description_kind":"plain","optional":true},"max_ttl":{"type":"number","description":"Maximum TTL for leases associated with this role, in seconds.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of an existing role against which to create this Consul credential","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"node_identities":{"type":["set","string"],"description":"Set of Consul node identities to attach to\n\t\t\t\tthe token. Applicable for Vault 1.11+ with Consul 1.8+","description_kind":"plain","optional":true},"partition":{"type":"string","description":"The Consul admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+","description_kind":"plain","optional":true,"computed":true},"policies":{"type":["list","string"],"description":"List of Consul policies to associate with this role","description_kind":"plain","optional":true},"service_identities":{"type":["set","string"],"description":"Set of Consul service identities to attach to\n\t\t\t\tthe token. Applicable for Vault 1.11+ with Consul 1.5+","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"Specifies the type of token to create when using this role. Valid values are \"client\" or \"management\".","description_kind":"plain","deprecated":true,"optional":true},"ttl":{"type":"number","description":"Specifies the TTL for this role.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_database_secret_backend_connection":{"version":0,"block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the Vault mount to configure.","description_kind":"plain","required":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"block_types":{"cassandra":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"number","description":"The number of seconds to use as a connection timeout.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"Cassandra hosts to connect to.","description_kind":"plain","optional":true},"insecure_tls":{"type":"bool","description":"Whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The password to use when authenticating with Cassandra.","description_kind":"plain","optional":true,"sensitive":true},"pem_bundle":{"type":"string","description":"Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"pem_json":{"type":"string","description":"Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The transport port to use to connect to Cassandra.","description_kind":"plain","optional":true},"protocol_version":{"type":"number","description":"The CQL protocol version to use.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Whether to use TLS when connecting to Cassandra.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to use when authenticating with Cassandra.","description_kind":"plain","optional":true}},"description":"Connection parameters for the cassandra-database-plugin plugin.","description_kind":"plain"},"max_items":1},"couchbase":{"nesting_mode":"list","block":{"attributes":{"base64_pem":{"type":"string","description":"Required if `tls` is `true`. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded.","description_kind":"plain","optional":true,"sensitive":true},"bucket_name":{"type":"string","description":"Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`.","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":" Specifies whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"tls":{"type":"bool","description":"Specifies whether to use TLS when connecting to Couchbase.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username for Vault to use.","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true}},"description":"Connection parameters for the couchbase-database-plugin plugin.","description_kind":"plain"},"max_items":1},"elasticsearch":{"nesting_mode":"list","block":{"attributes":{"ca_cert":{"type":"string","description":"The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity","description_kind":"plain","optional":true},"ca_path":{"type":"string","description":"The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity","description_kind":"plain","optional":true},"client_cert":{"type":"string","description":"The path to the certificate for the Elasticsearch client to present for communication","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The path to the key for the Elasticsearch client to use for communication","description_kind":"plain","optional":true},"insecure":{"type":"bool","description":"Whether to disable certificate verification","description_kind":"plain","optional":true},"password":{"type":"string","description":"The password to be used in the connection URL","description_kind":"plain","required":true,"sensitive":true},"tls_server_name":{"type":"string","description":"This, if set, is used to set the SNI host when connecting via TLS","description_kind":"plain","optional":true},"url":{"type":"string","description":"The URL for Elasticsearch's API","description_kind":"plain","required":true},"username":{"type":"string","description":"The username to be used in the connection URL","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true}},"description":"Connection parameters for the elasticsearch-database-plugin.","description_kind":"plain"},"max_items":1},"hana":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true}},"description":"Connection parameters for the hana-database-plugin plugin.","description_kind":"plain"},"max_items":1},"influxdb":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"number","description":"The number of seconds to use as a connection timeout.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Influxdb host to connect to.","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":"Whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"pem_bundle":{"type":"string","description":"Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"pem_json":{"type":"string","description":"Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The transport port to use to connect to Influxdb.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Whether to use TLS when connecting to Influxdb.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username to use for superuser access.","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true}},"description":"Connection parameters for the influxdb-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mongodb":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mongodb-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mongodbatlas":{"nesting_mode":"list","block":{"attributes":{"private_key":{"type":"string","description":"The Private Programmatic API Key used to connect with MongoDB Atlas API.","description_kind":"plain","required":true,"sensitive":true},"project_id":{"type":"string","description":"The Project ID the Database User should be created within.","description_kind":"plain","required":true},"public_key":{"type":"string","description":"The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.","description_kind":"plain","required":true}},"description":"Connection parameters for the mongodbatlas-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mssql":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"contained_db":{"type":"bool","description":"Set to true when the target is a Contained Database, e.g. AzureSQL.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mssql-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mysql":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mysql_aurora":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-aurora-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mysql_legacy":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-legacy-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mysql_rds":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-rds-database-plugin plugin.","description_kind":"plain"},"max_items":1},"oracle":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"disconnect_sessions":{"type":"bool","description":"Set to true to disconnect any open sessions prior to running the revocation statements.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"split_statements":{"type":"bool","description":"Set to true in order to split statements after semi-colons.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the oracle-database-plugin plugin.","description_kind":"plain"},"max_items":1},"postgresql":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the postgresql-database-plugin plugin.","description_kind":"plain"},"max_items":1},"redis":{"nesting_mode":"list","block":{"attributes":{"ca_cert":{"type":"string","description":"The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Specifies the host to connect to","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":"Specifies whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"The transport port to use to connect to Redis.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Specifies whether to use TLS when connecting to Redis.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username for Vault to use.","description_kind":"plain","required":true}},"description":"Connection parameters for the redis-database-plugin plugin.","description_kind":"plain"},"max_items":1},"redis_elasticache":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.","description_kind":"plain","optional":true,"sensitive":true},"region":{"type":"string","description":"The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.","description_kind":"plain","optional":true},"url":{"type":"string","description":"The configuration endpoint for the ElastiCache cluster to connect to.","description_kind":"plain","required":true},"username":{"type":"string","description":"The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.","description_kind":"plain","optional":true,"sensitive":true}},"description":"Connection parameters for the redis-elasticache-database-plugin plugin.","description_kind":"plain"},"max_items":1},"redshift":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the redshift-database-plugin plugin.","description_kind":"plain"},"max_items":1},"snowflake":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the snowflake-database-plugin plugin.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"vault_database_secret_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Database Secret Backend the role belongs to.","description_kind":"plain","required":true},"creation_statements":{"type":["list","string"],"description":"Database statements to execute to create and configure a user.","description_kind":"plain","required":true},"credential_config":{"type":["map","string"],"description":"Specifies the configuration for the given credential_type.","description_kind":"plain","optional":true},"credential_type":{"type":"string","description":"Specifies the type of credential that will be generated for the role.","description_kind":"plain","optional":true,"computed":true},"db_name":{"type":"string","description":"Database connection to use for this role.","description_kind":"plain","required":true},"default_ttl":{"type":"number","description":"Default TTL for leases associated with this role, in seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Maximum TTL for leases associated with this role, in seconds.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"renew_statements":{"type":["list","string"],"description":"Database statements to execute to renew a user.","description_kind":"plain","optional":true},"revocation_statements":{"type":["list","string"],"description":"Database statements to execute to revoke a user.","description_kind":"plain","optional":true},"rollback_statements":{"type":["list","string"],"description":"Database statements to execute to rollback a create operation in the event of an error.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_database_secret_backend_static_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Database Secret Backend the role belongs to.","description_kind":"plain","required":true},"db_name":{"type":"string","description":"Database connection to use for this role.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the static role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"rotation_period":{"type":"number","description":"The amount of time Vault should wait before rotating the password, in seconds.","description_kind":"plain","optional":true},"rotation_schedule":{"type":"string","description":"A cron-style string that will define the schedule on which rotations should occur.","description_kind":"plain","optional":true},"rotation_statements":{"type":["list","string"],"description":"Database statements to execute to rotate the password for the configured database user.","description_kind":"plain","optional":true},"rotation_window":{"type":"number","description":"The amount of time in seconds in which the rotations are allowed to occur starting from a given rotation_schedule.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The database username that this role corresponds to.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_database_secrets_mount":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"Accessor of the mount","description_kind":"plain","computed":true},"allowed_managed_keys":{"type":["set","string"],"description":"List of managed key registry entry names that the mount in question is allowed to access","description_kind":"plain","optional":true},"audit_non_hmac_request_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.","description_kind":"plain","optional":true,"computed":true},"audit_non_hmac_response_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.","description_kind":"plain","optional":true,"computed":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount","description_kind":"plain","optional":true},"engine_count":{"type":"number","description":"Total number of database secret engines configured under the mount.","description_kind":"plain","computed":true},"external_entropy_access":{"type":"bool","description":"Enable the secrets engine to access Vault's external entropy source","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Specifies mount type specific options that are passed to the backend","description_kind":"plain","optional":true},"path":{"type":"string","description":"Where the secret backend will be mounted","description_kind":"plain","required":true},"seal_wrap":{"type":"bool","description":"Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cassandra":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connect_timeout":{"type":"number","description":"The number of seconds to use as a connection timeout.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"Cassandra hosts to connect to.","description_kind":"plain","optional":true},"insecure_tls":{"type":"bool","description":"Whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password to use when authenticating with Cassandra.","description_kind":"plain","optional":true,"sensitive":true},"pem_bundle":{"type":"string","description":"Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"pem_json":{"type":"string","description":"Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The transport port to use to connect to Cassandra.","description_kind":"plain","optional":true},"protocol_version":{"type":"number","description":"The CQL protocol version to use.","description_kind":"plain","optional":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Whether to use TLS when connecting to Cassandra.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to use when authenticating with Cassandra.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the cassandra-database-plugin plugin.","description_kind":"plain"}},"couchbase":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"base64_pem":{"type":"string","description":"Required if `tls` is `true`. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded.","description_kind":"plain","optional":true,"sensitive":true},"bucket_name":{"type":"string","description":"Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`.","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":" Specifies whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Specifies whether to use TLS when connecting to Couchbase.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username for Vault to use.","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the couchbase-database-plugin plugin.","description_kind":"plain"}},"elasticsearch":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"ca_cert":{"type":"string","description":"The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity","description_kind":"plain","optional":true},"ca_path":{"type":"string","description":"The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity","description_kind":"plain","optional":true},"client_cert":{"type":"string","description":"The path to the certificate for the Elasticsearch client to present for communication","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The path to the key for the Elasticsearch client to use for communication","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"insecure":{"type":"bool","description":"Whether to disable certificate verification","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password to be used in the connection URL","description_kind":"plain","required":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls_server_name":{"type":"string","description":"This, if set, is used to set the SNI host when connecting via TLS","description_kind":"plain","optional":true},"url":{"type":"string","description":"The URL for Elasticsearch's API","description_kind":"plain","required":true},"username":{"type":"string","description":"The username to be used in the connection URL","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the elasticsearch-database-plugin.","description_kind":"plain"}},"hana":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the hana-database-plugin plugin.","description_kind":"plain"}},"influxdb":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connect_timeout":{"type":"number","description":"The number of seconds to use as a connection timeout.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Influxdb host to connect to.","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":"Whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"pem_bundle":{"type":"string","description":"Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"pem_json":{"type":"string","description":"Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The transport port to use to connect to Influxdb.","description_kind":"plain","optional":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Whether to use TLS when connecting to Influxdb.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username to use for superuser access.","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the influxdb-database-plugin plugin.","description_kind":"plain"}},"mongodb":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mongodb-database-plugin plugin.","description_kind":"plain"}},"mongodbatlas":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The Private Programmatic API Key used to connect with MongoDB Atlas API.","description_kind":"plain","required":true,"sensitive":true},"project_id":{"type":"string","description":"The Project ID the Database User should be created within.","description_kind":"plain","required":true},"public_key":{"type":"string","description":"The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.","description_kind":"plain","required":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mongodbatlas-database-plugin plugin.","description_kind":"plain"}},"mssql":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"contained_db":{"type":"bool","description":"Set to true when the target is a Contained Database, e.g. AzureSQL.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mssql-database-plugin plugin.","description_kind":"plain"}},"mysql":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-database-plugin plugin.","description_kind":"plain"}},"mysql_aurora":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-aurora-database-plugin plugin.","description_kind":"plain"}},"mysql_legacy":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-legacy-database-plugin plugin.","description_kind":"plain"}},"mysql_rds":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-rds-database-plugin plugin.","description_kind":"plain"}},"oracle":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disconnect_sessions":{"type":"bool","description":"Set to true to disconnect any open sessions prior to running the revocation statements.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"split_statements":{"type":"bool","description":"Set to true in order to split statements after semi-colons.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the oracle-database-plugin plugin.","description_kind":"plain"}},"postgresql":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the postgresql-database-plugin plugin.","description_kind":"plain"}},"redis":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"ca_cert":{"type":"string","description":"The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Specifies the host to connect to","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":"Specifies whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The transport port to use to connect to Redis.","description_kind":"plain","optional":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Specifies whether to use TLS when connecting to Redis.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username for Vault to use.","description_kind":"plain","required":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the redis-database-plugin plugin.","description_kind":"plain"}},"redis_elasticache":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.","description_kind":"plain","optional":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"url":{"type":"string","description":"The configuration endpoint for the ElastiCache cluster to connect to.","description_kind":"plain","required":true},"username":{"type":"string","description":"The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.","description_kind":"plain","optional":true,"sensitive":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the redis-elasticache-database-plugin plugin.","description_kind":"plain"}},"redshift":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the redshift-database-plugin plugin.","description_kind":"plain"}},"snowflake":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the snowflake-database-plugin plugin.","description_kind":"plain"}}},"description_kind":"plain"}},"vault_egp_policy":{"version":0,"block":{"attributes":{"enforcement_level":{"type":"string","description":"Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory'","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the policy","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"List of paths to which the policy will be applied","description_kind":"plain","required":true},"policy":{"type":"string","description":"The policy document","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_gcp_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the auth backend","description_kind":"plain","computed":true},"client_email":{"type":"string","description_kind":"plain","optional":true,"computed":true},"client_id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"credentials":{"type":"string","description_kind":"plain","optional":true,"sensitive":true},"description":{"type":"string","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description_kind":"plain","optional":true},"private_key_id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tune":{"type":["set",["object",{"allowed_response_headers":["list","string"],"audit_non_hmac_request_keys":["list","string"],"audit_non_hmac_response_keys":["list","string"],"default_lease_ttl":"string","listing_visibility":"string","max_lease_ttl":"string","passthrough_request_headers":["list","string"],"token_type":"string"}]],"description_kind":"plain","optional":true,"computed":true}},"block_types":{"custom_endpoint":{"nesting_mode":"list","block":{"attributes":{"api":{"type":"string","description":"Replaces the service endpoint used in API requests to https://www.googleapis.com.","description_kind":"plain","optional":true},"compute":{"type":"string","description":"Replaces the service endpoint used in API requests to `https://compute.googleapis.com`.","description_kind":"plain","optional":true},"crm":{"type":"string","description":"Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`.","description_kind":"plain","optional":true},"iam":{"type":"string","description":"Replaces the service endpoint used in API requests to `https://iam.googleapis.com`.","description_kind":"plain","optional":true}},"description":"Specifies overrides to service endpoints used when making API requests to GCP.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"vault_gcp_auth_backend_role":{"version":1,"block":{"attributes":{"add_group_aliases":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"allow_gce_inference":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"backend":{"type":"string","description_kind":"plain","optional":true},"bound_instance_groups":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"bound_labels":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"bound_projects":{"type":["set","string"],"description_kind":"plain","optional":true},"bound_regions":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"bound_service_accounts":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"bound_zones":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_jwt_exp":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_gcp_secret_backend":{"version":1,"block":{"attributes":{"credentials":{"type":"string","description":"JSON-encoded credentials to use to connect to GCP","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to mount the backend at.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_gcp_secret_impersonated_account":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Path where the GCP secrets engine is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"impersonated_account":{"type":"string","description":"Name of the Impersonated Account to create","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Email of the GCP service account.","description_kind":"plain","required":true},"service_account_project":{"type":"string","description":"Project of the GCP Service Account managed by this impersonated account","description_kind":"plain","computed":true},"token_scopes":{"type":["set","string"],"description":"List of OAuth scopes to assign to `access_token` secrets generated under this impersonated account (`access_token` impersonated accounts only) ","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_gcp_secret_roleset":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Path where the GCP secrets engine is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"project":{"type":"string","description":"Name of the GCP project that this roleset's service account will belong to.","description_kind":"plain","required":true},"roleset":{"type":"string","description":"Name of the RoleSet to create","description_kind":"plain","required":true},"secret_type":{"type":"string","description":"Type of secret generated for this role set. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key`","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"Email of the service account created by Vault for this Roleset","description_kind":"plain","computed":true},"token_scopes":{"type":["set","string"],"description":"List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only) ","description_kind":"plain","optional":true}},"block_types":{"binding":{"nesting_mode":"set","block":{"attributes":{"resource":{"type":"string","description":"Resource name","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"List of roles to apply to the resource","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"vault_gcp_secret_static_account":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Path where the GCP secrets engine is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret generated for this static account. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key`","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"Email of the GCP service account.","description_kind":"plain","required":true},"service_account_project":{"type":"string","description":"Project of the GCP Service Account managed by this static account","description_kind":"plain","computed":true},"static_account":{"type":"string","description":"Name of the Static Account to create","description_kind":"plain","required":true},"token_scopes":{"type":["set","string"],"description":"List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only) ","description_kind":"plain","optional":true}},"block_types":{"binding":{"nesting_mode":"set","block":{"attributes":{"resource":{"type":"string","description":"Resource name","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"List of roles to apply to the resource","description_kind":"plain","required":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"vault_generic_endpoint":{"version":1,"block":{"attributes":{"data_json":{"type":"string","description":"JSON-encoded data to write.","description_kind":"plain","required":true,"sensitive":true},"disable_delete":{"type":"bool","description":"Don't attempt to delete the path from Vault if true","description_kind":"plain","optional":true},"disable_read":{"type":"bool","description":"Don't attempt to read the path from Vault if true; drift won't be detected","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_absent_fields":{"type":"bool","description":"When reading, disregard fields not present in data_json","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where to the endpoint that will be written","description_kind":"plain","required":true},"write_data":{"type":["map","string"],"description":"Map of strings returned by write operation","description_kind":"plain","computed":true},"write_data_json":{"type":"string","description":"JSON data returned by write operation","description_kind":"plain","computed":true},"write_fields":{"type":["list","string"],"description":"Top-level fields returned by write to persist in state","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_generic_secret":{"version":1,"block":{"attributes":{"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data to write.","description_kind":"plain","required":true,"sensitive":true},"delete_all_versions":{"type":"bool","description":"Only applicable for kv-v2 stores. If set, permanently deletes all versions for the specified key.","description_kind":"plain","optional":true},"disable_read":{"type":"bool","description":"Don't attempt to read the token from Vault if true; drift won't be detected.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the generic secret will be written.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_github_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The mount accessor related to the auth mount.","description_kind":"plain","computed":true},"base_url":{"type":"string","description":"The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Specifies the description of the mount. This overrides the current stored value, if any.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization users must be part of.","description_kind":"plain","required":true},"organization_id":{"type":"number","description":"The ID of the organization users must be part of. Vault will attempt to fetch and set this value if it is not provided (vault-1.10+)","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path where the auth backend is mounted","description_kind":"plain","optional":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"tune":{"type":["set",["object",{"allowed_response_headers":["list","string"],"audit_non_hmac_request_keys":["list","string"],"audit_non_hmac_response_keys":["list","string"],"default_lease_ttl":"string","listing_visibility":"string","max_lease_ttl":"string","passthrough_request_headers":["list","string"],"token_type":"string"}]],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_github_team":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Auth backend to which team mapping will be configured.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"Policies to be assigned to this team.","description_kind":"plain","optional":true},"team":{"type":"string","description":"GitHub team name in \"slugified\" format.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_github_user":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Auth backend to which user mapping will be congigured.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"Policies to be assigned to this user.","description_kind":"plain","optional":true},"user":{"type":"string","description":"GitHub user name.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_identity_entity":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Whether the entity is disabled. Disabled entities' associated tokens cannot be used, but are not revoked.","description_kind":"plain","optional":true},"external_policies":{"type":"bool","description":"Manage policies externally through `vault_identity_entity_policies`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata to be associated with the entity.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the entity.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be tied to the entity.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_entity_alias":{"version":0,"block":{"attributes":{"canonical_id":{"type":"string","description":"ID of the entity to which this is an alias.","description_kind":"plain","required":true},"custom_metadata":{"type":["map","string"],"description":"Custom metadata to be associated with this alias.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount_accessor":{"type":"string","description":"Mount accessor to which this alias belongs toMount accessor to which this alias belongs to.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the entity alias.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_entity_policies":{"version":0,"block":{"attributes":{"entity_id":{"type":"string","description":"ID of the entity.","description_kind":"plain","required":true},"entity_name":{"type":"string","description":"Name of the entity.","description_kind":"plain","computed":true},"exclusive":{"type":"bool","description":"Should the resource manage policies exclusively","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be tied to the entity.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_identity_group":{"version":1,"block":{"attributes":{"external_member_entity_ids":{"type":"bool","description":"Manage member entities externally through `vault_identity_group_member_entity_ids`","description_kind":"plain","optional":true},"external_member_group_ids":{"type":"bool","description":"Manage member groups externally through `vault_identity_group_member_group_ids`","description_kind":"plain","optional":true},"external_policies":{"type":"bool","description":"Manage policies externally through `vault_identity_group_policies`, allows using group ID in assigned policies.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_entity_ids":{"type":["set","string"],"description":"Entity IDs to be assigned as group members.","description_kind":"plain","optional":true},"member_group_ids":{"type":["set","string"],"description":"Group IDs to be assigned as group members.","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"Metadata to be associated with the group.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the group.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be tied to the group.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the group, internal or external. Defaults to internal.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_group_alias":{"version":0,"block":{"attributes":{"canonical_id":{"type":"string","description":"ID of the group to which this is an alias.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount_accessor":{"type":"string","description":"Mount accessor to which this alias belongs to.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the group alias.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_group_member_entity_ids":{"version":0,"block":{"attributes":{"exclusive":{"type":"bool","description":"If set to true, allows the resource to manage member entity ids\nexclusively. Beware of race conditions when disabling exclusive management","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"ID of the group.","description_kind":"plain","required":true},"group_name":{"type":"string","description":"Name of the group.","description_kind":"plain","deprecated":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_entity_ids":{"type":["set","string"],"description":"Entity IDs to be assigned as group members.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_group_member_group_ids":{"version":0,"block":{"attributes":{"exclusive":{"type":"bool","description":"If set to true, allows the resource to manage member group ids\nexclusively. Beware of race conditions when disabling exclusive management","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"ID of the group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_group_ids":{"type":["set","string"],"description":"Group IDs to be assigned as group members.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_group_policies":{"version":0,"block":{"attributes":{"exclusive":{"type":"bool","description":"Should the resource manage policies exclusively? Beware of race conditions when disabling exclusive management","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"ID of the group.","description_kind":"plain","required":true},"group_name":{"type":"string","description":"Name of the group.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be tied to the group.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_identity_mfa_duo":{"version":0,"block":{"attributes":{"api_hostname":{"type":"string","description":"API hostname for Duo","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integration_key":{"type":"string","description":"Integration key for Duo","description_kind":"plain","required":true,"sensitive":true},"method_id":{"type":"string","description":"Method ID.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"Mount accessor.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Method name.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"push_info":{"type":"string","description":"Push information for Duo.","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"Secret key for Duo","description_kind":"plain","required":true,"sensitive":true},"type":{"type":"string","description":"MFA type.","description_kind":"plain","computed":true},"use_passcode":{"type":"bool","description":"Require passcode upon MFA validation.","description_kind":"plain","optional":true},"username_format":{"type":"string","description":"A template string for mapping Identity names to MFA methods.","description_kind":"plain","optional":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_mfa_login_enforcement":{"version":0,"block":{"attributes":{"auth_method_accessors":{"type":["set","string"],"description":"Set of auth method accessor IDs.","description_kind":"plain","optional":true},"auth_method_types":{"type":["set","string"],"description":"Set of auth method types.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_entity_ids":{"type":["set","string"],"description":"Set of identity entity IDs.","description_kind":"plain","optional":true},"identity_group_ids":{"type":["set","string"],"description":"Set of identity group IDs.","description_kind":"plain","optional":true},"mfa_method_ids":{"type":["set","string"],"description":"Set of MFA method UUIDs.","description_kind":"plain","required":true},"name":{"type":"string","description":"Login enforcement name.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_mfa_okta":{"version":0,"block":{"attributes":{"api_token":{"type":"string","description":"Okta API token.","description_kind":"plain","required":true,"sensitive":true},"base_url":{"type":"string","description":"The base domain to use for API requests.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"method_id":{"type":"string","description":"Method ID.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"Mount accessor.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Method name.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"org_name":{"type":"string","description":"Name of the organization to be used in the Okta API.","description_kind":"plain","required":true},"primary_email":{"type":"bool","description":"Only match the primary email for the account.","description_kind":"plain","optional":true},"type":{"type":"string","description":"MFA type.","description_kind":"plain","computed":true},"username_format":{"type":"string","description":"A template string for mapping Identity names to MFA methods.","description_kind":"plain","optional":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_mfa_pingid":{"version":0,"block":{"attributes":{"admin_url":{"type":"string","description":"The admin URL, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"authenticator_url":{"type":"string","description":"A unique identifier of the organization, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_url":{"type":"string","description":"The IDP URL, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"method_id":{"type":"string","description":"Method ID.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"Mount accessor.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Method name.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"org_alias":{"type":"string","description":"The name of the PingID client organization, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"settings_file_base64":{"type":"string","description":"A base64-encoded third-party settings contents as retrieved from PingID's configuration page.","description_kind":"plain","required":true},"type":{"type":"string","description":"MFA type.","description_kind":"plain","computed":true},"use_signature":{"type":"bool","description":"Use signature value, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"username_format":{"type":"string","description":"A template string for mapping Identity names to MFA methods.","description_kind":"plain","optional":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_mfa_totp":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"Specifies the hashing algorithm used to generate the TOTP code. Options include SHA1, SHA256, SHA512.","description_kind":"plain","optional":true},"digits":{"type":"number","description":"The number of digits in the generated TOTP token. This value can either be 6 or 8","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"The name of the key's issuing organization.","description_kind":"plain","required":true},"key_size":{"type":"number","description":"Specifies the size in bytes of the generated key.","description_kind":"plain","optional":true},"max_validation_attempts":{"type":"number","description":"The maximum number of consecutive failed validation attempts allowed.","description_kind":"plain","optional":true},"method_id":{"type":"string","description":"Method ID.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"Mount accessor.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Method name.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"period":{"type":"number","description":"The length of time in seconds used to generate a counter for the TOTP token calculation.","description_kind":"plain","optional":true},"qr_size":{"type":"number","description":"The pixel size of the generated square QR code.","description_kind":"plain","optional":true,"computed":true},"skew":{"type":"number","description":"The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1.","description_kind":"plain","optional":true},"type":{"type":"string","description":"MFA type.","description_kind":"plain","computed":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_oidc":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"Issuer URL to be used in the iss claim of the token. If not set, Vault's api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components, but no query or fragment components.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_assignment":{"version":0,"block":{"attributes":{"entity_ids":{"type":["set","string"],"description":"A list of Vault entity IDs.","description_kind":"plain","optional":true},"group_ids":{"type":["set","string"],"description":"A list of Vault group IDs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the assignment.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_client":{"version":0,"block":{"attributes":{"access_token_ttl":{"type":"number","description":"The time-to-live for access tokens obtained by the client.","description_kind":"plain","optional":true,"computed":true},"assignments":{"type":["set","string"],"description":"A list of assignment resources associated with the client.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The Client ID from Vault.","description_kind":"plain","computed":true},"client_secret":{"type":"string","description":"The Client Secret from Vault.","description_kind":"plain","computed":true,"sensitive":true},"client_type":{"type":"string","description":"The client type based on its ability to maintain confidentiality of credentials.Defaults to 'confidential'.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token_ttl":{"type":"number","description":"The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"A reference to a named key resource in Vault. This cannot be modified after creation.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the client.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"redirect_uris":{"type":["set","string"],"description":"Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_key":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"Signing algorithm to use. Signing algorithm to use. Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA.","description_kind":"plain","optional":true},"allowed_client_ids":{"type":["set","string"],"description":"Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If \"*\", all roles are allowed.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the key.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"rotation_period":{"type":"number","description":"How often to generate a new signing key in number of seconds","description_kind":"plain","optional":true},"verification_ttl":{"type":"number","description":"Controls how long the public portion of a signing key will be available for verification after being rotated in seconds.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_key_allowed_client_id":{"version":0,"block":{"attributes":{"allowed_client_id":{"type":"string","description":"Role Client ID allowed to use the key for signing.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_name":{"type":"string","description":"Name of the key.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_provider":{"version":0,"block":{"attributes":{"allowed_client_ids":{"type":["set","string"],"description":"The client IDs that are permitted to use the provider. If empty, no clients are allowed. If \"*\", all clients are allowed.","description_kind":"plain","optional":true},"https_enabled":{"type":"bool","description":"Set to true if the issuer endpoint uses HTTPS.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"Specifies what will be used as the 'scheme://host:port' component for the 'iss' claim of ID tokens.This value is computed using the issuer_host and https_enabled fields.","description_kind":"plain","computed":true},"issuer_host":{"type":"string","description":"The host for the issuer. Can be either host or host:port.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the provider.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"scopes_supported":{"type":["set","string"],"description":"The scopes available for requesting on the provider.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_role":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The value that will be included in the `aud` field of all the OIDC identity tokens issued by this role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"A configured named key, the key must already exist.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"template":{"type":"string","description":"The template string to use for generating tokens. This may be in string-ified JSON or base64 format.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"TTL of the tokens generated against the role in number of seconds.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_scope":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The scope's description.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the scope. The openid scope name is reserved.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"template":{"type":"string","description":"The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_jwt_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the JWT auth backend","description_kind":"plain","computed":true},"bound_issuer":{"type":"string","description":"The value against which to match the iss claim in a JWT","description_kind":"plain","optional":true},"default_role":{"type":"string","description":"The default role to use if none is provided during login","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the auth backend","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"jwks_ca_pem":{"type":"string","description":"The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.","description_kind":"plain","optional":true},"jwks_url":{"type":"string","description":"JWKS URL to use to authenticate signatures. Cannot be used with 'oidc_discovery_url' or 'jwt_validation_pubkeys'.","description_kind":"plain","optional":true},"jwt_supported_algs":{"type":["list","string"],"description":"A list of supported signing algorithms. Defaults to [RS256]","description_kind":"plain","optional":true},"jwt_validation_pubkeys":{"type":["list","string"],"description":"A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'. ","description_kind":"plain","optional":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_in_state":{"type":"bool","description":"Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs.","description_kind":"plain","optional":true},"oidc_client_id":{"type":"string","description":"Client ID used for OIDC","description_kind":"plain","optional":true},"oidc_client_secret":{"type":"string","description":"Client Secret used for OIDC","description_kind":"plain","optional":true,"sensitive":true},"oidc_discovery_ca_pem":{"type":"string","description":"The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used","description_kind":"plain","optional":true},"oidc_discovery_url":{"type":"string","description":"The OIDC Discovery URL, without any .well-known component (base path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'.","description_kind":"plain","optional":true},"oidc_response_mode":{"type":"string","description":"The response mode to be used in the OAuth2 request. Allowed values are 'query' and 'form_post'. Defaults to 'query'. If using Vault namespaces, and oidc_response_mode is 'form_post', then 'namespace_in_state' should be set to false.","description_kind":"plain","optional":true},"oidc_response_types":{"type":["list","string"],"description":"The response types to request. Allowed values are 'code' and 'id_token'. Defaults to 'code'. Note: 'id_token' may only be used if 'oidc_response_mode' is set to 'form_post'.","description_kind":"plain","optional":true},"path":{"type":"string","description":"path to mount the backend","description_kind":"plain","optional":true},"provider_config":{"type":["map","string"],"description":"Provider specific handling configuration","description_kind":"plain","optional":true},"tune":{"type":["set",["object",{"allowed_response_headers":["list","string"],"audit_non_hmac_request_keys":["list","string"],"audit_non_hmac_response_keys":["list","string"],"default_lease_ttl":"string","listing_visibility":"string","max_lease_ttl":"string","passthrough_request_headers":["list","string"],"token_type":"string"}]],"description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of backend. Can be either 'jwt' or 'oidc'","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_jwt_auth_backend_role":{"version":0,"block":{"attributes":{"allowed_redirect_uris":{"type":["set","string"],"description":"The list of allowed values for redirect_uri during OIDC logins.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bound_audiences":{"type":["set","string"],"description":"List of aud claims to match against. Any match is sufficient.","description_kind":"plain","optional":true},"bound_claims":{"type":["map","string"],"description":"Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.","description_kind":"plain","optional":true},"bound_claims_type":{"type":"string","description":"How to interpret values in the claims/values map: can be either \"string\" (exact match) or \"glob\" (wildcard match).","description_kind":"plain","optional":true,"computed":true},"bound_subject":{"type":"string","description":"If set, requires that the sub claim matches this value.","description_kind":"plain","optional":true},"claim_mappings":{"type":["map","string"],"description":"Map of claims (keys) to be copied to specified metadata fields (values).","description_kind":"plain","optional":true},"clock_skew_leeway":{"type":"number","description":"The amount of leeway to add to all claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.","description_kind":"plain","optional":true},"disable_bound_claims_parsing":{"type":"bool","description":"Disable bound claim value parsing. Useful when values contain commas.","description_kind":"plain","optional":true},"expiration_leeway":{"type":"number","description":"The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.","description_kind":"plain","optional":true},"groups_claim":{"type":"string","description":"The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_age":{"type":"number","description":"Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"not_before_leeway":{"type":"number","description":"The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds. Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. ","description_kind":"plain","optional":true},"oidc_scopes":{"type":["set","string"],"description":"List of OIDC scopes to be used with an OIDC role. The standard scope \"openid\" is automatically included and need not be specified.","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"role_type":{"type":"string","description":"Type of role, either \"oidc\" (default) or \"jwt\"","description_kind":"plain","optional":true,"computed":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"user_claim":{"type":"string","description":"The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login.","description_kind":"plain","required":true},"user_claim_json_pointer":{"type":"bool","description":"Specifies if the user_claim value uses JSON pointer syntax for referencing claims. By default, the user_claim value will not use JSON pointer.","description_kind":"plain","optional":true},"verbose_oidc_logging":{"type":"bool","description":"Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kmip_secret_backend":{"version":1,"block":{"attributes":{"default_tls_client_key_bits":{"type":"number","description":"Client certificate key bits, valid values depend on key type","description_kind":"plain","optional":true,"computed":true},"default_tls_client_key_type":{"type":"string","description":"Client certificate key type, rsa or ec","description_kind":"plain","optional":true,"computed":true},"default_tls_client_ttl":{"type":"number","description":"Client certificate TTL in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listen_addrs":{"type":["set","string"],"description":"Addresses the KMIP server should listen on (host:port)","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path where KMIP secret backend will be mounted","description_kind":"plain","required":true},"server_hostnames":{"type":["set","string"],"description":"Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN)","description_kind":"plain","optional":true,"computed":true},"server_ips":{"type":["set","string"],"description":"IPs to include in the server's TLS certificate as SAN IP addresses","description_kind":"plain","optional":true,"computed":true},"tls_ca_key_bits":{"type":"number","description":"CA key bits, valid values depend on key type","description_kind":"plain","optional":true,"computed":true},"tls_ca_key_type":{"type":"string","description":"CA key type, rsa or ec","description_kind":"plain","optional":true,"computed":true},"tls_min_version":{"type":"string","description":"Minimum TLS version to accept","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_kmip_secret_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"operation_activate":{"type":"bool","description":"Grant permission to use the KMIP Activate operation","description_kind":"plain","optional":true,"computed":true},"operation_add_attribute":{"type":"bool","description":"Grant permission to use the KMIP Add Attribute operation","description_kind":"plain","optional":true,"computed":true},"operation_all":{"type":"bool","description":"Grant all permissions to this role. May not be specified with any other operation_* params","description_kind":"plain","optional":true,"computed":true},"operation_create":{"type":"bool","description":"Grant permission to use the KMIP Create operation","description_kind":"plain","optional":true,"computed":true},"operation_destroy":{"type":"bool","description":"Grant permission to use the KMIP Destroy operation","description_kind":"plain","optional":true,"computed":true},"operation_discover_versions":{"type":"bool","description":"Grant permission to use the KMIP Discover Version operation","description_kind":"plain","optional":true,"computed":true},"operation_get":{"type":"bool","description":"Grant permission to use the KMIP Get operation","description_kind":"plain","optional":true,"computed":true},"operation_get_attribute_list":{"type":"bool","description":"Grant permission to use the KMIP Get Attribute List operation","description_kind":"plain","optional":true,"computed":true},"operation_get_attributes":{"type":"bool","description":"Grant permission to use the KMIP Get Attributes operation","description_kind":"plain","optional":true,"computed":true},"operation_locate":{"type":"bool","description":"Grant permission to use the KMIP Locate operation","description_kind":"plain","optional":true,"computed":true},"operation_none":{"type":"bool","description":"Remove all permissions from this role. May not be specified with any other operation_* params","description_kind":"plain","optional":true,"computed":true},"operation_register":{"type":"bool","description":"Grant permission to use the KMIP Register operation","description_kind":"plain","optional":true,"computed":true},"operation_rekey":{"type":"bool","description":"Grant permission to use the KMIP Rekey operation","description_kind":"plain","optional":true,"computed":true},"operation_revoke":{"type":"bool","description":"Grant permission to use the KMIP Revoke operation","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path where KMIP backend is mounted","description_kind":"plain","required":true},"role":{"type":"string","description":"Name of the role","description_kind":"plain","required":true},"scope":{"type":"string","description":"Name of the scope","description_kind":"plain","required":true},"tls_client_key_bits":{"type":"number","description":"Client certificate key bits, valid values depend on key type","description_kind":"plain","optional":true},"tls_client_key_type":{"type":"string","description":"Client certificate key type, rsa or ec","description_kind":"plain","optional":true},"tls_client_ttl":{"type":"number","description":"Client certificate TTL in seconds","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kmip_secret_scope":{"version":0,"block":{"attributes":{"force":{"type":"bool","description":"Force deletion even if there are managed objects in the scope","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path where KMIP backend is mounted","description_kind":"plain","required":true},"scope":{"type":"string","description":"Name of the scope","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_kubernetes_auth_backend_config":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the kubernetes backend to configure.","description_kind":"plain","optional":true},"disable_iss_validation":{"type":"bool","description":"Optional disable JWT issuer validation. Allows to skip ISS validation.","description_kind":"plain","optional":true,"computed":true},"disable_local_ca_jwt":{"type":"bool","description":"Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.","description_kind":"plain","optional":true},"kubernetes_ca_cert":{"type":"string","description":"PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.","description_kind":"plain","optional":true,"computed":true},"kubernetes_host":{"type":"string","description":"Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"pem_keys":{"type":["list","string"],"description":"Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.","description_kind":"plain","optional":true},"token_reviewer_jwt":{"type":"string","description":"A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_kubernetes_auth_backend_role":{"version":0,"block":{"attributes":{"alias_name_source":{"type":"string","description":"Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name","description_kind":"plain","optional":true,"computed":true},"audience":{"type":"string","description":"Optional Audience claim to verify in the JWT.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the kubernetes backend to configure.","description_kind":"plain","optional":true},"bound_service_account_names":{"type":["set","string"],"description":"List of service account names able to access this role. If set to `[\"*\"]` all names are allowed, both this and bound_service_account_namespaces can not be \"*\".","description_kind":"plain","required":true},"bound_service_account_namespaces":{"type":["set","string"],"description":"List of namespaces allowed to access this role. If set to `[\"*\"]` all namespaces are allowed, both this and bound_service_account_names can not be set to \"*\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kubernetes_secret_backend":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"Accessor of the mount","description_kind":"plain","computed":true},"allowed_managed_keys":{"type":["set","string"],"description":"List of managed key registry entry names that the mount in question is allowed to access","description_kind":"plain","optional":true},"audit_non_hmac_request_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.","description_kind":"plain","optional":true,"computed":true},"audit_non_hmac_response_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.","description_kind":"plain","optional":true,"computed":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount","description_kind":"plain","optional":true},"disable_local_ca_jwt":{"type":"bool","description":"Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.","description_kind":"plain","optional":true},"external_entropy_access":{"type":"bool","description":"Enable the secrets engine to access Vault's external entropy source","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_ca_cert":{"type":"string","description":"A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate. Defaults to the local pod’s CA if found, or otherwise the host's root CA set.","description_kind":"plain","optional":true},"kubernetes_host":{"type":"string","description":"The Kubernetes API URL to connect to.","description_kind":"plain","optional":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Specifies mount type specific options that are passed to the backend","description_kind":"plain","optional":true},"path":{"type":"string","description":"Where the secret backend will be mounted","description_kind":"plain","required":true},"seal_wrap":{"type":"bool","description":"Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability","description_kind":"plain","optional":true,"computed":true},"service_account_jwt":{"type":"string","description":"The JSON web token of the service account used by the secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if found.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_kubernetes_secret_backend_role":{"version":0,"block":{"attributes":{"allowed_kubernetes_namespaces":{"type":["list","string"],"description":"The list of Kubernetes namespaces this role can generate credentials for. If set to '*' all namespaces are allowed.","description_kind":"plain","required":true},"backend":{"type":"string","description":"The mount path for the Kubernetes secrets engine.","description_kind":"plain","required":true},"extra_annotations":{"type":["map","string"],"description":"Additional annotations to apply to all generated Kubernetes objects.","description_kind":"plain","optional":true},"extra_labels":{"type":["map","string"],"description":"Additional labels to apply to all generated Kubernetes objects.","description_kind":"plain","optional":true},"generated_role_rules":{"type":"string","description":"The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. If set, the entire chain of Kubernetes objects will be generated when credentials are requested.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_role_name":{"type":"string","description":"The pre-existing Role or ClusterRole to bind a generated service account to. Mutually exclusive with 'service_account_name' and 'generated_role_rules'. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested.","description_kind":"plain","optional":true},"kubernetes_role_type":{"type":"string","description":"Specifies whether the Kubernetes role is a Role or ClusterRole.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"name_template":{"type":"string","description":"The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"service_account_name":{"type":"string","description":"The pre-existing service account to generate tokens for. Mutually exclusive with 'kubernetes_role_name' and 'generated_role_rules'. If set, only a Kubernetes token will be created when credentials are requested.","description_kind":"plain","optional":true},"token_default_ttl":{"type":"number","description":"The default TTL for generated Kubernetes tokens in seconds.","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum TTL for generated Kubernetes tokens in seconds.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secret":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data to write.","description_kind":"plain","required":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path of the KV-V1 secret.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_kv_secret_backend_v2":{"version":0,"block":{"attributes":{"cas_required":{"type":"bool","description":"If true, all keys will require the cas parameter to be set on all write requests.","description_kind":"plain","optional":true,"computed":true},"delete_version_after":{"type":"number","description":"If set, specifies the length of time before a version is deleted","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_versions":{"type":"number","description":"The number of versions to keep per key.","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secret_v2":{"version":0,"block":{"attributes":{"cas":{"type":"number","description":"This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a write to be successful, cas must be set to the current version of the secret.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data to write.","description_kind":"plain","required":true,"sensitive":true},"delete_all_versions":{"type":"bool","description":"If set to true, permanently deletes all versions for the specified key.","description_kind":"plain","optional":true},"disable_read":{"type":"bool","description":"If set to true, disables reading secret from Vault; note: drift won't be detected.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata associated with this secret read from Vault.","description_kind":"plain","computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted.","description_kind":"plain","required":true},"name":{"type":"string","description":"Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz'","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"An object that holds option settings.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the KV-V2 secret will be written.","description_kind":"plain","computed":true}},"block_types":{"custom_metadata":{"nesting_mode":"list","block":{"attributes":{"cas_required":{"type":"bool","description":"If true, all keys will require the cas parameter to be set on all write requests.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of arbitrary string to string valued user-provided metadata meant to describe the secret.","description_kind":"plain","optional":true},"delete_version_after":{"type":"number","description":"If set, specifies the length of time before a version is deleted.","description_kind":"plain","optional":true},"max_versions":{"type":"number","description":"The number of versions to keep per key.","description_kind":"plain","optional":true}},"description":"Custom metadata to be set for the secret.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"vault_ldap_auth_backend":{"version":2,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the LDAP auth backend","description_kind":"plain","computed":true},"binddn":{"type":"string","description_kind":"plain","optional":true,"computed":true},"bindpass":{"type":"string","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"case_sensitive_names":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"certificate":{"type":"string","description_kind":"plain","optional":true,"computed":true},"client_tls_cert":{"type":"string","description_kind":"plain","optional":true,"computed":true},"client_tls_key":{"type":"string","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"deny_null_bind":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description_kind":"plain","optional":true,"computed":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"discoverdn":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"groupattr":{"type":"string","description_kind":"plain","optional":true,"computed":true},"groupdn":{"type":"string","description_kind":"plain","optional":true,"computed":true},"groupfilter":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"insecure_tls":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","optional":true},"max_page_size":{"type":"number","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description_kind":"plain","optional":true},"starttls":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"tls_max_version":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tls_min_version":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"upndomain":{"type":"string","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description_kind":"plain","required":true},"use_token_groups":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"userattr":{"type":"string","description_kind":"plain","optional":true,"computed":true},"userdn":{"type":"string","description_kind":"plain","optional":true,"computed":true},"userfilter":{"type":"string","description_kind":"plain","optional":true,"computed":true},"username_as_alias":{"type":"bool","description":"Force the auth method to use the username passed by the user as the alias name.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_ldap_auth_backend_group":{"version":1,"block":{"attributes":{"backend":{"type":"string","description_kind":"plain","optional":true},"groupname":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_ldap_auth_backend_user":{"version":1,"block":{"attributes":{"backend":{"type":"string","description_kind":"plain","optional":true},"groups":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"username":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_ldap_secret_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"Accessor of the mount","description_kind":"plain","computed":true},"allowed_managed_keys":{"type":["set","string"],"description":"List of managed key registry entry names that the mount in question is allowed to access","description_kind":"plain","optional":true},"audit_non_hmac_request_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.","description_kind":"plain","optional":true,"computed":true},"audit_non_hmac_response_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.","description_kind":"plain","optional":true,"computed":true},"binddn":{"type":"string","description":"Distinguished name of object to bind when performing user and group search.","description_kind":"plain","required":true},"bindpass":{"type":"string","description":"LDAP password for searching for the user DN.","description_kind":"plain","required":true,"sensitive":true},"certificate":{"type":"string","description":"CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.","description_kind":"plain","optional":true},"client_tls_cert":{"type":"string","description":"Client certificate to provide to the LDAP server, must be x509 PEM encoded.","description_kind":"plain","optional":true,"sensitive":true},"client_tls_key":{"type":"string","description":"Client certificate key to provide to the LDAP server, must be x509 PEM encoded.","description_kind":"plain","optional":true,"sensitive":true},"connection_timeout":{"type":"number","description":"Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.","description_kind":"plain","optional":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"external_entropy_access":{"type":"bool","description":"Enable the secrets engine to access Vault's external entropy source","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"insecure_tls":{"type":"bool","description":"Skip LDAP server SSL Certificate verification - insecure and not recommended for production use.","description_kind":"plain","optional":true},"length":{"type":"number","description":"The desired length of passwords that Vault generates.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Specifies mount type specific options that are passed to the backend","description_kind":"plain","optional":true},"password_policy":{"type":"string","description":"Name of the password policy to use to generate passwords.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path where the LDAP secrets backend is mounted.","description_kind":"plain","optional":true},"request_timeout":{"type":"number","description":"Timeout, in seconds, for the connection when making requests against the server before returning back an error.","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description":"The LDAP schema to use when storing entry passwords. Valid schemas include openldap, ad, and racf.","description_kind":"plain","optional":true,"computed":true},"seal_wrap":{"type":"bool","description":"Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability","description_kind":"plain","optional":true,"computed":true},"starttls":{"type":"bool","description":"Issue a StartTLS command after establishing unencrypted connection.","description_kind":"plain","optional":true,"computed":true},"upndomain":{"type":"string","description":"Enables userPrincipalDomain login with [username]@UPNDomain.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.","description_kind":"plain","optional":true,"computed":true},"userattr":{"type":"string","description":"Attribute used for users (default: cn)","description_kind":"plain","optional":true,"computed":true},"userdn":{"type":"string","description":"LDAP domain to use for users (eg: ou=People,dc=example,dc=org)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_ldap_secret_backend_dynamic_role":{"version":0,"block":{"attributes":{"creation_ldif":{"type":"string","description":"A templatized LDIF string used to create a user account. May contain multiple entries.","description_kind":"plain","required":true},"default_ttl":{"type":"number","description":"Specifies the TTL for the leases associated with this role.","description_kind":"plain","optional":true},"deletion_ldif":{"type":"string","description":"A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum TTL for the leases associated with this role.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the LDAP secrets backend is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"rollback_ldif":{"type":"string","description":"A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries.","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_ldap_secret_backend_library_set":{"version":0,"block":{"attributes":{"disable_check_in_enforcement":{"type":"bool","description":"Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"The maximum amount of time a check-out last with renewal before Vault automatically checks it back in. Defaults to 24 hours.","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"The path where the LDAP secrets backend is mounted.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the set of service accounts.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"service_account_names":{"type":["list","string"],"description":"The names of all the service accounts that can be checked out from this set.","description_kind":"plain","required":true},"ttl":{"type":"number","description":"The maximum amount of time a single check-out lasts before Vault automatically checks it back in. Defaults to 24 hours.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_ldap_secret_backend_static_role":{"version":0,"block":{"attributes":{"dn":{"type":"string","description":"Distinguished name (DN) of the existing LDAP entry to manage password rotation for.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"The path where the LDAP secrets backend is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"rotation_period":{"type":"number","description":"How often Vault should rotate the password of the user entry.","description_kind":"plain","required":true},"username":{"type":"string","description":"The username of the existing LDAP entry to manage password rotation for.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_managed_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"block_types":{"aws":{"nesting_mode":"set","block":{"attributes":{"access_key":{"type":"string","description":"The AWS access key to use","description_kind":"plain","required":true},"allow_generate_key":{"type":"bool","description":"If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend","description_kind":"plain","optional":true,"computed":true},"allow_replace_key":{"type":"bool","description":"Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.","description_kind":"plain","optional":true,"computed":true},"allow_store_key":{"type":"bool","description":"Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden","description_kind":"plain","optional":true,"computed":true},"any_mount":{"type":"bool","description":"Allow usage from any mount point within the namespace if 'true'","description_kind":"plain","optional":true,"computed":true},"curve":{"type":"string","description":"The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Used to specify a custom AWS endpoint","description_kind":"plain","optional":true},"key_bits":{"type":"string","description":"The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'","description_kind":"plain","required":true},"key_type":{"type":"string","description":"The type of key to use","description_kind":"plain","required":true},"kms_key":{"type":"string","description":"An identifier for the key","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique lowercase name that serves as identifying the key","description_kind":"plain","required":true},"region":{"type":"string","description":"The AWS region where the keys are stored (or will be stored)","description_kind":"plain","optional":true,"computed":true},"secret_key":{"type":"string","description":"The AWS secret key to use","description_kind":"plain","required":true},"uuid":{"type":"string","description":"ID of the managed key read from Vault","description_kind":"plain","computed":true}},"description":"Configuration block for AWS Managed Keys","description_kind":"plain"}},"azure":{"nesting_mode":"set","block":{"attributes":{"allow_generate_key":{"type":"bool","description":"If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend","description_kind":"plain","optional":true,"computed":true},"allow_replace_key":{"type":"bool","description":"Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.","description_kind":"plain","optional":true,"computed":true},"allow_store_key":{"type":"bool","description":"Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden","description_kind":"plain","optional":true,"computed":true},"any_mount":{"type":"bool","description":"Allow usage from any mount point within the namespace if 'true'","description_kind":"plain","optional":true,"computed":true},"client_id":{"type":"string","description":"The client id for credentials to query the Azure APIs","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret for credentials to query the Azure APIs","description_kind":"plain","required":true},"environment":{"type":"string","description":"The Azure Cloud environment API endpoints to use","description_kind":"plain","optional":true,"computed":true},"key_bits":{"type":"string","description":"The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true","description_kind":"plain","optional":true},"key_name":{"type":"string","description":"The Key Vault key to use for encryption and decryption","description_kind":"plain","required":true},"key_type":{"type":"string","description":"The type of key to use","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique lowercase name that serves as identifying the key","description_kind":"plain","required":true},"resource":{"type":"string","description":"The Azure Key Vault resource's DNS Suffix to connect to","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"The tenant id for the Azure Active Directory organization","description_kind":"plain","required":true},"uuid":{"type":"string","description":"ID of the managed key read from Vault","description_kind":"plain","computed":true},"vault_name":{"type":"string","description":"The Key Vault vault to use the encryption keys for encryption and decryption","description_kind":"plain","required":true}},"description":"Configuration block for Azure Managed Keys","description_kind":"plain"}},"pkcs":{"nesting_mode":"set","block":{"attributes":{"allow_generate_key":{"type":"bool","description":"If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend","description_kind":"plain","optional":true,"computed":true},"allow_replace_key":{"type":"bool","description":"Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.","description_kind":"plain","optional":true,"computed":true},"allow_store_key":{"type":"bool","description":"Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden","description_kind":"plain","optional":true,"computed":true},"any_mount":{"type":"bool","description":"Allow usage from any mount point within the namespace if 'true'","description_kind":"plain","optional":true,"computed":true},"curve":{"type":"string","description":"Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true","description_kind":"plain","optional":true},"force_rw_session":{"type":"string","description":"Force all operations to open up a read-write session to the HSM","description_kind":"plain","optional":true},"key_bits":{"type":"string","description":"Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true","description_kind":"plain","optional":true},"key_id":{"type":"string","description":"The id of a PKCS#11 key to use","description_kind":"plain","required":true},"key_label":{"type":"string","description":"The label of the key to use","description_kind":"plain","required":true},"library":{"type":"string","description":"The name of the kms_library stanza to use from Vault's config to lookup the local library path","description_kind":"plain","required":true},"mechanism":{"type":"string","description":"The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique lowercase name that serves as identifying the key","description_kind":"plain","required":true},"pin":{"type":"string","description":"The PIN for login","description_kind":"plain","required":true},"slot":{"type":"string","description":"The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')","description_kind":"plain","optional":true},"token_label":{"type":"string","description":"The slot token label to use","description_kind":"plain","optional":true},"uuid":{"type":"string","description":"ID of the managed key read from Vault","description_kind":"plain","computed":true}},"description":"Configuration block for PKCS Managed Keys","description_kind":"plain"}}},"description_kind":"plain"}},"vault_mfa_duo":{"version":0,"block":{"attributes":{"api_hostname":{"type":"string","description":"API hostname for Duo.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integration_key":{"type":"string","description":"Integration key for Duo.","description_kind":"plain","required":true,"sensitive":true},"mount_accessor":{"type":"string","description":"The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the MFA method.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"push_info":{"type":"string","description":"Push information for Duo.","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"Secret key for Duo.","description_kind":"plain","required":true,"sensitive":true},"username_format":{"type":"string","description":"A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mfa_okta":{"version":0,"block":{"attributes":{"api_token":{"type":"string","description":"Okta API key.","description_kind":"plain","required":true,"sensitive":true},"base_url":{"type":"string","description":"If set, will be used as the base domain for API requests.","description_kind":"plain","optional":true},"id":{"type":"string","description":"ID computed by Vault.","description_kind":"plain","optional":true,"computed":true},"mount_accessor":{"type":"string","description":"The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the MFA method.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"org_name":{"type":"string","description":"Name of the organization to be used in the Okta API.","description_kind":"plain","required":true},"primary_email":{"type":"bool","description":"If set to true, the username will only match the primary email for the account.","description_kind":"plain","optional":true},"username_format":{"type":"string","description":"A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mfa_pingid":{"version":0,"block":{"attributes":{"admin_url":{"type":"string","description":"Admin URL computed by Vault.","description_kind":"plain","computed":true},"authenticator_url":{"type":"string","description":"Authenticator URL computed by Vault.","description_kind":"plain","computed":true},"id":{"type":"string","description":"ID computed by Vault.","description_kind":"plain","optional":true,"computed":true},"idp_url":{"type":"string","description":"IDP URL computed by Vault.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the MFA method.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Namespace ID computed by Vault.","description_kind":"plain","computed":true},"org_alias":{"type":"string","description":"Org Alias computed by Vault.","description_kind":"plain","computed":true},"settings_file_base64":{"type":"string","description":"A base64-encoded third-party settings file retrieved from PingID's configuration page.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of configuration computed by Vault.","description_kind":"plain","computed":true},"use_signature":{"type":"bool","description":"If set, enables use of PingID signature. Computed by Vault","description_kind":"plain","computed":true},"username_format":{"type":"string","description":"A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mfa_totp":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"Specifies the hashing algorithm used to generate the TOTP code. Options include 'SHA1', 'SHA256' and 'SHA512'.","description_kind":"plain","optional":true},"digits":{"type":"number","description":"The number of digits in the generated TOTP token. This value can either be 6 or 8.","description_kind":"plain","optional":true},"id":{"type":"string","description":"ID computed by Vault.","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"The name of the key's issuing organization.","description_kind":"plain","required":true},"key_size":{"type":"number","description":"Specifies the size in bytes of the generated key.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the MFA method.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"period":{"type":"number","description":"The length of time used to generate a counter for the TOTP token calculation.","description_kind":"plain","optional":true},"qr_size":{"type":"number","description":"The pixel size of the generated square QR code.","description_kind":"plain","optional":true},"skew":{"type":"number","description":"The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mongodbatlas_secret_backend":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where MongoDB Atlas secret backend is mounted","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path where MongoDB Atlas configuration is located","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The Private Programmatic API Key used to connect with MongoDB Atlas API","description_kind":"plain","required":true},"public_key":{"type":"string","description":"The Public Programmatic API Key used to authenticate with the MongoDB Atlas API","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_mongodbatlas_secret_role":{"version":0,"block":{"attributes":{"cidr_blocks":{"type":["list","string"],"description":"Whitelist entry in CIDR notation to be added for the API key","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_addresses":{"type":["list","string"],"description":"IP address to be added to the whitelist for the API key","description_kind":"plain","optional":true},"max_ttl":{"type":"string","description":"The maximum allowed lifetime of credentials issued using this role","description_kind":"plain","optional":true},"mount":{"type":"string","description":"Path where MongoDB Atlas secret backend is mounted","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the role","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization_id":{"type":"string","description":"ID for the organization to which the target API Key belongs","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID for the project to which the target API Key belongs","description_kind":"plain","optional":true},"project_roles":{"type":["list","string"],"description":"Roles assigned when an org API key is assigned to a project API key","description_kind":"plain","optional":true},"roles":{"type":["list","string"],"description":"List of roles that the API Key needs to have","description_kind":"plain","required":true},"ttl":{"type":"string","description":"Duration in seconds after which the issued credential should expire","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mount":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"Accessor of the mount","description_kind":"plain","computed":true},"allowed_managed_keys":{"type":["set","string"],"description":"List of managed key registry entry names that the mount in question is allowed to access","description_kind":"plain","optional":true},"audit_non_hmac_request_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.","description_kind":"plain","optional":true,"computed":true},"audit_non_hmac_response_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.","description_kind":"plain","optional":true,"computed":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount","description_kind":"plain","optional":true},"external_entropy_access":{"type":"bool","description":"Enable the secrets engine to access Vault's external entropy source","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Specifies mount type specific options that are passed to the backend","description_kind":"plain","optional":true},"path":{"type":"string","description":"Where the secret backend will be mounted","description_kind":"plain","required":true},"seal_wrap":{"type":"bool","description":"Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of the backend, such as 'aws'","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_namespace":{"version":0,"block":{"attributes":{"custom_metadata":{"type":["map","string"],"description":"Custom metadata describing this namespace. Value type is map[string]string.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Namespace ID.","description_kind":"plain","computed":true},"path":{"type":"string","description":"Namespace path.","description_kind":"plain","required":true},"path_fq":{"type":"string","description":"The fully qualified namespace path.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_nomad_secret_backend":{"version":1,"block":{"attributes":{"address":{"type":"string","description":"Specifies the address of the Nomad instance, provided as \"protocol://host:port\" like \"http://127.0.0.1:4646\".","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The mount path for the Nomad backend.","description_kind":"plain","optional":true},"ca_cert":{"type":"string","description":"CA certificate to use when verifying Nomad server certificate, must be x509 PEM encoded.","description_kind":"plain","optional":true},"client_cert":{"type":"string","description":"Client certificate used for Nomad's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Client key used for Nomad's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Mark the secrets engine as local-only. Local engines are not replicated or removed by replication. Tolerance duration to use when checking the last rotation time.","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true},"max_token_name_length":{"type":"number","description":"Specifies the maximum length to use for the name of the Nomad token generated with Generate Credential. If omitted, 0 is used and ignored, defaulting to the max value allowed by the Nomad version.","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Maximum possible lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"token":{"type":"string","description":"Specifies the Nomad Management token to use.","description_kind":"plain","optional":true,"sensitive":true},"ttl":{"type":"number","description":"Maximum possible lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_nomad_secret_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The mount path for the Nomad backend.","description_kind":"plain","required":true},"global":{"type":"bool","description":"Specifies if the token should be global.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"Comma separated list of Nomad policies the token is going to be created against. These need to be created beforehand in Nomad.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"type":{"type":"string","description":"Specifies the type of token to create when using this role. Valid values are \"client\" or \"management\".","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_okta_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The mount accessor related to the auth mount.","description_kind":"plain","computed":true},"base_url":{"type":"string","description":"The Okta url. Examples: oktapreview.com, okta.com (default)","description_kind":"plain","optional":true},"bypass_okta_mfa":{"type":"bool","description":"When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the auth backend","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"group":{"type":["set",["object",{"group_name":"string","policies":["set","string"]}]],"description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Maximum duration after which authentication will be expired","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The Okta organization. This will be the first part of the url https://XXX.okta.com.","description_kind":"plain","required":true},"path":{"type":"string","description":"path to mount the backend","description_kind":"plain","optional":true},"token":{"type":"string","description":"The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.","description_kind":"plain","optional":true,"sensitive":true},"ttl":{"type":"string","description":"Duration after which authentication will be expired","description_kind":"plain","optional":true},"user":{"type":["set",["object",{"groups":["set","string"],"policies":["set","string"],"username":"string"}]],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_okta_auth_backend_group":{"version":0,"block":{"attributes":{"group_name":{"type":"string","description":"Name of the Okta group","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the Okta auth backend","description_kind":"plain","required":true},"policies":{"type":["set","string"],"description":"Policies to associate with this group","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_okta_auth_backend_user":{"version":0,"block":{"attributes":{"groups":{"type":["set","string"],"description":"Groups within the Okta auth backend to associate with this user","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the Okta auth backend","description_kind":"plain","required":true},"policies":{"type":["set","string"],"description":"Policies to associate with this user","description_kind":"plain","optional":true},"username":{"type":"string","description":"Name of the user within Okta","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_password_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the password policy.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The password policy document","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_pki_secret_backend_cert":{"version":0,"block":{"attributes":{"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"auto_renew":{"type":"bool","description":"If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"ca_chain":{"type":"string","description":"The CA chain.","description_kind":"plain","computed":true},"certificate":{"type":"string","description":"The certicate.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"CN of the certificate to create.","description_kind":"plain","required":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"expiration":{"type":"number","description":"The certificate expiration as a Unix-style timestamp.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"issuer_ref":{"type":"string","description":"Specifies the default issuer of this request.","description_kind":"plain","optional":true},"issuing_ca":{"type":"string","description":"The issuing CA.","description_kind":"plain","computed":true},"min_seconds_remaining":{"type":"number","description":"Generate a new certificate when the expiration is within this number of seconds","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the role to create the certificate against.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"The private key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_format":{"type":"string","description":"The private key format.","description_kind":"plain","optional":true},"private_key_type":{"type":"string","description":"The private key type.","description_kind":"plain","computed":true},"renew_pending":{"type":"bool","description":"Initially false, and then set to true during refresh once the expiration is less than min_seconds_remaining in the future.","description_kind":"plain","computed":true},"revoke":{"type":"bool","description":"Revoke the certificate upon resource destruction.","description_kind":"plain","optional":true},"serial_number":{"type":"string","description":"The serial number.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"Time to live.","description_kind":"plain","optional":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true},"user_ids":{"type":["list","string"],"description":"List of Subject User IDs.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_config_ca":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"pem_bundle":{"type":"string","description":"The key and certificate PEM bundle.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}},"vault_pki_secret_backend_config_issuers":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"default":{"type":"string","description":"Specifies the default issuer by ID.","description_kind":"plain","optional":true},"default_follows_latest_issuer":{"type":"bool","description":"Specifies whether a root creation or an issuer import operation updates the default issuer to the newly added issuer.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_config_urls":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"crl_distribution_points":{"type":["list","string"],"description":"Specifies the URL values for the CRL Distribution Points field.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuing_certificates":{"type":["list","string"],"description":"Specifies the URL values for the Issuing Certificate field.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"ocsp_servers":{"type":["list","string"],"description":"Specifies the URL values for the OCSP Servers field.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_crl_config":{"version":0,"block":{"attributes":{"auto_rebuild":{"type":"bool","description":"Enables or disables periodic rebuilding of the CRL upon expiry.","description_kind":"plain","optional":true},"auto_rebuild_grace_period":{"type":"string","description":"Grace period before CRL expiry to attempt rebuild of CRL.","description_kind":"plain","optional":true,"computed":true},"backend":{"type":"string","description":"The path of the PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"cross_cluster_revocation":{"type":"bool","description":"Enable cross-cluster revocation request queues.","description_kind":"plain","optional":true,"computed":true},"delta_rebuild_interval":{"type":"string","description":"Interval to check for new revocations on, to regenerate the delta CRL.","description_kind":"plain","optional":true,"computed":true},"disable":{"type":"bool","description":"Disables or enables CRL building","description_kind":"plain","optional":true},"enable_delta":{"type":"bool","description":"Enables or disables building of delta CRLs with up-to-date revocation information, augmenting the last complete CRL.","description_kind":"plain","optional":true},"expiry":{"type":"string","description":"Specifies the time until expiration.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"ocsp_disable":{"type":"bool","description":"Disables or enables the OCSP responder in Vault.","description_kind":"plain","optional":true},"ocsp_expiry":{"type":"string","description":"The amount of time an OCSP response can be cached for, useful for OCSP stapling refresh durations.","description_kind":"plain","optional":true,"computed":true},"unified_crl":{"type":"bool","description":"Enables unified CRL and OCSP building.","description_kind":"plain","optional":true,"computed":true},"unified_crl_on_existing_paths":{"type":"bool","description":"Enables serving the unified CRL and OCSP on the existing, previously cluster-local paths.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_pki_secret_backend_intermediate_cert_request":{"version":0,"block":{"attributes":{"add_basic_constraints":{"type":"bool","description":"Set 'CA: true' in a Basic Constraints extension. Only needed as\na workaround in some compatibility scenarios with Active Directory Certificate Services.","description_kind":"plain","optional":true},"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"common_name":{"type":"string","description":"CN of intermediate to create.","description_kind":"plain","required":true},"country":{"type":"string","description":"The country.","description_kind":"plain","optional":true},"csr":{"type":"string","description":"The CSR.","description_kind":"plain","computed":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"key_bits":{"type":"number","description":"The number of bits to use.","description_kind":"plain","optional":true},"key_id":{"type":"string","description":"The ID of the generated key.","description_kind":"plain","computed":true},"key_name":{"type":"string","description":"When a new key is created with this request, optionally specifies the name for this.","description_kind":"plain","optional":true,"computed":true},"key_ref":{"type":"string","description":"Specifies the key to use for generating this request.","description_kind":"plain","optional":true,"computed":true},"key_type":{"type":"string","description":"The desired key type.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality.","description_kind":"plain","optional":true},"managed_key_id":{"type":"string","description":"The ID of the previously configured managed key.","description_kind":"plain","optional":true},"managed_key_name":{"type":"string","description":"The name of the previously configured managed key.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization.","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"ou":{"type":"string","description":"The organization unit.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"The private key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_format":{"type":"string","description":"The private key format.","description_kind":"plain","optional":true},"private_key_type":{"type":"string","description":"The private key type.","description_kind":"plain","computed":true},"province":{"type":"string","description":"The province.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of intermediate to create. Must be either \"existing\", \"exported\", \"internal\" or \"kms\"","description_kind":"plain","required":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_intermediate_set_signed":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"The certificate.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"imported_issuers":{"type":["list","string"],"description":"The imported issuers.","description_kind":"plain","computed":true},"imported_keys":{"type":["list","string"],"description":"The imported keys.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_issuer":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"crl_distribution_points":{"type":["list","string"],"description":"Specifies the URL values for the CRL Distribution Points field.","description_kind":"plain","optional":true},"enable_aia_url_templating":{"type":"bool","description":"Specifies that the AIA URL values should be templated.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_id":{"type":"string","description":"ID of the issuer.","description_kind":"plain","computed":true},"issuer_name":{"type":"string","description":"Reference to an existing issuer.","description_kind":"plain","optional":true},"issuer_ref":{"type":"string","description":"Reference to an existing issuer.","description_kind":"plain","required":true},"issuing_certificates":{"type":["list","string"],"description":"Specifies the URL values for the Issuing Certificate field.","description_kind":"plain","optional":true},"leaf_not_after_behavior":{"type":"string","description":"Behavior of a leaf's 'NotAfter' field during issuance.","description_kind":"plain","optional":true,"computed":true},"manual_chain":{"type":["list","string"],"description":"Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"ocsp_servers":{"type":["list","string"],"description":"Specifies the URL values for the OCSP Servers field.","description_kind":"plain","optional":true},"revocation_signature_algorithm":{"type":"string","description":"Which signature algorithm to use when building CRLs.","description_kind":"plain","optional":true,"computed":true},"usage":{"type":"string","description":"Comma-separated list of allowed usages for this issuer.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_pki_secret_backend_key":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_bits":{"type":"number","description":"Specifies the number of bits to use for the generated keys.","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"ID of the generated key.","description_kind":"plain","computed":true},"key_name":{"type":"string","description":"When a new key is created with this request, optionally specifies the name for this.","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"Specifies the desired key type; must be 'rsa', 'ed25519' or 'ec'.","description_kind":"plain","optional":true,"computed":true},"managed_key_id":{"type":"string","description":"The managed key's UUID.","description_kind":"plain","optional":true},"managed_key_name":{"type":"string","description":"The managed key's configured name.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"type":{"type":"string","description":"Specifies the type of the key to create.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_pki_secret_backend_role":{"version":0,"block":{"attributes":{"allow_any_name":{"type":"bool","description":"Flag to allow any name","description_kind":"plain","optional":true},"allow_bare_domains":{"type":"bool","description":"Flag to allow certificates matching the actual domain.","description_kind":"plain","optional":true},"allow_glob_domains":{"type":"bool","description":"Flag to allow names containing glob patterns.","description_kind":"plain","optional":true},"allow_ip_sans":{"type":"bool","description":"Flag to allow IP SANs","description_kind":"plain","optional":true},"allow_localhost":{"type":"bool","description":"Flag to allow certificates for localhost.","description_kind":"plain","optional":true},"allow_subdomains":{"type":"bool","description":"Flag to allow certificates matching subdomains.","description_kind":"plain","optional":true},"allow_wildcard_certificates":{"type":"bool","description":"Flag to allow wildcard certificates","description_kind":"plain","optional":true},"allowed_domains":{"type":["list","string"],"description":"The domains of the role.","description_kind":"plain","optional":true},"allowed_domains_template":{"type":"bool","description":"Flag to indicate that `allowed_domains` specifies a template expression (e.g. {{identity.entity.aliases.\u003cmount accessor\u003e.name}})","description_kind":"plain","optional":true},"allowed_other_sans":{"type":["list","string"],"description":"Defines allowed custom SANs","description_kind":"plain","optional":true},"allowed_serial_numbers":{"type":["list","string"],"description":"Defines allowed Subject serial numbers.","description_kind":"plain","optional":true},"allowed_uri_sans":{"type":["list","string"],"description":"Defines allowed URI SANs","description_kind":"plain","optional":true},"allowed_uri_sans_template":{"type":"bool","description":"Flag to indicate that `allowed_uri_sans` specifies a template expression (e.g. {{identity.entity.aliases.\u003cmount accessor\u003e.name}})","description_kind":"plain","optional":true,"computed":true},"allowed_user_ids":{"type":["list","string"],"description":"The allowed User ID's.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The path of the PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"basic_constraints_valid_for_non_ca":{"type":"bool","description":"Flag to mark basic constraints valid when issuing non-CA certificates.","description_kind":"plain","optional":true},"client_flag":{"type":"bool","description":"Flag to specify certificates for client use.","description_kind":"plain","optional":true},"code_signing_flag":{"type":"bool","description":"Flag to specify certificates for code signing use.","description_kind":"plain","optional":true},"country":{"type":["list","string"],"description":"The country of generated certificates.","description_kind":"plain","optional":true},"email_protection_flag":{"type":"bool","description":"Flag to specify certificates for email protection use.","description_kind":"plain","optional":true},"enforce_hostnames":{"type":"bool","description":"Flag to allow only valid host names","description_kind":"plain","optional":true},"ext_key_usage":{"type":["list","string"],"description":"Specify the allowed extended key usage constraint on issued certificates.","description_kind":"plain","optional":true},"ext_key_usage_oids":{"type":["list","string"],"description":"A list of extended key usage OIDs.","description_kind":"plain","optional":true},"generate_lease":{"type":"bool","description":"Flag to generate leases with certificates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_ref":{"type":"string","description":"Specifies the default issuer of this request.","description_kind":"plain","optional":true,"computed":true},"key_bits":{"type":"number","description":"The number of bits of generated keys.","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"The generated key type.","description_kind":"plain","optional":true},"key_usage":{"type":["list","string"],"description":"Specify the allowed key usage constraint on issued certificates.","description_kind":"plain","optional":true,"computed":true},"locality":{"type":["list","string"],"description":"The locality of generated certificates.","description_kind":"plain","optional":true},"max_ttl":{"type":"string","description":"The maximum TTL.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"no_store":{"type":"bool","description":"Flag to not store certificates in the storage backend.","description_kind":"plain","optional":true},"not_before_duration":{"type":"string","description":"Specifies the duration by which to backdate the NotBefore property.","description_kind":"plain","optional":true,"computed":true},"organization":{"type":["list","string"],"description":"The organization of generated certificates.","description_kind":"plain","optional":true},"ou":{"type":["list","string"],"description":"The organization unit of generated certificates.","description_kind":"plain","optional":true},"policy_identifiers":{"type":["list","string"],"description":"Specify the list of allowed policies OIDs.","description_kind":"plain","optional":true},"postal_code":{"type":["list","string"],"description":"The postal code of generated certificates.","description_kind":"plain","optional":true},"province":{"type":["list","string"],"description":"The province of generated certificates.","description_kind":"plain","optional":true},"require_cn":{"type":"bool","description":"Flag to force CN usage.","description_kind":"plain","optional":true},"server_flag":{"type":"bool","description":"Flag to specify certificates for server use.","description_kind":"plain","optional":true},"street_address":{"type":["list","string"],"description":"The street address of generated certificates.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"The TTL.","description_kind":"plain","optional":true,"computed":true},"use_csr_common_name":{"type":"bool","description":"Flag to use the CN in the CSR.","description_kind":"plain","optional":true},"use_csr_sans":{"type":"bool","description":"Flag to use the SANs in the CSR.","description_kind":"plain","optional":true}},"block_types":{"policy_identifier":{"nesting_mode":"set","block":{"attributes":{"cps":{"type":"string","description":"Optional CPS URL","description_kind":"plain","optional":true},"notice":{"type":"string","description":"Optional notice","description_kind":"plain","optional":true},"oid":{"type":"string","description":"OID","description_kind":"plain","required":true}},"description":"Policy identifier block; can only be used with Vault 1.11+","description_kind":"plain"}}},"description_kind":"plain"}},"vault_pki_secret_backend_root_cert":{"version":1,"block":{"attributes":{"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"The certificate.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"CN of root to create.","description_kind":"plain","required":true},"country":{"type":"string","description":"The country.","description_kind":"plain","optional":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"issuer_id":{"type":"string","description":"The ID of the generated issuer.","description_kind":"plain","computed":true},"issuer_name":{"type":"string","description":"Provides a name to the specified issuer. The name must be unique across all issuers and not be the reserved value 'default'.","description_kind":"plain","optional":true,"computed":true},"issuing_ca":{"type":"string","description":"The issuing CA.","description_kind":"plain","computed":true},"key_bits":{"type":"number","description":"The number of bits to use.","description_kind":"plain","optional":true},"key_id":{"type":"string","description":"The ID of the generated key.","description_kind":"plain","computed":true},"key_name":{"type":"string","description":"When a new key is created with this request, optionally specifies the name for this.","description_kind":"plain","optional":true,"computed":true},"key_ref":{"type":"string","description":"Specifies the key to use for generating this request.","description_kind":"plain","optional":true,"computed":true},"key_type":{"type":"string","description":"The desired key type.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality.","description_kind":"plain","optional":true},"managed_key_id":{"type":"string","description":"The ID of the previously configured managed key.","description_kind":"plain","optional":true,"computed":true},"managed_key_name":{"type":"string","description":"The name of the previously configured managed key.","description_kind":"plain","optional":true,"computed":true},"max_path_length":{"type":"number","description":"The maximum path length to encode in the generated certificate.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization.","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"ou":{"type":"string","description":"The organization unit.","description_kind":"plain","optional":true},"permitted_dns_domains":{"type":["list","string"],"description":"List of domains for which certificates are allowed to be issued.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code.","description_kind":"plain","optional":true},"private_key_format":{"type":"string","description":"The private key format.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province.","description_kind":"plain","optional":true},"serial":{"type":"string","description":"The serial number.","description_kind":"plain","deprecated":true,"computed":true},"serial_number":{"type":"string","description":"The certificate's serial number, hex formatted.","description_kind":"plain","computed":true},"street_address":{"type":"string","description":"The street address.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Time to live.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of root to create. Must be either \"existing\", \"exported\", \"internal\" or \"kms\"","description_kind":"plain","required":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_root_sign_intermediate":{"version":2,"block":{"attributes":{"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"ca_chain":{"type":["list","string"],"description":"The CA chain as a list of format specific certificates","description_kind":"plain","computed":true},"certificate":{"type":"string","description":"The signed intermediate CA certificate.","description_kind":"plain","computed":true},"certificate_bundle":{"type":"string","description":"The concatenation of the intermediate and issuing CA certificates (PEM encoded). Requires the format to be set to any of: pem, pem_bundle. The value will be empty for all other formats.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"CN of intermediate to create.","description_kind":"plain","required":true},"country":{"type":"string","description":"The country.","description_kind":"plain","optional":true},"csr":{"type":"string","description":"The CSR.","description_kind":"plain","required":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"issuer_ref":{"type":"string","description":"Specifies the default issuer of this request.","description_kind":"plain","optional":true},"issuing_ca":{"type":"string","description":"The issuing CA certificate.","description_kind":"plain","computed":true},"locality":{"type":"string","description":"The locality.","description_kind":"plain","optional":true},"max_path_length":{"type":"number","description":"The maximum path length to encode in the generated certificate.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization.","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"ou":{"type":"string","description":"The organization unit.","description_kind":"plain","optional":true},"permitted_dns_domains":{"type":["list","string"],"description":"List of domains for which certificates are allowed to be issued.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province.","description_kind":"plain","optional":true},"revoke":{"type":"bool","description":"Revoke the certificate upon resource destruction.","description_kind":"plain","optional":true},"serial":{"type":"string","description":"The serial number.","description_kind":"plain","deprecated":true,"computed":true},"serial_number":{"type":"string","description":"The certificate's serial number, hex formatted.","description_kind":"plain","computed":true},"street_address":{"type":"string","description":"The street address.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Time to live.","description_kind":"plain","optional":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true},"use_csr_values":{"type":"bool","description":"Preserve CSR values.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_sign":{"version":1,"block":{"attributes":{"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"auto_renew":{"type":"bool","description":"If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"ca_chain":{"type":["list","string"],"description":"The CA chain.","description_kind":"plain","computed":true},"certificate":{"type":"string","description":"The certicate.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"CN of intermediate to create.","description_kind":"plain","required":true},"csr":{"type":"string","description":"The CSR.","description_kind":"plain","required":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"expiration":{"type":"number","description":"The certificate expiration as a Unix-style timestamp.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"issuer_ref":{"type":"string","description":"Specifies the default issuer of this request.","description_kind":"plain","optional":true},"issuing_ca":{"type":"string","description":"The issuing CA.","description_kind":"plain","computed":true},"min_seconds_remaining":{"type":"number","description":"Generate a new certificate when the expiration is within this number of seconds","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the role to create the certificate against.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"renew_pending":{"type":"bool","description":"Initially false, and then set to true during refresh once the expiration is less than min_seconds_remaining in the future.","description_kind":"plain","computed":true},"serial":{"type":"string","description":"The serial number.","description_kind":"plain","deprecated":true,"computed":true},"serial_number":{"type":"string","description":"The certificate's serial number, hex formatted.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"Time to live.","description_kind":"plain","optional":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the policy","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The policy document","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_quota_lease_count":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_leases":{"type":"number","description":"The maximum number of leases to be allowed by the quota rule. The max_leases must be positive.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the quota.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path of the mount or namespace to apply the quota. A blank path configures a global lease count quota.","description_kind":"plain","optional":true},"role":{"type":"string","description":"If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_quota_rate_limit":{"version":0,"block":{"attributes":{"block_interval":{"type":"number","description":"If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' in seconds has elapsed.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interval":{"type":"number","description":"The duration in seconds to enforce rate limiting for.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the quota.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.","description_kind":"plain","optional":true},"rate":{"type":"number","description":"The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.","description_kind":"plain","required":true},"role":{"type":"string","description":"If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_rabbitmq_secret_backend":{"version":1,"block":{"attributes":{"connection_uri":{"type":"string","description":"Specifies the RabbitMQ connection URI.","description_kind":"plain","required":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password":{"type":"string","description":"Specifies the RabbitMQ management administrator password","description_kind":"plain","required":true,"sensitive":true},"password_policy":{"type":"string","description":"Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path of the RabbitMQ Secret Backend where the connection should be configured","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the RabbitMQ management administrator username","description_kind":"plain","required":true,"sensitive":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies whether to verify connection URI, username, and password.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_rabbitmq_secret_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Rabbitmq Secret Backend the role belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"tags":{"type":"string","description":"Specifies a comma-separated RabbitMQ management tags.","description_kind":"plain","optional":true}},"block_types":{"vhost":{"nesting_mode":"list","block":{"attributes":{"configure":{"type":"string","description":"The configure permissions for this vhost.","description_kind":"plain","required":true},"host":{"type":"string","description":"The vhost to set permissions for.","description_kind":"plain","required":true},"read":{"type":"string","description":"The read permissions for this vhost.","description_kind":"plain","required":true},"write":{"type":"string","description":"The write permissions for this vhost.","description_kind":"plain","required":true}},"description":"Specifies a map of virtual hosts to permissions.","description_kind":"plain"}},"vhost_topic":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The vhost to set permissions for.","description_kind":"plain","required":true}},"block_types":{"vhost":{"nesting_mode":"list","block":{"attributes":{"read":{"type":"string","description":"The read permissions for this vhost.","description_kind":"plain","required":true},"topic":{"type":"string","description":"The vhost to set permissions for.","description_kind":"plain","required":true},"write":{"type":"string","description":"The write permissions for this vhost.","description_kind":"plain","required":true}},"description":"Specifies a map of virtual hosts to permissions.","description_kind":"plain"}}},"description":"Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later.","description_kind":"plain"}}},"description_kind":"plain"}},"vault_raft_autopilot":{"version":0,"block":{"attributes":{"cleanup_dead_servers":{"type":"bool","description":"Specifies whether to remove dead server nodes periodically or when a new server joins. This requires that min-quorum is also set.","description_kind":"plain","optional":true},"dead_server_last_contact_threshold":{"type":"string","description":"Limit the amount of time a server can go without leader contact before being considered failed. This only takes effect when cleanup_dead_servers is set.","description_kind":"plain","optional":true},"disable_upgrade_migration":{"type":"bool","description":"Disables automatically upgrading Vault using autopilot. (Enterprise-only)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_contact_threshold":{"type":"string","description":"Limit the amount of time a server can go without leader contact before being considered unhealthy.","description_kind":"plain","optional":true},"max_trailing_logs":{"type":"number","description":"Maximum number of log entries in the Raft log that a server can be behind its leader before being considered unhealthy.","description_kind":"plain","optional":true},"min_quorum":{"type":"number","description":"Minimum number of servers allowed in a cluster before autopilot can prune dead servers. This should at least be 3. Applicable only for voting nodes.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"server_stabilization_time":{"type":"string","description":"Minimum amount of time a server must be stable in the 'healthy' state before being added to the cluster.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_raft_snapshot_agent_config":{"version":0,"block":{"attributes":{"aws_access_key_id":{"type":"string","description":"AWS access key ID.","description_kind":"plain","optional":true},"aws_s3_bucket":{"type":"string","description":"S3 bucket to write snapshots to.","description_kind":"plain","optional":true},"aws_s3_disable_tls":{"type":"bool","description":"Disable TLS for the S3 endpoint. This should only be used for testing purposes.","description_kind":"plain","optional":true},"aws_s3_enable_kms":{"type":"bool","description":"Use KMS to encrypt bucket contents.","description_kind":"plain","optional":true},"aws_s3_endpoint":{"type":"string","description":"AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.","description_kind":"plain","optional":true},"aws_s3_force_path_style":{"type":"bool","description":"Use the endpoint/bucket URL style instead of bucket.endpoint.","description_kind":"plain","optional":true},"aws_s3_kms_key":{"type":"string","description":"Use named KMS key, when aws_s3_enable_kms=true","description_kind":"plain","optional":true},"aws_s3_region":{"type":"string","description":"AWS region bucket is in.","description_kind":"plain","optional":true},"aws_s3_server_side_encryption":{"type":"bool","description":"Use AES256 to encrypt bucket contents.","description_kind":"plain","optional":true},"aws_secret_access_key":{"type":"string","description":"AWS secret access key.","description_kind":"plain","optional":true},"aws_session_token":{"type":"string","description":"AWS session token.","description_kind":"plain","optional":true},"azure_account_key":{"type":"string","description":"Azure account key.","description_kind":"plain","optional":true},"azure_account_name":{"type":"string","description":"Azure account name.","description_kind":"plain","optional":true},"azure_blob_environment":{"type":"string","description":"Azure blob environment.","description_kind":"plain","optional":true},"azure_container_name":{"type":"string","description":"Azure container name to write snapshots to.","description_kind":"plain","optional":true},"azure_endpoint":{"type":"string","description":"Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.","description_kind":"plain","optional":true},"file_prefix":{"type":"string","description":"The file or object name of snapshot files will start with this string.","description_kind":"plain","optional":true},"google_disable_tls":{"type":"bool","description":"Disable TLS for the GCS endpoint.","description_kind":"plain","optional":true},"google_endpoint":{"type":"string","description":"GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.","description_kind":"plain","optional":true},"google_gcs_bucket":{"type":"string","description":"GCS bucket to write snapshots to.","description_kind":"plain","optional":true},"google_service_account_key":{"type":"string","description":"Google service account key in JSON format.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interval_seconds":{"type":"number","description":"Number of seconds between snapshots.","description_kind":"plain","required":true},"local_max_space":{"type":"number","description":"The maximum space, in bytes, to use for snapshots.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the snapshot agent configuration.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path_prefix":{"type":"string","description":"The directory or bucket prefix to to use.","description_kind":"plain","required":true},"retain":{"type":"number","description":"How many snapshots are to be kept.","description_kind":"plain","optional":true},"storage_type":{"type":"string","description":"What storage service to send snapshots to. One of \"local\", \"azure-blob\", \"aws-s3\", or \"google-gcs\".","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_rgp_policy":{"version":0,"block":{"attributes":{"enforcement_level":{"type":"string","description":"Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory'","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the policy","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The policy document","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_saml_auth_backend":{"version":0,"block":{"attributes":{"acs_urls":{"type":["list","string"],"description":"The well-formatted URLs of your Assertion Consumer Service (ACS) that should receive a response from the identity provider.","description_kind":"plain","required":true},"default_role":{"type":"string","description":"The role to use if no role is provided during login.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"entity_id":{"type":"string","description":"The entity ID of the SAML authentication service provider.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_cert":{"type":"string","description":"The PEM encoded certificate of the identity provider. Mutually exclusive with 'idp_metadata_url'","description_kind":"plain","optional":true},"idp_entity_id":{"type":"string","description":"The entity ID of the identity provider. Mutually exclusive with 'idp_metadata_url'.","description_kind":"plain","optional":true},"idp_metadata_url":{"type":"string","description":"The metadata URL of the identity provider.","description_kind":"plain","optional":true},"idp_sso_url":{"type":"string","description":"The SSO URL of the identity provider. Mutually exclusive with 'idp_metadata_url'.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"verbose_logging":{"type":"bool","description":"Log additional, potentially sensitive information during the SAML exchange according to the current logging level. Not recommended for production.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_saml_auth_backend_role":{"version":0,"block":{"attributes":{"bound_attributes":{"type":["map","string"],"description":"Mapping of attribute names to values that are expected to exist in the SAML assertion.","description_kind":"plain","optional":true},"bound_attributes_type":{"type":"string","description":"The type of matching assertion to perform on bound_attributes.","description_kind":"plain","optional":true,"computed":true},"bound_subjects":{"type":["list","string"],"description":"The subject being asserted for SAML authentication.","description_kind":"plain","optional":true},"bound_subjects_type":{"type":"string","description":"The type of matching assertion to perform on bound_subjects.","description_kind":"plain","optional":true,"computed":true},"groups_attribute":{"type":"string","description":"The attribute to use to identify the set of groups to which the user belongs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path where SAML Auth engine is mounted.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_secrets_sync_association":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Specifies the mount where the secret is located.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_name":{"type":"string","description":"Specifies the name of the secret to synchronize.","description_kind":"plain","required":true},"sync_status":{"type":"string","description":"Specifies the status of the association.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Type of sync destination.","description_kind":"plain","required":true},"updated_at":{"type":"string","description":"Duration string stating when the secret was last updated.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_aws_destination":{"version":0,"block":{"attributes":{"access_key_id":{"type":"string","description":"Access key id to authenticate against the AWS secrets manager.","description_kind":"plain","optional":true},"custom_tags":{"type":["map","string"],"description":"Custom tags to set on the secret managed at the destination.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the AWS destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where to manage the secrets manager entries.","description_kind":"plain","optional":true},"secret_access_key":{"type":"string","description":"Secret access key to authenticate against the AWS secrets manager.","description_kind":"plain","optional":true,"sensitive":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_azure_destination":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"Client ID of an Azure app registration.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"Client Secret of an Azure app registration.","description_kind":"plain","optional":true,"sensitive":true},"cloud":{"type":"string","description":"Specifies a cloud for the client.","description_kind":"plain","optional":true},"custom_tags":{"type":["map","string"],"description":"Custom tags to set on the secret managed at the destination.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_vault_uri":{"type":"string","description":"URI of an existing Azure Key Vault instance.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name of the Azure destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"ID of the target Azure tenant.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_config":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Disables the syncing process between Vault and external destinations.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"queue_capacity":{"type":"number","description":"Maximum number of pending sync operations allowed on the queue.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_secrets_sync_gcp_destination":{"version":0,"block":{"attributes":{"credentials":{"type":"string","description":"JSON-encoded credentials to use to connect to GCP.","description_kind":"plain","optional":true,"sensitive":true},"custom_tags":{"type":["map","string"],"description":"Custom tags to set on the secret managed at the destination.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the GCP destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_gh_destination":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"Fine-grained or personal access token.","description_kind":"plain","optional":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the github destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"repository_name":{"type":"string","description":"Name of the repository.","description_kind":"plain","optional":true},"repository_owner":{"type":"string","description":"GitHub organization or username that owns the repository.","description_kind":"plain","optional":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_vercel_destination":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"Vercel API access token with the permissions to manage environment variables.","description_kind":"plain","required":true,"sensitive":true},"deployment_environments":{"type":["list","string"],"description":"Deployment environments where the environment variables are available. Accepts 'development', 'preview' \u0026 'production'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the Vercel destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where to manage environment variables.","description_kind":"plain","required":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"team_id":{"type":"string","description":"Team ID the project belongs to.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_ssh_secret_backend_ca":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the SSH Secret Backend where the CA should be configured","description_kind":"plain","optional":true},"generate_signing_key":{"type":"bool","description":"Whether Vault should generate the signing key pair internally.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"Private key part the SSH CA key pair; required if generate_signing_key is false.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"public_key":{"type":"string","description":"Public key part the SSH CA key pair; required if generate_signing_key is false.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_ssh_secret_backend_role":{"version":0,"block":{"attributes":{"algorithm_signer":{"type":"string","description_kind":"plain","optional":true,"computed":true},"allow_bare_domains":{"type":"bool","description_kind":"plain","optional":true},"allow_host_certificates":{"type":"bool","description_kind":"plain","optional":true},"allow_subdomains":{"type":"bool","description_kind":"plain","optional":true},"allow_user_certificates":{"type":"bool","description_kind":"plain","optional":true},"allow_user_key_ids":{"type":"bool","description_kind":"plain","optional":true},"allowed_critical_options":{"type":"string","description_kind":"plain","optional":true},"allowed_domains":{"type":"string","description_kind":"plain","optional":true},"allowed_domains_template":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"allowed_extensions":{"type":"string","description_kind":"plain","optional":true},"allowed_user_key_lengths":{"type":["map","number"],"description_kind":"plain","deprecated":true,"optional":true},"allowed_users":{"type":"string","description_kind":"plain","optional":true},"allowed_users_template":{"type":"bool","description_kind":"plain","optional":true},"backend":{"type":"string","description_kind":"plain","required":true},"cidr_list":{"type":"string","description_kind":"plain","optional":true},"default_critical_options":{"type":["map","string"],"description_kind":"plain","optional":true},"default_extensions":{"type":["map","string"],"description_kind":"plain","optional":true},"default_user":{"type":"string","description_kind":"plain","optional":true},"default_user_template":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id_format":{"type":"string","description_kind":"plain","optional":true},"key_type":{"type":"string","description_kind":"plain","required":true},"max_ttl":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"not_before_duration":{"type":"string","description":"Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.","description_kind":"plain","optional":true,"computed":true},"ttl":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allowed_user_key_config":{"nesting_mode":"set","block":{"attributes":{"lengths":{"type":["list","number"],"description":"List of allowed key lengths, vault-1.10 and above","description_kind":"plain","required":true},"type":{"type":"string","description":"Key type, choices:\nrsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521","description_kind":"plain","required":true}},"description":"Set of allowed public key types and their relevant configuration","description_kind":"plain"}}},"description_kind":"plain"}},"vault_terraform_cloud_secret_backend":{"version":1,"block":{"attributes":{"address":{"type":"string","description":"Specifies the address of the Terraform Cloud instance, provided as \"host:port\" like \"127.0.0.1:8500\".","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the Vault Terraform Cloud mount to configure","description_kind":"plain","optional":true},"base_path":{"type":"string","description":"Specifies the base path for the Terraform Cloud or Enterprise API.","description_kind":"plain","optional":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"token":{"type":"string","description":"Specifies the Terraform Cloud access token to use.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_terraform_cloud_secret_creds":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Terraform Cloud secret backend to generate tokens from","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_id":{"type":"string","description":"Associated Vault lease ID, if one exists","description_kind":"plain","computed":true,"sensitive":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"Name of the Terraform Cloud or Enterprise organization","description_kind":"plain","computed":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"team_id":{"type":"string","description":"ID of the Terraform Cloud or Enterprise team under organization (e.g., settings/teams/team-xxxxxxxxxxxxx)","description_kind":"plain","computed":true},"token":{"type":"string","description":"Terraform Token provided by the Vault backend","description_kind":"plain","computed":true,"sensitive":true},"token_id":{"type":"string","description":"ID of the Terraform Token provided","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_terraform_cloud_secret_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Terraform Cloud Secret Backend the role belongs to.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Maximum allowed lease for generated credentials. If not set or set to 0, will use system default.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of an existing role against which to create this Terraform Cloud credential","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"Name of the Terraform Cloud or Enterprise organization","description_kind":"plain","optional":true},"team_id":{"type":"string","description":"ID of the Terraform Cloud or Enterprise team under organization (e.g., settings/teams/team-xxxxxxxxxxxxx)","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"Default lease for generated credentials. If not set or set to 0, will use system default.","description_kind":"plain","optional":true},"user_id":{"type":"string","description":"ID of the Terraform Cloud or Enterprise user (e.g., user-xxxxxxxxxxxxxxxx)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_token":{"version":0,"block":{"attributes":{"client_token":{"type":"string","description":"The client token.","description_kind":"plain","computed":true,"sensitive":true},"display_name":{"type":"string","description":"The display name of the token.","description_kind":"plain","optional":true},"explicit_max_ttl":{"type":"string","description":"The explicit max TTL of the token.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"The token lease duration.","description_kind":"plain","computed":true},"lease_started":{"type":"string","description":"The token lease started on.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata to be associated with the token.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"no_default_policy":{"type":"bool","description":"Flag to disable the default policy.","description_kind":"plain","optional":true},"no_parent":{"type":"bool","description":"Flag to create a token without parent.","description_kind":"plain","optional":true,"computed":true},"num_uses":{"type":"number","description":"The number of allowed uses of the token.","description_kind":"plain","optional":true,"computed":true},"period":{"type":"string","description":"The period of the token.","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"List of policies.","description_kind":"plain","optional":true},"renew_increment":{"type":"number","description":"The renew increment.","description_kind":"plain","optional":true},"renew_min_lease":{"type":"number","description":"The minimum lease to renew token.","description_kind":"plain","optional":true},"renewable":{"type":"bool","description":"Flag to allow the token to be renewed","description_kind":"plain","optional":true,"computed":true},"role_name":{"type":"string","description":"The token role name.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"The TTL period of the token.","description_kind":"plain","optional":true},"wrapped_token":{"type":"string","description":"The client wrapped token.","description_kind":"plain","computed":true,"sensitive":true},"wrapping_accessor":{"type":"string","description":"The client wrapping accessor.","description_kind":"plain","computed":true,"sensitive":true},"wrapping_ttl":{"type":"string","description":"The TTL period of the wrapped token.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_token_auth_backend_role":{"version":0,"block":{"attributes":{"allowed_entity_aliases":{"type":["set","string"],"description":"Set of allowed entity aliases for this role.","description_kind":"plain","optional":true},"allowed_policies":{"type":["set","string"],"description":"List of allowed policies for given role.","description_kind":"plain","optional":true},"allowed_policies_glob":{"type":["set","string"],"description":"Set of allowed policies with glob match for given role.","description_kind":"plain","optional":true},"disallowed_policies":{"type":["set","string"],"description":"List of disallowed policies for given role.","description_kind":"plain","optional":true},"disallowed_policies_glob":{"type":["set","string"],"description":"Set of disallowed policies with glob match for given role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"orphan":{"type":"bool","description":"If true, tokens created against this policy will be orphan tokens.","description_kind":"plain","optional":true},"path_suffix":{"type":"string","description":"Tokens created against this role will have the given suffix as part of their path in addition to the role name.","description_kind":"plain","optional":true},"renewable":{"type":"bool","description":"Whether to disable the ability of the token to be renewed past its initial TTL.","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transform_alphabet":{"version":0,"block":{"attributes":{"alphabet":{"type":"string","description":"A string of characters that contains the alphabet set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the alphabet.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The mount path for a back-end, for example, the path given in \"$ vault auth enable -path=my-aws aws\".","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_transform_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The mount path for a back-end, for example, the path given in \"$ vault auth enable -path=my-aws aws\".","description_kind":"plain","required":true},"transformations":{"type":["list","string"],"description":"A comma separated string or slice of transformations to use.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transform_template":{"version":0,"block":{"attributes":{"alphabet":{"type":"string","description":"The alphabet to use for this template. This is only used during FPE transformations.","description_kind":"plain","optional":true},"decode_formats":{"type":["map","string"],"description":"The map of regular expression templates used to customize decoded outputs.\nOnly applicable to FPE transformations.","description_kind":"plain","optional":true},"encode_format":{"type":"string","description":"The regular expression template used for encoding values.\nOnly applicable to FPE transformations.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the template.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The mount path for a back-end, for example, the path given in \"$ vault auth enable -path=my-aws aws\".","description_kind":"plain","required":true},"pattern":{"type":"string","description":"The pattern used for matching. Currently, only regular expression pattern is supported.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The pattern type to use for match detection. Currently, only regex is supported.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transform_transformation":{"version":0,"block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"The set of roles allowed to perform this transformation.","description_kind":"plain","optional":true},"deletion_allowed":{"type":"bool","description":"If true, this transform can be deleted. Otherwise deletion is blocked while this value remains false.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"masking_character":{"type":"string","description":"The character used to replace data when in masking mode","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the transformation.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The mount path for a back-end, for example, the path given in \"$ vault auth enable -path=my-aws aws\".","description_kind":"plain","required":true},"template":{"type":"string","description":"The name of the template to use.","description_kind":"plain","optional":true},"templates":{"type":["list","string"],"description":"Templates configured for transformation.","description_kind":"plain","optional":true,"computed":true},"tweak_source":{"type":"string","description":"The source of where the tweak value comes from. Only valid when in FPE mode.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of transformation to perform.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transit_secret_backend_key":{"version":0,"block":{"attributes":{"allow_plaintext_backup":{"type":"bool","description":"If set, enables taking backup of named key in the plaintext format. Once set, this cannot be disabled.","description_kind":"plain","optional":true},"auto_rotate_interval":{"type":"number","description":"Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"auto_rotate_period":{"type":"number","description":"Amount of seconds the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key.","description_kind":"plain","optional":true,"computed":true},"backend":{"type":"string","description":"The Transit secret backend the resource belongs to.","description_kind":"plain","required":true},"convergent_encryption":{"type":"bool","description":"Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.","description_kind":"plain","optional":true},"deletion_allowed":{"type":"bool","description":"Specifies if the key is allowed to be deleted.","description_kind":"plain","optional":true},"derived":{"type":"bool","description":"Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.","description_kind":"plain","optional":true},"exportable":{"type":"bool","description":"Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported. Once set, this cannot be disabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_size":{"type":"number","description":"The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC; this value must be between 32 and 512.","description_kind":"plain","optional":true},"keys":{"type":["list",["map","string"]],"description":"List of key versions in the keyring.","description_kind":"plain","computed":true},"latest_version":{"type":"number","description":"Latest key version in use in the keyring","description_kind":"plain","computed":true},"min_available_version":{"type":"number","description":"Minimum key version available for use.","description_kind":"plain","computed":true},"min_decryption_version":{"type":"number","description":"Minimum key version to use for decryption.","description_kind":"plain","optional":true},"min_encryption_version":{"type":"number","description":"Minimum key version to use for encryption","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the encryption key to create.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"supports_decryption":{"type":"bool","description":"Whether or not the key supports decryption, based on key type.","description_kind":"plain","computed":true},"supports_derivation":{"type":"bool","description":"Whether or not the key supports derivation, based on key type.","description_kind":"plain","computed":true},"supports_encryption":{"type":"bool","description":"Whether or not the key supports encryption, based on key type.","description_kind":"plain","computed":true},"supports_signing":{"type":"bool","description":"Whether or not the key supports signing, based on key type.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96, chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, rsa-3072, rsa-4096","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transit_secret_cache_config":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The Transit secret backend the resource belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"size":{"type":"number","description":"Number of cache entries. A size of 0 mean unlimited.","description_kind":"plain","required":true}},"description_kind":"plain"}}},"data_source_schemas":{"vault_ad_access_credentials":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"AD Secret Backend to read credentials from.","description_kind":"plain","required":true},"current_password":{"type":"string","description":"Password for the service account.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_password":{"type":"string","description":"Last known password for the service account.","description_kind":"plain","computed":true,"sensitive":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"username":{"type":"string","description":"Name of the service account.","description_kind":"plain","computed":true}},"description_kind":"plain","deprecated":true}},"vault_approle_auth_backend_role_id":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_id":{"type":"string","description":"The RoleID of the role.","description_kind":"plain","computed":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the auth backend.","description_kind":"plain","computed":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration in seconds","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the auth backend.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_visibility":{"type":"string","description":"Specifies whether to show this mount in the UI-specific listing endpoint.","description_kind":"plain","computed":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","computed":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration in seconds","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The auth backend mount point.","description_kind":"plain","required":true},"type":{"type":"string","description":"The name of the auth backend.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_auth_backends":{"version":0,"block":{"attributes":{"accessors":{"type":["list","string"],"description":"The accessors of the auth backends.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"The auth backend mount points.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the auth backend.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_access_credentials":{"version":0,"block":{"attributes":{"access_key":{"type":"string","description":"AWS access key ID read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"backend":{"type":"string","description":"AWS Secret Backend to read credentials from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds relative to the time in lease_start_time.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"lease_start_time":{"type":"string","description":"Time at which the lease was read, using the clock of the system where Terraform was running","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region the read credentials belong to.","description_kind":"plain","optional":true},"role":{"type":"string","description":"AWS Secret Role to read credentials from.","description_kind":"plain","required":true},"role_arn":{"type":"string","description":"ARN to use if multiple are available in the role. Required if the role has multiple ARNs.","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"AWS secret key read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"security_token":{"type":"string","description":"AWS security token read from Vault. (Only returned if type is 'sts').","description_kind":"plain","computed":true,"sensitive":true},"ttl":{"type":"string","description":"User specified Time-To-Live for the STS token. Uses the Role defined default_sts_ttl when not specified","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of credentials to read. Must be either 'creds' for Access Key and Secret Key, or 'sts' for STS.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_static_access_credentials":{"version":0,"block":{"attributes":{"access_key":{"type":"string","description":"AWS access key ID read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"backend":{"type":"string","description":"AWS Secret Backend to read credentials from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"AWS secret key read from Vault.","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"vault_azure_access_credentials":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Azure Secret Backend to read credentials from.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"The client id for credentials to query the Azure APIs.","description_kind":"plain","computed":true},"client_secret":{"type":"string","description":"The client secret for credentials to query the Azure APIs.","description_kind":"plain","computed":true,"sensitive":true},"environment":{"type":"string","description":"The Azure environment to use during credential validation.\nDefaults to the environment configured in the Vault backend.\nSome possible values: AzurePublicCloud, AzureUSGovernmentCloud","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds relative to the time in lease_start_time.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"lease_start_time":{"type":"string","description":"Time at which the lease was read, using the clock of the system where Terraform was running","description_kind":"plain","computed":true},"max_cred_validation_seconds":{"type":"number","description":"If 'validate_creds' is true, the number of seconds after which to give up validating credentials.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"num_seconds_between_tests":{"type":"number","description":"If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials.","description_kind":"plain","optional":true},"num_sequential_successes":{"type":"number","description":"If 'validate_creds' is true, the number of sequential successes required to validate generated credentials.","description_kind":"plain","optional":true},"role":{"type":"string","description":"Azure Secret Role to read credentials from.","description_kind":"plain","required":true},"subscription_id":{"type":"string","description":"The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend","description_kind":"plain","optional":true},"tenant_id":{"type":"string","description":"The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend","description_kind":"plain","optional":true},"validate_creds":{"type":"bool","description":"Whether generated credentials should be validated before being returned.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_gcp_auth_backend_role":{"version":1,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bound_instance_groups":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_labels":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_projects":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_regions":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_service_accounts":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_zones":{"type":["set","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_id":{"type":"string","description":"The RoleID of the GCP auth role.","description_kind":"plain","computed":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"type":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_generic_secret":{"version":1,"block":{"attributes":{"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds relative to the time in lease_start_time.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"lease_start_time":{"type":"string","description":"Time at which the lease was read, using the clock of the system where Terraform was running","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path from which a secret will be read.","description_kind":"plain","required":true},"version":{"type":"number","description_kind":"plain","optional":true},"with_lease_start_time":{"type":"bool","description":"If set to true, stores 'lease_start_time' in the TF state.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_entity":{"version":0,"block":{"attributes":{"alias_id":{"type":"string","description":"ID of the alias.","description_kind":"plain","optional":true,"computed":true},"alias_mount_accessor":{"type":"string","description":"Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with `alias_name`.","description_kind":"plain","optional":true,"computed":true},"alias_name":{"type":"string","description":"Name of the alias. This should be supplied in conjunction with `alias_mount_accessor`.","description_kind":"plain","optional":true,"computed":true},"aliases":{"type":["set",["object",{"canonical_id":"string","creation_time":"string","id":"string","last_update_time":"string","merged_from_canonical_ids":["set","string"],"metadata":["map","string"],"mount_accessor":"string","mount_path":"string","mount_type":"string","name":"string"}]],"description_kind":"plain","computed":true},"creation_time":{"type":"string","description_kind":"plain","computed":true},"data_json":{"type":"string","description":"Entity data from Vault in JSON String form","description_kind":"plain","computed":true},"direct_group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"disabled":{"type":"bool","description_kind":"plain","computed":true},"entity_id":{"type":"string","description":"ID of the entity.","description_kind":"plain","optional":true,"computed":true},"entity_name":{"type":"string","description":"Name of the entity.","description_kind":"plain","optional":true,"computed":true},"group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inherited_group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"last_update_time":{"type":"string","description_kind":"plain","computed":true},"merged_entity_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description_kind":"plain","computed":true},"policies":{"type":["set","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_group":{"version":1,"block":{"attributes":{"alias_canonical_id":{"type":"string","description_kind":"plain","computed":true},"alias_creation_time":{"type":"string","description_kind":"plain","computed":true},"alias_id":{"type":"string","description":"ID of the alias.","description_kind":"plain","optional":true,"computed":true},"alias_last_update_time":{"type":"string","description_kind":"plain","computed":true},"alias_merged_from_canonical_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"alias_metadata":{"type":["map","string"],"description_kind":"plain","computed":true},"alias_mount_accessor":{"type":"string","description":"Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with `alias_name`.","description_kind":"plain","optional":true,"computed":true},"alias_mount_path":{"type":"string","description_kind":"plain","computed":true},"alias_mount_type":{"type":"string","description_kind":"plain","computed":true},"alias_name":{"type":"string","description":"Name of the alias. This should be supplied in conjunction with `alias_mount_accessor`.","description_kind":"plain","optional":true,"computed":true},"creation_time":{"type":"string","description_kind":"plain","computed":true},"data_json":{"type":"string","description":"Group data from Vault in JSON String form","description_kind":"plain","computed":true},"group_id":{"type":"string","description":"ID of the group.","description_kind":"plain","optional":true,"computed":true},"group_name":{"type":"string","description":"Name of the group.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_update_time":{"type":"string","description_kind":"plain","computed":true},"member_entity_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"member_group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description_kind":"plain","computed":true},"modify_index":{"type":"number","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description_kind":"plain","computed":true},"parent_group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"policies":{"type":["set","string"],"description_kind":"plain","computed":true},"type":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_oidc_client_creds":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The Client ID from Vault.","description_kind":"plain","computed":true},"client_secret":{"type":"string","description":"The Client Secret from Vault.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the client.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_openid_config":{"version":0,"block":{"attributes":{"authorization_endpoint":{"type":"string","description":"The Authorization Endpoint for the provider.","description_kind":"plain","computed":true},"grant_types_supported":{"type":["list","string"],"description":"The grant types supported by the provider.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token_signing_alg_values_supported":{"type":["list","string"],"description":"The signing algorithms supported by the provider.","description_kind":"plain","computed":true},"issuer":{"type":"string","description":"The URL of the issuer for the provider.","description_kind":"plain","computed":true},"jwks_uri":{"type":"string","description":"The well known keys URI for the provider.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the provider.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"request_uri_parameter_supported":{"type":"bool","description":"Specifies whether Request URI Parameter is supported by the provider.","description_kind":"plain","computed":true},"response_types_supported":{"type":["list","string"],"description":"The response types supported by the provider.","description_kind":"plain","computed":true},"scopes_supported":{"type":["list","string"],"description":"The scopes supported by the provider.","description_kind":"plain","computed":true},"subject_types_supported":{"type":["list","string"],"description":"The subject types supported by the provider.","description_kind":"plain","computed":true},"token_endpoint":{"type":"string","description":"The Token Endpoint for the provider.","description_kind":"plain","computed":true},"token_endpoint_auth_methods_supported":{"type":["list","string"],"description":"The token endpoint auth methods supported by the provider.","description_kind":"plain","computed":true},"userinfo_endpoint":{"type":"string","description":"The User Info Endpoint for the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_oidc_public_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keys":{"type":["list",["map","string"]],"description":"The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the provider.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kubernetes_auth_backend_config":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the kubernetes backend to configure.","description_kind":"plain","optional":true},"disable_iss_validation":{"type":"bool","description":"Optional disable JWT issuer validation. Allows to skip ISS validation.","description_kind":"plain","optional":true,"computed":true},"disable_local_ca_jwt":{"type":"bool","description":"Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.","description_kind":"plain","optional":true,"computed":true},"kubernetes_ca_cert":{"type":"string","description":"PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.","description_kind":"plain","optional":true,"computed":true},"kubernetes_host":{"type":"string","description":"Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"pem_keys":{"type":["list","string"],"description":"Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_kubernetes_auth_backend_role":{"version":0,"block":{"attributes":{"alias_name_source":{"type":"string","description":"Method used for generating identity aliases.","description_kind":"plain","computed":true},"audience":{"type":"string","description":"Optional Audience claim to verify in the JWT.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the kubernetes backend to configure.","description_kind":"plain","optional":true},"bound_service_account_names":{"type":["set","string"],"description":"List of service account names able to access this role. If set to \"*\" all names are allowed, both this and bound_service_account_namespaces can not be \"*\".","description_kind":"plain","computed":true},"bound_service_account_namespaces":{"type":["set","string"],"description":"List of namespaces allowed to access this role. If set to \"*\" all namespaces are allowed, both this and bound_service_account_names can not be set to \"*\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kubernetes_service_account_token":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The Kubernetes secret backend to generate service account tokens from.","description_kind":"plain","required":true},"cluster_role_binding":{"type":"bool","description":"If true, generate a ClusterRoleBinding to grant permissions across the whole cluster instead of within a namespace.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_namespace":{"type":"string","description":"The name of the Kubernetes namespace in which to generate the credentials.","description_kind":"plain","required":true},"lease_duration":{"type":"number","description":"The duration of the lease in seconds.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"The lease identifier assigned by Vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"service_account_name":{"type":"string","description":"The name of the service account associated with the token.","description_kind":"plain","computed":true},"service_account_namespace":{"type":"string","description":"The Kubernetes namespace that the service account resides in.","description_kind":"plain","computed":true},"service_account_token":{"type":"string","description":"The Kubernetes service account token.","description_kind":"plain","computed":true,"sensitive":true},"ttl":{"type":"string","description":"The TTL of the generated Kubernetes service account token, specified in seconds or as a Go duration format string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secret":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by Vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path of the KV-V1 secret.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_kv_secret_subkeys_v2":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"Subkeys stored as a map of strings.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"Subkeys for the KV-V2 secret read from Vault.","description_kind":"plain","computed":true},"depth":{"type":"number","description":"Specifies the deepest nesting level to provide in the output.If non-zero, keys that reside at the specified depth value will be artificially treated as leaves and will thus be 'null' even if further underlying sub-keys exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted","description_kind":"plain","required":true},"name":{"type":"string","description":"Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz'","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the generic secret will be written.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Specifies the version to return. If not set the latest version is returned.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secret_v2":{"version":0,"block":{"attributes":{"created_time":{"type":"string","description":"Time at which the secret was created","description_kind":"plain","computed":true},"custom_metadata":{"type":["map","string"],"description":"Custom metadata for the secret","description_kind":"plain","computed":true},"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"deletion_time":{"type":"string","description":"Deletion time for the secret","description_kind":"plain","computed":true},"destroyed":{"type":"bool","description":"Indicates whether the secret has been destroyed","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted","description_kind":"plain","required":true},"name":{"type":"string","description":"Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz'","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the KVV2 secret is written.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the secret to retrieve","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secrets_list":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description":"List of all secret names.","description_kind":"plain","computed":true,"sensitive":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full KV-V1 path where secrets will be listed.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_kv_secrets_list_v2":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted","description_kind":"plain","required":true},"name":{"type":"string","description":"Full named path of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz'","description_kind":"plain","optional":true},"names":{"type":["list","string"],"description":"List of all secret names.","description_kind":"plain","computed":true,"sensitive":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the KV-V2 secrets are listed.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_ldap_dynamic_credentials":{"version":0,"block":{"attributes":{"distinguished_names":{"type":["list","string"],"description":"List of the distinguished names (DN) created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by Vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"mount":{"type":"string","description":"LDAP Secret Backend to read credentials from.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the dynamic role.","description_kind":"plain","computed":true,"sensitive":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"username":{"type":"string","description":"Name of the dynamic role.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_ldap_static_credentials":{"version":0,"block":{"attributes":{"dn":{"type":"string","description":"Distinguished name (DN) of the existing LDAP entry to manage password rotation for.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_password":{"type":"string","description":"Last known password for the static role.","description_kind":"plain","computed":true,"sensitive":true},"last_vault_rotation":{"type":"string","description":"Last time Vault rotated this static role's password.","description_kind":"plain","computed":true},"mount":{"type":"string","description":"LDAP Secret Backend to read credentials from.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the static role.","description_kind":"plain","computed":true,"sensitive":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"rotation_period":{"type":"number","description":"How often Vault should rotate the password of the user entry.","description_kind":"plain","computed":true},"ttl":{"type":"number","description":"Duration in seconds after which the issued credential should expire.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Name of the static role.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_nomad_access_token":{"version":0,"block":{"attributes":{"accessor_id":{"type":"string","description":"The public identifier for a specific token. It can be used to look up information about a token or to revoke a token.","description_kind":"plain","computed":true},"backend":{"type":"string","description":"Nomad secret backend to generate tokens from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"Used to make requests to Nomad and should be kept private.","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"vault_pki_secret_backend_issuer":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"ca_chain":{"type":["list","string"],"description":"The CA chain as a list of format specific certificates","description_kind":"plain","computed":true},"certificate":{"type":"string","description":"The certificate.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_id":{"type":"string","description":"ID of the issuer.","description_kind":"plain","computed":true},"issuer_name":{"type":"string","description":"Name of the issuer.","description_kind":"plain","computed":true},"issuer_ref":{"type":"string","description":"Reference to an existing issuer.","description_kind":"plain","required":true},"key_id":{"type":"string","description":"ID of the key used by the issuer.","description_kind":"plain","computed":true},"leaf_not_after_behavior":{"type":"string","description":"Behavior of a leaf's NotAfter field during issuance.","description_kind":"plain","computed":true},"manual_chain":{"type":["list","string"],"description":"Chain of issuer references to build this issuer's computed CAChain field from, when non-empty","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"usage":{"type":"string","description":"Allowed usages for this issuer.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_pki_secret_backend_issuers":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_info":{"type":["map","string"],"description":"Map of issuer strings read from Vault.","description_kind":"plain","computed":true},"key_info_json":{"type":"string","description":"JSON-encoded key info data read from Vault.","description_kind":"plain","computed":true},"keys":{"type":["list","string"],"description":"Keys used by issuers under the backend path.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_key":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"ID of the key used.","description_kind":"plain","computed":true},"key_name":{"type":"string","description":"Name of the key.","description_kind":"plain","computed":true},"key_ref":{"type":"string","description":"Reference to an existing key.","description_kind":"plain","required":true},"key_type":{"type":"string","description":"Type of the key.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_keys":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_info":{"type":["map","string"],"description":"Map of key strings read from Vault.","description_kind":"plain","computed":true},"key_info_json":{"type":"string","description":"JSON-encoded key data read from Vault.","description_kind":"plain","computed":true},"keys":{"type":["list","string"],"description":"Keys used under the backend path.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_policy_document":{"version":0,"block":{"attributes":{"hcl":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"block_types":{"rule":{"nesting_mode":"list","block":{"attributes":{"capabilities":{"type":["list","string"],"description_kind":"plain","required":true},"description":{"type":"string","description_kind":"plain","optional":true},"max_wrapping_ttl":{"type":"string","description_kind":"plain","optional":true},"min_wrapping_ttl":{"type":"string","description_kind":"plain","optional":true},"path":{"type":"string","description_kind":"plain","required":true},"required_parameters":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"allowed_parameter":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"value":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"}},"denied_parameter":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"value":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"}}},"description":"The policy rule","description_kind":"plain"}}},"description_kind":"plain"}},"vault_raft_autopilot_state":{"version":0,"block":{"attributes":{"failure_tolerance":{"type":"number","description":"How many nodes could fail before the cluster becomes unhealthy","description_kind":"plain","computed":true},"healthy":{"type":"bool","description":"Health status","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"leader":{"type":"string","description":"Current leader of Vault","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"optimistic_failure_tolerance":{"type":"number","description":"The cluster-level optimistic failure tolerance.","description_kind":"plain","computed":true},"redundancy_zones":{"type":["map","string"],"description":"Additional output related to redundancy zones stored as a map of strings.","description_kind":"plain","computed":true},"redundancy_zones_json":{"type":"string","description":"Subkeys for the redundancy zones read from Vault.","description_kind":"plain","computed":true},"servers":{"type":["map","string"],"description":"Additional output related to servers stored as a map of strings.","description_kind":"plain","computed":true},"servers_json":{"type":"string","description":"Subkeys for the servers read from Vault.","description_kind":"plain","computed":true},"upgrade_info":{"type":["map","string"],"description":"Additional output related to upgrade info stored as a map of strings.","description_kind":"plain","computed":true},"upgrade_info_json":{"type":"string","description":"Subkeys for the servers read from Vault.","description_kind":"plain","computed":true},"voters":{"type":["list","string"],"description":"The voters in the Vault cluster.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_transform_decode":{"version":0,"block":{"attributes":{"batch_input":{"type":["list",["map","string"]],"description":"Specifies a list of items to be decoded in a single batch. If this parameter is set, the top-level parameters 'value', 'transformation' and 'tweak' will be ignored. Each batch item within the list can specify these parameters instead.","description_kind":"plain","optional":true},"batch_results":{"type":["list",["map","string"]],"description":"The result of decoding batch_input.","description_kind":"plain","optional":true,"computed":true},"decoded_value":{"type":"string","description":"The result of decoding a value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to backend from which to retrieve data.","description_kind":"plain","required":true},"role_name":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"transformation":{"type":"string","description":"The transformation to perform. If no value is provided and the role contains a single transformation, this value will be inferred from the role.","description_kind":"plain","optional":true},"tweak":{"type":"string","description":"The tweak value to use. Only applicable for FPE transformations","description_kind":"plain","optional":true},"value":{"type":"string","description":"The value in which to decode.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transform_encode":{"version":0,"block":{"attributes":{"batch_input":{"type":["list",["map","string"]],"description":"Specifies a list of items to be encoded in a single batch. If this parameter is set, the parameters 'value', 'transformation' and 'tweak' will be ignored. Each batch item within the list can specify these parameters instead.","description_kind":"plain","optional":true},"batch_results":{"type":["list",["map","string"]],"description":"The result of encoding batch_input.","description_kind":"plain","optional":true,"computed":true},"encoded_value":{"type":"string","description":"The result of encoding a value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to backend from which to retrieve data.","description_kind":"plain","required":true},"role_name":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"transformation":{"type":"string","description":"The transformation to perform. If no value is provided and the role contains a single transformation, this value will be inferred from the role.","description_kind":"plain","optional":true},"tweak":{"type":"string","description":"The tweak value to use. Only applicable for FPE transformations","description_kind":"plain","optional":true},"value":{"type":"string","description":"The value in which to encode.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transit_decrypt":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The Transit secret backend the key belongs to.","description_kind":"plain","required":true},"ciphertext":{"type":"string","description":"Transit encrypted cipher text.","description_kind":"plain","required":true},"context":{"type":"string","description":"Specifies the context for key derivation","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Name of the decryption key to use.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"plaintext":{"type":"string","description":"Decrypted plain text","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"vault_transit_encrypt":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The Transit secret backend the key belongs to.","description_kind":"plain","required":true},"ciphertext":{"type":"string","description":"Transit encrypted cipher text.","description_kind":"plain","computed":true},"context":{"type":"string","description":"Specifies the context for key derivation","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Name of the encryption key to use.","description_kind":"plain","required":true},"key_version":{"type":"number","description":"The version of the key to use for encryption","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"plaintext":{"type":"string","description":"Map of strings read from Vault.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}}}}}} +{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/vault":{"provider":{"version":0,"block":{"attributes":{"add_address_to_env":{"type":"string","description":"If true, adds the value of the `address` argument to the Terraform process environment.","description_kind":"plain","optional":true},"address":{"type":"string","description":"URL of the root of the target Vault server.","description_kind":"plain","optional":true},"ca_cert_dir":{"type":"string","description":"Path to directory containing CA certificate files to validate the server's certificate.","description_kind":"plain","optional":true},"ca_cert_file":{"type":"string","description":"Path to a CA certificate file to validate the server's certificate.","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum TTL for secret leases requested by this provider.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"Maximum number of retries when a 5xx error code is encountered.","description_kind":"plain","optional":true},"max_retries_ccc":{"type":"number","description":"Maximum number of retries for Client Controlled Consistency related operations","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The namespace to use. Available only for Vault Enterprise.","description_kind":"plain","optional":true},"set_namespace_from_token":{"type":"bool","description":"In the case where the Vault token is for a specific namespace and the provider namespace is not configured, use the token namespace as the root namespace for all resources.","description_kind":"plain","optional":true},"skip_child_token":{"type":"bool","description":"Set this to true to prevent the creation of ephemeral child token used by this provider.","description_kind":"plain","optional":true},"skip_get_vault_version":{"type":"bool","description":"Skip the dynamic fetching of the Vault server version.","description_kind":"plain","optional":true},"skip_tls_verify":{"type":"bool","description":"Set this to true only if the target Vault server is an insecure development instance.","description_kind":"plain","optional":true},"tls_server_name":{"type":"string","description":"Name to use as the SNI host when connecting via TLS.","description_kind":"plain","optional":true},"token":{"type":"string","description":"Token to use to authenticate to Vault.","description_kind":"plain","optional":true},"token_name":{"type":"string","description":"Token name to use for creating the Vault child token.","description_kind":"plain","optional":true},"vault_version_override":{"type":"string","description":"Override the Vault server version, which is normally determined dynamically from the target Vault server","description_kind":"plain","optional":true}},"block_types":{"auth_login":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description_kind":"plain","optional":true,"sensitive":true},"path":{"type":"string","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault with an existing auth method using auth/\u003cmount\u003e/login","description_kind":"plain"},"max_items":1},"auth_login_aws":{"nesting_mode":"list","block":{"attributes":{"aws_access_key_id":{"type":"string","description":"The AWS access key ID.","description_kind":"plain","optional":true},"aws_iam_endpoint":{"type":"string","description":"The IAM endpoint URL.","description_kind":"plain","optional":true},"aws_profile":{"type":"string","description":"The name of the AWS profile.","description_kind":"plain","optional":true},"aws_region":{"type":"string","description":"The AWS region.","description_kind":"plain","optional":true},"aws_role_arn":{"type":"string","description":"The ARN of the AWS Role to assume.Used during STS AssumeRole","description_kind":"plain","optional":true},"aws_role_session_name":{"type":"string","description":"Specifies the name to attach to the AWS role session. Used during STS AssumeRole","description_kind":"plain","optional":true},"aws_secret_access_key":{"type":"string","description":"The AWS secret access key.","description_kind":"plain","optional":true},"aws_session_token":{"type":"string","description":"The AWS session token.","description_kind":"plain","optional":true},"aws_shared_credentials_file":{"type":"string","description":"Path to the AWS shared credentials file.","description_kind":"plain","optional":true},"aws_sts_endpoint":{"type":"string","description":"The STS endpoint URL.","description_kind":"plain","optional":true},"aws_web_identity_token_file":{"type":"string","description":"Path to the file containing an OAuth 2.0 access token or OpenID Connect ID token.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The Vault header value to include in the STS signing request.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"The Vault role to use when logging into Vault.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the AWS method","description_kind":"plain"},"max_items":1},"auth_login_azure":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The identity's client ID.","description_kind":"plain","optional":true},"jwt":{"type":"string","description":"A signed JSON Web Token. If not specified on will be created automatically","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"resource_group_name":{"type":"string","description":"The resource group for the machine that generated the MSI token. This information can be obtained through instance metadata.","description_kind":"plain","required":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"scope":{"type":"string","description":"The scopes to include in the token request.","description_kind":"plain","optional":true},"subscription_id":{"type":"string","description":"The subscription ID for the machine that generated the MSI token. This information can be obtained through instance metadata.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"Provides the tenant ID to use in a multi-tenant authentication scenario.","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true},"vm_name":{"type":"string","description":"The virtual machine name for the machine that generated the MSI token. This information can be obtained through instance metadata.","description_kind":"plain","optional":true},"vmss_name":{"type":"string","description":"The virtual machine scale set name for the machine that generated the MSI token. This information can be obtained through instance metadata.","description_kind":"plain","optional":true}},"description":"Login to vault using the azure method","description_kind":"plain"},"max_items":1},"auth_login_cert":{"nesting_mode":"list","block":{"attributes":{"cert_file":{"type":"string","description":"Path to a file containing the client certificate.","description_kind":"plain","required":true},"key_file":{"type":"string","description":"Path to a file containing the private key that the certificate was issued for.","description_kind":"plain","required":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the certificate's role","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the cert method","description_kind":"plain"},"max_items":1},"auth_login_gcp":{"nesting_mode":"list","block":{"attributes":{"credentials":{"type":"string","description":"Path to the Google Cloud credentials file.","description_kind":"plain","optional":true},"jwt":{"type":"string","description":"A signed JSON Web Token.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"IAM service account.","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the gcp method","description_kind":"plain"},"max_items":1},"auth_login_jwt":{"nesting_mode":"list","block":{"attributes":{"jwt":{"type":"string","description":"A signed JSON Web Token.","description_kind":"plain","required":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the jwt method","description_kind":"plain"},"max_items":1},"auth_login_kerberos":{"nesting_mode":"list","block":{"attributes":{"disable_fast_negotiation":{"type":"bool","description":"Disable the Kerberos FAST negotiation.","description_kind":"plain","optional":true},"keytab_path":{"type":"string","description":"The Kerberos keytab file containing the entry of the login entity.","description_kind":"plain","optional":true},"krb5conf_path":{"type":"string","description":"A valid Kerberos configuration file e.g. /etc/krb5.conf.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"realm":{"type":"string","description":"The Kerberos server's authoritative authentication domain","description_kind":"plain","optional":true},"remove_instance_name":{"type":"bool","description":"Strip the host from the username found in the keytab.","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service principle name.","description_kind":"plain","optional":true},"token":{"type":"string","description":"Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) token","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to login into Kerberos with.","description_kind":"plain","optional":true}},"description":"Login to vault using the kerberos method","description_kind":"plain"},"max_items":1},"auth_login_oci":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Authentication type to use when getting OCI credentials.","description_kind":"plain","required":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the OCI method","description_kind":"plain"},"max_items":1},"auth_login_oidc":{"nesting_mode":"list","block":{"attributes":{"callback_address":{"type":"string","description":"The callback address. Must be a valid URI without the path.","description_kind":"plain","optional":true},"callback_listener_address":{"type":"string","description":"The callback listener's address. Must be a valid URI without the path.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the login role.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using the oidc method","description_kind":"plain"},"max_items":1},"auth_login_radius":{"nesting_mode":"list","block":{"attributes":{"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"password":{"type":"string","description":"The Radius password for username.","description_kind":"plain","required":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true},"username":{"type":"string","description":"The Radius username.","description_kind":"plain","required":true}},"description":"Login to vault using the radius method","description_kind":"plain"},"max_items":1},"auth_login_token_file":{"nesting_mode":"list","block":{"attributes":{"filename":{"type":"string","description":"The name of a file containing a single line that is a valid Vault token","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true}},"description":"Login to vault using ","description_kind":"plain"},"max_items":1},"auth_login_userpass":{"nesting_mode":"list","block":{"attributes":{"mount":{"type":"string","description":"The path where the authentication engine is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"The authentication engine's namespace. Conflicts with use_root_namespace","description_kind":"plain","optional":true},"password":{"type":"string","description":"Login with password","description_kind":"plain","optional":true},"password_file":{"type":"string","description":"Login with password from a file","description_kind":"plain","optional":true},"use_root_namespace":{"type":"bool","description":"Authenticate to the root Vault namespace. Conflicts with namespace","description_kind":"plain","optional":true},"username":{"type":"string","description":"Login with username","description_kind":"plain","required":true}},"description":"Login to vault using the userpass method","description_kind":"plain"},"max_items":1},"client_auth":{"nesting_mode":"list","block":{"attributes":{"cert_file":{"type":"string","description":"Path to a file containing the client certificate.","description_kind":"plain","optional":true},"key_file":{"type":"string","description":"Path to a file containing the private key that the certificate was issued for.","description_kind":"plain","optional":true}},"description":"Client authentication credentials.","description_kind":"plain","deprecated":true},"max_items":1},"headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header value","description_kind":"plain","required":true}},"description":"The headers to send with each Vault request.","description_kind":"plain"}}},"description_kind":"plain"}},"resource_schemas":{"vault_ad_secret_backend":{"version":1,"block":{"attributes":{"anonymous_group_search":{"type":"bool","description":"Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test).","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The mount path for a backend, for example, the path given in \"$ vault auth enable -path=my-ad ad\".","description_kind":"plain","optional":true},"binddn":{"type":"string","description":"Distinguished name of object to bind when performing user and group search.","description_kind":"plain","required":true},"bindpass":{"type":"string","description":"LDAP password for searching for the user DN.","description_kind":"plain","required":true,"sensitive":true},"case_sensitive_names":{"type":"bool","description":"If true, case sensitivity will be used when comparing usernames and groups for matching policies.","description_kind":"plain","optional":true},"certificate":{"type":"string","description":"CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.","description_kind":"plain","optional":true},"client_tls_cert":{"type":"string","description":"Client certificate to provide to the LDAP server, must be x509 PEM encoded.","description_kind":"plain","optional":true,"sensitive":true},"client_tls_key":{"type":"string","description":"Client certificate key to provide to the LDAP server, must be x509 PEM encoded.","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"deny_null_bind":{"type":"bool","description":"Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"discoverdn":{"type":"bool","description":"Use anonymous bind to discover the bind DN of a user.","description_kind":"plain","optional":true},"formatter":{"type":"string","description":"Text to insert the password into, ex. \"customPrefix{{PASSWORD}}customSuffix\".","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"groupattr":{"type":"string","description":"LDAP attribute to follow on objects returned by \u003cgroupfilter\u003e in order to enumerate user group membership. Examples: \"cn\" or \"memberOf\", etc. Default: cn","description_kind":"plain","optional":true},"groupdn":{"type":"string","description":"LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)","description_kind":"plain","optional":true},"groupfilter":{"type":"string","description":"Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (\u0026(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"insecure_tls":{"type":"bool","description":"Skip LDAP server SSL Certificate verification - insecure and not recommended for production use.","description_kind":"plain","optional":true},"last_rotation_tolerance":{"type":"number","description":"The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band.","description_kind":"plain","optional":true,"computed":true},"length":{"type":"number","description":"The desired length of passwords that Vault generates.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"local":{"type":"bool","description":"Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time.","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"In seconds, the maximum password time-to-live.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password_policy":{"type":"string","description":"Name of the password policy to use to generate passwords.","description_kind":"plain","optional":true},"request_timeout":{"type":"number","description":"Timeout, in seconds, for the connection when making requests against the server before returning back an error.","description_kind":"plain","optional":true},"starttls":{"type":"bool","description":"Issue a StartTLS command after establishing unencrypted connection.","description_kind":"plain","optional":true,"computed":true},"tls_max_version":{"type":"string","description":"Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'","description_kind":"plain","optional":true,"computed":true},"tls_min_version":{"type":"string","description":"Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12'","description_kind":"plain","optional":true,"computed":true},"ttl":{"type":"number","description":"In seconds, the default password time-to-live.","description_kind":"plain","optional":true,"computed":true},"upndomain":{"type":"string","description":"Enables userPrincipalDomain login with [username]@UPNDomain.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.","description_kind":"plain","optional":true},"use_pre111_group_cn_behavior":{"type":"bool","description":"In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations.","description_kind":"plain","optional":true,"computed":true},"use_token_groups":{"type":"bool","description":"If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.","description_kind":"plain","optional":true},"userattr":{"type":"string","description":"Attribute used for users (default: cn)","description_kind":"plain","optional":true},"userdn":{"type":"string","description":"LDAP domain to use for users (eg: ou=People,dc=example,dc=org)","description_kind":"plain","optional":true}},"description_kind":"plain","deprecated":true}},"vault_ad_secret_library":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The mount path for the AD backend.","description_kind":"plain","required":true},"disable_check_in_enforcement":{"type":"bool","description":"Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"The maximum amount of time, in seconds, a check-out last with renewal before Vault automatically checks it back in.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the set of service accounts.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"service_account_names":{"type":["list","string"],"description":"The names of all the service accounts that can be checked out from this set. These service accounts must already exist in Active Directory.","description_kind":"plain","required":true},"ttl":{"type":"number","description":"The amount of time, in seconds, a single check-out lasts before Vault automatically checks it back in.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain","deprecated":true}},"vault_ad_secret_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The mount path for the AD backend.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_vault_rotation":{"type":"string","description":"Last time Vault rotated this service account's password.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password_last_set":{"type":"string","description":"Last time Vault set this service account's password.","description_kind":"plain","computed":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"service_account_name":{"type":"string","description":"The username/logon name for the service account with which this role will be associated.","description_kind":"plain","required":true},"ttl":{"type":"number","description":"In seconds, the default password time-to-live.","description_kind":"plain","optional":true}},"description_kind":"plain","deprecated":true}},"vault_alicloud_auth_backend_role":{"version":0,"block":{"attributes":{"arn":{"type":"string","description":"The role's arn.","description_kind":"plain","required":true},"backend":{"type":"string","description":"Auth backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role. Must correspond with the name of the role reflected in the arn.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_approle_auth_backend_login":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor for the token.","description_kind":"plain","computed":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"client_token":{"type":"string","description":"The token.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"How long the token is valid for.","description_kind":"plain","computed":true},"lease_started":{"type":"string","description":"The timestamp the lease started on, as determined by the machine running Terraform.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata associated with the token.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"Policies set on the token.","description_kind":"plain","computed":true},"renewable":{"type":"bool","description":"Whether the token is renewable or not.","description_kind":"plain","computed":true},"role_id":{"type":"string","description":"The RoleID to log in with.","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The SecretID to log in with.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_approle_auth_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bind_secret_id":{"type":"bool","description":"Whether or not to require secret_id to be present when logging in using this AppRole.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_id":{"type":"string","description":"The RoleID of the role. Autogenerated if not set.","description_kind":"plain","optional":true,"computed":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"secret_id_bound_cidrs":{"type":["set","string"],"description":"List of CIDR blocks that can log in using the AppRole.","description_kind":"plain","optional":true},"secret_id_num_uses":{"type":"number","description":"Number of times which a particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. Leaving this unset or setting it to 0 will allow unlimited uses.","description_kind":"plain","optional":true},"secret_id_ttl":{"type":"number","description":"Number of seconds a SecretID remains valid for.","description_kind":"plain","optional":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_approle_auth_backend_role_secret_id":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"The unique ID used to access this SecretID.","description_kind":"plain","computed":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"cidr_list":{"type":["set","string"],"description":"List of CIDR blocks that can log in using the SecretID.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":"string","description":"JSON-encoded secret data to write.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The SecretID to be managed. If not specified, Vault auto-generates one.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"with_wrapped_accessor":{"type":"bool","description":"Use the wrapped secret-id accessor as the id of this resource. If false, a fresh secret-id will be regenerated whenever the wrapping token is expired or invalidated through unwrapping.","description_kind":"plain","optional":true},"wrapping_accessor":{"type":"string","description":"The wrapped SecretID accessor.","description_kind":"plain","computed":true},"wrapping_token":{"type":"string","description":"The wrapped SecretID token.","description_kind":"plain","computed":true,"sensitive":true},"wrapping_ttl":{"type":"string","description":"The TTL duration of the wrapped SecretID.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_audit":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human-friendly description of the audit device.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the audit device is a local only. Local audit devices are not replicated nor (if a secondary) removed by replication.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Configuration options to pass to the audit device itself.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path in which to enable the audit device.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of the audit device, such as 'file'.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_audit_request_header":{"version":0,"block":{"attributes":{"hmac":{"type":"bool","description":"Whether this header's value should be HMAC'd in the audit logs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the request header to audit.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the auth backend","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the auth backend","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"path to mount the backend. This defaults to the type.","description_kind":"plain","optional":true,"computed":true},"tune":{"type":["set",["object",{"allowed_response_headers":["list","string"],"audit_non_hmac_request_keys":["list","string"],"audit_non_hmac_response_keys":["list","string"],"default_lease_ttl":"string","listing_visibility":"string","max_lease_ttl":"string","passthrough_request_headers":["list","string"],"token_type":"string"}]],"description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Name of the auth backend","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_aws_auth_backend_cert":{"version":0,"block":{"attributes":{"aws_public_cert":{"type":"string","description":"Base64 encoded AWS Public key required to verify PKCS7 signature of the EC2 instance metadata.","description_kind":"plain","required":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"cert_name":{"type":"string","description":"Name of the certificate to configure.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of document that can be verified using the certificate. Must be either \"pkcs7\" or \"identity\".","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_client":{"version":0,"block":{"attributes":{"access_key":{"type":"string","description":"AWS Access key with permissions to query AWS APIs.","description_kind":"plain","optional":true,"sensitive":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"ec2_endpoint":{"type":"string","description":"URL to override the default generated endpoint for making AWS EC2 API calls.","description_kind":"plain","optional":true},"iam_endpoint":{"type":"string","description":"URL to override the default generated endpoint for making AWS IAM API calls.","description_kind":"plain","optional":true},"iam_server_id_header_value":{"type":"string","description":"The value to require in the X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests that are used in the iam auth method.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"AWS Secret key with permissions to query AWS APIs.","description_kind":"plain","optional":true,"sensitive":true},"sts_endpoint":{"type":"string","description":"URL to override the default generated endpoint for making AWS STS API calls.","description_kind":"plain","optional":true},"sts_region":{"type":"string","description":"Region to override the default region for making AWS STS API calls.","description_kind":"plain","optional":true},"use_sts_region_from_client":{"type":"bool","description":"If set, will override sts_region and use the region from the client request's header","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_aws_auth_backend_config_identity":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"ec2_alias":{"type":"string","description":"Configures how to generate the identity alias when using the ec2 auth method.","description_kind":"plain","optional":true},"ec2_metadata":{"type":["set","string"],"description":"The metadata to include on the token returned by the login endpoint.","description_kind":"plain","optional":true},"iam_alias":{"type":"string","description":"How to generate the identity alias when using the iam auth method.","description_kind":"plain","optional":true},"iam_metadata":{"type":["set","string"],"description":"The metadata to include on the token returned by the login endpoint.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_identity_whitelist":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"disable_periodic_tidy":{"type":"bool","description":"If true, disables the periodic tidying of the identiy whitelist entries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"safety_buffer":{"type":"number","description":"The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_login":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor returned from Vault for this token.","description_kind":"plain","computed":true},"auth_type":{"type":"string","description":"The auth method used to generate this token.","description_kind":"plain","computed":true},"backend":{"type":"string","description":"AWS Auth Backend to read the token from.","description_kind":"plain","optional":true},"client_token":{"type":"string","description":"The token returned by Vault.","description_kind":"plain","computed":true,"sensitive":true},"iam_http_request_method":{"type":"string","description":"The HTTP method used in the signed request.","description_kind":"plain","optional":true},"iam_request_body":{"type":"string","description":"The Base64-encoded body of the signed request.","description_kind":"plain","optional":true},"iam_request_headers":{"type":"string","description":"The Base64-encoded, JSON serialized representation of the sts:GetCallerIdentity HTTP request headers.","description_kind":"plain","optional":true},"iam_request_url":{"type":"string","description":"The Base64-encoded HTTP URL used in the signed request.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity":{"type":"string","description":"Base64-encoded EC2 instance identity document to authenticate with.","description_kind":"plain","optional":true},"lease_duration":{"type":"number","description":"Lease duration in seconds relative to the time in lease_start_time.","description_kind":"plain","computed":true},"lease_start_time":{"type":"string","description":"Time at which the lease was read, using the clock of the system where Terraform was running","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"The metadata reported by the Vault server.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"nonce":{"type":"string","description":"The nonce to be used for subsequent login requests.","description_kind":"plain","optional":true,"computed":true},"pkcs7":{"type":"string","description":"PKCS7 signature of the identity document to authenticate with, with all newline characters removed.","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"The policies assigned to this token.","description_kind":"plain","computed":true},"renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"role":{"type":"string","description":"AWS Auth Role to read the token from.","description_kind":"plain","optional":true,"computed":true},"signature":{"type":"string","description":"Base64-encoded SHA256 RSA signature of the instance identtiy document to authenticate with.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_role":{"version":0,"block":{"attributes":{"allow_instance_migration":{"type":"bool","description":"When true, allows migration of the underlying instance where the client resides. Use with caution.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"The auth type permitted for this role.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bound_account_ids":{"type":["set","string"],"description":"Only EC2 instances with this account ID in their identity document will be permitted to log in.","description_kind":"plain","optional":true},"bound_ami_ids":{"type":["set","string"],"description":"Only EC2 instances using this AMI ID will be permitted to log in.","description_kind":"plain","optional":true},"bound_ec2_instance_ids":{"type":["set","string"],"description":"Only EC2 instances that match this instance ID will be permitted to log in.","description_kind":"plain","optional":true},"bound_iam_instance_profile_arns":{"type":["set","string"],"description":"Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in.","description_kind":"plain","optional":true},"bound_iam_principal_arns":{"type":["set","string"],"description":"The IAM principal that must be authenticated using the iam auth method.","description_kind":"plain","optional":true},"bound_iam_role_arns":{"type":["set","string"],"description":"Only EC2 instances that match this IAM role ARN will be permitted to log in.","description_kind":"plain","optional":true},"bound_regions":{"type":["set","string"],"description":"Only EC2 instances in this region will be permitted to log in.","description_kind":"plain","optional":true},"bound_subnet_ids":{"type":["set","string"],"description":"Only EC2 instances associated with this subnet ID will be permitted to log in.","description_kind":"plain","optional":true},"bound_vpc_ids":{"type":["set","string"],"description":"Only EC2 instances associated with this VPC ID will be permitted to log in.","description_kind":"plain","optional":true},"disallow_reauthentication":{"type":"bool","description":"When true, only allows a single token to be granted per instance ID.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inferred_aws_region":{"type":"string","description":"The region to search for the inferred entities in.","description_kind":"plain","optional":true},"inferred_entity_type":{"type":"string","description":"The type of inferencing Vault should do.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"resolve_aws_unique_ids":{"type":"bool","description":"Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID. When true, deleting a principal and recreating it with the same name won't automatically grant the new principal the same roles in Vault that the old principal had.","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The Vault generated role ID.","description_kind":"plain","computed":true},"role_tag":{"type":"string","description":"The key of the tag on EC2 instance to use for role tags.","description_kind":"plain","optional":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_role_tag":{"version":0,"block":{"attributes":{"allow_instance_migration":{"type":"bool","description":"Allows migration of the underlying instance where the client resides.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"AWS auth backend to read tags from.","description_kind":"plain","optional":true},"disallow_reauthentication":{"type":"bool","description":"Only allow a single token to be granted per instance ID.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"Instance ID for which this tag is intended. The created tag can only be used by the instance with the given ID.","description_kind":"plain","optional":true},"max_ttl":{"type":"string","description":"The maximum allowed lifetime of tokens issued using this role.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be associated with the tag.","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","computed":true},"tag_value":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_aws_auth_backend_roletag_blacklist":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","required":true},"disable_periodic_tidy":{"type":"bool","description":"If true, disables the periodic tidying of the roletag blacklist entries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"safety_buffer":{"type":"number","description":"The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_auth_backend_sts_role":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description":"AWS account ID to be associated with STS role.","description_kind":"plain","required":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"sts_role":{"type":"string","description":"AWS ARN for STS role to be assumed when interacting with the account specified.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_aws_secret_backend":{"version":1,"block":{"attributes":{"access_key":{"type":"string","description":"The AWS Access Key ID to use when generating new credentials.","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"iam_endpoint":{"type":"string","description":"Specifies a custom HTTP IAM endpoint to use.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_token_audience":{"type":"string","description":"The audience claim value.","description_kind":"plain","optional":true},"identity_token_key":{"type":"string","description":"The key to use for signing identity tokens.","description_kind":"plain","optional":true},"identity_token_ttl":{"type":"number","description":"The TTL of generated identity tokens in seconds.","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the secret backend is local only","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to mount the backend at.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The AWS region to make API calls against. Defaults to us-east-1.","description_kind":"plain","optional":true,"computed":true},"role_arn":{"type":"string","description":"Role ARN to assume for plugin identity token federation.","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"The AWS Secret Access Key to use when generating new credentials.","description_kind":"plain","optional":true,"sensitive":true},"sts_endpoint":{"type":"string","description":"Specifies a custom HTTP STS endpoint to use.","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_aws_secret_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the AWS Secret Backend the role belongs to.","description_kind":"plain","required":true},"credential_type":{"type":"string","description":"Role credential type.","description_kind":"plain","required":true},"default_sts_ttl":{"type":"number","description":"The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.","description_kind":"plain","optional":true,"computed":true},"iam_groups":{"type":["set","string"],"description":"A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_sts_ttl":{"type":"number","description":"The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"permissions_boundary_arn":{"type":"string","description":"The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached.","description_kind":"plain","optional":true},"policy_arns":{"type":["set","string"],"description":"ARN for an existing IAM policy the role should use.","description_kind":"plain","optional":true},"policy_document":{"type":"string","description":"IAM policy the role should use in JSON format.","description_kind":"plain","optional":true},"role_arns":{"type":["set","string"],"description":"ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'","description_kind":"plain","optional":true},"user_path":{"type":"string","description":"The path for the user name. Valid only when credential_type is iam_user. Default is /","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_secret_backend_static_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path where the AWS secrets backend is mounted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"rotation_period":{"type":"number","description":"How often Vault should rotate the password of the user entry.","description_kind":"plain","required":true},"username":{"type":"string","description":"The username of the existing AWS IAM user to manage password rotation for.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_azure_auth_backend_config":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.","description_kind":"plain","optional":true,"sensitive":true},"client_secret":{"type":"string","description":"The client secret for credentials to query the Azure APIs","description_kind":"plain","optional":true,"sensitive":true},"environment":{"type":"string","description":"The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"resource":{"type":"string","description":"The configured URL for the application registered in Azure Active Directory.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"The tenant id for the Azure Active Directory organization.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}},"vault_azure_auth_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bound_group_ids":{"type":["list","string"],"description":"The list of group ids that login is restricted to.","description_kind":"plain","optional":true},"bound_locations":{"type":["list","string"],"description":"The list of locations that login is restricted to.","description_kind":"plain","optional":true},"bound_resource_groups":{"type":["list","string"],"description":"The list of resource groups that login is restricted to.","description_kind":"plain","optional":true},"bound_scale_sets":{"type":["list","string"],"description":"The list of scale set names that the login is restricted to.","description_kind":"plain","optional":true},"bound_service_principal_ids":{"type":["list","string"],"description":"The list of Service Principal IDs that login is restricted to.","description_kind":"plain","optional":true},"bound_subscription_ids":{"type":["list","string"],"description":"The list of subscription IDs that login is restricted to.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_azure_secret_backend":{"version":1,"block":{"attributes":{"client_id":{"type":"string","description":"The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.","description_kind":"plain","optional":true,"sensitive":true},"client_secret":{"type":"string","description":"The client secret for credentials to query the Azure APIs","description_kind":"plain","optional":true,"sensitive":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to mount the backend at.","description_kind":"plain","optional":true},"subscription_id":{"type":"string","description":"The subscription id for the Azure Active Directory.","description_kind":"plain","required":true,"sensitive":true},"tenant_id":{"type":"string","description":"The tenant id for the Azure Active Directory organization.","description_kind":"plain","required":true,"sensitive":true},"use_microsoft_graph_api":{"type":"bool","description":"Use the Microsoft Graph API. Should be set to true on vault-1.10+","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_azure_secret_backend_role":{"version":0,"block":{"attributes":{"application_object_id":{"type":"string","description":"Application Object ID for an existing service principal that will be used instead of creating dynamic service principals.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"permanently_delete":{"type":"bool","description":"Indicates whether the applications and service principals created by Vault will be permanently deleted when the corresponding leases expire.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Name of the role to create","description_kind":"plain","required":true},"sign_in_audience":{"type":"string","description":"Specifies the security principal types that are allowed to sign in to the application. Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Comma-separated strings of Azure tags to attach to an application.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true}},"block_types":{"azure_groups":{"nesting_mode":"set","block":{"attributes":{"group_name":{"type":"string","description_kind":"plain","required":true},"object_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"azure_roles":{"nesting_mode":"set","block":{"attributes":{"role_id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"vault_cert_auth_backend_role":{"version":1,"block":{"attributes":{"allowed_common_names":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"allowed_dns_sans":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"allowed_email_sans":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"allowed_names":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"allowed_organization_units":{"type":["set","string"],"description_kind":"plain","deprecated":true,"optional":true,"computed":true},"allowed_organizational_units":{"type":["set","string"],"description_kind":"plain","optional":true},"allowed_uri_sans":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"backend":{"type":"string","description_kind":"plain","optional":true},"certificate":{"type":"string","description_kind":"plain","required":true},"display_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"ocsp_ca_certificates":{"type":"string","description":"Any additional CA certificates needed to verify OCSP responses. Provided as base64 encoded PEM data.","description_kind":"plain","optional":true},"ocsp_enabled":{"type":"bool","description":"If enabled, validate certificates' revocation status using OCSP.","description_kind":"plain","optional":true,"computed":true},"ocsp_fail_open":{"type":"bool","description":"If true and an OCSP response cannot be fetched or is of an unknown status, the login will proceed as if the certificate has not been revoked.","description_kind":"plain","optional":true,"computed":true},"ocsp_query_all_servers":{"type":"bool","description":"If set to true, rather than accepting the first successful OCSP response, query all servers and consider the certificate valid only if all servers agree.","description_kind":"plain","optional":true,"computed":true},"ocsp_servers_override":{"type":["set","string"],"description":"A comma-separated list of OCSP server addresses. If unset, the OCSP server is determined from the AuthorityInformationAccess extension on the certificate being inspected.","description_kind":"plain","optional":true},"required_extensions":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_consul_secret_backend":{"version":1,"block":{"attributes":{"address":{"type":"string","description":"Specifies the address of the Consul instance, provided as \"host:port\" like \"127.0.0.1:8500\".","description_kind":"plain","required":true},"bootstrap":{"type":"bool","description":"Denotes a backend resource that is used to bootstrap the Consul ACL system. Only one resource may be used to bootstrap.","description_kind":"plain","optional":true},"ca_cert":{"type":"string","description":"CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded.","description_kind":"plain","optional":true},"client_cert":{"type":"string","description":"Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the secret backend is local only","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Unique name of the Vault Consul mount to configure","description_kind":"plain","optional":true},"scheme":{"type":"string","description":"Specifies the URL scheme to use. Defaults to \"http\".","description_kind":"plain","optional":true},"token":{"type":"string","description":"Specifies the Consul token to use when managing or issuing new tokens.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_consul_secret_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Consul Secret Backend the role belongs to.","description_kind":"plain","optional":true},"consul_namespace":{"type":"string","description":"The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+","description_kind":"plain","optional":true,"computed":true},"consul_policies":{"type":["set","string"],"description":"List of Consul policies to associate with this role","description_kind":"plain","optional":true},"consul_roles":{"type":["set","string"],"description":"Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Indicates that the token should not be replicated globally and instead be local to the current datacenter.","description_kind":"plain","optional":true},"max_ttl":{"type":"number","description":"Maximum TTL for leases associated with this role, in seconds.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of an existing role against which to create this Consul credential","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"node_identities":{"type":["set","string"],"description":"Set of Consul node identities to attach to\n\t\t\t\tthe token. Applicable for Vault 1.11+ with Consul 1.8+","description_kind":"plain","optional":true},"partition":{"type":"string","description":"The Consul admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+","description_kind":"plain","optional":true,"computed":true},"policies":{"type":["list","string"],"description":"List of Consul policies to associate with this role","description_kind":"plain","optional":true},"service_identities":{"type":["set","string"],"description":"Set of Consul service identities to attach to\n\t\t\t\tthe token. Applicable for Vault 1.11+ with Consul 1.5+","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"Specifies the type of token to create when using this role. Valid values are \"client\" or \"management\".","description_kind":"plain","deprecated":true,"optional":true},"ttl":{"type":"number","description":"Specifies the TTL for this role.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_database_secret_backend_connection":{"version":0,"block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the Vault mount to configure.","description_kind":"plain","required":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"block_types":{"cassandra":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"number","description":"The number of seconds to use as a connection timeout.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"Cassandra hosts to connect to.","description_kind":"plain","optional":true},"insecure_tls":{"type":"bool","description":"Whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The password to use when authenticating with Cassandra.","description_kind":"plain","optional":true,"sensitive":true},"pem_bundle":{"type":"string","description":"Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"pem_json":{"type":"string","description":"Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The transport port to use to connect to Cassandra.","description_kind":"plain","optional":true},"protocol_version":{"type":"number","description":"The CQL protocol version to use.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Whether to use TLS when connecting to Cassandra.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to use when authenticating with Cassandra.","description_kind":"plain","optional":true}},"description":"Connection parameters for the cassandra-database-plugin plugin.","description_kind":"plain"},"max_items":1},"couchbase":{"nesting_mode":"list","block":{"attributes":{"base64_pem":{"type":"string","description":"Required if `tls` is `true`. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded.","description_kind":"plain","optional":true,"sensitive":true},"bucket_name":{"type":"string","description":"Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`.","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":" Specifies whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"tls":{"type":"bool","description":"Specifies whether to use TLS when connecting to Couchbase.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username for Vault to use.","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true}},"description":"Connection parameters for the couchbase-database-plugin plugin.","description_kind":"plain"},"max_items":1},"elasticsearch":{"nesting_mode":"list","block":{"attributes":{"ca_cert":{"type":"string","description":"The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity","description_kind":"plain","optional":true},"ca_path":{"type":"string","description":"The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity","description_kind":"plain","optional":true},"client_cert":{"type":"string","description":"The path to the certificate for the Elasticsearch client to present for communication","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The path to the key for the Elasticsearch client to use for communication","description_kind":"plain","optional":true},"insecure":{"type":"bool","description":"Whether to disable certificate verification","description_kind":"plain","optional":true},"password":{"type":"string","description":"The password to be used in the connection URL","description_kind":"plain","required":true,"sensitive":true},"tls_server_name":{"type":"string","description":"This, if set, is used to set the SNI host when connecting via TLS","description_kind":"plain","optional":true},"url":{"type":"string","description":"The URL for Elasticsearch's API","description_kind":"plain","required":true},"username":{"type":"string","description":"The username to be used in the connection URL","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true}},"description":"Connection parameters for the elasticsearch-database-plugin.","description_kind":"plain"},"max_items":1},"hana":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true}},"description":"Connection parameters for the hana-database-plugin plugin.","description_kind":"plain"},"max_items":1},"influxdb":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"number","description":"The number of seconds to use as a connection timeout.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Influxdb host to connect to.","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":"Whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"pem_bundle":{"type":"string","description":"Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"pem_json":{"type":"string","description":"Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The transport port to use to connect to Influxdb.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Whether to use TLS when connecting to Influxdb.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username to use for superuser access.","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true}},"description":"Connection parameters for the influxdb-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mongodb":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mongodb-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mongodbatlas":{"nesting_mode":"list","block":{"attributes":{"private_key":{"type":"string","description":"The Private Programmatic API Key used to connect with MongoDB Atlas API.","description_kind":"plain","required":true,"sensitive":true},"project_id":{"type":"string","description":"The Project ID the Database User should be created within.","description_kind":"plain","required":true},"public_key":{"type":"string","description":"The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.","description_kind":"plain","required":true}},"description":"Connection parameters for the mongodbatlas-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mssql":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"contained_db":{"type":"bool","description":"Set to true when the target is a Contained Database, e.g. AzureSQL.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mssql-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mysql":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mysql_aurora":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-aurora-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mysql_legacy":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-legacy-database-plugin plugin.","description_kind":"plain"},"max_items":1},"mysql_rds":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-rds-database-plugin plugin.","description_kind":"plain"},"max_items":1},"oracle":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"disconnect_sessions":{"type":"bool","description":"Set to true to disconnect any open sessions prior to running the revocation statements.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"split_statements":{"type":"bool","description":"Set to true in order to split statements after semi-colons.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the oracle-database-plugin plugin.","description_kind":"plain"},"max_items":1},"postgresql":{"nesting_mode":"list","block":{"attributes":{"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the postgresql-database-plugin plugin.","description_kind":"plain"},"max_items":1},"redis":{"nesting_mode":"list","block":{"attributes":{"ca_cert":{"type":"string","description":"The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Specifies the host to connect to","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":"Specifies whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"The transport port to use to connect to Redis.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Specifies whether to use TLS when connecting to Redis.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username for Vault to use.","description_kind":"plain","required":true}},"description":"Connection parameters for the redis-database-plugin plugin.","description_kind":"plain"},"max_items":1},"redis_elasticache":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.","description_kind":"plain","optional":true,"sensitive":true},"region":{"type":"string","description":"The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.","description_kind":"plain","optional":true},"url":{"type":"string","description":"The configuration endpoint for the ElastiCache cluster to connect to.","description_kind":"plain","required":true},"username":{"type":"string","description":"The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.","description_kind":"plain","optional":true,"sensitive":true}},"description":"Connection parameters for the redis-elasticache-database-plugin plugin.","description_kind":"plain"},"max_items":1},"redshift":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the redshift-database-plugin plugin.","description_kind":"plain"},"max_items":1},"snowflake":{"nesting_mode":"list","block":{"attributes":{"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true}},"description":"Connection parameters for the snowflake-database-plugin plugin.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"vault_database_secret_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Database Secret Backend the role belongs to.","description_kind":"plain","required":true},"creation_statements":{"type":["list","string"],"description":"Database statements to execute to create and configure a user.","description_kind":"plain","required":true},"credential_config":{"type":["map","string"],"description":"Specifies the configuration for the given credential_type.","description_kind":"plain","optional":true},"credential_type":{"type":"string","description":"Specifies the type of credential that will be generated for the role.","description_kind":"plain","optional":true,"computed":true},"db_name":{"type":"string","description":"Database connection to use for this role.","description_kind":"plain","required":true},"default_ttl":{"type":"number","description":"Default TTL for leases associated with this role, in seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Maximum TTL for leases associated with this role, in seconds.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"renew_statements":{"type":["list","string"],"description":"Database statements to execute to renew a user.","description_kind":"plain","optional":true},"revocation_statements":{"type":["list","string"],"description":"Database statements to execute to revoke a user.","description_kind":"plain","optional":true},"rollback_statements":{"type":["list","string"],"description":"Database statements to execute to rollback a create operation in the event of an error.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_database_secret_backend_static_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Database Secret Backend the role belongs to.","description_kind":"plain","required":true},"db_name":{"type":"string","description":"Database connection to use for this role.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the static role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"rotation_period":{"type":"number","description":"The amount of time Vault should wait before rotating the password, in seconds.","description_kind":"plain","optional":true},"rotation_schedule":{"type":"string","description":"A cron-style string that will define the schedule on which rotations should occur.","description_kind":"plain","optional":true},"rotation_statements":{"type":["list","string"],"description":"Database statements to execute to rotate the password for the configured database user.","description_kind":"plain","optional":true},"rotation_window":{"type":"number","description":"The amount of time in seconds in which the rotations are allowed to occur starting from a given rotation_schedule.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The database username that this role corresponds to.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_database_secrets_mount":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"Accessor of the mount","description_kind":"plain","computed":true},"allowed_managed_keys":{"type":["set","string"],"description":"List of managed key registry entry names that the mount in question is allowed to access","description_kind":"plain","optional":true},"audit_non_hmac_request_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.","description_kind":"plain","optional":true,"computed":true},"audit_non_hmac_response_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.","description_kind":"plain","optional":true,"computed":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount","description_kind":"plain","optional":true},"engine_count":{"type":"number","description":"Total number of database secret engines configured under the mount.","description_kind":"plain","computed":true},"external_entropy_access":{"type":"bool","description":"Enable the secrets engine to access Vault's external entropy source","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Specifies mount type specific options that are passed to the backend","description_kind":"plain","optional":true},"path":{"type":"string","description":"Where the secret backend will be mounted","description_kind":"plain","required":true},"seal_wrap":{"type":"bool","description":"Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cassandra":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connect_timeout":{"type":"number","description":"The number of seconds to use as a connection timeout.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"Cassandra hosts to connect to.","description_kind":"plain","optional":true},"insecure_tls":{"type":"bool","description":"Whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password to use when authenticating with Cassandra.","description_kind":"plain","optional":true,"sensitive":true},"pem_bundle":{"type":"string","description":"Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"pem_json":{"type":"string","description":"Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The transport port to use to connect to Cassandra.","description_kind":"plain","optional":true},"protocol_version":{"type":"number","description":"The CQL protocol version to use.","description_kind":"plain","optional":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Whether to use TLS when connecting to Cassandra.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to use when authenticating with Cassandra.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the cassandra-database-plugin plugin.","description_kind":"plain"}},"couchbase":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"base64_pem":{"type":"string","description":"Required if `tls` is `true`. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded.","description_kind":"plain","optional":true,"sensitive":true},"bucket_name":{"type":"string","description":"Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`.","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":" Specifies whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Specifies whether to use TLS when connecting to Couchbase.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username for Vault to use.","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the couchbase-database-plugin plugin.","description_kind":"plain"}},"elasticsearch":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"ca_cert":{"type":"string","description":"The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity","description_kind":"plain","optional":true},"ca_path":{"type":"string","description":"The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity","description_kind":"plain","optional":true},"client_cert":{"type":"string","description":"The path to the certificate for the Elasticsearch client to present for communication","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The path to the key for the Elasticsearch client to use for communication","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"insecure":{"type":"bool","description":"Whether to disable certificate verification","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password to be used in the connection URL","description_kind":"plain","required":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls_server_name":{"type":"string","description":"This, if set, is used to set the SNI host when connecting via TLS","description_kind":"plain","optional":true},"url":{"type":"string","description":"The URL for Elasticsearch's API","description_kind":"plain","required":true},"username":{"type":"string","description":"The username to be used in the connection URL","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the elasticsearch-database-plugin.","description_kind":"plain"}},"hana":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the hana-database-plugin plugin.","description_kind":"plain"}},"influxdb":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connect_timeout":{"type":"number","description":"The number of seconds to use as a connection timeout.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Influxdb host to connect to.","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":"Whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"pem_bundle":{"type":"string","description":"Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"pem_json":{"type":"string","description":"Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate.","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The transport port to use to connect to Influxdb.","description_kind":"plain","optional":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Whether to use TLS when connecting to Influxdb.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username to use for superuser access.","description_kind":"plain","required":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the influxdb-database-plugin plugin.","description_kind":"plain"}},"mongodb":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mongodb-database-plugin plugin.","description_kind":"plain"}},"mongodbatlas":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The Private Programmatic API Key used to connect with MongoDB Atlas API.","description_kind":"plain","required":true,"sensitive":true},"project_id":{"type":"string","description":"The Project ID the Database User should be created within.","description_kind":"plain","required":true},"public_key":{"type":"string","description":"The Public Programmatic API Key used to authenticate with the MongoDB Atlas API.","description_kind":"plain","required":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mongodbatlas-database-plugin plugin.","description_kind":"plain"}},"mssql":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"contained_db":{"type":"bool","description":"Set to true when the target is a Contained Database, e.g. AzureSQL.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mssql-database-plugin plugin.","description_kind":"plain"}},"mysql":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-database-plugin plugin.","description_kind":"plain"}},"mysql_aurora":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-aurora-database-plugin plugin.","description_kind":"plain"}},"mysql_legacy":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-legacy-database-plugin plugin.","description_kind":"plain"}},"mysql_rds":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"tls_ca":{"type":"string","description":"x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.","description_kind":"plain","optional":true},"tls_certificate_key":{"type":"string","description":"x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the mysql-rds-database-plugin plugin.","description_kind":"plain"}},"oracle":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disconnect_sessions":{"type":"bool","description":"Set to true to disconnect any open sessions prior to running the revocation statements.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"split_statements":{"type":"bool","description":"Set to true in order to split statements after semi-colons.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the oracle-database-plugin plugin.","description_kind":"plain"}},"postgresql":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"Specify alternative authorization type. (Only 'gcp_iam' is valid currently)","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"service_account_json":{"type":"string","description":"A JSON encoded credential for use with IAM authorization","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the postgresql-database-plugin plugin.","description_kind":"plain"}},"redis":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"ca_cert":{"type":"string","description":"The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Specifies the host to connect to","description_kind":"plain","required":true},"insecure_tls":{"type":"bool","description":"Specifies whether to skip verification of the server certificate when using TLS.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Specifies the password corresponding to the given username.","description_kind":"plain","required":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The transport port to use to connect to Redis.","description_kind":"plain","optional":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"tls":{"type":"bool","description":"Specifies whether to use TLS when connecting to Redis.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the username for Vault to use.","description_kind":"plain","required":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the redis-database-plugin plugin.","description_kind":"plain"}},"redis_elasticache":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.","description_kind":"plain","optional":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"url":{"type":"string","description":"The configuration endpoint for the ElastiCache cluster to connect to.","description_kind":"plain","required":true},"username":{"type":"string","description":"The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.","description_kind":"plain","optional":true,"sensitive":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the redis-elasticache-database-plugin plugin.","description_kind":"plain"}},"redshift":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"disable_escaping":{"type":"bool","description":"Disable special character escaping in username and password","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the redshift-database-plugin plugin.","description_kind":"plain"}},"snowflake":{"nesting_mode":"list","block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"A list of roles that are allowed to use this connection.","description_kind":"plain","optional":true},"connection_url":{"type":"string","description":"Connection string to use to connect to the database.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of sensitive data to pass to the endpoint. Useful for templated connection strings.","description_kind":"plain","optional":true},"max_connection_lifetime":{"type":"number","description":"Maximum number of seconds a connection may be reused.","description_kind":"plain","optional":true},"max_idle_connections":{"type":"number","description":"Maximum number of idle connections to the database.","description_kind":"plain","optional":true},"max_open_connections":{"type":"number","description":"Maximum number of open connections to the database.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the database connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"The root credential password used in the connection URL","description_kind":"plain","optional":true,"sensitive":true},"plugin_name":{"type":"string","description":"Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types.","description_kind":"plain","optional":true,"computed":true},"root_rotation_statements":{"type":["list","string"],"description":"A list of database statements to be executed to rotate the root user's credentials.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The root credential username used in the connection URL","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"Username generation template.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies if the connection is verified during initial configuration.","description_kind":"plain","optional":true}},"description":"Connection parameters for the snowflake-database-plugin plugin.","description_kind":"plain"}}},"description_kind":"plain"}},"vault_egp_policy":{"version":0,"block":{"attributes":{"enforcement_level":{"type":"string","description":"Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory'","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the policy","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"List of paths to which the policy will be applied","description_kind":"plain","required":true},"policy":{"type":"string","description":"The policy document","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_gcp_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the auth backend","description_kind":"plain","computed":true},"client_email":{"type":"string","description_kind":"plain","optional":true,"computed":true},"client_id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"credentials":{"type":"string","description_kind":"plain","optional":true,"sensitive":true},"description":{"type":"string","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description_kind":"plain","optional":true},"private_key_id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tune":{"type":["set",["object",{"allowed_response_headers":["list","string"],"audit_non_hmac_request_keys":["list","string"],"audit_non_hmac_response_keys":["list","string"],"default_lease_ttl":"string","listing_visibility":"string","max_lease_ttl":"string","passthrough_request_headers":["list","string"],"token_type":"string"}]],"description_kind":"plain","optional":true,"computed":true}},"block_types":{"custom_endpoint":{"nesting_mode":"list","block":{"attributes":{"api":{"type":"string","description":"Replaces the service endpoint used in API requests to https://www.googleapis.com.","description_kind":"plain","optional":true},"compute":{"type":"string","description":"Replaces the service endpoint used in API requests to `https://compute.googleapis.com`.","description_kind":"plain","optional":true},"crm":{"type":"string","description":"Replaces the service endpoint used in API requests to `https://cloudresourcemanager.googleapis.com`.","description_kind":"plain","optional":true},"iam":{"type":"string","description":"Replaces the service endpoint used in API requests to `https://iam.googleapis.com`.","description_kind":"plain","optional":true}},"description":"Specifies overrides to service endpoints used when making API requests to GCP.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"vault_gcp_auth_backend_role":{"version":1,"block":{"attributes":{"add_group_aliases":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"allow_gce_inference":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"backend":{"type":"string","description_kind":"plain","optional":true},"bound_instance_groups":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"bound_labels":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"bound_projects":{"type":["set","string"],"description_kind":"plain","optional":true},"bound_regions":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"bound_service_accounts":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"bound_zones":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_jwt_exp":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_gcp_secret_backend":{"version":1,"block":{"attributes":{"credentials":{"type":"string","description":"JSON-encoded credentials to use to connect to GCP","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to mount the backend at.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_gcp_secret_impersonated_account":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Path where the GCP secrets engine is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"impersonated_account":{"type":"string","description":"Name of the Impersonated Account to create","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Email of the GCP service account.","description_kind":"plain","required":true},"service_account_project":{"type":"string","description":"Project of the GCP Service Account managed by this impersonated account","description_kind":"plain","computed":true},"token_scopes":{"type":["set","string"],"description":"List of OAuth scopes to assign to `access_token` secrets generated under this impersonated account (`access_token` impersonated accounts only) ","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_gcp_secret_roleset":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Path where the GCP secrets engine is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"project":{"type":"string","description":"Name of the GCP project that this roleset's service account will belong to.","description_kind":"plain","required":true},"roleset":{"type":"string","description":"Name of the RoleSet to create","description_kind":"plain","required":true},"secret_type":{"type":"string","description":"Type of secret generated for this role set. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key`","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"Email of the service account created by Vault for this Roleset","description_kind":"plain","computed":true},"token_scopes":{"type":["set","string"],"description":"List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only) ","description_kind":"plain","optional":true}},"block_types":{"binding":{"nesting_mode":"set","block":{"attributes":{"resource":{"type":"string","description":"Resource name","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"List of roles to apply to the resource","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"vault_gcp_secret_static_account":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Path where the GCP secrets engine is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret generated for this static account. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key`","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"Email of the GCP service account.","description_kind":"plain","required":true},"service_account_project":{"type":"string","description":"Project of the GCP Service Account managed by this static account","description_kind":"plain","computed":true},"static_account":{"type":"string","description":"Name of the Static Account to create","description_kind":"plain","required":true},"token_scopes":{"type":["set","string"],"description":"List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only) ","description_kind":"plain","optional":true}},"block_types":{"binding":{"nesting_mode":"set","block":{"attributes":{"resource":{"type":"string","description":"Resource name","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"List of roles to apply to the resource","description_kind":"plain","required":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"vault_generic_endpoint":{"version":1,"block":{"attributes":{"data_json":{"type":"string","description":"JSON-encoded data to write.","description_kind":"plain","required":true,"sensitive":true},"disable_delete":{"type":"bool","description":"Don't attempt to delete the path from Vault if true","description_kind":"plain","optional":true},"disable_read":{"type":"bool","description":"Don't attempt to read the path from Vault if true; drift won't be detected","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_absent_fields":{"type":"bool","description":"When reading, disregard fields not present in data_json","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where to the endpoint that will be written","description_kind":"plain","required":true},"write_data":{"type":["map","string"],"description":"Map of strings returned by write operation","description_kind":"plain","computed":true},"write_data_json":{"type":"string","description":"JSON data returned by write operation","description_kind":"plain","computed":true},"write_fields":{"type":["list","string"],"description":"Top-level fields returned by write to persist in state","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_generic_secret":{"version":1,"block":{"attributes":{"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data to write.","description_kind":"plain","required":true,"sensitive":true},"delete_all_versions":{"type":"bool","description":"Only applicable for kv-v2 stores. If set, permanently deletes all versions for the specified key.","description_kind":"plain","optional":true},"disable_read":{"type":"bool","description":"Don't attempt to read the token from Vault if true; drift won't be detected.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the generic secret will be written.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_github_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The mount accessor related to the auth mount.","description_kind":"plain","computed":true},"base_url":{"type":"string","description":"The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Specifies the description of the mount. This overrides the current stored value, if any.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization users must be part of.","description_kind":"plain","required":true},"organization_id":{"type":"number","description":"The ID of the organization users must be part of. Vault will attempt to fetch and set this value if it is not provided (vault-1.10+)","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path where the auth backend is mounted","description_kind":"plain","optional":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"tune":{"type":["set",["object",{"allowed_response_headers":["list","string"],"audit_non_hmac_request_keys":["list","string"],"audit_non_hmac_response_keys":["list","string"],"default_lease_ttl":"string","listing_visibility":"string","max_lease_ttl":"string","passthrough_request_headers":["list","string"],"token_type":"string"}]],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_github_team":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Auth backend to which team mapping will be configured.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"Policies to be assigned to this team.","description_kind":"plain","optional":true},"team":{"type":"string","description":"GitHub team name in \"slugified\" format.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_github_user":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Auth backend to which user mapping will be congigured.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"Policies to be assigned to this user.","description_kind":"plain","optional":true},"user":{"type":"string","description":"GitHub user name.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_identity_entity":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Whether the entity is disabled. Disabled entities' associated tokens cannot be used, but are not revoked.","description_kind":"plain","optional":true},"external_policies":{"type":"bool","description":"Manage policies externally through `vault_identity_entity_policies`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata to be associated with the entity.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the entity.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be tied to the entity.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_entity_alias":{"version":0,"block":{"attributes":{"canonical_id":{"type":"string","description":"ID of the entity to which this is an alias.","description_kind":"plain","required":true},"custom_metadata":{"type":["map","string"],"description":"Custom metadata to be associated with this alias.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount_accessor":{"type":"string","description":"Mount accessor to which this alias belongs toMount accessor to which this alias belongs to.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the entity alias.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_entity_policies":{"version":0,"block":{"attributes":{"entity_id":{"type":"string","description":"ID of the entity.","description_kind":"plain","required":true},"entity_name":{"type":"string","description":"Name of the entity.","description_kind":"plain","computed":true},"exclusive":{"type":"bool","description":"Should the resource manage policies exclusively","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be tied to the entity.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_identity_group":{"version":1,"block":{"attributes":{"external_member_entity_ids":{"type":"bool","description":"Manage member entities externally through `vault_identity_group_member_entity_ids`","description_kind":"plain","optional":true},"external_member_group_ids":{"type":"bool","description":"Manage member groups externally through `vault_identity_group_member_group_ids`","description_kind":"plain","optional":true},"external_policies":{"type":"bool","description":"Manage policies externally through `vault_identity_group_policies`, allows using group ID in assigned policies.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_entity_ids":{"type":["set","string"],"description":"Entity IDs to be assigned as group members.","description_kind":"plain","optional":true},"member_group_ids":{"type":["set","string"],"description":"Group IDs to be assigned as group members.","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"Metadata to be associated with the group.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the group.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be tied to the group.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the group, internal or external. Defaults to internal.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_group_alias":{"version":0,"block":{"attributes":{"canonical_id":{"type":"string","description":"ID of the group to which this is an alias.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount_accessor":{"type":"string","description":"Mount accessor to which this alias belongs to.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the group alias.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_group_member_entity_ids":{"version":0,"block":{"attributes":{"exclusive":{"type":"bool","description":"If set to true, allows the resource to manage member entity ids\nexclusively. Beware of race conditions when disabling exclusive management","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"ID of the group.","description_kind":"plain","required":true},"group_name":{"type":"string","description":"Name of the group.","description_kind":"plain","deprecated":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_entity_ids":{"type":["set","string"],"description":"Entity IDs to be assigned as group members.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_group_member_group_ids":{"version":0,"block":{"attributes":{"exclusive":{"type":"bool","description":"If set to true, allows the resource to manage member group ids\nexclusively. Beware of race conditions when disabling exclusive management","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"ID of the group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member_group_ids":{"type":["set","string"],"description":"Group IDs to be assigned as group members.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_group_policies":{"version":0,"block":{"attributes":{"exclusive":{"type":"bool","description":"Should the resource manage policies exclusively? Beware of race conditions when disabling exclusive management","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"ID of the group.","description_kind":"plain","required":true},"group_name":{"type":"string","description":"Name of the group.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"Policies to be tied to the group.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_identity_mfa_duo":{"version":0,"block":{"attributes":{"api_hostname":{"type":"string","description":"API hostname for Duo","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integration_key":{"type":"string","description":"Integration key for Duo","description_kind":"plain","required":true,"sensitive":true},"method_id":{"type":"string","description":"Method ID.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"Mount accessor.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Method name.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"push_info":{"type":"string","description":"Push information for Duo.","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"Secret key for Duo","description_kind":"plain","required":true,"sensitive":true},"type":{"type":"string","description":"MFA type.","description_kind":"plain","computed":true},"use_passcode":{"type":"bool","description":"Require passcode upon MFA validation.","description_kind":"plain","optional":true},"username_format":{"type":"string","description":"A template string for mapping Identity names to MFA methods.","description_kind":"plain","optional":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_mfa_login_enforcement":{"version":0,"block":{"attributes":{"auth_method_accessors":{"type":["set","string"],"description":"Set of auth method accessor IDs.","description_kind":"plain","optional":true},"auth_method_types":{"type":["set","string"],"description":"Set of auth method types.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_entity_ids":{"type":["set","string"],"description":"Set of identity entity IDs.","description_kind":"plain","optional":true},"identity_group_ids":{"type":["set","string"],"description":"Set of identity group IDs.","description_kind":"plain","optional":true},"mfa_method_ids":{"type":["set","string"],"description":"Set of MFA method UUIDs.","description_kind":"plain","required":true},"name":{"type":"string","description":"Login enforcement name.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_mfa_okta":{"version":0,"block":{"attributes":{"api_token":{"type":"string","description":"Okta API token.","description_kind":"plain","required":true,"sensitive":true},"base_url":{"type":"string","description":"The base domain to use for API requests.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"method_id":{"type":"string","description":"Method ID.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"Mount accessor.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Method name.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"org_name":{"type":"string","description":"Name of the organization to be used in the Okta API.","description_kind":"plain","required":true},"primary_email":{"type":"bool","description":"Only match the primary email for the account.","description_kind":"plain","optional":true},"type":{"type":"string","description":"MFA type.","description_kind":"plain","computed":true},"username_format":{"type":"string","description":"A template string for mapping Identity names to MFA methods.","description_kind":"plain","optional":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_mfa_pingid":{"version":0,"block":{"attributes":{"admin_url":{"type":"string","description":"The admin URL, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"authenticator_url":{"type":"string","description":"A unique identifier of the organization, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_url":{"type":"string","description":"The IDP URL, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"method_id":{"type":"string","description":"Method ID.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"Mount accessor.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Method name.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"org_alias":{"type":"string","description":"The name of the PingID client organization, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"settings_file_base64":{"type":"string","description":"A base64-encoded third-party settings contents as retrieved from PingID's configuration page.","description_kind":"plain","required":true},"type":{"type":"string","description":"MFA type.","description_kind":"plain","computed":true},"use_signature":{"type":"bool","description":"Use signature value, derived from \"settings_file_base64\"","description_kind":"plain","computed":true},"username_format":{"type":"string","description":"A template string for mapping Identity names to MFA methods.","description_kind":"plain","optional":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_mfa_totp":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"Specifies the hashing algorithm used to generate the TOTP code. Options include SHA1, SHA256, SHA512.","description_kind":"plain","optional":true},"digits":{"type":"number","description":"The number of digits in the generated TOTP token. This value can either be 6 or 8","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"The name of the key's issuing organization.","description_kind":"plain","required":true},"key_size":{"type":"number","description":"Specifies the size in bytes of the generated key.","description_kind":"plain","optional":true},"max_validation_attempts":{"type":"number","description":"The maximum number of consecutive failed validation attempts allowed.","description_kind":"plain","optional":true},"method_id":{"type":"string","description":"Method ID.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"Mount accessor.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Method name.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Method's namespace ID.","description_kind":"plain","computed":true},"namespace_path":{"type":"string","description":"Method's namespace path.","description_kind":"plain","computed":true},"period":{"type":"number","description":"The length of time in seconds used to generate a counter for the TOTP token calculation.","description_kind":"plain","optional":true},"qr_size":{"type":"number","description":"The pixel size of the generated square QR code.","description_kind":"plain","optional":true,"computed":true},"skew":{"type":"number","description":"The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1.","description_kind":"plain","optional":true},"type":{"type":"string","description":"MFA type.","description_kind":"plain","computed":true},"uuid":{"type":"string","description":"Resource UUID.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_oidc":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"Issuer URL to be used in the iss claim of the token. If not set, Vault's api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components, but no query or fragment components.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_assignment":{"version":0,"block":{"attributes":{"entity_ids":{"type":["set","string"],"description":"A list of Vault entity IDs.","description_kind":"plain","optional":true},"group_ids":{"type":["set","string"],"description":"A list of Vault group IDs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the assignment.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_client":{"version":0,"block":{"attributes":{"access_token_ttl":{"type":"number","description":"The time-to-live for access tokens obtained by the client.","description_kind":"plain","optional":true,"computed":true},"assignments":{"type":["set","string"],"description":"A list of assignment resources associated with the client.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The Client ID from Vault.","description_kind":"plain","computed":true},"client_secret":{"type":"string","description":"The Client Secret from Vault.","description_kind":"plain","computed":true,"sensitive":true},"client_type":{"type":"string","description":"The client type based on its ability to maintain confidentiality of credentials.Defaults to 'confidential'.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token_ttl":{"type":"number","description":"The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key.","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"A reference to a named key resource in Vault. This cannot be modified after creation.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the client.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"redirect_uris":{"type":["set","string"],"description":"Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_key":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"Signing algorithm to use. Signing algorithm to use. Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA.","description_kind":"plain","optional":true},"allowed_client_ids":{"type":["set","string"],"description":"Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If \"*\", all roles are allowed.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the key.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"rotation_period":{"type":"number","description":"How often to generate a new signing key in number of seconds","description_kind":"plain","optional":true},"verification_ttl":{"type":"number","description":"Controls how long the public portion of a signing key will be available for verification after being rotated in seconds.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_key_allowed_client_id":{"version":0,"block":{"attributes":{"allowed_client_id":{"type":"string","description":"Role Client ID allowed to use the key for signing.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_name":{"type":"string","description":"Name of the key.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_provider":{"version":0,"block":{"attributes":{"allowed_client_ids":{"type":["set","string"],"description":"The client IDs that are permitted to use the provider. If empty, no clients are allowed. If \"*\", all clients are allowed.","description_kind":"plain","optional":true},"https_enabled":{"type":"bool","description":"Set to true if the issuer endpoint uses HTTPS.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"Specifies what will be used as the 'scheme://host:port' component for the 'iss' claim of ID tokens.This value is computed using the issuer_host and https_enabled fields.","description_kind":"plain","computed":true},"issuer_host":{"type":"string","description":"The host for the issuer. Can be either host or host:port.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the provider.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"scopes_supported":{"type":["set","string"],"description":"The scopes available for requesting on the provider.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_role":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The value that will be included in the `aud` field of all the OIDC identity tokens issued by this role","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"A configured named key, the key must already exist.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"template":{"type":"string","description":"The template string to use for generating tokens. This may be in string-ified JSON or base64 format.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"TTL of the tokens generated against the role in number of seconds.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_scope":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The scope's description.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the scope. The openid scope name is reserved.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"template":{"type":"string","description":"The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_jwt_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the JWT auth backend","description_kind":"plain","computed":true},"bound_issuer":{"type":"string","description":"The value against which to match the iss claim in a JWT","description_kind":"plain","optional":true},"default_role":{"type":"string","description":"The default role to use if none is provided during login","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the auth backend","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"jwks_ca_pem":{"type":"string","description":"The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.","description_kind":"plain","optional":true},"jwks_url":{"type":"string","description":"JWKS URL to use to authenticate signatures. Cannot be used with 'oidc_discovery_url' or 'jwt_validation_pubkeys'.","description_kind":"plain","optional":true},"jwt_supported_algs":{"type":["list","string"],"description":"A list of supported signing algorithms. Defaults to [RS256]","description_kind":"plain","optional":true},"jwt_validation_pubkeys":{"type":["list","string"],"description":"A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'. ","description_kind":"plain","optional":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_in_state":{"type":"bool","description":"Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs.","description_kind":"plain","optional":true},"oidc_client_id":{"type":"string","description":"Client ID used for OIDC","description_kind":"plain","optional":true},"oidc_client_secret":{"type":"string","description":"Client Secret used for OIDC","description_kind":"plain","optional":true,"sensitive":true},"oidc_discovery_ca_pem":{"type":"string","description":"The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used","description_kind":"plain","optional":true},"oidc_discovery_url":{"type":"string","description":"The OIDC Discovery URL, without any .well-known component (base path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'.","description_kind":"plain","optional":true},"oidc_response_mode":{"type":"string","description":"The response mode to be used in the OAuth2 request. Allowed values are 'query' and 'form_post'. Defaults to 'query'. If using Vault namespaces, and oidc_response_mode is 'form_post', then 'namespace_in_state' should be set to false.","description_kind":"plain","optional":true},"oidc_response_types":{"type":["list","string"],"description":"The response types to request. Allowed values are 'code' and 'id_token'. Defaults to 'code'. Note: 'id_token' may only be used if 'oidc_response_mode' is set to 'form_post'.","description_kind":"plain","optional":true},"path":{"type":"string","description":"path to mount the backend","description_kind":"plain","optional":true},"provider_config":{"type":["map","string"],"description":"Provider specific handling configuration","description_kind":"plain","optional":true},"tune":{"type":["set",["object",{"allowed_response_headers":["list","string"],"audit_non_hmac_request_keys":["list","string"],"audit_non_hmac_response_keys":["list","string"],"default_lease_ttl":"string","listing_visibility":"string","max_lease_ttl":"string","passthrough_request_headers":["list","string"],"token_type":"string"}]],"description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of backend. Can be either 'jwt' or 'oidc'","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_jwt_auth_backend_role":{"version":0,"block":{"attributes":{"allowed_redirect_uris":{"type":["set","string"],"description":"The list of allowed values for redirect_uri during OIDC logins.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bound_audiences":{"type":["set","string"],"description":"List of aud claims to match against. Any match is sufficient.","description_kind":"plain","optional":true},"bound_claims":{"type":["map","string"],"description":"Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.","description_kind":"plain","optional":true},"bound_claims_type":{"type":"string","description":"How to interpret values in the claims/values map: can be either \"string\" (exact match) or \"glob\" (wildcard match).","description_kind":"plain","optional":true,"computed":true},"bound_subject":{"type":"string","description":"If set, requires that the sub claim matches this value.","description_kind":"plain","optional":true},"claim_mappings":{"type":["map","string"],"description":"Map of claims (keys) to be copied to specified metadata fields (values).","description_kind":"plain","optional":true},"clock_skew_leeway":{"type":"number","description":"The amount of leeway to add to all claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.","description_kind":"plain","optional":true},"disable_bound_claims_parsing":{"type":"bool","description":"Disable bound claim value parsing. Useful when values contain commas.","description_kind":"plain","optional":true},"expiration_leeway":{"type":"number","description":"The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.","description_kind":"plain","optional":true},"groups_claim":{"type":"string","description":"The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_age":{"type":"number","description":"Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"not_before_leeway":{"type":"number","description":"The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds. Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. ","description_kind":"plain","optional":true},"oidc_scopes":{"type":["set","string"],"description":"List of OIDC scopes to be used with an OIDC role. The standard scope \"openid\" is automatically included and need not be specified.","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"role_type":{"type":"string","description":"Type of role, either \"oidc\" (default) or \"jwt\"","description_kind":"plain","optional":true,"computed":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"user_claim":{"type":"string","description":"The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login.","description_kind":"plain","required":true},"user_claim_json_pointer":{"type":"bool","description":"Specifies if the user_claim value uses JSON pointer syntax for referencing claims. By default, the user_claim value will not use JSON pointer.","description_kind":"plain","optional":true},"verbose_oidc_logging":{"type":"bool","description":"Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kmip_secret_backend":{"version":1,"block":{"attributes":{"default_tls_client_key_bits":{"type":"number","description":"Client certificate key bits, valid values depend on key type","description_kind":"plain","optional":true,"computed":true},"default_tls_client_key_type":{"type":"string","description":"Client certificate key type, rsa or ec","description_kind":"plain","optional":true,"computed":true},"default_tls_client_ttl":{"type":"number","description":"Client certificate TTL in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listen_addrs":{"type":["set","string"],"description":"Addresses the KMIP server should listen on (host:port)","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path where KMIP secret backend will be mounted","description_kind":"plain","required":true},"server_hostnames":{"type":["set","string"],"description":"Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN)","description_kind":"plain","optional":true,"computed":true},"server_ips":{"type":["set","string"],"description":"IPs to include in the server's TLS certificate as SAN IP addresses","description_kind":"plain","optional":true,"computed":true},"tls_ca_key_bits":{"type":"number","description":"CA key bits, valid values depend on key type","description_kind":"plain","optional":true,"computed":true},"tls_ca_key_type":{"type":"string","description":"CA key type, rsa or ec","description_kind":"plain","optional":true,"computed":true},"tls_min_version":{"type":"string","description":"Minimum TLS version to accept","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_kmip_secret_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"operation_activate":{"type":"bool","description":"Grant permission to use the KMIP Activate operation","description_kind":"plain","optional":true,"computed":true},"operation_add_attribute":{"type":"bool","description":"Grant permission to use the KMIP Add Attribute operation","description_kind":"plain","optional":true,"computed":true},"operation_all":{"type":"bool","description":"Grant all permissions to this role. May not be specified with any other operation_* params","description_kind":"plain","optional":true,"computed":true},"operation_create":{"type":"bool","description":"Grant permission to use the KMIP Create operation","description_kind":"plain","optional":true,"computed":true},"operation_destroy":{"type":"bool","description":"Grant permission to use the KMIP Destroy operation","description_kind":"plain","optional":true,"computed":true},"operation_discover_versions":{"type":"bool","description":"Grant permission to use the KMIP Discover Version operation","description_kind":"plain","optional":true,"computed":true},"operation_get":{"type":"bool","description":"Grant permission to use the KMIP Get operation","description_kind":"plain","optional":true,"computed":true},"operation_get_attribute_list":{"type":"bool","description":"Grant permission to use the KMIP Get Attribute List operation","description_kind":"plain","optional":true,"computed":true},"operation_get_attributes":{"type":"bool","description":"Grant permission to use the KMIP Get Attributes operation","description_kind":"plain","optional":true,"computed":true},"operation_locate":{"type":"bool","description":"Grant permission to use the KMIP Locate operation","description_kind":"plain","optional":true,"computed":true},"operation_none":{"type":"bool","description":"Remove all permissions from this role. May not be specified with any other operation_* params","description_kind":"plain","optional":true,"computed":true},"operation_register":{"type":"bool","description":"Grant permission to use the KMIP Register operation","description_kind":"plain","optional":true,"computed":true},"operation_rekey":{"type":"bool","description":"Grant permission to use the KMIP Rekey operation","description_kind":"plain","optional":true,"computed":true},"operation_revoke":{"type":"bool","description":"Grant permission to use the KMIP Revoke operation","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path where KMIP backend is mounted","description_kind":"plain","required":true},"role":{"type":"string","description":"Name of the role","description_kind":"plain","required":true},"scope":{"type":"string","description":"Name of the scope","description_kind":"plain","required":true},"tls_client_key_bits":{"type":"number","description":"Client certificate key bits, valid values depend on key type","description_kind":"plain","optional":true},"tls_client_key_type":{"type":"string","description":"Client certificate key type, rsa or ec","description_kind":"plain","optional":true},"tls_client_ttl":{"type":"number","description":"Client certificate TTL in seconds","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kmip_secret_scope":{"version":0,"block":{"attributes":{"force":{"type":"bool","description":"Force deletion even if there are managed objects in the scope","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path where KMIP backend is mounted","description_kind":"plain","required":true},"scope":{"type":"string","description":"Name of the scope","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_kubernetes_auth_backend_config":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the kubernetes backend to configure.","description_kind":"plain","optional":true},"disable_iss_validation":{"type":"bool","description":"Optional disable JWT issuer validation. Allows to skip ISS validation.","description_kind":"plain","optional":true,"computed":true},"disable_local_ca_jwt":{"type":"bool","description":"Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.","description_kind":"plain","optional":true},"kubernetes_ca_cert":{"type":"string","description":"PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.","description_kind":"plain","optional":true,"computed":true},"kubernetes_host":{"type":"string","description":"Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"pem_keys":{"type":["list","string"],"description":"Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.","description_kind":"plain","optional":true},"token_reviewer_jwt":{"type":"string","description":"A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_kubernetes_auth_backend_role":{"version":0,"block":{"attributes":{"alias_name_source":{"type":"string","description":"Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name","description_kind":"plain","optional":true,"computed":true},"audience":{"type":"string","description":"Optional Audience claim to verify in the JWT.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the kubernetes backend to configure.","description_kind":"plain","optional":true},"bound_service_account_names":{"type":["set","string"],"description":"List of service account names able to access this role. If set to `[\"*\"]` all names are allowed, both this and bound_service_account_namespaces can not be \"*\".","description_kind":"plain","required":true},"bound_service_account_namespaces":{"type":["set","string"],"description":"List of namespaces allowed to access this role. If set to `[\"*\"]` all namespaces are allowed, both this and bound_service_account_names can not be set to \"*\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kubernetes_secret_backend":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"Accessor of the mount","description_kind":"plain","computed":true},"allowed_managed_keys":{"type":["set","string"],"description":"List of managed key registry entry names that the mount in question is allowed to access","description_kind":"plain","optional":true},"audit_non_hmac_request_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.","description_kind":"plain","optional":true,"computed":true},"audit_non_hmac_response_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.","description_kind":"plain","optional":true,"computed":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount","description_kind":"plain","optional":true},"disable_local_ca_jwt":{"type":"bool","description":"Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod.","description_kind":"plain","optional":true},"external_entropy_access":{"type":"bool","description":"Enable the secrets engine to access Vault's external entropy source","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_ca_cert":{"type":"string","description":"A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate. Defaults to the local pod’s CA if found, or otherwise the host's root CA set.","description_kind":"plain","optional":true},"kubernetes_host":{"type":"string","description":"The Kubernetes API URL to connect to.","description_kind":"plain","optional":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Specifies mount type specific options that are passed to the backend","description_kind":"plain","optional":true},"path":{"type":"string","description":"Where the secret backend will be mounted","description_kind":"plain","required":true},"seal_wrap":{"type":"bool","description":"Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability","description_kind":"plain","optional":true,"computed":true},"service_account_jwt":{"type":"string","description":"The JSON web token of the service account used by the secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if found.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_kubernetes_secret_backend_role":{"version":0,"block":{"attributes":{"allowed_kubernetes_namespaces":{"type":["list","string"],"description":"The list of Kubernetes namespaces this role can generate credentials for. If set to '*' all namespaces are allowed.","description_kind":"plain","required":true},"backend":{"type":"string","description":"The mount path for the Kubernetes secrets engine.","description_kind":"plain","required":true},"extra_annotations":{"type":["map","string"],"description":"Additional annotations to apply to all generated Kubernetes objects.","description_kind":"plain","optional":true},"extra_labels":{"type":["map","string"],"description":"Additional labels to apply to all generated Kubernetes objects.","description_kind":"plain","optional":true},"generated_role_rules":{"type":"string","description":"The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. If set, the entire chain of Kubernetes objects will be generated when credentials are requested.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_role_name":{"type":"string","description":"The pre-existing Role or ClusterRole to bind a generated service account to. Mutually exclusive with 'service_account_name' and 'generated_role_rules'. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested.","description_kind":"plain","optional":true},"kubernetes_role_type":{"type":"string","description":"Specifies whether the Kubernetes role is a Role or ClusterRole.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"name_template":{"type":"string","description":"The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"service_account_name":{"type":"string","description":"The pre-existing service account to generate tokens for. Mutually exclusive with 'kubernetes_role_name' and 'generated_role_rules'. If set, only a Kubernetes token will be created when credentials are requested.","description_kind":"plain","optional":true},"token_default_ttl":{"type":"number","description":"The default TTL for generated Kubernetes tokens in seconds.","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum TTL for generated Kubernetes tokens in seconds.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secret":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data to write.","description_kind":"plain","required":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path of the KV-V1 secret.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_kv_secret_backend_v2":{"version":0,"block":{"attributes":{"cas_required":{"type":"bool","description":"If true, all keys will require the cas parameter to be set on all write requests.","description_kind":"plain","optional":true,"computed":true},"delete_version_after":{"type":"number","description":"If set, specifies the length of time before a version is deleted","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_versions":{"type":"number","description":"The number of versions to keep per key.","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secret_v2":{"version":0,"block":{"attributes":{"cas":{"type":"number","description":"This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a write to be successful, cas must be set to the current version of the secret.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data to write.","description_kind":"plain","required":true,"sensitive":true},"delete_all_versions":{"type":"bool","description":"If set to true, permanently deletes all versions for the specified key.","description_kind":"plain","optional":true},"disable_read":{"type":"bool","description":"If set to true, disables reading secret from Vault; note: drift won't be detected.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata associated with this secret read from Vault.","description_kind":"plain","computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted.","description_kind":"plain","required":true},"name":{"type":"string","description":"Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz'","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"An object that holds option settings.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the KV-V2 secret will be written.","description_kind":"plain","computed":true}},"block_types":{"custom_metadata":{"nesting_mode":"list","block":{"attributes":{"cas_required":{"type":"bool","description":"If true, all keys will require the cas parameter to be set on all write requests.","description_kind":"plain","optional":true},"data":{"type":["map","string"],"description":"A map of arbitrary string to string valued user-provided metadata meant to describe the secret.","description_kind":"plain","optional":true},"delete_version_after":{"type":"number","description":"If set, specifies the length of time before a version is deleted.","description_kind":"plain","optional":true},"max_versions":{"type":"number","description":"The number of versions to keep per key.","description_kind":"plain","optional":true}},"description":"Custom metadata to be set for the secret.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"vault_ldap_auth_backend":{"version":2,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the LDAP auth backend","description_kind":"plain","computed":true},"binddn":{"type":"string","description_kind":"plain","optional":true,"computed":true},"bindpass":{"type":"string","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"case_sensitive_names":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"certificate":{"type":"string","description_kind":"plain","optional":true,"computed":true},"client_tls_cert":{"type":"string","description_kind":"plain","optional":true,"computed":true},"client_tls_key":{"type":"string","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"deny_null_bind":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description_kind":"plain","optional":true,"computed":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"discoverdn":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"groupattr":{"type":"string","description_kind":"plain","optional":true,"computed":true},"groupdn":{"type":"string","description_kind":"plain","optional":true,"computed":true},"groupfilter":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"insecure_tls":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","optional":true},"max_page_size":{"type":"number","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description_kind":"plain","optional":true},"starttls":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"tls_max_version":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tls_min_version":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"upndomain":{"type":"string","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description_kind":"plain","required":true},"use_token_groups":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"userattr":{"type":"string","description_kind":"plain","optional":true,"computed":true},"userdn":{"type":"string","description_kind":"plain","optional":true,"computed":true},"userfilter":{"type":"string","description_kind":"plain","optional":true,"computed":true},"username_as_alias":{"type":"bool","description":"Force the auth method to use the username passed by the user as the alias name.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_ldap_auth_backend_group":{"version":1,"block":{"attributes":{"backend":{"type":"string","description_kind":"plain","optional":true},"groupname":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_ldap_auth_backend_user":{"version":1,"block":{"attributes":{"backend":{"type":"string","description_kind":"plain","optional":true},"groups":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true},"username":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_ldap_secret_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"Accessor of the mount","description_kind":"plain","computed":true},"allowed_managed_keys":{"type":["set","string"],"description":"List of managed key registry entry names that the mount in question is allowed to access","description_kind":"plain","optional":true},"audit_non_hmac_request_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.","description_kind":"plain","optional":true,"computed":true},"audit_non_hmac_response_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.","description_kind":"plain","optional":true,"computed":true},"binddn":{"type":"string","description":"Distinguished name of object to bind when performing user and group search.","description_kind":"plain","required":true},"bindpass":{"type":"string","description":"LDAP password for searching for the user DN.","description_kind":"plain","required":true,"sensitive":true},"certificate":{"type":"string","description":"CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.","description_kind":"plain","optional":true},"client_tls_cert":{"type":"string","description":"Client certificate to provide to the LDAP server, must be x509 PEM encoded.","description_kind":"plain","optional":true,"sensitive":true},"client_tls_key":{"type":"string","description":"Client certificate key to provide to the LDAP server, must be x509 PEM encoded.","description_kind":"plain","optional":true,"sensitive":true},"connection_timeout":{"type":"number","description":"Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.","description_kind":"plain","optional":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"external_entropy_access":{"type":"bool","description":"Enable the secrets engine to access Vault's external entropy source","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"insecure_tls":{"type":"bool","description":"Skip LDAP server SSL Certificate verification - insecure and not recommended for production use.","description_kind":"plain","optional":true},"length":{"type":"number","description":"The desired length of passwords that Vault generates.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Specifies mount type specific options that are passed to the backend","description_kind":"plain","optional":true},"password_policy":{"type":"string","description":"Name of the password policy to use to generate passwords.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path where the LDAP secrets backend is mounted.","description_kind":"plain","optional":true},"request_timeout":{"type":"number","description":"Timeout, in seconds, for the connection when making requests against the server before returning back an error.","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description":"The LDAP schema to use when storing entry passwords. Valid schemas include openldap, ad, and racf.","description_kind":"plain","optional":true,"computed":true},"seal_wrap":{"type":"bool","description":"Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability","description_kind":"plain","optional":true,"computed":true},"starttls":{"type":"bool","description":"Issue a StartTLS command after establishing unencrypted connection.","description_kind":"plain","optional":true,"computed":true},"upndomain":{"type":"string","description":"Enables userPrincipalDomain login with [username]@UPNDomain.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.","description_kind":"plain","optional":true,"computed":true},"userattr":{"type":"string","description":"Attribute used for users (default: cn)","description_kind":"plain","optional":true,"computed":true},"userdn":{"type":"string","description":"LDAP domain to use for users (eg: ou=People,dc=example,dc=org)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_ldap_secret_backend_dynamic_role":{"version":0,"block":{"attributes":{"creation_ldif":{"type":"string","description":"A templatized LDIF string used to create a user account. May contain multiple entries.","description_kind":"plain","required":true},"default_ttl":{"type":"number","description":"Specifies the TTL for the leases associated with this role.","description_kind":"plain","optional":true},"deletion_ldif":{"type":"string","description":"A templatized LDIF string used to delete the user account once its TTL has expired. This may contain multiple LDIF entries.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum TTL for the leases associated with this role.","description_kind":"plain","optional":true},"mount":{"type":"string","description":"The path where the LDAP secrets backend is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"rollback_ldif":{"type":"string","description":"A templatized LDIF string used to attempt to rollback any changes in the event that execution of the creation_ldif results in an error. This may contain multiple LDIF entries.","description_kind":"plain","optional":true},"username_template":{"type":"string","description":"A template used to generate a dynamic username. This will be used to fill in the .Username field within the creation_ldif string.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_ldap_secret_backend_library_set":{"version":0,"block":{"attributes":{"disable_check_in_enforcement":{"type":"bool","description":"Disable enforcing that service accounts must be checked in by the entity or client token that checked them out.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"The maximum amount of time a check-out last with renewal before Vault automatically checks it back in. Defaults to 24 hours.","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"The path where the LDAP secrets backend is mounted.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the set of service accounts.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"service_account_names":{"type":["list","string"],"description":"The names of all the service accounts that can be checked out from this set.","description_kind":"plain","required":true},"ttl":{"type":"number","description":"The maximum amount of time a single check-out lasts before Vault automatically checks it back in. Defaults to 24 hours.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_ldap_secret_backend_static_role":{"version":0,"block":{"attributes":{"dn":{"type":"string","description":"Distinguished name (DN) of the existing LDAP entry to manage password rotation for.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"The path where the LDAP secrets backend is mounted.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"rotation_period":{"type":"number","description":"How often Vault should rotate the password of the user entry.","description_kind":"plain","required":true},"username":{"type":"string","description":"The username of the existing LDAP entry to manage password rotation for.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_managed_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"block_types":{"aws":{"nesting_mode":"set","block":{"attributes":{"access_key":{"type":"string","description":"The AWS access key to use","description_kind":"plain","required":true},"allow_generate_key":{"type":"bool","description":"If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend","description_kind":"plain","optional":true,"computed":true},"allow_replace_key":{"type":"bool","description":"Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.","description_kind":"plain","optional":true,"computed":true},"allow_store_key":{"type":"bool","description":"Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden","description_kind":"plain","optional":true,"computed":true},"any_mount":{"type":"bool","description":"Allow usage from any mount point within the namespace if 'true'","description_kind":"plain","optional":true,"computed":true},"curve":{"type":"string","description":"The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Used to specify a custom AWS endpoint","description_kind":"plain","optional":true},"key_bits":{"type":"string","description":"The size in bits for an RSA key. This field is required when 'key_type' is 'RSA'","description_kind":"plain","required":true},"key_type":{"type":"string","description":"The type of key to use","description_kind":"plain","required":true},"kms_key":{"type":"string","description":"An identifier for the key","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique lowercase name that serves as identifying the key","description_kind":"plain","required":true},"region":{"type":"string","description":"The AWS region where the keys are stored (or will be stored)","description_kind":"plain","optional":true,"computed":true},"secret_key":{"type":"string","description":"The AWS secret key to use","description_kind":"plain","required":true},"uuid":{"type":"string","description":"ID of the managed key read from Vault","description_kind":"plain","computed":true}},"description":"Configuration block for AWS Managed Keys","description_kind":"plain"}},"azure":{"nesting_mode":"set","block":{"attributes":{"allow_generate_key":{"type":"bool","description":"If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend","description_kind":"plain","optional":true,"computed":true},"allow_replace_key":{"type":"bool","description":"Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.","description_kind":"plain","optional":true,"computed":true},"allow_store_key":{"type":"bool","description":"Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden","description_kind":"plain","optional":true,"computed":true},"any_mount":{"type":"bool","description":"Allow usage from any mount point within the namespace if 'true'","description_kind":"plain","optional":true,"computed":true},"client_id":{"type":"string","description":"The client id for credentials to query the Azure APIs","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret for credentials to query the Azure APIs","description_kind":"plain","required":true},"environment":{"type":"string","description":"The Azure Cloud environment API endpoints to use","description_kind":"plain","optional":true,"computed":true},"key_bits":{"type":"string","description":"The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true","description_kind":"plain","optional":true},"key_name":{"type":"string","description":"The Key Vault key to use for encryption and decryption","description_kind":"plain","required":true},"key_type":{"type":"string","description":"The type of key to use","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique lowercase name that serves as identifying the key","description_kind":"plain","required":true},"resource":{"type":"string","description":"The Azure Key Vault resource's DNS Suffix to connect to","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"The tenant id for the Azure Active Directory organization","description_kind":"plain","required":true},"uuid":{"type":"string","description":"ID of the managed key read from Vault","description_kind":"plain","computed":true},"vault_name":{"type":"string","description":"The Key Vault vault to use the encryption keys for encryption and decryption","description_kind":"plain","required":true}},"description":"Configuration block for Azure Managed Keys","description_kind":"plain"}},"pkcs":{"nesting_mode":"set","block":{"attributes":{"allow_generate_key":{"type":"bool","description":"If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend","description_kind":"plain","optional":true,"computed":true},"allow_replace_key":{"type":"bool","description":"Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists.","description_kind":"plain","optional":true,"computed":true},"allow_store_key":{"type":"bool","description":"Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden","description_kind":"plain","optional":true,"computed":true},"any_mount":{"type":"bool","description":"Allow usage from any mount point within the namespace if 'true'","description_kind":"plain","optional":true,"computed":true},"curve":{"type":"string","description":"Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true","description_kind":"plain","optional":true},"force_rw_session":{"type":"string","description":"Force all operations to open up a read-write session to the HSM","description_kind":"plain","optional":true},"key_bits":{"type":"string","description":"Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true","description_kind":"plain","optional":true},"key_id":{"type":"string","description":"The id of a PKCS#11 key to use","description_kind":"plain","required":true},"key_label":{"type":"string","description":"The label of the key to use","description_kind":"plain","required":true},"library":{"type":"string","description":"The name of the kms_library stanza to use from Vault's config to lookup the local library path","description_kind":"plain","required":true},"mechanism":{"type":"string","description":"The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique lowercase name that serves as identifying the key","description_kind":"plain","required":true},"pin":{"type":"string","description":"The PIN for login","description_kind":"plain","required":true},"slot":{"type":"string","description":"The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953')","description_kind":"plain","optional":true},"token_label":{"type":"string","description":"The slot token label to use","description_kind":"plain","optional":true},"uuid":{"type":"string","description":"ID of the managed key read from Vault","description_kind":"plain","computed":true}},"description":"Configuration block for PKCS Managed Keys","description_kind":"plain"}}},"description_kind":"plain"}},"vault_mfa_duo":{"version":0,"block":{"attributes":{"api_hostname":{"type":"string","description":"API hostname for Duo.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integration_key":{"type":"string","description":"Integration key for Duo.","description_kind":"plain","required":true,"sensitive":true},"mount_accessor":{"type":"string","description":"The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the MFA method.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"push_info":{"type":"string","description":"Push information for Duo.","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"Secret key for Duo.","description_kind":"plain","required":true,"sensitive":true},"username_format":{"type":"string","description":"A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mfa_okta":{"version":0,"block":{"attributes":{"api_token":{"type":"string","description":"Okta API key.","description_kind":"plain","required":true,"sensitive":true},"base_url":{"type":"string","description":"If set, will be used as the base domain for API requests.","description_kind":"plain","optional":true},"id":{"type":"string","description":"ID computed by Vault.","description_kind":"plain","optional":true,"computed":true},"mount_accessor":{"type":"string","description":"The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the MFA method.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"org_name":{"type":"string","description":"Name of the organization to be used in the Okta API.","description_kind":"plain","required":true},"primary_email":{"type":"bool","description":"If set to true, the username will only match the primary email for the account.","description_kind":"plain","optional":true},"username_format":{"type":"string","description":"A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mfa_pingid":{"version":0,"block":{"attributes":{"admin_url":{"type":"string","description":"Admin URL computed by Vault.","description_kind":"plain","computed":true},"authenticator_url":{"type":"string","description":"Authenticator URL computed by Vault.","description_kind":"plain","computed":true},"id":{"type":"string","description":"ID computed by Vault.","description_kind":"plain","optional":true,"computed":true},"idp_url":{"type":"string","description":"IDP URL computed by Vault.","description_kind":"plain","computed":true},"mount_accessor":{"type":"string","description":"The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the MFA method.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Namespace ID computed by Vault.","description_kind":"plain","computed":true},"org_alias":{"type":"string","description":"Org Alias computed by Vault.","description_kind":"plain","computed":true},"settings_file_base64":{"type":"string","description":"A base64-encoded third-party settings file retrieved from PingID's configuration page.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of configuration computed by Vault.","description_kind":"plain","computed":true},"use_signature":{"type":"bool","description":"If set, enables use of PingID signature. Computed by Vault","description_kind":"plain","computed":true},"username_format":{"type":"string","description":"A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mfa_totp":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"Specifies the hashing algorithm used to generate the TOTP code. Options include 'SHA1', 'SHA256' and 'SHA512'.","description_kind":"plain","optional":true},"digits":{"type":"number","description":"The number of digits in the generated TOTP token. This value can either be 6 or 8.","description_kind":"plain","optional":true},"id":{"type":"string","description":"ID computed by Vault.","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"The name of the key's issuing organization.","description_kind":"plain","required":true},"key_size":{"type":"number","description":"Specifies the size in bytes of the generated key.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the MFA method.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"period":{"type":"number","description":"The length of time used to generate a counter for the TOTP token calculation.","description_kind":"plain","optional":true},"qr_size":{"type":"number","description":"The pixel size of the generated square QR code.","description_kind":"plain","optional":true},"skew":{"type":"number","description":"The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mongodbatlas_secret_backend":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where MongoDB Atlas secret backend is mounted","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path where MongoDB Atlas configuration is located","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The Private Programmatic API Key used to connect with MongoDB Atlas API","description_kind":"plain","required":true},"public_key":{"type":"string","description":"The Public Programmatic API Key used to authenticate with the MongoDB Atlas API","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_mongodbatlas_secret_role":{"version":0,"block":{"attributes":{"cidr_blocks":{"type":["list","string"],"description":"Whitelist entry in CIDR notation to be added for the API key","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_addresses":{"type":["list","string"],"description":"IP address to be added to the whitelist for the API key","description_kind":"plain","optional":true},"max_ttl":{"type":"string","description":"The maximum allowed lifetime of credentials issued using this role","description_kind":"plain","optional":true},"mount":{"type":"string","description":"Path where MongoDB Atlas secret backend is mounted","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the role","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization_id":{"type":"string","description":"ID for the organization to which the target API Key belongs","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID for the project to which the target API Key belongs","description_kind":"plain","optional":true},"project_roles":{"type":["list","string"],"description":"Roles assigned when an org API key is assigned to a project API key","description_kind":"plain","optional":true},"roles":{"type":["list","string"],"description":"List of roles that the API Key needs to have","description_kind":"plain","required":true},"ttl":{"type":"string","description":"Duration in seconds after which the issued credential should expire","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_mount":{"version":0,"block":{"attributes":{"accessor":{"type":"string","description":"Accessor of the mount","description_kind":"plain","computed":true},"allowed_managed_keys":{"type":["set","string"],"description":"List of managed key registry entry names that the mount in question is allowed to access","description_kind":"plain","optional":true},"audit_non_hmac_request_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.","description_kind":"plain","optional":true,"computed":true},"audit_non_hmac_response_keys":{"type":["list","string"],"description":"Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.","description_kind":"plain","optional":true,"computed":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount","description_kind":"plain","optional":true},"external_entropy_access":{"type":"bool","description":"Enable the secrets engine to access Vault's external entropy source","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Local mount flag that can be explicitly set to true to enforce local mount in HA environment","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for tokens and secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"options":{"type":["map","string"],"description":"Specifies mount type specific options that are passed to the backend","description_kind":"plain","optional":true},"path":{"type":"string","description":"Where the secret backend will be mounted","description_kind":"plain","required":true},"seal_wrap":{"type":"bool","description":"Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of the backend, such as 'aws'","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_namespace":{"version":0,"block":{"attributes":{"custom_metadata":{"type":["map","string"],"description":"Custom metadata describing this namespace. Value type is map[string]string.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description":"Namespace ID.","description_kind":"plain","computed":true},"path":{"type":"string","description":"Namespace path.","description_kind":"plain","required":true},"path_fq":{"type":"string","description":"The fully qualified namespace path.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_nomad_secret_backend":{"version":1,"block":{"attributes":{"address":{"type":"string","description":"Specifies the address of the Nomad instance, provided as \"protocol://host:port\" like \"http://127.0.0.1:4646\".","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The mount path for the Nomad backend.","description_kind":"plain","optional":true},"ca_cert":{"type":"string","description":"CA certificate to use when verifying Nomad server certificate, must be x509 PEM encoded.","description_kind":"plain","optional":true},"client_cert":{"type":"string","description":"Client certificate used for Nomad's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key.","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Client key used for Nomad's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert.","description_kind":"plain","optional":true,"sensitive":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local":{"type":"bool","description":"Mark the secrets engine as local-only. Local engines are not replicated or removed by replication. Tolerance duration to use when checking the last rotation time.","description_kind":"plain","optional":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true},"max_token_name_length":{"type":"number","description":"Specifies the maximum length to use for the name of the Nomad token generated with Generate Credential. If omitted, 0 is used and ignored, defaulting to the max value allowed by the Nomad version.","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Maximum possible lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"token":{"type":"string","description":"Specifies the Nomad Management token to use.","description_kind":"plain","optional":true,"sensitive":true},"ttl":{"type":"number","description":"Maximum possible lease duration for secrets in seconds.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_nomad_secret_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The mount path for the Nomad backend.","description_kind":"plain","required":true},"global":{"type":"bool","description":"Specifies if the token should be global.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policies":{"type":["list","string"],"description":"Comma separated list of Nomad policies the token is going to be created against. These need to be created beforehand in Nomad.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"type":{"type":"string","description":"Specifies the type of token to create when using this role. Valid values are \"client\" or \"management\".","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_okta_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The mount accessor related to the auth mount.","description_kind":"plain","computed":true},"base_url":{"type":"string","description":"The Okta url. Examples: oktapreview.com, okta.com (default)","description_kind":"plain","optional":true},"bypass_okta_mfa":{"type":"bool","description":"When true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.","description_kind":"plain","optional":true},"description":{"type":"string","description":"The description of the auth backend","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"group":{"type":["set",["object",{"group_name":"string","policies":["set","string"]}]],"description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Maximum duration after which authentication will be expired","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The Okta organization. This will be the first part of the url https://XXX.okta.com.","description_kind":"plain","required":true},"path":{"type":"string","description":"path to mount the backend","description_kind":"plain","optional":true},"token":{"type":"string","description":"The Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.","description_kind":"plain","optional":true,"sensitive":true},"ttl":{"type":"string","description":"Duration after which authentication will be expired","description_kind":"plain","optional":true},"user":{"type":["set",["object",{"groups":["set","string"],"policies":["set","string"],"username":"string"}]],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_okta_auth_backend_group":{"version":0,"block":{"attributes":{"group_name":{"type":"string","description":"Name of the Okta group","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the Okta auth backend","description_kind":"plain","required":true},"policies":{"type":["set","string"],"description":"Policies to associate with this group","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_okta_auth_backend_user":{"version":0,"block":{"attributes":{"groups":{"type":["set","string"],"description":"Groups within the Okta auth backend to associate with this user","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the Okta auth backend","description_kind":"plain","required":true},"policies":{"type":["set","string"],"description":"Policies to associate with this user","description_kind":"plain","optional":true},"username":{"type":"string","description":"Name of the user within Okta","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_password_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the password policy.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The password policy document","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_pki_secret_backend_cert":{"version":0,"block":{"attributes":{"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"auto_renew":{"type":"bool","description":"If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"ca_chain":{"type":"string","description":"The CA chain.","description_kind":"plain","computed":true},"certificate":{"type":"string","description":"The certicate.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"CN of the certificate to create.","description_kind":"plain","required":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"expiration":{"type":"number","description":"The certificate expiration as a Unix-style timestamp.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"issuer_ref":{"type":"string","description":"Specifies the default issuer of this request.","description_kind":"plain","optional":true},"issuing_ca":{"type":"string","description":"The issuing CA.","description_kind":"plain","computed":true},"min_seconds_remaining":{"type":"number","description":"Generate a new certificate when the expiration is within this number of seconds","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the role to create the certificate against.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"The private key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_format":{"type":"string","description":"The private key format.","description_kind":"plain","optional":true},"private_key_type":{"type":"string","description":"The private key type.","description_kind":"plain","computed":true},"renew_pending":{"type":"bool","description":"Initially false, and then set to true during refresh once the expiration is less than min_seconds_remaining in the future.","description_kind":"plain","computed":true},"revoke":{"type":"bool","description":"Revoke the certificate upon resource destruction.","description_kind":"plain","optional":true},"serial_number":{"type":"string","description":"The serial number.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"Time to live.","description_kind":"plain","optional":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true},"user_ids":{"type":["list","string"],"description":"List of Subject User IDs.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_config_ca":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"pem_bundle":{"type":"string","description":"The key and certificate PEM bundle.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}},"vault_pki_secret_backend_config_issuers":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"default":{"type":"string","description":"Specifies the default issuer by ID.","description_kind":"plain","optional":true},"default_follows_latest_issuer":{"type":"bool","description":"Specifies whether a root creation or an issuer import operation updates the default issuer to the newly added issuer.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_config_urls":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"crl_distribution_points":{"type":["list","string"],"description":"Specifies the URL values for the CRL Distribution Points field.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuing_certificates":{"type":["list","string"],"description":"Specifies the URL values for the Issuing Certificate field.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"ocsp_servers":{"type":["list","string"],"description":"Specifies the URL values for the OCSP Servers field.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_crl_config":{"version":0,"block":{"attributes":{"auto_rebuild":{"type":"bool","description":"Enables or disables periodic rebuilding of the CRL upon expiry.","description_kind":"plain","optional":true},"auto_rebuild_grace_period":{"type":"string","description":"Grace period before CRL expiry to attempt rebuild of CRL.","description_kind":"plain","optional":true,"computed":true},"backend":{"type":"string","description":"The path of the PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"cross_cluster_revocation":{"type":"bool","description":"Enable cross-cluster revocation request queues.","description_kind":"plain","optional":true,"computed":true},"delta_rebuild_interval":{"type":"string","description":"Interval to check for new revocations on, to regenerate the delta CRL.","description_kind":"plain","optional":true,"computed":true},"disable":{"type":"bool","description":"Disables or enables CRL building","description_kind":"plain","optional":true},"enable_delta":{"type":"bool","description":"Enables or disables building of delta CRLs with up-to-date revocation information, augmenting the last complete CRL.","description_kind":"plain","optional":true},"expiry":{"type":"string","description":"Specifies the time until expiration.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"ocsp_disable":{"type":"bool","description":"Disables or enables the OCSP responder in Vault.","description_kind":"plain","optional":true},"ocsp_expiry":{"type":"string","description":"The amount of time an OCSP response can be cached for, useful for OCSP stapling refresh durations.","description_kind":"plain","optional":true,"computed":true},"unified_crl":{"type":"bool","description":"Enables unified CRL and OCSP building.","description_kind":"plain","optional":true,"computed":true},"unified_crl_on_existing_paths":{"type":"bool","description":"Enables serving the unified CRL and OCSP on the existing, previously cluster-local paths.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_pki_secret_backend_intermediate_cert_request":{"version":0,"block":{"attributes":{"add_basic_constraints":{"type":"bool","description":"Set 'CA: true' in a Basic Constraints extension. Only needed as\na workaround in some compatibility scenarios with Active Directory Certificate Services.","description_kind":"plain","optional":true},"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"common_name":{"type":"string","description":"CN of intermediate to create.","description_kind":"plain","required":true},"country":{"type":"string","description":"The country.","description_kind":"plain","optional":true},"csr":{"type":"string","description":"The CSR.","description_kind":"plain","computed":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"key_bits":{"type":"number","description":"The number of bits to use.","description_kind":"plain","optional":true},"key_id":{"type":"string","description":"The ID of the generated key.","description_kind":"plain","computed":true},"key_name":{"type":"string","description":"When a new key is created with this request, optionally specifies the name for this.","description_kind":"plain","optional":true,"computed":true},"key_ref":{"type":"string","description":"Specifies the key to use for generating this request.","description_kind":"plain","optional":true,"computed":true},"key_type":{"type":"string","description":"The desired key type.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality.","description_kind":"plain","optional":true},"managed_key_id":{"type":"string","description":"The ID of the previously configured managed key.","description_kind":"plain","optional":true},"managed_key_name":{"type":"string","description":"The name of the previously configured managed key.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization.","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"ou":{"type":"string","description":"The organization unit.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"The private key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_format":{"type":"string","description":"The private key format.","description_kind":"plain","optional":true},"private_key_type":{"type":"string","description":"The private key type.","description_kind":"plain","computed":true},"province":{"type":"string","description":"The province.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of intermediate to create. Must be either \"existing\", \"exported\", \"internal\" or \"kms\"","description_kind":"plain","required":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_intermediate_set_signed":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"The certificate.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"imported_issuers":{"type":["list","string"],"description":"The imported issuers.","description_kind":"plain","computed":true},"imported_keys":{"type":["list","string"],"description":"The imported keys.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_issuer":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"crl_distribution_points":{"type":["list","string"],"description":"Specifies the URL values for the CRL Distribution Points field.","description_kind":"plain","optional":true},"enable_aia_url_templating":{"type":"bool","description":"Specifies that the AIA URL values should be templated.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_id":{"type":"string","description":"ID of the issuer.","description_kind":"plain","computed":true},"issuer_name":{"type":"string","description":"Reference to an existing issuer.","description_kind":"plain","optional":true},"issuer_ref":{"type":"string","description":"Reference to an existing issuer.","description_kind":"plain","required":true},"issuing_certificates":{"type":["list","string"],"description":"Specifies the URL values for the Issuing Certificate field.","description_kind":"plain","optional":true},"leaf_not_after_behavior":{"type":"string","description":"Behavior of a leaf's 'NotAfter' field during issuance.","description_kind":"plain","optional":true,"computed":true},"manual_chain":{"type":["list","string"],"description":"Chain of issuer references to build this issuer's computed CAChain field from, when non-empty.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"ocsp_servers":{"type":["list","string"],"description":"Specifies the URL values for the OCSP Servers field.","description_kind":"plain","optional":true},"revocation_signature_algorithm":{"type":"string","description":"Which signature algorithm to use when building CRLs.","description_kind":"plain","optional":true,"computed":true},"usage":{"type":"string","description":"Comma-separated list of allowed usages for this issuer.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_pki_secret_backend_key":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_bits":{"type":"number","description":"Specifies the number of bits to use for the generated keys.","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"ID of the generated key.","description_kind":"plain","computed":true},"key_name":{"type":"string","description":"When a new key is created with this request, optionally specifies the name for this.","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"Specifies the desired key type; must be 'rsa', 'ed25519' or 'ec'.","description_kind":"plain","optional":true,"computed":true},"managed_key_id":{"type":"string","description":"The managed key's UUID.","description_kind":"plain","optional":true},"managed_key_name":{"type":"string","description":"The managed key's configured name.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"type":{"type":"string","description":"Specifies the type of the key to create.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_pki_secret_backend_role":{"version":0,"block":{"attributes":{"allow_any_name":{"type":"bool","description":"Flag to allow any name","description_kind":"plain","optional":true},"allow_bare_domains":{"type":"bool","description":"Flag to allow certificates matching the actual domain.","description_kind":"plain","optional":true},"allow_glob_domains":{"type":"bool","description":"Flag to allow names containing glob patterns.","description_kind":"plain","optional":true},"allow_ip_sans":{"type":"bool","description":"Flag to allow IP SANs","description_kind":"plain","optional":true},"allow_localhost":{"type":"bool","description":"Flag to allow certificates for localhost.","description_kind":"plain","optional":true},"allow_subdomains":{"type":"bool","description":"Flag to allow certificates matching subdomains.","description_kind":"plain","optional":true},"allow_wildcard_certificates":{"type":"bool","description":"Flag to allow wildcard certificates","description_kind":"plain","optional":true},"allowed_domains":{"type":["list","string"],"description":"The domains of the role.","description_kind":"plain","optional":true},"allowed_domains_template":{"type":"bool","description":"Flag to indicate that `allowed_domains` specifies a template expression (e.g. {{identity.entity.aliases.\u003cmount accessor\u003e.name}})","description_kind":"plain","optional":true},"allowed_other_sans":{"type":["list","string"],"description":"Defines allowed custom SANs","description_kind":"plain","optional":true},"allowed_serial_numbers":{"type":["list","string"],"description":"Defines allowed Subject serial numbers.","description_kind":"plain","optional":true},"allowed_uri_sans":{"type":["list","string"],"description":"Defines allowed URI SANs","description_kind":"plain","optional":true},"allowed_uri_sans_template":{"type":"bool","description":"Flag to indicate that `allowed_uri_sans` specifies a template expression (e.g. {{identity.entity.aliases.\u003cmount accessor\u003e.name}})","description_kind":"plain","optional":true,"computed":true},"allowed_user_ids":{"type":["list","string"],"description":"The allowed User ID's.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The path of the PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"basic_constraints_valid_for_non_ca":{"type":"bool","description":"Flag to mark basic constraints valid when issuing non-CA certificates.","description_kind":"plain","optional":true},"client_flag":{"type":"bool","description":"Flag to specify certificates for client use.","description_kind":"plain","optional":true},"code_signing_flag":{"type":"bool","description":"Flag to specify certificates for code signing use.","description_kind":"plain","optional":true},"country":{"type":["list","string"],"description":"The country of generated certificates.","description_kind":"plain","optional":true},"email_protection_flag":{"type":"bool","description":"Flag to specify certificates for email protection use.","description_kind":"plain","optional":true},"enforce_hostnames":{"type":"bool","description":"Flag to allow only valid host names","description_kind":"plain","optional":true},"ext_key_usage":{"type":["list","string"],"description":"Specify the allowed extended key usage constraint on issued certificates.","description_kind":"plain","optional":true},"ext_key_usage_oids":{"type":["list","string"],"description":"A list of extended key usage OIDs.","description_kind":"plain","optional":true},"generate_lease":{"type":"bool","description":"Flag to generate leases with certificates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_ref":{"type":"string","description":"Specifies the default issuer of this request.","description_kind":"plain","optional":true,"computed":true},"key_bits":{"type":"number","description":"The number of bits of generated keys.","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"The generated key type.","description_kind":"plain","optional":true},"key_usage":{"type":["list","string"],"description":"Specify the allowed key usage constraint on issued certificates.","description_kind":"plain","optional":true,"computed":true},"locality":{"type":["list","string"],"description":"The locality of generated certificates.","description_kind":"plain","optional":true},"max_ttl":{"type":"string","description":"The maximum TTL.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"no_store":{"type":"bool","description":"Flag to not store certificates in the storage backend.","description_kind":"plain","optional":true},"not_before_duration":{"type":"string","description":"Specifies the duration by which to backdate the NotBefore property.","description_kind":"plain","optional":true,"computed":true},"organization":{"type":["list","string"],"description":"The organization of generated certificates.","description_kind":"plain","optional":true},"ou":{"type":["list","string"],"description":"The organization unit of generated certificates.","description_kind":"plain","optional":true},"policy_identifiers":{"type":["list","string"],"description":"Specify the list of allowed policies OIDs.","description_kind":"plain","optional":true},"postal_code":{"type":["list","string"],"description":"The postal code of generated certificates.","description_kind":"plain","optional":true},"province":{"type":["list","string"],"description":"The province of generated certificates.","description_kind":"plain","optional":true},"require_cn":{"type":"bool","description":"Flag to force CN usage.","description_kind":"plain","optional":true},"server_flag":{"type":"bool","description":"Flag to specify certificates for server use.","description_kind":"plain","optional":true},"street_address":{"type":["list","string"],"description":"The street address of generated certificates.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"The TTL.","description_kind":"plain","optional":true,"computed":true},"use_csr_common_name":{"type":"bool","description":"Flag to use the CN in the CSR.","description_kind":"plain","optional":true},"use_csr_sans":{"type":"bool","description":"Flag to use the SANs in the CSR.","description_kind":"plain","optional":true}},"block_types":{"policy_identifier":{"nesting_mode":"set","block":{"attributes":{"cps":{"type":"string","description":"Optional CPS URL","description_kind":"plain","optional":true},"notice":{"type":"string","description":"Optional notice","description_kind":"plain","optional":true},"oid":{"type":"string","description":"OID","description_kind":"plain","required":true}},"description":"Policy identifier block; can only be used with Vault 1.11+","description_kind":"plain"}}},"description_kind":"plain"}},"vault_pki_secret_backend_root_cert":{"version":1,"block":{"attributes":{"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"The certificate.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"CN of root to create.","description_kind":"plain","required":true},"country":{"type":"string","description":"The country.","description_kind":"plain","optional":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"issuer_id":{"type":"string","description":"The ID of the generated issuer.","description_kind":"plain","computed":true},"issuer_name":{"type":"string","description":"Provides a name to the specified issuer. The name must be unique across all issuers and not be the reserved value 'default'.","description_kind":"plain","optional":true,"computed":true},"issuing_ca":{"type":"string","description":"The issuing CA.","description_kind":"plain","computed":true},"key_bits":{"type":"number","description":"The number of bits to use.","description_kind":"plain","optional":true},"key_id":{"type":"string","description":"The ID of the generated key.","description_kind":"plain","computed":true},"key_name":{"type":"string","description":"When a new key is created with this request, optionally specifies the name for this.","description_kind":"plain","optional":true,"computed":true},"key_ref":{"type":"string","description":"Specifies the key to use for generating this request.","description_kind":"plain","optional":true,"computed":true},"key_type":{"type":"string","description":"The desired key type.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality.","description_kind":"plain","optional":true},"managed_key_id":{"type":"string","description":"The ID of the previously configured managed key.","description_kind":"plain","optional":true,"computed":true},"managed_key_name":{"type":"string","description":"The name of the previously configured managed key.","description_kind":"plain","optional":true,"computed":true},"max_path_length":{"type":"number","description":"The maximum path length to encode in the generated certificate.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization.","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"ou":{"type":"string","description":"The organization unit.","description_kind":"plain","optional":true},"permitted_dns_domains":{"type":["list","string"],"description":"List of domains for which certificates are allowed to be issued.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code.","description_kind":"plain","optional":true},"private_key_format":{"type":"string","description":"The private key format.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province.","description_kind":"plain","optional":true},"serial":{"type":"string","description":"The serial number.","description_kind":"plain","deprecated":true,"computed":true},"serial_number":{"type":"string","description":"The certificate's serial number, hex formatted.","description_kind":"plain","computed":true},"street_address":{"type":"string","description":"The street address.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Time to live.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of root to create. Must be either \"existing\", \"exported\", \"internal\" or \"kms\"","description_kind":"plain","required":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_root_sign_intermediate":{"version":2,"block":{"attributes":{"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"ca_chain":{"type":["list","string"],"description":"The CA chain as a list of format specific certificates","description_kind":"plain","computed":true},"certificate":{"type":"string","description":"The signed intermediate CA certificate.","description_kind":"plain","computed":true},"certificate_bundle":{"type":"string","description":"The concatenation of the intermediate and issuing CA certificates (PEM encoded). Requires the format to be set to any of: pem, pem_bundle. The value will be empty for all other formats.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"CN of intermediate to create.","description_kind":"plain","required":true},"country":{"type":"string","description":"The country.","description_kind":"plain","optional":true},"csr":{"type":"string","description":"The CSR.","description_kind":"plain","required":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"issuer_ref":{"type":"string","description":"Specifies the default issuer of this request.","description_kind":"plain","optional":true},"issuing_ca":{"type":"string","description":"The issuing CA certificate.","description_kind":"plain","computed":true},"locality":{"type":"string","description":"The locality.","description_kind":"plain","optional":true},"max_path_length":{"type":"number","description":"The maximum path length to encode in the generated certificate.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization.","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"ou":{"type":"string","description":"The organization unit.","description_kind":"plain","optional":true},"permitted_dns_domains":{"type":["list","string"],"description":"List of domains for which certificates are allowed to be issued.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province.","description_kind":"plain","optional":true},"revoke":{"type":"bool","description":"Revoke the certificate upon resource destruction.","description_kind":"plain","optional":true},"serial":{"type":"string","description":"The serial number.","description_kind":"plain","deprecated":true,"computed":true},"serial_number":{"type":"string","description":"The certificate's serial number, hex formatted.","description_kind":"plain","computed":true},"street_address":{"type":"string","description":"The street address.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Time to live.","description_kind":"plain","optional":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true},"use_csr_values":{"type":"bool","description":"Preserve CSR values.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_sign":{"version":1,"block":{"attributes":{"alt_names":{"type":["list","string"],"description":"List of alternative names.","description_kind":"plain","optional":true},"auto_renew":{"type":"bool","description":"If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining","description_kind":"plain","optional":true},"backend":{"type":"string","description":"The PKI secret backend the resource belongs to.","description_kind":"plain","required":true},"ca_chain":{"type":["list","string"],"description":"The CA chain.","description_kind":"plain","computed":true},"certificate":{"type":"string","description":"The certicate.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"CN of intermediate to create.","description_kind":"plain","required":true},"csr":{"type":"string","description":"The CSR.","description_kind":"plain","required":true},"exclude_cn_from_sans":{"type":"bool","description":"Flag to exclude CN from SANs.","description_kind":"plain","optional":true},"expiration":{"type":"number","description":"The certificate expiration as a Unix-style timestamp.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of data.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_sans":{"type":["list","string"],"description":"List of alternative IPs.","description_kind":"plain","optional":true},"issuer_ref":{"type":"string","description":"Specifies the default issuer of this request.","description_kind":"plain","optional":true},"issuing_ca":{"type":"string","description":"The issuing CA.","description_kind":"plain","computed":true},"min_seconds_remaining":{"type":"number","description":"Generate a new certificate when the expiration is within this number of seconds","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the role to create the certificate against.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"other_sans":{"type":["list","string"],"description":"List of other SANs.","description_kind":"plain","optional":true},"renew_pending":{"type":"bool","description":"Initially false, and then set to true during refresh once the expiration is less than min_seconds_remaining in the future.","description_kind":"plain","computed":true},"serial":{"type":"string","description":"The serial number.","description_kind":"plain","deprecated":true,"computed":true},"serial_number":{"type":"string","description":"The certificate's serial number, hex formatted.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"Time to live.","description_kind":"plain","optional":true},"uri_sans":{"type":["list","string"],"description":"List of alternative URIs.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the policy","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The policy document","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_quota_lease_count":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_leases":{"type":"number","description":"The maximum number of leases to be allowed by the quota rule. The max_leases must be positive.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the quota.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path of the mount or namespace to apply the quota. A blank path configures a global lease count quota.","description_kind":"plain","optional":true},"role":{"type":"string","description":"If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_quota_rate_limit":{"version":0,"block":{"attributes":{"block_interval":{"type":"number","description":"If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' in seconds has elapsed.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interval":{"type":"number","description":"The duration in seconds to enforce rate limiting for.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the quota.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota.","description_kind":"plain","optional":true},"rate":{"type":"number","description":"The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive.","description_kind":"plain","required":true},"role":{"type":"string","description":"If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_rabbitmq_secret_backend":{"version":1,"block":{"attributes":{"connection_uri":{"type":"string","description":"Specifies the RabbitMQ connection URI.","description_kind":"plain","required":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password":{"type":"string","description":"Specifies the RabbitMQ management administrator password","description_kind":"plain","required":true,"sensitive":true},"password_policy":{"type":"string","description":"Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path of the RabbitMQ Secret Backend where the connection should be configured","description_kind":"plain","optional":true},"username":{"type":"string","description":"Specifies the RabbitMQ management administrator username","description_kind":"plain","required":true,"sensitive":true},"username_template":{"type":"string","description":"Template describing how dynamic usernames are generated.","description_kind":"plain","optional":true},"verify_connection":{"type":"bool","description":"Specifies whether to verify connection URI, username, and password.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_rabbitmq_secret_backend_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Rabbitmq Secret Backend the role belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"tags":{"type":"string","description":"Specifies a comma-separated RabbitMQ management tags.","description_kind":"plain","optional":true}},"block_types":{"vhost":{"nesting_mode":"list","block":{"attributes":{"configure":{"type":"string","description":"The configure permissions for this vhost.","description_kind":"plain","required":true},"host":{"type":"string","description":"The vhost to set permissions for.","description_kind":"plain","required":true},"read":{"type":"string","description":"The read permissions for this vhost.","description_kind":"plain","required":true},"write":{"type":"string","description":"The write permissions for this vhost.","description_kind":"plain","required":true}},"description":"Specifies a map of virtual hosts to permissions.","description_kind":"plain"}},"vhost_topic":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The vhost to set permissions for.","description_kind":"plain","required":true}},"block_types":{"vhost":{"nesting_mode":"list","block":{"attributes":{"read":{"type":"string","description":"The read permissions for this vhost.","description_kind":"plain","required":true},"topic":{"type":"string","description":"The vhost to set permissions for.","description_kind":"plain","required":true},"write":{"type":"string","description":"The write permissions for this vhost.","description_kind":"plain","required":true}},"description":"Specifies a map of virtual hosts to permissions.","description_kind":"plain"}}},"description":"Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later.","description_kind":"plain"}}},"description_kind":"plain"}},"vault_raft_autopilot":{"version":0,"block":{"attributes":{"cleanup_dead_servers":{"type":"bool","description":"Specifies whether to remove dead server nodes periodically or when a new server joins. This requires that min-quorum is also set.","description_kind":"plain","optional":true},"dead_server_last_contact_threshold":{"type":"string","description":"Limit the amount of time a server can go without leader contact before being considered failed. This only takes effect when cleanup_dead_servers is set.","description_kind":"plain","optional":true},"disable_upgrade_migration":{"type":"bool","description":"Disables automatically upgrading Vault using autopilot. (Enterprise-only)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_contact_threshold":{"type":"string","description":"Limit the amount of time a server can go without leader contact before being considered unhealthy.","description_kind":"plain","optional":true},"max_trailing_logs":{"type":"number","description":"Maximum number of log entries in the Raft log that a server can be behind its leader before being considered unhealthy.","description_kind":"plain","optional":true},"min_quorum":{"type":"number","description":"Minimum number of servers allowed in a cluster before autopilot can prune dead servers. This should at least be 3. Applicable only for voting nodes.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"server_stabilization_time":{"type":"string","description":"Minimum amount of time a server must be stable in the 'healthy' state before being added to the cluster.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_raft_snapshot_agent_config":{"version":0,"block":{"attributes":{"aws_access_key_id":{"type":"string","description":"AWS access key ID.","description_kind":"plain","optional":true},"aws_s3_bucket":{"type":"string","description":"S3 bucket to write snapshots to.","description_kind":"plain","optional":true},"aws_s3_disable_tls":{"type":"bool","description":"Disable TLS for the S3 endpoint. This should only be used for testing purposes.","description_kind":"plain","optional":true},"aws_s3_enable_kms":{"type":"bool","description":"Use KMS to encrypt bucket contents.","description_kind":"plain","optional":true},"aws_s3_endpoint":{"type":"string","description":"AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio.","description_kind":"plain","optional":true},"aws_s3_force_path_style":{"type":"bool","description":"Use the endpoint/bucket URL style instead of bucket.endpoint.","description_kind":"plain","optional":true},"aws_s3_kms_key":{"type":"string","description":"Use named KMS key, when aws_s3_enable_kms=true","description_kind":"plain","optional":true},"aws_s3_region":{"type":"string","description":"AWS region bucket is in.","description_kind":"plain","optional":true},"aws_s3_server_side_encryption":{"type":"bool","description":"Use AES256 to encrypt bucket contents.","description_kind":"plain","optional":true},"aws_secret_access_key":{"type":"string","description":"AWS secret access key.","description_kind":"plain","optional":true},"aws_session_token":{"type":"string","description":"AWS session token.","description_kind":"plain","optional":true},"azure_account_key":{"type":"string","description":"Azure account key.","description_kind":"plain","optional":true},"azure_account_name":{"type":"string","description":"Azure account name.","description_kind":"plain","optional":true},"azure_blob_environment":{"type":"string","description":"Azure blob environment.","description_kind":"plain","optional":true},"azure_container_name":{"type":"string","description":"Azure container name to write snapshots to.","description_kind":"plain","optional":true},"azure_endpoint":{"type":"string","description":"Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite.","description_kind":"plain","optional":true},"file_prefix":{"type":"string","description":"The file or object name of snapshot files will start with this string.","description_kind":"plain","optional":true},"google_disable_tls":{"type":"bool","description":"Disable TLS for the GCS endpoint.","description_kind":"plain","optional":true},"google_endpoint":{"type":"string","description":"GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server.","description_kind":"plain","optional":true},"google_gcs_bucket":{"type":"string","description":"GCS bucket to write snapshots to.","description_kind":"plain","optional":true},"google_service_account_key":{"type":"string","description":"Google service account key in JSON format.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interval_seconds":{"type":"number","description":"Number of seconds between snapshots.","description_kind":"plain","required":true},"local_max_space":{"type":"number","description":"The maximum space, in bytes, to use for snapshots.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the snapshot agent configuration.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path_prefix":{"type":"string","description":"The directory or bucket prefix to to use.","description_kind":"plain","required":true},"retain":{"type":"number","description":"How many snapshots are to be kept.","description_kind":"plain","optional":true},"storage_type":{"type":"string","description":"What storage service to send snapshots to. One of \"local\", \"azure-blob\", \"aws-s3\", or \"google-gcs\".","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_rgp_policy":{"version":0,"block":{"attributes":{"enforcement_level":{"type":"string","description":"Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory'","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the policy","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"policy":{"type":"string","description":"The policy document","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_saml_auth_backend":{"version":0,"block":{"attributes":{"acs_urls":{"type":["list","string"],"description":"The well-formatted URLs of your Assertion Consumer Service (ACS) that should receive a response from the identity provider.","description_kind":"plain","required":true},"default_role":{"type":"string","description":"The role to use if no role is provided during login.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"entity_id":{"type":"string","description":"The entity ID of the SAML authentication service provider.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_cert":{"type":"string","description":"The PEM encoded certificate of the identity provider. Mutually exclusive with 'idp_metadata_url'","description_kind":"plain","optional":true},"idp_entity_id":{"type":"string","description":"The entity ID of the identity provider. Mutually exclusive with 'idp_metadata_url'.","description_kind":"plain","optional":true},"idp_metadata_url":{"type":"string","description":"The metadata URL of the identity provider.","description_kind":"plain","optional":true},"idp_sso_url":{"type":"string","description":"The SSO URL of the identity provider. Mutually exclusive with 'idp_metadata_url'.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"verbose_logging":{"type":"bool","description":"Log additional, potentially sensitive information during the SAML exchange according to the current logging level. Not recommended for production.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_saml_auth_backend_role":{"version":0,"block":{"attributes":{"bound_attributes":{"type":["map","string"],"description":"Mapping of attribute names to values that are expected to exist in the SAML assertion.","description_kind":"plain","optional":true},"bound_attributes_type":{"type":"string","description":"The type of matching assertion to perform on bound_attributes.","description_kind":"plain","optional":true,"computed":true},"bound_subjects":{"type":["list","string"],"description":"The subject being asserted for SAML authentication.","description_kind":"plain","optional":true},"bound_subjects_type":{"type":"string","description":"The type of matching assertion to perform on bound_subjects.","description_kind":"plain","optional":true,"computed":true},"groups_attribute":{"type":"string","description":"The attribute to use to identify the set of groups to which the user belongs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path where SAML Auth engine is mounted.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_secrets_sync_association":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Specifies the mount where the secret is located.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_name":{"type":"string","description":"Specifies the name of the secret to synchronize.","description_kind":"plain","required":true},"sync_status":{"type":"string","description":"Specifies the status of the association.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Type of sync destination.","description_kind":"plain","required":true},"updated_at":{"type":"string","description":"Duration string stating when the secret was last updated.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_aws_destination":{"version":0,"block":{"attributes":{"access_key_id":{"type":"string","description":"Access key id to authenticate against the AWS secrets manager.","description_kind":"plain","optional":true},"custom_tags":{"type":["map","string"],"description":"Custom tags to set on the secret managed at the destination.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the AWS destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where to manage the secrets manager entries.","description_kind":"plain","optional":true},"secret_access_key":{"type":"string","description":"Secret access key to authenticate against the AWS secrets manager.","description_kind":"plain","optional":true,"sensitive":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_azure_destination":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"Client ID of an Azure app registration.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"Client Secret of an Azure app registration.","description_kind":"plain","optional":true,"sensitive":true},"cloud":{"type":"string","description":"Specifies a cloud for the client.","description_kind":"plain","optional":true},"custom_tags":{"type":["map","string"],"description":"Custom tags to set on the secret managed at the destination.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_vault_uri":{"type":"string","description":"URI of an existing Azure Key Vault instance.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name of the Azure destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"ID of the target Azure tenant.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_config":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Disables the syncing process between Vault and external destinations.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"queue_capacity":{"type":"number","description":"Maximum number of pending sync operations allowed on the queue.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_secrets_sync_gcp_destination":{"version":0,"block":{"attributes":{"credentials":{"type":"string","description":"JSON-encoded credentials to use to connect to GCP.","description_kind":"plain","optional":true,"sensitive":true},"custom_tags":{"type":["map","string"],"description":"Custom tags to set on the secret managed at the destination.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the GCP destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_gh_destination":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"Fine-grained or personal access token.","description_kind":"plain","optional":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the github destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"repository_name":{"type":"string","description":"Name of the repository.","description_kind":"plain","optional":true},"repository_owner":{"type":"string","description":"GitHub organization or username that owns the repository.","description_kind":"plain","optional":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_secrets_sync_vercel_destination":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"Vercel API access token with the permissions to manage environment variables.","description_kind":"plain","required":true,"sensitive":true},"deployment_environments":{"type":["list","string"],"description":"Deployment environments where the environment variables are available. Accepts 'development', 'preview' \u0026 'production'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the Vercel destination.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where to manage environment variables.","description_kind":"plain","required":true},"secret_name_template":{"type":"string","description":"Template describing how to generate external secret names.","description_kind":"plain","optional":true,"computed":true},"team_id":{"type":"string","description":"Team ID the project belongs to.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of secrets destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_ssh_secret_backend_ca":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the SSH Secret Backend where the CA should be configured","description_kind":"plain","optional":true},"generate_signing_key":{"type":"bool","description":"Whether Vault should generate the signing key pair internally.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"Private key part the SSH CA key pair; required if generate_signing_key is false.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"public_key":{"type":"string","description":"Public key part the SSH CA key pair; required if generate_signing_key is false.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_ssh_secret_backend_role":{"version":0,"block":{"attributes":{"algorithm_signer":{"type":"string","description_kind":"plain","optional":true,"computed":true},"allow_bare_domains":{"type":"bool","description_kind":"plain","optional":true},"allow_host_certificates":{"type":"bool","description_kind":"plain","optional":true},"allow_subdomains":{"type":"bool","description_kind":"plain","optional":true},"allow_user_certificates":{"type":"bool","description_kind":"plain","optional":true},"allow_user_key_ids":{"type":"bool","description_kind":"plain","optional":true},"allowed_critical_options":{"type":"string","description_kind":"plain","optional":true},"allowed_domains":{"type":"string","description_kind":"plain","optional":true},"allowed_domains_template":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"allowed_extensions":{"type":"string","description_kind":"plain","optional":true},"allowed_user_key_lengths":{"type":["map","number"],"description_kind":"plain","deprecated":true,"optional":true},"allowed_users":{"type":"string","description_kind":"plain","optional":true},"allowed_users_template":{"type":"bool","description_kind":"plain","optional":true},"backend":{"type":"string","description_kind":"plain","required":true},"cidr_list":{"type":"string","description_kind":"plain","optional":true},"default_critical_options":{"type":["map","string"],"description_kind":"plain","optional":true},"default_extensions":{"type":["map","string"],"description_kind":"plain","optional":true},"default_user":{"type":"string","description_kind":"plain","optional":true},"default_user_template":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id_format":{"type":"string","description_kind":"plain","optional":true},"key_type":{"type":"string","description_kind":"plain","required":true},"max_ttl":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name for the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"not_before_duration":{"type":"string","description":"Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.","description_kind":"plain","optional":true,"computed":true},"ttl":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allowed_user_key_config":{"nesting_mode":"set","block":{"attributes":{"lengths":{"type":["list","number"],"description":"List of allowed key lengths, vault-1.10 and above","description_kind":"plain","required":true},"type":{"type":"string","description":"Key type, choices:\nrsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521","description_kind":"plain","required":true}},"description":"Set of allowed public key types and their relevant configuration","description_kind":"plain"}}},"description_kind":"plain"}},"vault_terraform_cloud_secret_backend":{"version":1,"block":{"attributes":{"address":{"type":"string","description":"Specifies the address of the Terraform Cloud instance, provided as \"host:port\" like \"127.0.0.1:8500\".","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the Vault Terraform Cloud mount to configure","description_kind":"plain","optional":true},"base_path":{"type":"string","description":"Specifies the base path for the Terraform Cloud or Enterprise API.","description_kind":"plain","optional":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration for secrets in seconds","description_kind":"plain","optional":true},"description":{"type":"string","description":"Human-friendly description of the mount for the backend.","description_kind":"plain","optional":true},"disable_remount":{"type":"bool","description":"If set, opts out of mount migration on path updates.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration for secrets in seconds","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"token":{"type":"string","description":"Specifies the Terraform Cloud access token to use.","description_kind":"plain","optional":true,"sensitive":true}},"description_kind":"plain"}},"vault_terraform_cloud_secret_creds":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Terraform Cloud secret backend to generate tokens from","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_id":{"type":"string","description":"Associated Vault lease ID, if one exists","description_kind":"plain","computed":true,"sensitive":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"Name of the Terraform Cloud or Enterprise organization","description_kind":"plain","computed":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"team_id":{"type":"string","description":"ID of the Terraform Cloud or Enterprise team under organization (e.g., settings/teams/team-xxxxxxxxxxxxx)","description_kind":"plain","computed":true},"token":{"type":"string","description":"Terraform Token provided by the Vault backend","description_kind":"plain","computed":true,"sensitive":true},"token_id":{"type":"string","description":"ID of the Terraform Token provided","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_terraform_cloud_secret_role":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The path of the Terraform Cloud Secret Backend the role belongs to.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Maximum allowed lease for generated credentials. If not set or set to 0, will use system default.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of an existing role against which to create this Terraform Cloud credential","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"organization":{"type":"string","description":"Name of the Terraform Cloud or Enterprise organization","description_kind":"plain","optional":true},"team_id":{"type":"string","description":"ID of the Terraform Cloud or Enterprise team under organization (e.g., settings/teams/team-xxxxxxxxxxxxx)","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"Default lease for generated credentials. If not set or set to 0, will use system default.","description_kind":"plain","optional":true},"user_id":{"type":"string","description":"ID of the Terraform Cloud or Enterprise user (e.g., user-xxxxxxxxxxxxxxxx)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_token":{"version":0,"block":{"attributes":{"client_token":{"type":"string","description":"The client token.","description_kind":"plain","computed":true,"sensitive":true},"display_name":{"type":"string","description":"The display name of the token.","description_kind":"plain","optional":true},"explicit_max_ttl":{"type":"string","description":"The explicit max TTL of the token.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"The token lease duration.","description_kind":"plain","computed":true},"lease_started":{"type":"string","description":"The token lease started on.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata to be associated with the token.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"no_default_policy":{"type":"bool","description":"Flag to disable the default policy.","description_kind":"plain","optional":true},"no_parent":{"type":"bool","description":"Flag to create a token without parent.","description_kind":"plain","optional":true,"computed":true},"num_uses":{"type":"number","description":"The number of allowed uses of the token.","description_kind":"plain","optional":true,"computed":true},"period":{"type":"string","description":"The period of the token.","description_kind":"plain","optional":true},"policies":{"type":["set","string"],"description":"List of policies.","description_kind":"plain","optional":true},"renew_increment":{"type":"number","description":"The renew increment.","description_kind":"plain","optional":true},"renew_min_lease":{"type":"number","description":"The minimum lease to renew token.","description_kind":"plain","optional":true},"renewable":{"type":"bool","description":"Flag to allow the token to be renewed","description_kind":"plain","optional":true,"computed":true},"role_name":{"type":"string","description":"The token role name.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"The TTL period of the token.","description_kind":"plain","optional":true},"wrapped_token":{"type":"string","description":"The client wrapped token.","description_kind":"plain","computed":true,"sensitive":true},"wrapping_accessor":{"type":"string","description":"The client wrapping accessor.","description_kind":"plain","computed":true,"sensitive":true},"wrapping_ttl":{"type":"string","description":"The TTL period of the wrapped token.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_token_auth_backend_role":{"version":0,"block":{"attributes":{"allowed_entity_aliases":{"type":["set","string"],"description":"Set of allowed entity aliases for this role.","description_kind":"plain","optional":true},"allowed_policies":{"type":["set","string"],"description":"List of allowed policies for given role.","description_kind":"plain","optional":true},"allowed_policies_glob":{"type":["set","string"],"description":"Set of allowed policies with glob match for given role.","description_kind":"plain","optional":true},"disallowed_policies":{"type":["set","string"],"description":"List of disallowed policies for given role.","description_kind":"plain","optional":true},"disallowed_policies_glob":{"type":["set","string"],"description":"Set of disallowed policies with glob match for given role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"orphan":{"type":"bool","description":"If true, tokens created against this policy will be orphan tokens.","description_kind":"plain","optional":true},"path_suffix":{"type":"string","description":"Tokens created against this role will have the given suffix as part of their path in addition to the role name.","description_kind":"plain","optional":true},"renewable":{"type":"bool","description":"Whether to disable the ability of the token to be renewed past its initial TTL.","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transform_alphabet":{"version":0,"block":{"attributes":{"alphabet":{"type":"string","description":"A string of characters that contains the alphabet set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the alphabet.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The mount path for a back-end, for example, the path given in \"$ vault auth enable -path=my-aws aws\".","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_transform_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The mount path for a back-end, for example, the path given in \"$ vault auth enable -path=my-aws aws\".","description_kind":"plain","required":true},"transformations":{"type":["list","string"],"description":"A comma separated string or slice of transformations to use.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transform_template":{"version":0,"block":{"attributes":{"alphabet":{"type":"string","description":"The alphabet to use for this template. This is only used during FPE transformations.","description_kind":"plain","optional":true},"decode_formats":{"type":["map","string"],"description":"The map of regular expression templates used to customize decoded outputs.\nOnly applicable to FPE transformations.","description_kind":"plain","optional":true},"encode_format":{"type":"string","description":"The regular expression template used for encoding values.\nOnly applicable to FPE transformations.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the template.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The mount path for a back-end, for example, the path given in \"$ vault auth enable -path=my-aws aws\".","description_kind":"plain","required":true},"pattern":{"type":"string","description":"The pattern used for matching. Currently, only regular expression pattern is supported.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The pattern type to use for match detection. Currently, only regex is supported.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transform_transformation":{"version":0,"block":{"attributes":{"allowed_roles":{"type":["list","string"],"description":"The set of roles allowed to perform this transformation.","description_kind":"plain","optional":true},"deletion_allowed":{"type":"bool","description":"If true, this transform can be deleted. Otherwise deletion is blocked while this value remains false.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"masking_character":{"type":"string","description":"The character used to replace data when in masking mode","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the transformation.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The mount path for a back-end, for example, the path given in \"$ vault auth enable -path=my-aws aws\".","description_kind":"plain","required":true},"template":{"type":"string","description":"The name of the template to use.","description_kind":"plain","optional":true},"templates":{"type":["list","string"],"description":"Templates configured for transformation.","description_kind":"plain","optional":true,"computed":true},"tweak_source":{"type":"string","description":"The source of where the tweak value comes from. Only valid when in FPE mode.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of transformation to perform.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transit_secret_backend_key":{"version":0,"block":{"attributes":{"allow_plaintext_backup":{"type":"bool","description":"If set, enables taking backup of named key in the plaintext format. Once set, this cannot be disabled.","description_kind":"plain","optional":true},"auto_rotate_interval":{"type":"number","description":"Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"auto_rotate_period":{"type":"number","description":"Amount of seconds the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key.","description_kind":"plain","optional":true,"computed":true},"backend":{"type":"string","description":"The Transit secret backend the resource belongs to.","description_kind":"plain","required":true},"convergent_encryption":{"type":"bool","description":"Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.","description_kind":"plain","optional":true},"deletion_allowed":{"type":"bool","description":"Specifies if the key is allowed to be deleted.","description_kind":"plain","optional":true},"derived":{"type":"bool","description":"Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.","description_kind":"plain","optional":true},"exportable":{"type":"bool","description":"Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported. Once set, this cannot be disabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_size":{"type":"number","description":"The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC; this value must be between 32 and 512.","description_kind":"plain","optional":true},"keys":{"type":["list",["map","string"]],"description":"List of key versions in the keyring.","description_kind":"plain","computed":true},"latest_version":{"type":"number","description":"Latest key version in use in the keyring","description_kind":"plain","computed":true},"min_available_version":{"type":"number","description":"Minimum key version available for use.","description_kind":"plain","computed":true},"min_decryption_version":{"type":"number","description":"Minimum key version to use for decryption.","description_kind":"plain","optional":true},"min_encryption_version":{"type":"number","description":"Minimum key version to use for encryption","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the encryption key to create.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"supports_decryption":{"type":"bool","description":"Whether or not the key supports decryption, based on key type.","description_kind":"plain","computed":true},"supports_derivation":{"type":"bool","description":"Whether or not the key supports derivation, based on key type.","description_kind":"plain","computed":true},"supports_encryption":{"type":"bool","description":"Whether or not the key supports encryption, based on key type.","description_kind":"plain","computed":true},"supports_signing":{"type":"bool","description":"Whether or not the key supports signing, based on key type.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96, chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, rsa-3072, rsa-4096","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transit_secret_cache_config":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The Transit secret backend the resource belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"size":{"type":"number","description":"Number of cache entries. A size of 0 mean unlimited.","description_kind":"plain","required":true}},"description_kind":"plain"}}},"data_source_schemas":{"vault_ad_access_credentials":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"AD Secret Backend to read credentials from.","description_kind":"plain","required":true},"current_password":{"type":"string","description":"Password for the service account.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_password":{"type":"string","description":"Last known password for the service account.","description_kind":"plain","computed":true,"sensitive":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"username":{"type":"string","description":"Name of the service account.","description_kind":"plain","computed":true}},"description_kind":"plain","deprecated":true}},"vault_approle_auth_backend_role_id":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_id":{"type":"string","description":"The RoleID of the role.","description_kind":"plain","computed":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_auth_backend":{"version":1,"block":{"attributes":{"accessor":{"type":"string","description":"The accessor of the auth backend.","description_kind":"plain","computed":true},"default_lease_ttl_seconds":{"type":"number","description":"Default lease duration in seconds","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the auth backend.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_visibility":{"type":"string","description":"Specifies whether to show this mount in the UI-specific listing endpoint.","description_kind":"plain","computed":true},"local":{"type":"bool","description":"Specifies if the auth method is local only","description_kind":"plain","computed":true},"max_lease_ttl_seconds":{"type":"number","description":"Maximum possible lease duration in seconds","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"The auth backend mount point.","description_kind":"plain","required":true},"type":{"type":"string","description":"The name of the auth backend.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_auth_backends":{"version":0,"block":{"attributes":{"accessors":{"type":["list","string"],"description":"The accessors of the auth backends.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"The auth backend mount points.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the auth backend.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_access_credentials":{"version":0,"block":{"attributes":{"access_key":{"type":"string","description":"AWS access key ID read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"backend":{"type":"string","description":"AWS Secret Backend to read credentials from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds relative to the time in lease_start_time.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"lease_start_time":{"type":"string","description":"Time at which the lease was read, using the clock of the system where Terraform was running","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region the read credentials belong to.","description_kind":"plain","optional":true},"role":{"type":"string","description":"AWS Secret Role to read credentials from.","description_kind":"plain","required":true},"role_arn":{"type":"string","description":"ARN to use if multiple are available in the role. Required if the role has multiple ARNs.","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"AWS secret key read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"security_token":{"type":"string","description":"AWS security token read from Vault. (Only returned if type is 'sts').","description_kind":"plain","computed":true,"sensitive":true},"ttl":{"type":"string","description":"User specified Time-To-Live for the STS token. Uses the Role defined default_sts_ttl when not specified","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of credentials to read. Must be either 'creds' for Access Key and Secret Key, or 'sts' for STS.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_aws_static_access_credentials":{"version":0,"block":{"attributes":{"access_key":{"type":"string","description":"AWS access key ID read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"backend":{"type":"string","description":"AWS Secret Backend to read credentials from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"secret_key":{"type":"string","description":"AWS secret key read from Vault.","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"vault_azure_access_credentials":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Azure Secret Backend to read credentials from.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"The client id for credentials to query the Azure APIs.","description_kind":"plain","computed":true},"client_secret":{"type":"string","description":"The client secret for credentials to query the Azure APIs.","description_kind":"plain","computed":true,"sensitive":true},"environment":{"type":"string","description":"The Azure environment to use during credential validation.\nDefaults to the environment configured in the Vault backend.\nSome possible values: AzurePublicCloud, AzureUSGovernmentCloud","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds relative to the time in lease_start_time.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"lease_start_time":{"type":"string","description":"Time at which the lease was read, using the clock of the system where Terraform was running","description_kind":"plain","computed":true},"max_cred_validation_seconds":{"type":"number","description":"If 'validate_creds' is true, the number of seconds after which to give up validating credentials.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"num_seconds_between_tests":{"type":"number","description":"If 'validate_creds' is true, the number of seconds to wait between each test of generated credentials.","description_kind":"plain","optional":true},"num_sequential_successes":{"type":"number","description":"If 'validate_creds' is true, the number of sequential successes required to validate generated credentials.","description_kind":"plain","optional":true},"role":{"type":"string","description":"Azure Secret Role to read credentials from.","description_kind":"plain","required":true},"subscription_id":{"type":"string","description":"The subscription ID to use during credential validation. Defaults to the subscription ID configured in the Vault backend","description_kind":"plain","optional":true},"tenant_id":{"type":"string","description":"The tenant ID to use during credential validation. Defaults to the tenant ID configured in the Vault backend","description_kind":"plain","optional":true},"validate_creds":{"type":"bool","description":"Whether generated credentials should be validated before being returned.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_gcp_auth_backend_role":{"version":1,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the auth backend to configure.","description_kind":"plain","optional":true},"bound_instance_groups":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_labels":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_projects":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_regions":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_service_accounts":{"type":["set","string"],"description_kind":"plain","computed":true},"bound_zones":{"type":["set","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_id":{"type":"string","description":"The RoleID of the GCP auth role.","description_kind":"plain","computed":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true},"type":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_generic_secret":{"version":1,"block":{"attributes":{"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds relative to the time in lease_start_time.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"lease_start_time":{"type":"string","description":"Time at which the lease was read, using the clock of the system where Terraform was running","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path from which a secret will be read.","description_kind":"plain","required":true},"version":{"type":"number","description_kind":"plain","optional":true},"with_lease_start_time":{"type":"bool","description":"If set to true, stores 'lease_start_time' in the TF state.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_entity":{"version":0,"block":{"attributes":{"alias_id":{"type":"string","description":"ID of the alias.","description_kind":"plain","optional":true,"computed":true},"alias_mount_accessor":{"type":"string","description":"Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with `alias_name`.","description_kind":"plain","optional":true,"computed":true},"alias_name":{"type":"string","description":"Name of the alias. This should be supplied in conjunction with `alias_mount_accessor`.","description_kind":"plain","optional":true,"computed":true},"aliases":{"type":["set",["object",{"canonical_id":"string","creation_time":"string","id":"string","last_update_time":"string","merged_from_canonical_ids":["set","string"],"metadata":["map","string"],"mount_accessor":"string","mount_path":"string","mount_type":"string","name":"string"}]],"description_kind":"plain","computed":true},"creation_time":{"type":"string","description_kind":"plain","computed":true},"data_json":{"type":"string","description":"Entity data from Vault in JSON String form","description_kind":"plain","computed":true},"direct_group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"disabled":{"type":"bool","description_kind":"plain","computed":true},"entity_id":{"type":"string","description":"ID of the entity.","description_kind":"plain","optional":true,"computed":true},"entity_name":{"type":"string","description":"Name of the entity.","description_kind":"plain","optional":true,"computed":true},"group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inherited_group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"last_update_time":{"type":"string","description_kind":"plain","computed":true},"merged_entity_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description_kind":"plain","computed":true},"policies":{"type":["set","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_group":{"version":1,"block":{"attributes":{"alias_canonical_id":{"type":"string","description_kind":"plain","computed":true},"alias_creation_time":{"type":"string","description_kind":"plain","computed":true},"alias_id":{"type":"string","description":"ID of the alias.","description_kind":"plain","optional":true,"computed":true},"alias_last_update_time":{"type":"string","description_kind":"plain","computed":true},"alias_merged_from_canonical_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"alias_metadata":{"type":["map","string"],"description_kind":"plain","computed":true},"alias_mount_accessor":{"type":"string","description":"Accessor of the mount to which the alias belongs to. This should be supplied in conjunction with `alias_name`.","description_kind":"plain","optional":true,"computed":true},"alias_mount_path":{"type":"string","description_kind":"plain","computed":true},"alias_mount_type":{"type":"string","description_kind":"plain","computed":true},"alias_name":{"type":"string","description":"Name of the alias. This should be supplied in conjunction with `alias_mount_accessor`.","description_kind":"plain","optional":true,"computed":true},"creation_time":{"type":"string","description_kind":"plain","computed":true},"data_json":{"type":"string","description":"Group data from Vault in JSON String form","description_kind":"plain","computed":true},"group_id":{"type":"string","description":"ID of the group.","description_kind":"plain","optional":true,"computed":true},"group_name":{"type":"string","description":"Name of the group.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_update_time":{"type":"string","description_kind":"plain","computed":true},"member_entity_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"member_group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description_kind":"plain","computed":true},"modify_index":{"type":"number","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"namespace_id":{"type":"string","description_kind":"plain","computed":true},"parent_group_ids":{"type":["set","string"],"description_kind":"plain","computed":true},"policies":{"type":["set","string"],"description_kind":"plain","computed":true},"type":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_oidc_client_creds":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The Client ID from Vault.","description_kind":"plain","computed":true},"client_secret":{"type":"string","description":"The Client Secret from Vault.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the client.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_identity_oidc_openid_config":{"version":0,"block":{"attributes":{"authorization_endpoint":{"type":"string","description":"The Authorization Endpoint for the provider.","description_kind":"plain","computed":true},"grant_types_supported":{"type":["list","string"],"description":"The grant types supported by the provider.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token_signing_alg_values_supported":{"type":["list","string"],"description":"The signing algorithms supported by the provider.","description_kind":"plain","computed":true},"issuer":{"type":"string","description":"The URL of the issuer for the provider.","description_kind":"plain","computed":true},"jwks_uri":{"type":"string","description":"The well known keys URI for the provider.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the provider.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"request_uri_parameter_supported":{"type":"bool","description":"Specifies whether Request URI Parameter is supported by the provider.","description_kind":"plain","computed":true},"response_types_supported":{"type":["list","string"],"description":"The response types supported by the provider.","description_kind":"plain","computed":true},"scopes_supported":{"type":["list","string"],"description":"The scopes supported by the provider.","description_kind":"plain","computed":true},"subject_types_supported":{"type":["list","string"],"description":"The subject types supported by the provider.","description_kind":"plain","computed":true},"token_endpoint":{"type":"string","description":"The Token Endpoint for the provider.","description_kind":"plain","computed":true},"token_endpoint_auth_methods_supported":{"type":["list","string"],"description":"The token endpoint auth methods supported by the provider.","description_kind":"plain","computed":true},"userinfo_endpoint":{"type":"string","description":"The User Info Endpoint for the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_identity_oidc_public_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keys":{"type":["list",["map","string"]],"description":"The public portion of keys for an OIDC provider. Clients can use them to validate the authenticity of an identity token.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the provider.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kubernetes_auth_backend_config":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Unique name of the kubernetes backend to configure.","description_kind":"plain","optional":true},"disable_iss_validation":{"type":"bool","description":"Optional disable JWT issuer validation. Allows to skip ISS validation.","description_kind":"plain","optional":true,"computed":true},"disable_local_ca_jwt":{"type":"bool","description":"Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer.","description_kind":"plain","optional":true,"computed":true},"kubernetes_ca_cert":{"type":"string","description":"PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.","description_kind":"plain","optional":true,"computed":true},"kubernetes_host":{"type":"string","description":"Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"pem_keys":{"type":["list","string"],"description":"Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"vault_kubernetes_auth_backend_role":{"version":0,"block":{"attributes":{"alias_name_source":{"type":"string","description":"Method used for generating identity aliases.","description_kind":"plain","computed":true},"audience":{"type":"string","description":"Optional Audience claim to verify in the JWT.","description_kind":"plain","optional":true},"backend":{"type":"string","description":"Unique name of the kubernetes backend to configure.","description_kind":"plain","optional":true},"bound_service_account_names":{"type":["set","string"],"description":"List of service account names able to access this role. If set to \"*\" all names are allowed, both this and bound_service_account_namespaces can not be \"*\".","description_kind":"plain","computed":true},"bound_service_account_namespaces":{"type":["set","string"],"description":"List of namespaces allowed to access this role. If set to \"*\" all namespaces are allowed, both this and bound_service_account_names can not be set to \"*\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"token_bound_cidrs":{"type":["set","string"],"description":"Specifies the blocks of IP addresses which are allowed to use the generated token","description_kind":"plain","optional":true},"token_explicit_max_ttl":{"type":"number","description":"Generated Token's Explicit Maximum TTL in seconds","description_kind":"plain","optional":true},"token_max_ttl":{"type":"number","description":"The maximum lifetime of the generated token","description_kind":"plain","optional":true},"token_no_default_policy":{"type":"bool","description":"If true, the 'default' policy will not automatically be added to generated tokens","description_kind":"plain","optional":true},"token_num_uses":{"type":"number","description":"The maximum number of times a token may be used, a value of zero means unlimited","description_kind":"plain","optional":true},"token_period":{"type":"number","description":"Generated Token's Period","description_kind":"plain","optional":true},"token_policies":{"type":["set","string"],"description":"Generated Token's Policies","description_kind":"plain","optional":true},"token_ttl":{"type":"number","description":"The initial ttl of the token to generate in seconds","description_kind":"plain","optional":true},"token_type":{"type":"string","description":"The type of token to generate, service or batch","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kubernetes_service_account_token":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The Kubernetes secret backend to generate service account tokens from.","description_kind":"plain","required":true},"cluster_role_binding":{"type":"bool","description":"If true, generate a ClusterRoleBinding to grant permissions across the whole cluster instead of within a namespace.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_namespace":{"type":"string","description":"The name of the Kubernetes namespace in which to generate the credentials.","description_kind":"plain","required":true},"lease_duration":{"type":"number","description":"The duration of the lease in seconds.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"The lease identifier assigned by Vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"service_account_name":{"type":"string","description":"The name of the service account associated with the token.","description_kind":"plain","computed":true},"service_account_namespace":{"type":"string","description":"The Kubernetes namespace that the service account resides in.","description_kind":"plain","computed":true},"service_account_token":{"type":"string","description":"The Kubernetes service account token.","description_kind":"plain","computed":true,"sensitive":true},"ttl":{"type":"string","description":"The TTL of the generated Kubernetes service account token, specified in seconds or as a Go duration format string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secret":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by Vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path of the KV-V1 secret.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_kv_secret_subkeys_v2":{"version":0,"block":{"attributes":{"data":{"type":["map","string"],"description":"Subkeys stored as a map of strings.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"Subkeys for the KV-V2 secret read from Vault.","description_kind":"plain","computed":true},"depth":{"type":"number","description":"Specifies the deepest nesting level to provide in the output.If non-zero, keys that reside at the specified depth value will be artificially treated as leaves and will thus be 'null' even if further underlying sub-keys exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted","description_kind":"plain","required":true},"name":{"type":"string","description":"Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz'","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the generic secret will be written.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Specifies the version to return. If not set the latest version is returned.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secret_v2":{"version":0,"block":{"attributes":{"created_time":{"type":"string","description":"Time at which the secret was created","description_kind":"plain","computed":true},"custom_metadata":{"type":["map","string"],"description":"Custom metadata for the secret","description_kind":"plain","computed":true},"data":{"type":["map","string"],"description":"Map of strings read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"data_json":{"type":"string","description":"JSON-encoded secret data read from Vault.","description_kind":"plain","computed":true,"sensitive":true},"deletion_time":{"type":"string","description":"Deletion time for the secret","description_kind":"plain","computed":true},"destroyed":{"type":"bool","description":"Indicates whether the secret has been destroyed","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted","description_kind":"plain","required":true},"name":{"type":"string","description":"Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz'","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the KVV2 secret is written.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the secret to retrieve","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_kv_secrets_list":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description":"List of all secret names.","description_kind":"plain","computed":true,"sensitive":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full KV-V1 path where secrets will be listed.","description_kind":"plain","required":true}},"description_kind":"plain"}},"vault_kv_secrets_list_v2":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mount":{"type":"string","description":"Path where KV-V2 engine is mounted","description_kind":"plain","required":true},"name":{"type":"string","description":"Full named path of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz'","description_kind":"plain","optional":true},"names":{"type":["list","string"],"description":"List of all secret names.","description_kind":"plain","computed":true,"sensitive":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Full path where the KV-V2 secrets are listed.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_ldap_dynamic_credentials":{"version":0,"block":{"attributes":{"distinguished_names":{"type":["list","string"],"description":"List of the distinguished names (DN) created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lease_duration":{"type":"number","description":"Lease duration in seconds.","description_kind":"plain","computed":true},"lease_id":{"type":"string","description":"Lease identifier assigned by Vault.","description_kind":"plain","computed":true},"lease_renewable":{"type":"bool","description":"True if the duration of this lease can be extended through renewal.","description_kind":"plain","computed":true},"mount":{"type":"string","description":"LDAP Secret Backend to read credentials from.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the dynamic role.","description_kind":"plain","computed":true,"sensitive":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"username":{"type":"string","description":"Name of the dynamic role.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_ldap_static_credentials":{"version":0,"block":{"attributes":{"dn":{"type":"string","description":"Distinguished name (DN) of the existing LDAP entry to manage password rotation for.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_password":{"type":"string","description":"Last known password for the static role.","description_kind":"plain","computed":true,"sensitive":true},"last_vault_rotation":{"type":"string","description":"Last time Vault rotated this static role's password.","description_kind":"plain","computed":true},"mount":{"type":"string","description":"LDAP Secret Backend to read credentials from.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the static role.","description_kind":"plain","computed":true,"sensitive":true},"role_name":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"rotation_period":{"type":"number","description":"How often Vault should rotate the password of the user entry.","description_kind":"plain","computed":true},"ttl":{"type":"number","description":"Duration in seconds after which the issued credential should expire.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Name of the static role.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_nomad_access_token":{"version":0,"block":{"attributes":{"accessor_id":{"type":"string","description":"The public identifier for a specific token. It can be used to look up information about a token or to revoke a token.","description_kind":"plain","computed":true},"backend":{"type":"string","description":"Nomad secret backend to generate tokens from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"role":{"type":"string","description":"Name of the role.","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"Used to make requests to Nomad and should be kept private.","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"vault_pki_secret_backend_issuer":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"ca_chain":{"type":["list","string"],"description":"The CA chain as a list of format specific certificates","description_kind":"plain","computed":true},"certificate":{"type":"string","description":"The certificate.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_id":{"type":"string","description":"ID of the issuer.","description_kind":"plain","computed":true},"issuer_name":{"type":"string","description":"Name of the issuer.","description_kind":"plain","computed":true},"issuer_ref":{"type":"string","description":"Reference to an existing issuer.","description_kind":"plain","required":true},"key_id":{"type":"string","description":"ID of the key used by the issuer.","description_kind":"plain","computed":true},"leaf_not_after_behavior":{"type":"string","description":"Behavior of a leaf's NotAfter field during issuance.","description_kind":"plain","computed":true},"manual_chain":{"type":["list","string"],"description":"Chain of issuer references to build this issuer's computed CAChain field from, when non-empty","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"usage":{"type":"string","description":"Allowed usages for this issuer.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_pki_secret_backend_issuers":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_info":{"type":["map","string"],"description":"Map of issuer strings read from Vault.","description_kind":"plain","computed":true},"key_info_json":{"type":"string","description":"JSON-encoded key info data read from Vault.","description_kind":"plain","computed":true},"keys":{"type":["list","string"],"description":"Keys used by issuers under the backend path.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_key":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"ID of the key used.","description_kind":"plain","computed":true},"key_name":{"type":"string","description":"Name of the key.","description_kind":"plain","computed":true},"key_ref":{"type":"string","description":"Reference to an existing key.","description_kind":"plain","required":true},"key_type":{"type":"string","description":"Type of the key.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_pki_secret_backend_keys":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"Full path where PKI backend is mounted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_info":{"type":["map","string"],"description":"Map of key strings read from Vault.","description_kind":"plain","computed":true},"key_info_json":{"type":"string","description":"JSON-encoded key data read from Vault.","description_kind":"plain","computed":true},"keys":{"type":["list","string"],"description":"Keys used under the backend path.","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_policy_document":{"version":0,"block":{"attributes":{"hcl":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true}},"block_types":{"rule":{"nesting_mode":"list","block":{"attributes":{"capabilities":{"type":["list","string"],"description_kind":"plain","required":true},"description":{"type":"string","description_kind":"plain","optional":true},"max_wrapping_ttl":{"type":"string","description_kind":"plain","optional":true},"min_wrapping_ttl":{"type":"string","description_kind":"plain","optional":true},"path":{"type":"string","description_kind":"plain","required":true},"required_parameters":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"allowed_parameter":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"value":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"}},"denied_parameter":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"value":{"type":["list","string"],"description_kind":"plain","required":true}},"description_kind":"plain"}}},"description":"The policy rule","description_kind":"plain"}}},"description_kind":"plain"}},"vault_raft_autopilot_state":{"version":0,"block":{"attributes":{"failure_tolerance":{"type":"number","description":"How many nodes could fail before the cluster becomes unhealthy","description_kind":"plain","computed":true},"healthy":{"type":"bool","description":"Health status","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"leader":{"type":"string","description":"Current leader of Vault","description_kind":"plain","computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"optimistic_failure_tolerance":{"type":"number","description":"The cluster-level optimistic failure tolerance.","description_kind":"plain","computed":true},"redundancy_zones":{"type":["map","string"],"description":"Additional output related to redundancy zones stored as a map of strings.","description_kind":"plain","computed":true},"redundancy_zones_json":{"type":"string","description":"Subkeys for the redundancy zones read from Vault.","description_kind":"plain","computed":true},"servers":{"type":["map","string"],"description":"Additional output related to servers stored as a map of strings.","description_kind":"plain","computed":true},"servers_json":{"type":"string","description":"Subkeys for the servers read from Vault.","description_kind":"plain","computed":true},"upgrade_info":{"type":["map","string"],"description":"Additional output related to upgrade info stored as a map of strings.","description_kind":"plain","computed":true},"upgrade_info_json":{"type":"string","description":"Subkeys for the servers read from Vault.","description_kind":"plain","computed":true},"voters":{"type":["list","string"],"description":"The voters in the Vault cluster.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"vault_transform_decode":{"version":0,"block":{"attributes":{"batch_input":{"type":["list",["map","string"]],"description":"Specifies a list of items to be decoded in a single batch. If this parameter is set, the top-level parameters 'value', 'transformation' and 'tweak' will be ignored. Each batch item within the list can specify these parameters instead.","description_kind":"plain","optional":true},"batch_results":{"type":["list",["map","string"]],"description":"The result of decoding batch_input.","description_kind":"plain","optional":true,"computed":true},"decoded_value":{"type":"string","description":"The result of decoding a value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to backend from which to retrieve data.","description_kind":"plain","required":true},"role_name":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"transformation":{"type":"string","description":"The transformation to perform. If no value is provided and the role contains a single transformation, this value will be inferred from the role.","description_kind":"plain","optional":true},"tweak":{"type":"string","description":"The tweak value to use. Only applicable for FPE transformations","description_kind":"plain","optional":true},"value":{"type":"string","description":"The value in which to decode.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transform_encode":{"version":0,"block":{"attributes":{"batch_input":{"type":["list",["map","string"]],"description":"Specifies a list of items to be encoded in a single batch. If this parameter is set, the parameters 'value', 'transformation' and 'tweak' will be ignored. Each batch item within the list can specify these parameters instead.","description_kind":"plain","optional":true},"batch_results":{"type":["list",["map","string"]],"description":"The result of encoding batch_input.","description_kind":"plain","optional":true,"computed":true},"encoded_value":{"type":"string","description":"The result of encoding a value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to backend from which to retrieve data.","description_kind":"plain","required":true},"role_name":{"type":"string","description":"The name of the role.","description_kind":"plain","required":true},"transformation":{"type":"string","description":"The transformation to perform. If no value is provided and the role contains a single transformation, this value will be inferred from the role.","description_kind":"plain","optional":true},"tweak":{"type":"string","description":"The tweak value to use. Only applicable for FPE transformations","description_kind":"plain","optional":true},"value":{"type":"string","description":"The value in which to encode.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vault_transit_decrypt":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The Transit secret backend the key belongs to.","description_kind":"plain","required":true},"ciphertext":{"type":"string","description":"Transit encrypted cipher text.","description_kind":"plain","required":true},"context":{"type":"string","description":"Specifies the context for key derivation","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Name of the decryption key to use.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"plaintext":{"type":"string","description":"Decrypted plain text","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"vault_transit_encrypt":{"version":0,"block":{"attributes":{"backend":{"type":"string","description":"The Transit secret backend the key belongs to.","description_kind":"plain","required":true},"ciphertext":{"type":"string","description":"Transit encrypted cipher text.","description_kind":"plain","computed":true},"context":{"type":"string","description":"Specifies the context for key derivation","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Name of the encryption key to use.","description_kind":"plain","required":true},"key_version":{"type":"number","description":"The version of the key to use for encryption","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"Target namespace. (requires Enterprise)","description_kind":"plain","optional":true},"plaintext":{"type":"string","description":"Map of strings read from Vault.","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain"}}}}}} diff --git a/go.mod b/go.mod index 31fc27da..ca26955d 100644 --- a/go.mod +++ b/go.mod @@ -3,15 +3,15 @@ module github.com/upbound/provider-vault go 1.19 require ( - github.com/crossplane/crossplane-runtime v0.20.0 - github.com/crossplane/crossplane-tools v0.0.0-20230714144037-2684f4bc7638 + github.com/crossplane/crossplane-runtime v1.15.1 + github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 github.com/pkg/errors v0.9.1 github.com/upbound/upjet v0.9.0-rc.0.0.20230801094152-39dcb37efd81 gopkg.in/alecthomas/kingpin.v2 v2.2.6 - k8s.io/apimachinery v0.27.3 - k8s.io/client-go v0.27.3 - sigs.k8s.io/controller-runtime v0.15.0 - sigs.k8s.io/controller-tools v0.12.1 + k8s.io/apimachinery v0.29.1 + k8s.io/client-go v0.29.1 + sigs.k8s.io/controller-runtime v0.17.0 + sigs.k8s.io/controller-tools v0.14.0 ) require ( @@ -23,18 +23,17 @@ require ( github.com/antchfx/xpath v1.2.0 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cenkalti/backoff/v3 v3.0.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/dave/jennifer v1.4.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.10.2 // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch v5.6.0+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/fatih/camelcase v1.0.0 // indirect - github.com/fatih/color v1.15.0 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/go-logr/zapr v1.2.4 // indirect + github.com/fatih/color v1.16.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect @@ -43,30 +42,22 @@ require ( github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/mock v1.6.0 // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic v0.6.9 // indirect - github.com/google/go-cmp v0.5.9 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/uuid v1.4.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect - github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect github.com/hashicorp/go-hclog v1.2.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.1 // indirect - github.com/hashicorp/go-rootcerts v1.0.2 // indirect - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect - github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect - github.com/hashicorp/go-sockaddr v1.0.2 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.6.0 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/hcl/v2 v2.14.1 // indirect github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/terraform-json v0.14.0 // indirect github.com/hashicorp/terraform-plugin-go v0.14.0 // indirect github.com/hashicorp/terraform-plugin-log v0.7.0 // indirect github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.0 // indirect - github.com/hashicorp/vault/api v1.9.2 // indirect github.com/iancoleman/strcase v0.2.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -74,10 +65,9 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.17 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect @@ -87,13 +77,12 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/muvaf/typewriter v0.0.0-20220131201631-921e94e8e8d7 // indirect - github.com/prometheus/client_golang v1.15.1 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.10.0 // indirect - github.com/ryanuber/go-glob v1.0.0 // indirect - github.com/spf13/afero v1.9.5 // indirect - github.com/spf13/cobra v1.7.0 // indirect + github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect + github.com/spf13/afero v1.11.0 // indirect + github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tmccombs/hcl2json v0.3.3 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect @@ -101,35 +90,34 @@ require ( github.com/vmihailenco/tagparser v0.1.1 // indirect github.com/yuin/goldmark v1.4.13 // indirect github.com/zclconf/go-cty v1.11.0 // indirect - go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.24.0 // indirect - golang.org/x/crypto v0.11.0 // indirect - golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.12.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect - golang.org/x/sys v0.10.0 // indirect - golang.org/x/term v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.11.0 // indirect - gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - google.golang.org/grpc v1.56.2 // indirect + go.uber.org/zap v1.26.0 // indirect + golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect + golang.org/x/mod v0.14.0 // indirect + golang.org/x/net v0.20.0 // indirect + golang.org/x/oauth2 v0.15.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/term v0.16.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.17.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect + google.golang.org/grpc v1.61.0 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.27.3 // indirect - k8s.io/apiextensions-apiserver v0.27.3 // indirect - k8s.io/component-base v0.27.3 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 // indirect - k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect + k8s.io/api v0.29.1 // indirect + k8s.io/apiextensions-apiserver v0.29.1 // indirect + k8s.io/component-base v0.29.1 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) replace github.com/upbound/upjet => github.com/haarchri/upjet v0.9.0-rc.0.0.20230801-af46bef5eab5fc8482e02f29e56f5373d02cb4c7 diff --git a/go.sum b/go.sum index 7af8765f..3bda0d00 100644 --- a/go.sum +++ b/go.sum @@ -1,46 +1,5 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -53,78 +12,46 @@ github.com/antchfx/htmlquery v1.2.4 h1:qLteofCMe/KGovBI6SQgmou2QNyedFUW+pE+BpeZ4 github.com/antchfx/htmlquery v1.2.4/go.mod h1:2xO6iu3EVWs7R2JYqBbp8YzG50gj/ofqs5/0VZoDZLc= github.com/antchfx/xpath v1.2.0 h1:mbwv7co+x0RwgeGAOHdrKy89GvHaGvxxBtPK0uF9Zr8= github.com/antchfx/xpath v1.2.0/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I= +github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c= -github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/crossplane/crossplane-runtime v0.20.0 h1:MlPNrK6ELKLQdeHaIdKxQpZW2LSivSYXxHKVfU32auU= -github.com/crossplane/crossplane-runtime v0.20.0/go.mod h1:FuKIC8Mg8hE2gIAMyf2wCPkxkFPz+VnMQiYWBq1/p5A= -github.com/crossplane/crossplane-tools v0.0.0-20230714144037-2684f4bc7638 h1:NPbGG7jLyM+LbSMFQXilM70EOxbxk4z2CFvdSRtxc1s= -github.com/crossplane/crossplane-tools v0.0.0-20230714144037-2684f4bc7638/go.mod h1:+e4OaFlOcmr0JvINHl/yvEYBrZawzTgj6pQumOH1SS0= +github.com/crossplane/crossplane-runtime v1.15.1 h1:g1h75tNYOQT152IUNxs8ZgSsRFQKrZN9z69KefMujXs= +github.com/crossplane/crossplane-runtime v1.15.1/go.mod h1:kRcJjJQmBFrR2n/KhwL8wYS7xNfq3D8eK4JliEScOHI= +github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 h1:HigXs5tEQxWz0fcj8hzbU2UAZgEM7wPe0XRFOsrtF8Y= +github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79/go.mod h1:+e4OaFlOcmr0JvINHl/yvEYBrZawzTgj6pQumOH1SS0= github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw= github.com/dave/jennifer v1.4.1/go.mod h1:7jEdnm+qBcxl8PC0zyp7vxcpSRnzXSt9r39tpTVGlwA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE= -github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= +github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= -github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= -github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= -github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= +github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= @@ -132,6 +59,7 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= @@ -139,119 +67,51 @@ github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/addlicense v0.0.0-20210428195630-6d92264d7170/go.mod h1:EMjYTRimagHs1FwlIqKyX3wAM0u3rA+McvlIIWmSamA= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= -github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 h1:n6vlPhxsA+BW/XsS5+uqi7GyzaLa5MH7qlSLBZtRdiA= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/google/pprof v0.0.0-20240117000934-35fc243c5815 h1:WzfWbQz/Ze8v6l++GGbGNFZnUShVpP/0xffCPLL+ax8= +github.com/google/pprof v0.0.0-20240117000934-35fc243c5815/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/haarchri/upjet v0.9.0-rc.0.0.20230801-af46bef5eab5fc8482e02f29e56f5373d02cb4c7 h1:ea6dDCwkpE0eUKdpAhcK8as1pMXJFGsCOcK5E8rb1BQ= github.com/haarchri/upjet v0.9.0-rc.0.0.20230801-af46bef5eab5fc8482e02f29e56f5373d02cb4c7/go.mod h1:2RXHgpIugCL/S/Use1QJAeVaev901RBeUByQh5gUtGk= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= -github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v1.2.1 h1:YQsLlGDJgwhXFpucSPyVbCBviQtjlHv3jLTlp8YmtEw= github.com/hashicorp/go-hclog v1.2.1/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= -github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= -github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= -github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= github.com/hashicorp/hcl/v2 v2.14.1 h1:x0BpjfZ+CYdbiz+8yZTQ+gdLO7IXvOut7Da+XJayx34= github.com/hashicorp/hcl/v2 v2.14.1/go.mod h1:e4z5nxYlWNPdDSNYX+ph14EvWYMFm3eP0zIUqPc2jr0= @@ -265,30 +125,22 @@ github.com/hashicorp/terraform-plugin-log v0.7.0 h1:SDxJUyT8TwN4l5b5/VkiTIaQgY6R github.com/hashicorp/terraform-plugin-log v0.7.0/go.mod h1:p4R1jWBXRTvL4odmEkFfDdhUjHf9zcs/BCoNHAc7IK4= github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.0 h1:FtCLTiTcykdsURXPt/ku7fYXm3y19nbzbZcUxHx9RbI= github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.0/go.mod h1:80wf5oad1tW+oLnbXS4UTYmDCrl7BuN1Q+IA91X1a4Y= -github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as= -github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -298,33 +150,26 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= -github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= @@ -339,58 +184,52 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/muvaf/typewriter v0.0.0-20220131201631-921e94e8e8d7 h1:CxRHKnh1YJXgNKxcos9rrKL6AcmOl1AS/fygmxFDzh4= github.com/muvaf/typewriter v0.0.0-20220131201631-921e94e8e8d7/go.mod h1:SAAdeMEiFXR8LcHffvIdiLI1w243DCH2DuHq7UrA5YQ= github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758= +github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= -github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= +github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI= -github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.10.0 h1:UkG7GPYkO4UZyLnyXjaWYcgOSONqwdBqFUT95ugmt6I= -github.com/prometheus/procfs v0.10.0/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= -github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= -github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= +github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= @@ -400,12 +239,7 @@ github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvC github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE= @@ -417,412 +251,150 @@ github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uU github.com/zclconf/go-cty v1.11.0 h1:726SxLdi2SDnjY+BStqB9J1hNp4+2WlzyXLuimibIe0= github.com/zclconf/go-cty v1.11.0/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= -go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8= -golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc= -gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.56.2 h1:fVRFRnXvU+x6C4IlHZewvJOVHoOv1TUuQyoRsYnB4bI= -google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f h1:ultW7fxlIvee4HYrtnaRPon9HpEgFk5zYpmfMgtKB5I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc= +google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= +google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y= -k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg= -k8s.io/apiextensions-apiserver v0.27.3 h1:xAwC1iYabi+TDfpRhxh4Eapl14Hs2OftM2DN5MpgKX4= -k8s.io/apiextensions-apiserver v0.27.3/go.mod h1:BH3wJ5NsB9XE1w+R6SSVpKmYNyIiyIz9xAmBl8Mb+84= -k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM= -k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8= -k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48= -k8s.io/component-base v0.27.3 h1:g078YmdcdTfrCE4fFobt7qmVXwS8J/3cI1XxRi/2+6k= -k8s.io/component-base v0.27.3/go.mod h1:JNiKYcGImpQ44iwSYs6dysxzR9SxIIgQalk4HaCNVUY= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 h1:OmK1d0WrkD3IPfkskvroRykOulHVHf0s0ZIFRjyt+UI= -k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ= -k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= -k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU= -sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk= -sigs.k8s.io/controller-tools v0.12.1 h1:GyQqxzH5wksa4n3YDIJdJJOopztR5VDM+7qsyg5yE4U= -sigs.k8s.io/controller-tools v0.12.1/go.mod h1:rXlpTfFHZMpZA8aGq9ejArgZiieHd+fkk/fTatY8A2M= +k8s.io/api v0.29.1 h1:DAjwWX/9YT7NQD4INu49ROJuZAAAP/Ijki48GUPzxqw= +k8s.io/api v0.29.1/go.mod h1:7Kl10vBRUXhnQQI8YR/R327zXC8eJ7887/+Ybta+RoQ= +k8s.io/apiextensions-apiserver v0.29.1 h1:S9xOtyk9M3Sk1tIpQMu9wXHm5O2MX6Y1kIpPMimZBZw= +k8s.io/apiextensions-apiserver v0.29.1/go.mod h1:zZECpujY5yTW58co8V2EQR4BD6A9pktVgHhvc0uLfeU= +k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc= +k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/client-go v0.29.1 h1:19B/+2NGEwnFLzt0uB5kNJnfTsbV8w6TgQRz9l7ti7A= +k8s.io/client-go v0.29.1/go.mod h1:TDG/psL9hdet0TI9mGyHJSgRkW3H9JZk2dNEUS7bRks= +k8s.io/component-base v0.29.1 h1:MUimqJPCRnnHsskTTjKD+IC1EHBbRCVyi37IoFBrkYw= +k8s.io/component-base v0.29.1/go.mod h1:fP9GFjxYrLERq1GcWWZAE3bqbNcDKDytn2srWuHTtKc= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= +sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= +sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/package/crds/ad.vault.upbound.io_secretbackends.yaml b/package/crds/ad.vault.upbound.io_secretbackends.yaml index 1268ea9c..68d1cad3 100644 --- a/package/crds/ad.vault.upbound.io_secretbackends.yaml +++ b/package/crds/ad.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.ad.vault.upbound.io spec: group: ad.vault.upbound.io @@ -38,14 +38,19 @@ spec: an Active Directory secret backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,26 +74,26 @@ spec: forProvider: properties: anonymousGroupSearch: - description: Use anonymous binds when performing LDAP group searches - (if true the initial credentials will still be used for the - initial connection test). Use anonymous binds when performing - LDAP group searches (if true the initial credentials will still - be used for the initial connection test). + description: |- + Use anonymous binds when performing LDAP group searches + (if true the initial credentials will still be used for the initial connection test). + Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test). type: boolean backend: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to ad. The mount path - for a backend, for example, the path given in "$ vault auth - enable -path=my-ad ad". + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to ad. + The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad". type: string binddn: - description: Distinguished name of object to bind when performing - user and group search. Distinguished name of object to bind - when performing user and group search. + description: |- + Distinguished name of object to bind when performing user and group search. + Distinguished name of object to bind when performing user and group search. type: string bindpassSecretRef: - description: Password to use along with binddn when performing - user search. LDAP password for searching for the user DN. + description: |- + Password to use along with binddn when performing user search. + LDAP password for searching for the user DN. properties: key: description: The key to select. @@ -104,21 +110,21 @@ spec: - namespace type: object caseSensitiveNames: - description: If set, user and group names assigned to policies - within the backend will be case sensitive. Otherwise, names - will be normalized to lower case. If true, case sensitivity - will be used when comparing usernames and groups for matching - policies. + description: |- + If set, user and group names assigned to policies within the + backend will be case sensitive. Otherwise, names will be normalized to lower case. + If true, case sensitivity will be used when comparing usernames and groups for matching policies. type: boolean certificate: - description: CA certificate to use when verifying LDAP server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying LDAP server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying LDAP server certificate, must be + x509 PEM encoded. + CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded. type: string clientTlsCertSecretRef: - description: Client certificate to provide to the LDAP server, - must be x509 PEM encoded. Client certificate to provide to the - LDAP server, must be x509 PEM encoded. + description: |- + Client certificate to provide to the LDAP server, must be x509 PEM encoded. + Client certificate to provide to the LDAP server, must be x509 PEM encoded. properties: key: description: The key to select. @@ -135,9 +141,9 @@ spec: - namespace type: object clientTlsKeySecretRef: - description: Client certificate key to provide to the LDAP server, - must be x509 PEM encoded. Client certificate key to provide - to the LDAP server, must be x509 PEM encoded. + description: |- + Client certificate key to provide to the LDAP server, must be x509 PEM encoded. + Client certificate key to provide to the LDAP server, must be x509 PEM encoded. properties: key: description: The key to select. @@ -154,401 +160,390 @@ spec: - namespace type: object defaultLeaseTtlSeconds: - description: Default lease duration for secrets in seconds. Default - lease duration for secrets in seconds + description: |- + Default lease duration for secrets in seconds. + Default lease duration for secrets in seconds type: number denyNullBind: - description: Denies an unauthenticated LDAP bind request if the - user's password is empty; defaults to true. Denies an unauthenticated - LDAP bind request if the user's password is empty; defaults - to true + description: |- + Denies an unauthenticated LDAP bind request if the user's password is empty; + defaults to true. + Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true type: boolean description: - description: Human-friendly description of the mount for the Active - Directory backend. Human-friendly description of the mount for - the backend. + description: |- + Human-friendly description of the mount for the Active Directory backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean discoverdn: - description: Use anonymous bind to discover the bind Distinguished - Name of a user. Use anonymous bind to discover the bind DN of - a user. + description: |- + Use anonymous bind to discover the bind Distinguished Name of a user. + Use anonymous bind to discover the bind DN of a user. type: boolean formatter: - description: Deprecated use password_policy. Text to insert the - password into, ex. "customPrefix{{PASSWORD}}customSuffix". Text - to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". + description: |- + Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". + Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". type: string groupattr: - description: 'LDAP attribute to follow on objects returned by in - order to enumerate user group membership. Examples: cn or memberOf, - etc. Defaults to cn. LDAP attribute to follow on objects returned - by in order to enumerate user group membership. - Examples: "cn" or "memberOf", etc. Default: cn' + description: |- + LDAP attribute to follow on objects returned by in order to enumerate + user group membership. Examples: cn or memberOf, etc. Defaults to cn. + LDAP attribute to follow on objects returned by in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn type: string groupdn: - description: 'LDAP search base to use for group membership search - (eg: ou=Groups,dc=example,dc=org). LDAP search base to use for - group membership search (eg: ou=Groups,dc=example,dc=org)' + description: |- + LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org). + LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org) type: string groupfilter: - description: 'Go template for querying group membership of user The - template can access the following context variables: UserDN, - Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) - Go template for querying group membership of user. The template - can access the following context variables: UserDN, Username - Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) - Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))' + description: |- + Go template for querying group membership of user The template can access + the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) + Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) type: string insecureTls: - description: Skip LDAP server SSL Certificate verification. This - is not recommended for production. Defaults to false. Skip LDAP - server SSL Certificate verification - insecure and not recommended - for production use. + description: |- + Skip LDAP server SSL Certificate verification. This is not recommended for production. + Defaults to false. + Skip LDAP server SSL Certificate verification - insecure and not recommended for production use. type: boolean lastRotationTolerance: - description: The number of seconds after a Vault rotation where, - if Active Directory shows a later rotation, it should be considered - out-of-band The number of seconds after a Vault rotation where, - if Active Directory shows a later rotation, it should be considered - out-of-band. + description: |- + The number of seconds after a Vault rotation where, if Active Directory + shows a later rotation, it should be considered out-of-band + The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band. type: number length: - description: Deprecated use password_policy. The desired length - of passwords that Vault generates. Mutually exclusive with The - desired length of passwords that Vault generates. + description: |- + Deprecated use password_policy. The desired length of passwords that Vault generates. + Mutually exclusive with + The desired length of passwords that Vault generates. type: number local: - description: Mark the secrets engine as local-only. Local engines - are not replicated or removed by replication.Tolerance duration - to use when checking the last rotation time. Mark the secrets - engine as local-only. Local engines are not replicated or removed - by replication.Tolerance duration to use when checking the last - rotation time. + description: |- + Mark the secrets engine as local-only. Local engines are not replicated or removed by + replication.Tolerance duration to use when checking the last rotation time. + Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time. type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for secrets in seconds. + description: |- + Maximum possible lease duration for secrets in seconds. Maximum possible lease duration for secrets in seconds. type: number maxTtl: - description: In seconds, the maximum password time-to-live. In - seconds, the maximum password time-to-live. + description: |- + In seconds, the maximum password time-to-live. + In seconds, the maximum password time-to-live. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string passwordPolicy: - description: 1.11+ Name of the password policy to use to generate - passwords. + description: |- + 1.11+ + Name of the password policy to use to generate passwords. type: string requestTimeout: - description: Timeout, in seconds, for the connection when making - requests against the server before returning back an error. - Timeout, in seconds, for the connection when making requests - against the server before returning back an error. + description: |- + Timeout, in seconds, for the connection when making requests against the server + before returning back an error. + Timeout, in seconds, for the connection when making requests against the server before returning back an error. type: number starttls: - description: Issue a StartTLS command after establishing unencrypted - connection. Issue a StartTLS command after establishing unencrypted - connection. + description: |- + Issue a StartTLS command after establishing unencrypted connection. + Issue a StartTLS command after establishing unencrypted connection. type: boolean tlsMaxVersion: - description: Maximum TLS version to use. Accepted values are tls10, - tls11, tls12 or tls13. Defaults to tls12. Maximum TLS version - to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. - Defaults to 'tls12' + description: |- + Maximum TLS version to use. Accepted values are tls10, tls11, + tls12 or tls13. Defaults to tls12. + Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' type: string tlsMinVersion: - description: Minimum TLS version to use. Accepted values are tls10, - tls11, tls12 or tls13. Defaults to tls12. Minimum TLS version - to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. - Defaults to 'tls12' + description: |- + Minimum TLS version to use. Accepted values are tls10, tls11, + tls12 or tls13. Defaults to tls12. + Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' type: string ttl: - description: In seconds, the default password time-to-live. In - seconds, the default password time-to-live. + description: |- + In seconds, the default password time-to-live. + In seconds, the default password time-to-live. type: number upndomain: - description: Enables userPrincipalDomain login with [username]@UPNDomain. + description: |- + Enables userPrincipalDomain login with [username]@UPNDomain. Enables userPrincipalDomain login with [username]@UPNDomain. type: string url: - description: 'LDAP URL to connect to. Multiple URLs can be specified - by concatenating them with commas; they will be tried in-order. - Defaults to ldap://127.0.0.1. LDAP URL to connect to (default: - ldap://127.0.0.1). Multiple URLs can be specified by concatenating - them with commas; they will be tried in-order.' + description: |- + LDAP URL to connect to. Multiple URLs can be specified by concatenating + them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1. + LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. type: string usePre111GroupCnBehavior: - description: In Vault 1.1.1 a fix for handling group CN values - of different cases unfortunately introduced a regression that - could cause previously defined groups to not be found due to - a change in the resulting name. If set true, the pre-1.1.1 behavior - for matching group CNs will be used. This is only needed in - some upgrade scenarios for backwards compatibility. It is enabled - by default if the config is upgraded but disabled by default - on new configurations. In Vault 1.1.1 a fix for handling group - CN values of different cases unfortunately introduced a regression - that could cause previously defined groups to not be found due - to a change in the resulting name. If set true, the pre-1.1.1 - behavior for matching group CNs will be used. This is only needed - in some upgrade scenarios for backwards compatibility. It is - enabled by default if the config is upgraded but disabled by - default on new configurations. + description: |- + In Vault 1.1.1 a fix for handling group CN values of + different cases unfortunately introduced a regression that could cause previously defined groups + to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for + matching group CNs will be used. This is only needed in some upgrade scenarios for backwards + compatibility. It is enabled by default if the config is upgraded but disabled by default on + new configurations. + In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations. type: boolean useTokenGroups: - description: If true, use the Active Directory tokenGroups constructed - attribute of the user to find the group memberships. This will - find all security groups including nested ones. If true, use - the Active Directory tokenGroups constructed attribute of the - user to find the group memberships. This will find all security - groups including nested ones. + description: |- + If true, use the Active Directory tokenGroups constructed attribute of the + user to find the group memberships. This will find all security groups including nested ones. + If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones. type: boolean userattr: - description: 'Attribute used when searching users. Defaults to - cn. Attribute used for users (default: cn)' + description: |- + Attribute used when searching users. Defaults to cn. + Attribute used for users (default: cn) type: string userdn: - description: 'LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. - LDAP domain to use for users (eg: ou=People,dc=example,dc=org)' + description: |- + LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. + LDAP domain to use for users (eg: ou=People,dc=example,dc=org) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: anonymousGroupSearch: - description: Use anonymous binds when performing LDAP group searches - (if true the initial credentials will still be used for the - initial connection test). Use anonymous binds when performing - LDAP group searches (if true the initial credentials will still - be used for the initial connection test). + description: |- + Use anonymous binds when performing LDAP group searches + (if true the initial credentials will still be used for the initial connection test). + Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test). type: boolean backend: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to ad. The mount path - for a backend, for example, the path given in "$ vault auth - enable -path=my-ad ad". + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to ad. + The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad". type: string binddn: - description: Distinguished name of object to bind when performing - user and group search. Distinguished name of object to bind - when performing user and group search. + description: |- + Distinguished name of object to bind when performing user and group search. + Distinguished name of object to bind when performing user and group search. type: string caseSensitiveNames: - description: If set, user and group names assigned to policies - within the backend will be case sensitive. Otherwise, names - will be normalized to lower case. If true, case sensitivity - will be used when comparing usernames and groups for matching - policies. + description: |- + If set, user and group names assigned to policies within the + backend will be case sensitive. Otherwise, names will be normalized to lower case. + If true, case sensitivity will be used when comparing usernames and groups for matching policies. type: boolean certificate: - description: CA certificate to use when verifying LDAP server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying LDAP server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying LDAP server certificate, must be + x509 PEM encoded. + CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded. type: string defaultLeaseTtlSeconds: - description: Default lease duration for secrets in seconds. Default - lease duration for secrets in seconds + description: |- + Default lease duration for secrets in seconds. + Default lease duration for secrets in seconds type: number denyNullBind: - description: Denies an unauthenticated LDAP bind request if the - user's password is empty; defaults to true. Denies an unauthenticated - LDAP bind request if the user's password is empty; defaults - to true + description: |- + Denies an unauthenticated LDAP bind request if the user's password is empty; + defaults to true. + Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true type: boolean description: - description: Human-friendly description of the mount for the Active - Directory backend. Human-friendly description of the mount for - the backend. + description: |- + Human-friendly description of the mount for the Active Directory backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean discoverdn: - description: Use anonymous bind to discover the bind Distinguished - Name of a user. Use anonymous bind to discover the bind DN of - a user. + description: |- + Use anonymous bind to discover the bind Distinguished Name of a user. + Use anonymous bind to discover the bind DN of a user. type: boolean formatter: - description: Deprecated use password_policy. Text to insert the - password into, ex. "customPrefix{{PASSWORD}}customSuffix". Text - to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". + description: |- + Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". + Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". type: string groupattr: - description: 'LDAP attribute to follow on objects returned by in - order to enumerate user group membership. Examples: cn or memberOf, - etc. Defaults to cn. LDAP attribute to follow on objects returned - by in order to enumerate user group membership. - Examples: "cn" or "memberOf", etc. Default: cn' + description: |- + LDAP attribute to follow on objects returned by in order to enumerate + user group membership. Examples: cn or memberOf, etc. Defaults to cn. + LDAP attribute to follow on objects returned by in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn type: string groupdn: - description: 'LDAP search base to use for group membership search - (eg: ou=Groups,dc=example,dc=org). LDAP search base to use for - group membership search (eg: ou=Groups,dc=example,dc=org)' + description: |- + LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org). + LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org) type: string groupfilter: - description: 'Go template for querying group membership of user The - template can access the following context variables: UserDN, - Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) - Go template for querying group membership of user. The template - can access the following context variables: UserDN, Username - Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) - Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))' + description: |- + Go template for querying group membership of user The template can access + the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) + Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) type: string insecureTls: - description: Skip LDAP server SSL Certificate verification. This - is not recommended for production. Defaults to false. Skip LDAP - server SSL Certificate verification - insecure and not recommended - for production use. + description: |- + Skip LDAP server SSL Certificate verification. This is not recommended for production. + Defaults to false. + Skip LDAP server SSL Certificate verification - insecure and not recommended for production use. type: boolean lastRotationTolerance: - description: The number of seconds after a Vault rotation where, - if Active Directory shows a later rotation, it should be considered - out-of-band The number of seconds after a Vault rotation where, - if Active Directory shows a later rotation, it should be considered - out-of-band. + description: |- + The number of seconds after a Vault rotation where, if Active Directory + shows a later rotation, it should be considered out-of-band + The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band. type: number length: - description: Deprecated use password_policy. The desired length - of passwords that Vault generates. Mutually exclusive with The - desired length of passwords that Vault generates. + description: |- + Deprecated use password_policy. The desired length of passwords that Vault generates. + Mutually exclusive with + The desired length of passwords that Vault generates. type: number local: - description: Mark the secrets engine as local-only. Local engines - are not replicated or removed by replication.Tolerance duration - to use when checking the last rotation time. Mark the secrets - engine as local-only. Local engines are not replicated or removed - by replication.Tolerance duration to use when checking the last - rotation time. + description: |- + Mark the secrets engine as local-only. Local engines are not replicated or removed by + replication.Tolerance duration to use when checking the last rotation time. + Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time. type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for secrets in seconds. + description: |- + Maximum possible lease duration for secrets in seconds. Maximum possible lease duration for secrets in seconds. type: number maxTtl: - description: In seconds, the maximum password time-to-live. In - seconds, the maximum password time-to-live. + description: |- + In seconds, the maximum password time-to-live. + In seconds, the maximum password time-to-live. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string passwordPolicy: - description: 1.11+ Name of the password policy to use to generate - passwords. + description: |- + 1.11+ + Name of the password policy to use to generate passwords. type: string requestTimeout: - description: Timeout, in seconds, for the connection when making - requests against the server before returning back an error. - Timeout, in seconds, for the connection when making requests - against the server before returning back an error. + description: |- + Timeout, in seconds, for the connection when making requests against the server + before returning back an error. + Timeout, in seconds, for the connection when making requests against the server before returning back an error. type: number starttls: - description: Issue a StartTLS command after establishing unencrypted - connection. Issue a StartTLS command after establishing unencrypted - connection. + description: |- + Issue a StartTLS command after establishing unencrypted connection. + Issue a StartTLS command after establishing unencrypted connection. type: boolean tlsMaxVersion: - description: Maximum TLS version to use. Accepted values are tls10, - tls11, tls12 or tls13. Defaults to tls12. Maximum TLS version - to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. - Defaults to 'tls12' + description: |- + Maximum TLS version to use. Accepted values are tls10, tls11, + tls12 or tls13. Defaults to tls12. + Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' type: string tlsMinVersion: - description: Minimum TLS version to use. Accepted values are tls10, - tls11, tls12 or tls13. Defaults to tls12. Minimum TLS version - to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. - Defaults to 'tls12' + description: |- + Minimum TLS version to use. Accepted values are tls10, tls11, + tls12 or tls13. Defaults to tls12. + Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' type: string ttl: - description: In seconds, the default password time-to-live. In - seconds, the default password time-to-live. + description: |- + In seconds, the default password time-to-live. + In seconds, the default password time-to-live. type: number upndomain: - description: Enables userPrincipalDomain login with [username]@UPNDomain. + description: |- + Enables userPrincipalDomain login with [username]@UPNDomain. Enables userPrincipalDomain login with [username]@UPNDomain. type: string url: - description: 'LDAP URL to connect to. Multiple URLs can be specified - by concatenating them with commas; they will be tried in-order. - Defaults to ldap://127.0.0.1. LDAP URL to connect to (default: - ldap://127.0.0.1). Multiple URLs can be specified by concatenating - them with commas; they will be tried in-order.' + description: |- + LDAP URL to connect to. Multiple URLs can be specified by concatenating + them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1. + LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. type: string usePre111GroupCnBehavior: - description: In Vault 1.1.1 a fix for handling group CN values - of different cases unfortunately introduced a regression that - could cause previously defined groups to not be found due to - a change in the resulting name. If set true, the pre-1.1.1 behavior - for matching group CNs will be used. This is only needed in - some upgrade scenarios for backwards compatibility. It is enabled - by default if the config is upgraded but disabled by default - on new configurations. In Vault 1.1.1 a fix for handling group - CN values of different cases unfortunately introduced a regression - that could cause previously defined groups to not be found due - to a change in the resulting name. If set true, the pre-1.1.1 - behavior for matching group CNs will be used. This is only needed - in some upgrade scenarios for backwards compatibility. It is - enabled by default if the config is upgraded but disabled by - default on new configurations. + description: |- + In Vault 1.1.1 a fix for handling group CN values of + different cases unfortunately introduced a regression that could cause previously defined groups + to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for + matching group CNs will be used. This is only needed in some upgrade scenarios for backwards + compatibility. It is enabled by default if the config is upgraded but disabled by default on + new configurations. + In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations. type: boolean useTokenGroups: - description: If true, use the Active Directory tokenGroups constructed - attribute of the user to find the group memberships. This will - find all security groups including nested ones. If true, use - the Active Directory tokenGroups constructed attribute of the - user to find the group memberships. This will find all security - groups including nested ones. + description: |- + If true, use the Active Directory tokenGroups constructed attribute of the + user to find the group memberships. This will find all security groups including nested ones. + If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones. type: boolean userattr: - description: 'Attribute used when searching users. Defaults to - cn. Attribute used for users (default: cn)' + description: |- + Attribute used when searching users. Defaults to cn. + Attribute used for users (default: cn) type: string userdn: - description: 'LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. - LDAP domain to use for users (eg: ou=People,dc=example,dc=org)' + description: |- + LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. + LDAP domain to use for users (eg: ou=People,dc=example,dc=org) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -561,45 +556,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -609,21 +569,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -633,17 +593,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -653,21 +615,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -682,21 +644,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -707,14 +670,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -743,203 +707,196 @@ spec: atProvider: properties: anonymousGroupSearch: - description: Use anonymous binds when performing LDAP group searches - (if true the initial credentials will still be used for the - initial connection test). Use anonymous binds when performing - LDAP group searches (if true the initial credentials will still - be used for the initial connection test). + description: |- + Use anonymous binds when performing LDAP group searches + (if true the initial credentials will still be used for the initial connection test). + Use anonymous binds when performing LDAP group searches (if true the initial credentials will still be used for the initial connection test). type: boolean backend: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to ad. The mount path - for a backend, for example, the path given in "$ vault auth - enable -path=my-ad ad". + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to ad. + The mount path for a backend, for example, the path given in "$ vault auth enable -path=my-ad ad". type: string binddn: - description: Distinguished name of object to bind when performing - user and group search. Distinguished name of object to bind - when performing user and group search. + description: |- + Distinguished name of object to bind when performing user and group search. + Distinguished name of object to bind when performing user and group search. type: string caseSensitiveNames: - description: If set, user and group names assigned to policies - within the backend will be case sensitive. Otherwise, names - will be normalized to lower case. If true, case sensitivity - will be used when comparing usernames and groups for matching - policies. + description: |- + If set, user and group names assigned to policies within the + backend will be case sensitive. Otherwise, names will be normalized to lower case. + If true, case sensitivity will be used when comparing usernames and groups for matching policies. type: boolean certificate: - description: CA certificate to use when verifying LDAP server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying LDAP server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying LDAP server certificate, must be + x509 PEM encoded. + CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded. type: string defaultLeaseTtlSeconds: - description: Default lease duration for secrets in seconds. Default - lease duration for secrets in seconds + description: |- + Default lease duration for secrets in seconds. + Default lease duration for secrets in seconds type: number denyNullBind: - description: Denies an unauthenticated LDAP bind request if the - user's password is empty; defaults to true. Denies an unauthenticated - LDAP bind request if the user's password is empty; defaults - to true + description: |- + Denies an unauthenticated LDAP bind request if the user's password is empty; + defaults to true. + Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true type: boolean description: - description: Human-friendly description of the mount for the Active - Directory backend. Human-friendly description of the mount for - the backend. + description: |- + Human-friendly description of the mount for the Active Directory backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean discoverdn: - description: Use anonymous bind to discover the bind Distinguished - Name of a user. Use anonymous bind to discover the bind DN of - a user. + description: |- + Use anonymous bind to discover the bind Distinguished Name of a user. + Use anonymous bind to discover the bind DN of a user. type: boolean formatter: - description: Deprecated use password_policy. Text to insert the - password into, ex. "customPrefix{{PASSWORD}}customSuffix". Text - to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". + description: |- + Deprecated use password_policy. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". + Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix". type: string groupattr: - description: 'LDAP attribute to follow on objects returned by in - order to enumerate user group membership. Examples: cn or memberOf, - etc. Defaults to cn. LDAP attribute to follow on objects returned - by in order to enumerate user group membership. - Examples: "cn" or "memberOf", etc. Default: cn' + description: |- + LDAP attribute to follow on objects returned by in order to enumerate + user group membership. Examples: cn or memberOf, etc. Defaults to cn. + LDAP attribute to follow on objects returned by in order to enumerate user group membership. Examples: "cn" or "memberOf", etc. Default: cn type: string groupdn: - description: 'LDAP search base to use for group membership search - (eg: ou=Groups,dc=example,dc=org). LDAP search base to use for - group membership search (eg: ou=Groups,dc=example,dc=org)' + description: |- + LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org). + LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org) type: string groupfilter: - description: 'Go template for querying group membership of user The - template can access the following context variables: UserDN, - Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) - Go template for querying group membership of user. The template - can access the following context variables: UserDN, Username - Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) - Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))' + description: |- + Go template for querying group membership of user The template can access + the following context variables: UserDN, Username. Defaults to (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) + Go template for querying group membership of user. The template can access the following context variables: UserDN, Username Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}})) Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})) type: string id: type: string insecureTls: - description: Skip LDAP server SSL Certificate verification. This - is not recommended for production. Defaults to false. Skip LDAP - server SSL Certificate verification - insecure and not recommended - for production use. + description: |- + Skip LDAP server SSL Certificate verification. This is not recommended for production. + Defaults to false. + Skip LDAP server SSL Certificate verification - insecure and not recommended for production use. type: boolean lastRotationTolerance: - description: The number of seconds after a Vault rotation where, - if Active Directory shows a later rotation, it should be considered - out-of-band The number of seconds after a Vault rotation where, - if Active Directory shows a later rotation, it should be considered - out-of-band. + description: |- + The number of seconds after a Vault rotation where, if Active Directory + shows a later rotation, it should be considered out-of-band + The number of seconds after a Vault rotation where, if Active Directory shows a later rotation, it should be considered out-of-band. type: number length: - description: Deprecated use password_policy. The desired length - of passwords that Vault generates. Mutually exclusive with The - desired length of passwords that Vault generates. + description: |- + Deprecated use password_policy. The desired length of passwords that Vault generates. + Mutually exclusive with + The desired length of passwords that Vault generates. type: number local: - description: Mark the secrets engine as local-only. Local engines - are not replicated or removed by replication.Tolerance duration - to use when checking the last rotation time. Mark the secrets - engine as local-only. Local engines are not replicated or removed - by replication.Tolerance duration to use when checking the last - rotation time. + description: |- + Mark the secrets engine as local-only. Local engines are not replicated or removed by + replication.Tolerance duration to use when checking the last rotation time. + Mark the secrets engine as local-only. Local engines are not replicated or removed by replication.Tolerance duration to use when checking the last rotation time. type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for secrets in seconds. + description: |- + Maximum possible lease duration for secrets in seconds. Maximum possible lease duration for secrets in seconds. type: number maxTtl: - description: In seconds, the maximum password time-to-live. In - seconds, the maximum password time-to-live. + description: |- + In seconds, the maximum password time-to-live. + In seconds, the maximum password time-to-live. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string passwordPolicy: - description: 1.11+ Name of the password policy to use to generate - passwords. + description: |- + 1.11+ + Name of the password policy to use to generate passwords. type: string requestTimeout: - description: Timeout, in seconds, for the connection when making - requests against the server before returning back an error. - Timeout, in seconds, for the connection when making requests - against the server before returning back an error. + description: |- + Timeout, in seconds, for the connection when making requests against the server + before returning back an error. + Timeout, in seconds, for the connection when making requests against the server before returning back an error. type: number starttls: - description: Issue a StartTLS command after establishing unencrypted - connection. Issue a StartTLS command after establishing unencrypted - connection. + description: |- + Issue a StartTLS command after establishing unencrypted connection. + Issue a StartTLS command after establishing unencrypted connection. type: boolean tlsMaxVersion: - description: Maximum TLS version to use. Accepted values are tls10, - tls11, tls12 or tls13. Defaults to tls12. Maximum TLS version - to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. - Defaults to 'tls12' + description: |- + Maximum TLS version to use. Accepted values are tls10, tls11, + tls12 or tls13. Defaults to tls12. + Maximum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' type: string tlsMinVersion: - description: Minimum TLS version to use. Accepted values are tls10, - tls11, tls12 or tls13. Defaults to tls12. Minimum TLS version - to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. - Defaults to 'tls12' + description: |- + Minimum TLS version to use. Accepted values are tls10, tls11, + tls12 or tls13. Defaults to tls12. + Minimum TLS version to use. Accepted values are 'tls10', 'tls11', 'tls12' or 'tls13'. Defaults to 'tls12' type: string ttl: - description: In seconds, the default password time-to-live. In - seconds, the default password time-to-live. + description: |- + In seconds, the default password time-to-live. + In seconds, the default password time-to-live. type: number upndomain: - description: Enables userPrincipalDomain login with [username]@UPNDomain. + description: |- + Enables userPrincipalDomain login with [username]@UPNDomain. Enables userPrincipalDomain login with [username]@UPNDomain. type: string url: - description: 'LDAP URL to connect to. Multiple URLs can be specified - by concatenating them with commas; they will be tried in-order. - Defaults to ldap://127.0.0.1. LDAP URL to connect to (default: - ldap://127.0.0.1). Multiple URLs can be specified by concatenating - them with commas; they will be tried in-order.' + description: |- + LDAP URL to connect to. Multiple URLs can be specified by concatenating + them with commas; they will be tried in-order. Defaults to ldap://127.0.0.1. + LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order. type: string usePre111GroupCnBehavior: - description: In Vault 1.1.1 a fix for handling group CN values - of different cases unfortunately introduced a regression that - could cause previously defined groups to not be found due to - a change in the resulting name. If set true, the pre-1.1.1 behavior - for matching group CNs will be used. This is only needed in - some upgrade scenarios for backwards compatibility. It is enabled - by default if the config is upgraded but disabled by default - on new configurations. In Vault 1.1.1 a fix for handling group - CN values of different cases unfortunately introduced a regression - that could cause previously defined groups to not be found due - to a change in the resulting name. If set true, the pre-1.1.1 - behavior for matching group CNs will be used. This is only needed - in some upgrade scenarios for backwards compatibility. It is - enabled by default if the config is upgraded but disabled by - default on new configurations. + description: |- + In Vault 1.1.1 a fix for handling group CN values of + different cases unfortunately introduced a regression that could cause previously defined groups + to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for + matching group CNs will be used. This is only needed in some upgrade scenarios for backwards + compatibility. It is enabled by default if the config is upgraded but disabled by default on + new configurations. + In Vault 1.1.1 a fix for handling group CN values of different cases unfortunately introduced a regression that could cause previously defined groups to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for matching group CNs will be used. This is only needed in some upgrade scenarios for backwards compatibility. It is enabled by default if the config is upgraded but disabled by default on new configurations. type: boolean useTokenGroups: - description: If true, use the Active Directory tokenGroups constructed - attribute of the user to find the group memberships. This will - find all security groups including nested ones. If true, use - the Active Directory tokenGroups constructed attribute of the - user to find the group memberships. This will find all security - groups including nested ones. + description: |- + If true, use the Active Directory tokenGroups constructed attribute of the + user to find the group memberships. This will find all security groups including nested ones. + If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones. type: boolean userattr: - description: 'Attribute used when searching users. Defaults to - cn. Attribute used for users (default: cn)' + description: |- + Attribute used when searching users. Defaults to cn. + Attribute used for users (default: cn) type: string userdn: - description: 'LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. - LDAP domain to use for users (eg: ou=People,dc=example,dc=org)' + description: |- + LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`. + LDAP domain to use for users (eg: ou=People,dc=example,dc=org) type: string type: object conditions: @@ -948,13 +905,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -965,8 +924,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -975,6 +935,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/ad.vault.upbound.io_secretroles.yaml b/package/crds/ad.vault.upbound.io_secretroles.yaml index b26aa862..28a36b9d 100644 --- a/package/crds/ad.vault.upbound.io_secretroles.yaml +++ b/package/crds/ad.vault.upbound.io_secretroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretroles.ad.vault.upbound.io spec: group: ad.vault.upbound.io @@ -38,14 +38,19 @@ spec: on the Active Directory Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,87 +74,103 @@ spec: forProvider: properties: backend: - description: The path the AD secret backend is mounted at, with - no leading or trailing /s. The mount path for the AD backend. + description: |- + The path the AD secret backend is mounted at, + with no leading or trailing /s. + The mount path for the AD backend. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: - description: The name to identify this role within the backend. - Must be unique within the backend. Name of the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Name of the role. type: string serviceAccountName: - description: Specifies the name of the Active Directory service - account mapped to this role. The username/logon name for the - service account with which this role will be associated. + description: |- + Specifies the name of the Active Directory service + account mapped to this role. + The username/logon name for the service account with which this role will be associated. type: string ttl: - description: The password time-to-live in seconds. Defaults to - the configuration ttl if not provided. In seconds, the default - password time-to-live. + description: |- + The password time-to-live in seconds. Defaults to the configuration + ttl if not provided. + In seconds, the default password time-to-live. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path the AD secret backend is mounted at, with - no leading or trailing /s. The mount path for the AD backend. + description: |- + The path the AD secret backend is mounted at, + with no leading or trailing /s. + The mount path for the AD backend. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: - description: The name to identify this role within the backend. - Must be unique within the backend. Name of the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Name of the role. type: string serviceAccountName: - description: Specifies the name of the Active Directory service - account mapped to this role. The username/logon name for the - service account with which this role will be associated. + description: |- + Specifies the name of the Active Directory service + account mapped to this role. + The username/logon name for the service account with which this role will be associated. type: string ttl: - description: The password time-to-live in seconds. Defaults to - the configuration ttl if not provided. In seconds, the default - password time-to-live. + description: |- + The password time-to-live in seconds. Defaults to the configuration + ttl if not provided. + In seconds, the default password time-to-live. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -161,9 +183,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -173,57 +196,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -233,17 +220,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -253,21 +242,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -282,21 +271,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -307,14 +297,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -348,39 +339,48 @@ spec: atProvider: properties: backend: - description: The path the AD secret backend is mounted at, with - no leading or trailing /s. The mount path for the AD backend. + description: |- + The path the AD secret backend is mounted at, + with no leading or trailing /s. + The mount path for the AD backend. type: string id: type: string lastVaultRotation: - description: Timestamp of the last password rotation by Vault. + description: |- + Timestamp of the last password rotation by Vault. Last time Vault rotated this service account's password. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string passwordLastSet: - description: Timestamp of the last password set by Vault. Last - time Vault set this service account's password. + description: |- + Timestamp of the last password set by Vault. + Last time Vault set this service account's password. type: string role: - description: The name to identify this role within the backend. - Must be unique within the backend. Name of the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Name of the role. type: string serviceAccountName: - description: Specifies the name of the Active Directory service - account mapped to this role. The username/logon name for the - service account with which this role will be associated. + description: |- + Specifies the name of the Active Directory service + account mapped to this role. + The username/logon name for the service account with which this role will be associated. type: string ttl: - description: The password time-to-live in seconds. Defaults to - the configuration ttl if not provided. In seconds, the default - password time-to-live. + description: |- + The password time-to-live in seconds. Defaults to the configuration + ttl if not provided. + In seconds, the default password time-to-live. type: number type: object conditions: @@ -389,13 +389,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -406,8 +408,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -416,6 +419,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/alicloud.vault.upbound.io_authbackendroles.yaml b/package/crds/alicloud.vault.upbound.io_authbackendroles.yaml index ed9783d5..cc03186a 100644 --- a/package/crds/alicloud.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/alicloud.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.alicloud.vault.upbound.io spec: group: alicloud.vault.upbound.io @@ -38,14 +38,19 @@ spec: roles in an AliCloud auth backend in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,191 +74,221 @@ spec: forProvider: properties: arn: - description: The role's arn. The role's arn. + description: |- + The role's arn. + The role's arn. type: string backend: - description: Path to the mounted AliCloud auth backend. Defaults - to alicloud Auth backend. + description: |- + Path to the mounted AliCloud auth backend. + Defaults to alicloud + Auth backend. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: - description: Name of the role. Must correspond with the name of - the role reflected in the arn. Name of the role. Must correspond - with the name of the role reflected in the arn. + description: |- + Name of the role. Must correspond with the name of + the role reflected in the arn. + Name of the role. Must correspond with the name of the role reflected in the arn. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: arn: - description: The role's arn. The role's arn. + description: |- + The role's arn. + The role's arn. type: string backend: - description: Path to the mounted AliCloud auth backend. Defaults - to alicloud Auth backend. + description: |- + Path to the mounted AliCloud auth backend. + Defaults to alicloud + Auth backend. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: - description: Name of the role. Must correspond with the name of - the role reflected in the arn. Name of the role. Must correspond - with the name of the role reflected in the arn. + description: |- + Name of the role. Must correspond with the name of + the role reflected in the arn. + Name of the role. Must correspond with the name of the role reflected in the arn. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -265,9 +301,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -277,57 +314,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -337,17 +338,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -357,21 +360,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -386,21 +389,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -411,14 +415,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -448,83 +453,97 @@ spec: atProvider: properties: arn: - description: The role's arn. The role's arn. + description: |- + The role's arn. + The role's arn. type: string backend: - description: Path to the mounted AliCloud auth backend. Defaults - to alicloud Auth backend. + description: |- + Path to the mounted AliCloud auth backend. + Defaults to alicloud + Auth backend. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: - description: Name of the role. Must correspond with the name of - the role reflected in the arn. Name of the role. Must correspond - with the name of the role reflected in the arn. + description: |- + Name of the role. Must correspond with the name of + the role reflected in the arn. + Name of the role. Must correspond with the name of the role reflected in the arn. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object conditions: @@ -533,13 +552,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -550,8 +571,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -560,6 +582,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/approle.vault.upbound.io_authbackendlogins.yaml b/package/crds/approle.vault.upbound.io_authbackendlogins.yaml index 8398ac77..23201c81 100644 --- a/package/crds/approle.vault.upbound.io_authbackendlogins.yaml +++ b/package/crds/approle.vault.upbound.io_authbackendlogins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendlogins.approle.vault.upbound.io spec: group: approle.vault.upbound.io @@ -38,14 +38,19 @@ spec: Log into Vault using the AppRole auth backend. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,24 +74,28 @@ spec: forProvider: properties: backend: - description: The unique path of the Vault backend to log in with. + description: |- + The unique path of the Vault backend to log in with. Unique name of the auth backend to configure. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleId: - description: The ID of the role to log in with. The RoleID to - log in with. + description: |- + The ID of the role to log in with. + The RoleID to log in with. type: string secretIdSecretRef: - description: The secret ID of the role to log in with. Required - unless bind_secret_id is set to false on the role. The SecretID - to log in with. + description: |- + The secret ID of the role to log in with. Required + unless bind_secret_id is set to false on the role. + The SecretID to log in with. properties: key: description: The key to select. @@ -103,51 +113,56 @@ spec: type: object type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The unique path of the Vault backend to log in with. + description: |- + The unique path of the Vault backend to log in with. Unique name of the auth backend to configure. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleId: - description: The ID of the role to log in with. The RoleID to - log in with. + description: |- + The ID of the role to log in with. + The RoleID to log in with. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -160,9 +175,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -172,57 +188,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -232,17 +212,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -252,21 +234,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -281,21 +263,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -306,14 +289,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -339,18 +323,21 @@ spec: atProvider: properties: accessor: - description: The accessor for the token. The accessor for the - token. + description: |- + The accessor for the token. + The accessor for the token. type: string backend: - description: The unique path of the Vault backend to log in with. + description: |- + The unique path of the Vault backend to log in with. Unique name of the auth backend to configure. type: string id: type: string leaseDuration: - description: How long the token is valid for, in seconds. How - long the token is valid for. + description: |- + How long the token is valid for, in seconds. + How long the token is valid for. type: number leaseStarted: description: The date and time the lease started, in RFC 3339 @@ -359,29 +346,34 @@ spec: metadata: additionalProperties: type: string - description: The metadata associated with the token. Metadata - associated with the token. + description: |- + The metadata associated with the token. + Metadata associated with the token. type: object namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: A list of policies applied to the token. Policies - set on the token. + description: |- + A list of policies applied to the token. + Policies set on the token. items: type: string type: array renewable: - description: Whether the token is renewable or not. Whether the - token is renewable or not. + description: |- + Whether the token is renewable or not. + Whether the token is renewable or not. type: boolean roleId: - description: The ID of the role to log in with. The RoleID to - log in with. + description: |- + The ID of the role to log in with. + The RoleID to log in with. type: string type: object conditions: @@ -390,13 +382,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -407,8 +401,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -417,6 +412,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/approle.vault.upbound.io_authbackendroles.yaml b/package/crds/approle.vault.upbound.io_authbackendroles.yaml index 1d4cafd8..f60e64b6 100644 --- a/package/crds/approle.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/approle.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.approle.vault.upbound.io spec: group: approle.vault.upbound.io @@ -38,14 +38,19 @@ spec: AppRole auth backend roles in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,241 +74,275 @@ spec: forProvider: properties: backend: - description: The unique name of the auth backend to configure. - Defaults to approle. Unique name of the auth backend to configure. + description: |- + The unique name of the auth backend to configure. + Defaults to approle. + Unique name of the auth backend to configure. type: string bindSecretId: - description: Whether or not to require secret_id to be presented - when logging in using this AppRole. Defaults to true. Whether - or not to require secret_id to be present when logging in using - this AppRole. + description: |- + Whether or not to require secret_id to be + presented when logging in using this AppRole. Defaults to true. + Whether or not to require secret_id to be present when logging in using this AppRole. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleId: - description: The RoleID of this role. If not specified, one will - be auto-generated. The RoleID of the role. Autogenerated if - not set. + description: |- + The RoleID of this role. If not specified, one will be + auto-generated. + The RoleID of the role. Autogenerated if not set. type: string roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string secretIdBoundCidrs: - description: If set, specifies blocks of IP addresses which can - perform the login operation. List of CIDR blocks that can log - in using the AppRole. + description: |- + If set, + specifies blocks of IP addresses which can perform the login operation. + List of CIDR blocks that can log in using the AppRole. items: type: string type: array secretIdNumUses: - description: The number of times any particular SecretID can be - used to fetch a token from this AppRole, after which the SecretID - will expire. A value of zero will allow unlimited uses. Number - of times which a particular SecretID can be used to fetch a - token from this AppRole, after which the SecretID will expire. - Leaving this unset or setting it to 0 will allow unlimited uses. + description: |- + The number of times any particular SecretID + can be used to fetch a token from this AppRole, after which the SecretID will + expire. A value of zero will allow unlimited uses. + Number of times which a particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. Leaving this unset or setting it to 0 will allow unlimited uses. type: number secretIdTtl: - description: The number of seconds after which any SecretID expires. + description: |- + The number of seconds after which any SecretID + expires. Number of seconds a SecretID remains valid for. type: number tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The unique name of the auth backend to configure. - Defaults to approle. Unique name of the auth backend to configure. + description: |- + The unique name of the auth backend to configure. + Defaults to approle. + Unique name of the auth backend to configure. type: string bindSecretId: - description: Whether or not to require secret_id to be presented - when logging in using this AppRole. Defaults to true. Whether - or not to require secret_id to be present when logging in using - this AppRole. + description: |- + Whether or not to require secret_id to be + presented when logging in using this AppRole. Defaults to true. + Whether or not to require secret_id to be present when logging in using this AppRole. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleId: - description: The RoleID of this role. If not specified, one will - be auto-generated. The RoleID of the role. Autogenerated if - not set. + description: |- + The RoleID of this role. If not specified, one will be + auto-generated. + The RoleID of the role. Autogenerated if not set. type: string roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string secretIdBoundCidrs: - description: If set, specifies blocks of IP addresses which can - perform the login operation. List of CIDR blocks that can log - in using the AppRole. + description: |- + If set, + specifies blocks of IP addresses which can perform the login operation. + List of CIDR blocks that can log in using the AppRole. items: type: string type: array secretIdNumUses: - description: The number of times any particular SecretID can be - used to fetch a token from this AppRole, after which the SecretID - will expire. A value of zero will allow unlimited uses. Number - of times which a particular SecretID can be used to fetch a - token from this AppRole, after which the SecretID will expire. - Leaving this unset or setting it to 0 will allow unlimited uses. + description: |- + The number of times any particular SecretID + can be used to fetch a token from this AppRole, after which the SecretID will + expire. A value of zero will allow unlimited uses. + Number of times which a particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. Leaving this unset or setting it to 0 will allow unlimited uses. type: number secretIdTtl: - description: The number of seconds after which any SecretID expires. + description: |- + The number of seconds after which any SecretID + expires. Number of seconds a SecretID remains valid for. type: number tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -315,9 +355,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -327,57 +368,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -387,17 +392,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -407,21 +414,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -436,21 +443,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -461,14 +469,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -494,108 +503,124 @@ spec: atProvider: properties: backend: - description: The unique name of the auth backend to configure. - Defaults to approle. Unique name of the auth backend to configure. + description: |- + The unique name of the auth backend to configure. + Defaults to approle. + Unique name of the auth backend to configure. type: string bindSecretId: - description: Whether or not to require secret_id to be presented - when logging in using this AppRole. Defaults to true. Whether - or not to require secret_id to be present when logging in using - this AppRole. + description: |- + Whether or not to require secret_id to be + presented when logging in using this AppRole. Defaults to true. + Whether or not to require secret_id to be present when logging in using this AppRole. type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleId: - description: The RoleID of this role. If not specified, one will - be auto-generated. The RoleID of the role. Autogenerated if - not set. + description: |- + The RoleID of this role. If not specified, one will be + auto-generated. + The RoleID of the role. Autogenerated if not set. type: string roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string secretIdBoundCidrs: - description: If set, specifies blocks of IP addresses which can - perform the login operation. List of CIDR blocks that can log - in using the AppRole. + description: |- + If set, + specifies blocks of IP addresses which can perform the login operation. + List of CIDR blocks that can log in using the AppRole. items: type: string type: array secretIdNumUses: - description: The number of times any particular SecretID can be - used to fetch a token from this AppRole, after which the SecretID - will expire. A value of zero will allow unlimited uses. Number - of times which a particular SecretID can be used to fetch a - token from this AppRole, after which the SecretID will expire. - Leaving this unset or setting it to 0 will allow unlimited uses. + description: |- + The number of times any particular SecretID + can be used to fetch a token from this AppRole, after which the SecretID will + expire. A value of zero will allow unlimited uses. + Number of times which a particular SecretID can be used to fetch a token from this AppRole, after which the SecretID will expire. Leaving this unset or setting it to 0 will allow unlimited uses. type: number secretIdTtl: - description: The number of seconds after which any SecretID expires. + description: |- + The number of seconds after which any SecretID + expires. Number of seconds a SecretID remains valid for. type: number tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object conditions: @@ -604,13 +629,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -621,8 +648,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -631,6 +659,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/approle.vault.upbound.io_authbackendrolesecretids.yaml b/package/crds/approle.vault.upbound.io_authbackendrolesecretids.yaml index adab14f8..e5179a58 100644 --- a/package/crds/approle.vault.upbound.io_authbackendrolesecretids.yaml +++ b/package/crds/approle.vault.upbound.io_authbackendrolesecretids.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendrolesecretids.approle.vault.upbound.io spec: group: approle.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Manages AppRole auth backend role SecretIDs in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -72,32 +78,37 @@ spec: description: Unique name of the auth backend to configure. type: string cidrList: - description: If set, specifies blocks of IP addresses which can - perform the login operation using this SecretID. List of CIDR - blocks that can log in using the SecretID. + description: |- + If set, specifies blocks of IP addresses which can + perform the login operation using this SecretID. + List of CIDR blocks that can log in using the SecretID. items: type: string type: array metadata: - description: A JSON-encoded string containing metadata in key-value - pairs to be set on tokens issued with this SecretID. JSON-encoded - secret data to write. + description: |- + A JSON-encoded string containing metadata in + key-value pairs to be set on tokens issued with this SecretID. + JSON-encoded secret data to write. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleName: - description: The name of the role to create the SecretID for. + description: |- + The name of the role to create the SecretID for. Name of the role. type: string secretIdSecretRef: - description: The SecretID to be created. If set, uses "Push" mode. Defaults - to Vault auto-generating SecretIDs. The SecretID to be managed. - If not specified, Vault auto-generates one. + description: |- + The SecretID to be created. If set, uses "Push" + mode. Defaults to Vault auto-generating SecretIDs. + The SecretID to be managed. If not specified, Vault auto-generates one. properties: key: description: The key to select. @@ -114,91 +125,99 @@ spec: - namespace type: object withWrappedAccessor: - description: Set to true to use the wrapped secret-id accessor - as the resource ID. If false (default value), a fresh secret - ID will be regenerated whenever the wrapping token is expired - or invalidated through unwrapping. Use the wrapped secret-id - accessor as the id of this resource. If false, a fresh secret-id - will be regenerated whenever the wrapping token is expired or + description: |- + Set to true to use the wrapped secret-id accessor as the resource ID. + If false (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or invalidated through unwrapping. + Use the wrapped secret-id accessor as the id of this resource. If false, a fresh secret-id will be regenerated whenever the wrapping token is expired or invalidated through unwrapping. type: boolean wrappingTtl: - description: If set, the SecretID response will be response-wrapped - and available for the duration specified. Only a single unwrapping - of the token is allowed. The TTL duration of the wrapped SecretID. + description: |- + If set, the SecretID response will be + response-wrapped + and available for the duration specified. Only a single unwrapping of the + token is allowed. + The TTL duration of the wrapped SecretID. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: description: Unique name of the auth backend to configure. type: string cidrList: - description: If set, specifies blocks of IP addresses which can - perform the login operation using this SecretID. List of CIDR - blocks that can log in using the SecretID. + description: |- + If set, specifies blocks of IP addresses which can + perform the login operation using this SecretID. + List of CIDR blocks that can log in using the SecretID. items: type: string type: array metadata: - description: A JSON-encoded string containing metadata in key-value - pairs to be set on tokens issued with this SecretID. JSON-encoded - secret data to write. + description: |- + A JSON-encoded string containing metadata in + key-value pairs to be set on tokens issued with this SecretID. + JSON-encoded secret data to write. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleName: - description: The name of the role to create the SecretID for. + description: |- + The name of the role to create the SecretID for. Name of the role. type: string withWrappedAccessor: - description: Set to true to use the wrapped secret-id accessor - as the resource ID. If false (default value), a fresh secret - ID will be regenerated whenever the wrapping token is expired - or invalidated through unwrapping. Use the wrapped secret-id - accessor as the id of this resource. If false, a fresh secret-id - will be regenerated whenever the wrapping token is expired or + description: |- + Set to true to use the wrapped secret-id accessor as the resource ID. + If false (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or invalidated through unwrapping. + Use the wrapped secret-id accessor as the id of this resource. If false, a fresh secret-id will be regenerated whenever the wrapping token is expired or invalidated through unwrapping. type: boolean wrappingTtl: - description: If set, the SecretID response will be response-wrapped - and available for the duration specified. Only a single unwrapping - of the token is allowed. The TTL duration of the wrapped SecretID. + description: |- + If set, the SecretID response will be + response-wrapped + and available for the duration specified. Only a single unwrapping of the + token is allowed. + The TTL duration of the wrapped SecretID. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -211,9 +230,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -223,57 +243,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -283,17 +267,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -303,21 +289,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -332,21 +318,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -357,14 +344,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -391,54 +379,62 @@ spec: atProvider: properties: accessor: - description: The unique ID for this SecretID that can be safely - logged. The unique ID used to access this SecretID. + description: |- + The unique ID for this SecretID that can be safely logged. + The unique ID used to access this SecretID. type: string backend: description: Unique name of the auth backend to configure. type: string cidrList: - description: If set, specifies blocks of IP addresses which can - perform the login operation using this SecretID. List of CIDR - blocks that can log in using the SecretID. + description: |- + If set, specifies blocks of IP addresses which can + perform the login operation using this SecretID. + List of CIDR blocks that can log in using the SecretID. items: type: string type: array id: type: string metadata: - description: A JSON-encoded string containing metadata in key-value - pairs to be set on tokens issued with this SecretID. JSON-encoded - secret data to write. + description: |- + A JSON-encoded string containing metadata in + key-value pairs to be set on tokens issued with this SecretID. + JSON-encoded secret data to write. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleName: - description: The name of the role to create the SecretID for. + description: |- + The name of the role to create the SecretID for. Name of the role. type: string withWrappedAccessor: - description: Set to true to use the wrapped secret-id accessor - as the resource ID. If false (default value), a fresh secret - ID will be regenerated whenever the wrapping token is expired - or invalidated through unwrapping. Use the wrapped secret-id - accessor as the id of this resource. If false, a fresh secret-id - will be regenerated whenever the wrapping token is expired or + description: |- + Set to true to use the wrapped secret-id accessor as the resource ID. + If false (default value), a fresh secret ID will be regenerated whenever the wrapping token is expired or invalidated through unwrapping. + Use the wrapped secret-id accessor as the id of this resource. If false, a fresh secret-id will be regenerated whenever the wrapping token is expired or invalidated through unwrapping. type: boolean wrappingAccessor: - description: The unique ID for the response-wrapped SecretID that - can be safely logged. The wrapped SecretID accessor. + description: |- + The unique ID for the response-wrapped SecretID that can + be safely logged. + The wrapped SecretID accessor. type: string wrappingTtl: - description: If set, the SecretID response will be response-wrapped - and available for the duration specified. Only a single unwrapping - of the token is allowed. The TTL duration of the wrapped SecretID. + description: |- + If set, the SecretID response will be + response-wrapped + and available for the duration specified. Only a single unwrapping of the + token is allowed. + The TTL duration of the wrapped SecretID. type: string type: object conditions: @@ -447,13 +443,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -464,8 +462,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -474,6 +473,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/audit.vault.upbound.io_requestheaders.yaml b/package/crds/audit.vault.upbound.io_requestheaders.yaml index 89c73c71..3f1f6e7b 100644 --- a/package/crds/audit.vault.upbound.io_requestheaders.yaml +++ b/package/crds/audit.vault.upbound.io_requestheaders.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: requestheaders.audit.vault.upbound.io spec: group: audit.vault.upbound.io @@ -38,14 +38,19 @@ spec: audited request headers in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,39 +74,42 @@ spec: forProvider: properties: hmac: - description: Whether this header's value should be HMAC'd in the - audit logs. Whether this header's value should be HMAC'd in - the audit logs. + description: |- + Whether this header's value should be HMAC'd in the audit logs. + Whether this header's value should be HMAC'd in the audit logs. type: boolean name: - description: The name of the request header to audit. The name - of the request header to audit. + description: |- + The name of the request header to audit. + The name of the request header to audit. type: string namespace: description: Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: hmac: - description: Whether this header's value should be HMAC'd in the - audit logs. Whether this header's value should be HMAC'd in - the audit logs. + description: |- + Whether this header's value should be HMAC'd in the audit logs. + Whether this header's value should be HMAC'd in the audit logs. type: boolean name: - description: The name of the request header to audit. The name - of the request header to audit. + description: |- + The name of the request header to audit. + The name of the request header to audit. type: string namespace: description: Target namespace. (requires Enterprise) @@ -109,20 +118,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -135,9 +145,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -147,57 +158,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -207,17 +182,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -227,21 +204,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -256,21 +233,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -281,14 +259,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -314,15 +293,16 @@ spec: atProvider: properties: hmac: - description: Whether this header's value should be HMAC'd in the - audit logs. Whether this header's value should be HMAC'd in - the audit logs. + description: |- + Whether this header's value should be HMAC'd in the audit logs. + Whether this header's value should be HMAC'd in the audit logs. type: boolean id: type: string name: - description: The name of the request header to audit. The name - of the request header to audit. + description: |- + The name of the request header to audit. + The name of the request header to audit. type: string namespace: description: Target namespace. (requires Enterprise) @@ -334,13 +314,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -351,8 +333,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -361,6 +344,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/auth.vault.upbound.io_backends.yaml b/package/crds/auth.vault.upbound.io_backends.yaml index 245e6899..8d913784 100644 --- a/package/crds/auth.vault.upbound.io_backends.yaml +++ b/package/crds/auth.vault.upbound.io_backends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: backends.auth.vault.upbound.io spec: group: auth.vault.upbound.io @@ -38,14 +38,19 @@ spec: an Cert auth backend in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -77,11 +83,12 @@ spec: description: Specifies if the auth method is local only type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: description: path to mount the backend. This defaults to the type. @@ -112,13 +119,12 @@ spec: type: string type: array tokenType: - description: 'The type of token that should be generated. - Can be service, batch, or default to use the mount''s - tuned default (which unless changed will be service tokens). - For token store roles, there are two additional possibilities: - default-service and default-batch which specify the type - to return unless the client requests a different type - at generation time.' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. type: string type: object type: array @@ -127,17 +133,18 @@ spec: type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: description: description: The description of the auth backend @@ -149,11 +156,12 @@ spec: description: Specifies if the auth method is local only type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: description: path to mount the backend. This defaults to the type. @@ -184,13 +192,12 @@ spec: type: string type: array tokenType: - description: 'The type of token that should be generated. - Can be service, batch, or default to use the mount''s - tuned default (which unless changed will be service tokens). - For token store roles, there are two additional possibilities: - default-service and default-batch which specify the type - to return unless the client requests a different type - at generation time.' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. type: string type: object type: array @@ -201,20 +208,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -227,9 +235,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -239,57 +248,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -299,17 +272,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -319,21 +294,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -348,21 +323,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -373,14 +349,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -420,11 +397,12 @@ spec: description: Specifies if the auth method is local only type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: description: path to mount the backend. This defaults to the type. @@ -455,13 +433,12 @@ spec: type: string type: array tokenType: - description: 'The type of token that should be generated. - Can be service, batch, or default to use the mount''s - tuned default (which unless changed will be service tokens). - For token store roles, there are two additional possibilities: - default-service and default-batch which specify the type - to return unless the client requests a different type - at generation time.' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. type: string type: object type: array @@ -475,13 +452,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -492,8 +471,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -502,6 +482,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendcerts.yaml b/package/crds/aws.vault.upbound.io_authbackendcerts.yaml index 0d36d78c..ba8ab7e3 100644 --- a/package/crds/aws.vault.upbound.io_authbackendcerts.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendcerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendcerts.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: a certificate for an AWS Auth Backend in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,93 +74,107 @@ spec: forProvider: properties: awsPublicCert: - description: The Base64 encoded AWS Public key required to verify - PKCS7 signature of the EC2 instance metadata. You can find this - key in the AWS documentation. Base64 encoded AWS Public key - required to verify PKCS7 signature of the EC2 instance metadata. + description: |- + The Base64 encoded AWS Public key required to + verify PKCS7 signature of the EC2 instance metadata. You can find this key in + the AWS + documentation. + Base64 encoded AWS Public key required to verify PKCS7 signature of the EC2 instance metadata. type: string backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string certName: - description: The name of the certificate. Name of the certificate - to configure. + description: |- + The name of the certificate. + Name of the certificate to configure. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: - description: Either "pkcs7" or "identity", indicating the type - of document which can be verified using the given certificate. - Defaults to "pkcs7". The type of document that can be verified - using the certificate. Must be either "pkcs7" or "identity". + description: |- + Either "pkcs7" or "identity", indicating the type of + document which can be verified using the given certificate. Defaults to + "pkcs7". + The type of document that can be verified using the certificate. Must be either "pkcs7" or "identity". type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: awsPublicCert: - description: The Base64 encoded AWS Public key required to verify - PKCS7 signature of the EC2 instance metadata. You can find this - key in the AWS documentation. Base64 encoded AWS Public key - required to verify PKCS7 signature of the EC2 instance metadata. + description: |- + The Base64 encoded AWS Public key required to + verify PKCS7 signature of the EC2 instance metadata. You can find this key in + the AWS + documentation. + Base64 encoded AWS Public key required to verify PKCS7 signature of the EC2 instance metadata. type: string backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string certName: - description: The name of the certificate. Name of the certificate - to configure. + description: |- + The name of the certificate. + Name of the certificate to configure. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: - description: Either "pkcs7" or "identity", indicating the type - of document which can be verified using the given certificate. - Defaults to "pkcs7". The type of document that can be verified - using the certificate. Must be either "pkcs7" or "identity". + description: |- + Either "pkcs7" or "identity", indicating the type of + document which can be verified using the given certificate. Defaults to + "pkcs7". + The type of document that can be verified using the certificate. Must be either "pkcs7" or "identity". type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -167,9 +187,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -179,57 +200,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -239,17 +224,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -259,21 +246,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -288,21 +275,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -313,14 +301,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -350,34 +339,40 @@ spec: atProvider: properties: awsPublicCert: - description: The Base64 encoded AWS Public key required to verify - PKCS7 signature of the EC2 instance metadata. You can find this - key in the AWS documentation. Base64 encoded AWS Public key - required to verify PKCS7 signature of the EC2 instance metadata. + description: |- + The Base64 encoded AWS Public key required to + verify PKCS7 signature of the EC2 instance metadata. You can find this key in + the AWS + documentation. + Base64 encoded AWS Public key required to verify PKCS7 signature of the EC2 instance metadata. type: string backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string certName: - description: The name of the certificate. Name of the certificate - to configure. + description: |- + The name of the certificate. + Name of the certificate to configure. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: - description: Either "pkcs7" or "identity", indicating the type - of document which can be verified using the given certificate. - Defaults to "pkcs7". The type of document that can be verified - using the certificate. Must be either "pkcs7" or "identity". + description: |- + Either "pkcs7" or "identity", indicating the type of + document which can be verified using the given certificate. Defaults to + "pkcs7". + The type of document that can be verified using the certificate. Must be either "pkcs7" or "identity". type: string type: object conditions: @@ -386,13 +381,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -403,8 +400,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -413,6 +411,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendclients.yaml b/package/crds/aws.vault.upbound.io_authbackendclients.yaml index ed4cf37c..9c3d3e3c 100644 --- a/package/crds/aws.vault.upbound.io_authbackendclients.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendclients.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendclients.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: Configures the client used by an AWS Auth Backend in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,8 +74,10 @@ spec: forProvider: properties: accessKeySecretRef: - description: The AWS access key that Vault should use for the - auth backend. AWS Access key with permissions to query AWS APIs. + description: |- + The AWS access key that Vault should use for the + auth backend. + AWS Access key with permissions to query AWS APIs. properties: key: description: The key to select. @@ -86,37 +94,43 @@ spec: - namespace type: object backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string ec2Endpoint: - description: Override the URL Vault uses when making EC2 API calls. - URL to override the default generated endpoint for making AWS - EC2 API calls. + description: |- + Override the URL Vault uses when making EC2 API + calls. + URL to override the default generated endpoint for making AWS EC2 API calls. type: string iamEndpoint: - description: Override the URL Vault uses when making IAM API calls. - URL to override the default generated endpoint for making AWS - IAM API calls. + description: |- + Override the URL Vault uses when making IAM API + calls. + URL to override the default generated endpoint for making AWS IAM API calls. type: string iamServerIdHeaderValue: - description: The value to require in the X-Vault-AWS-IAM-Server-ID - header as part of GetCallerIdentity requests that are used in - the IAM auth method. The value to require in the X-Vault-AWS-IAM-Server-ID - header as part of GetCallerIdentity requests that are used in - the iam auth method. + description: |- + The value to require in the + X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests + that are used in the IAM auth method. + The value to require in the X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests that are used in the iam auth method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string secretKeySecretRef: - description: The AWS secret key that Vault should use for the - auth backend. AWS Secret key with permissions to query AWS APIs. + description: |- + The AWS secret key that Vault should use for the + auth backend. + AWS Secret key with permissions to query AWS APIs. properties: key: description: The key to select. @@ -133,106 +147,114 @@ spec: - namespace type: object stsEndpoint: - description: Override the URL Vault uses when making STS API calls. - URL to override the default generated endpoint for making AWS - STS API calls. + description: |- + Override the URL Vault uses when making STS API + calls. + URL to override the default generated endpoint for making AWS STS API calls. type: string stsRegion: - description: Override the default region when making STS API calls. - The sts_endpoint argument must be set when using sts_region. - Region to override the default region for making AWS STS API - calls. + description: |- + Override the default region when making STS API + calls. The sts_endpoint argument must be set when using sts_region. + Region to override the default region for making AWS STS API calls. type: string useStsRegionFromClient: - description: Available in Vault v1.15+. If set, overrides both - sts_endpoint and sts_region to instead use the region specified - in the client request headers for IAM-based authentication. - This can be useful when you have client requests coming from - different regions and want flexibility in which regional STS - API is used. If set, will override sts_region and use the region - from the client request's header + description: |- + Available in Vault v1.15+. If set, + overrides both sts_endpoint and sts_region to instead use the region + specified in the client request headers for IAM-based authentication. + This can be useful when you have client requests coming from different + regions and want flexibility in which regional STS API is used. + If set, will override sts_region and use the region from the client request's header type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string ec2Endpoint: - description: Override the URL Vault uses when making EC2 API calls. - URL to override the default generated endpoint for making AWS - EC2 API calls. + description: |- + Override the URL Vault uses when making EC2 API + calls. + URL to override the default generated endpoint for making AWS EC2 API calls. type: string iamEndpoint: - description: Override the URL Vault uses when making IAM API calls. - URL to override the default generated endpoint for making AWS - IAM API calls. + description: |- + Override the URL Vault uses when making IAM API + calls. + URL to override the default generated endpoint for making AWS IAM API calls. type: string iamServerIdHeaderValue: - description: The value to require in the X-Vault-AWS-IAM-Server-ID - header as part of GetCallerIdentity requests that are used in - the IAM auth method. The value to require in the X-Vault-AWS-IAM-Server-ID - header as part of GetCallerIdentity requests that are used in - the iam auth method. + description: |- + The value to require in the + X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests + that are used in the IAM auth method. + The value to require in the X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests that are used in the iam auth method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string stsEndpoint: - description: Override the URL Vault uses when making STS API calls. - URL to override the default generated endpoint for making AWS - STS API calls. + description: |- + Override the URL Vault uses when making STS API + calls. + URL to override the default generated endpoint for making AWS STS API calls. type: string stsRegion: - description: Override the default region when making STS API calls. - The sts_endpoint argument must be set when using sts_region. - Region to override the default region for making AWS STS API - calls. + description: |- + Override the default region when making STS API + calls. The sts_endpoint argument must be set when using sts_region. + Region to override the default region for making AWS STS API calls. type: string useStsRegionFromClient: - description: Available in Vault v1.15+. If set, overrides both - sts_endpoint and sts_region to instead use the region specified - in the client request headers for IAM-based authentication. - This can be useful when you have client requests coming from - different regions and want flexibility in which regional STS - API is used. If set, will override sts_region and use the region - from the client request's header + description: |- + Available in Vault v1.15+. If set, + overrides both sts_endpoint and sts_region to instead use the region + specified in the client request headers for IAM-based authentication. + This can be useful when you have client requests coming from different + regions and want flexibility in which regional STS API is used. + If set, will override sts_region and use the region from the client request's header type: boolean type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -245,45 +267,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -293,21 +280,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -317,17 +304,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -337,21 +326,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -366,21 +355,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -391,14 +381,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -419,55 +410,60 @@ spec: atProvider: properties: backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string ec2Endpoint: - description: Override the URL Vault uses when making EC2 API calls. - URL to override the default generated endpoint for making AWS - EC2 API calls. + description: |- + Override the URL Vault uses when making EC2 API + calls. + URL to override the default generated endpoint for making AWS EC2 API calls. type: string iamEndpoint: - description: Override the URL Vault uses when making IAM API calls. - URL to override the default generated endpoint for making AWS - IAM API calls. + description: |- + Override the URL Vault uses when making IAM API + calls. + URL to override the default generated endpoint for making AWS IAM API calls. type: string iamServerIdHeaderValue: - description: The value to require in the X-Vault-AWS-IAM-Server-ID - header as part of GetCallerIdentity requests that are used in - the IAM auth method. The value to require in the X-Vault-AWS-IAM-Server-ID - header as part of GetCallerIdentity requests that are used in - the iam auth method. + description: |- + The value to require in the + X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests + that are used in the IAM auth method. + The value to require in the X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests that are used in the iam auth method. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string stsEndpoint: - description: Override the URL Vault uses when making STS API calls. - URL to override the default generated endpoint for making AWS - STS API calls. + description: |- + Override the URL Vault uses when making STS API + calls. + URL to override the default generated endpoint for making AWS STS API calls. type: string stsRegion: - description: Override the default region when making STS API calls. - The sts_endpoint argument must be set when using sts_region. - Region to override the default region for making AWS STS API - calls. + description: |- + Override the default region when making STS API + calls. The sts_endpoint argument must be set when using sts_region. + Region to override the default region for making AWS STS API calls. type: string useStsRegionFromClient: - description: Available in Vault v1.15+. If set, overrides both - sts_endpoint and sts_region to instead use the region specified - in the client request headers for IAM-based authentication. - This can be useful when you have client requests coming from - different regions and want flexibility in which regional STS - API is used. If set, will override sts_region and use the region - from the client request's header + description: |- + Available in Vault v1.15+. If set, + overrides both sts_endpoint and sts_region to instead use the region + specified in the client request headers for IAM-based authentication. + This can be useful when you have client requests coming from different + regions and want flexibility in which regional STS API is used. + If set, will override sts_region and use the region from the client request's header type: boolean type: object conditions: @@ -476,13 +472,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -493,8 +491,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -503,6 +502,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendconfigidentities.yaml b/package/crds/aws.vault.upbound.io_authbackendconfigidentities.yaml index a56d67a0..5870bcd9 100644 --- a/package/crds/aws.vault.upbound.io_authbackendconfigidentities.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendconfigidentities.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendconfigidentities.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Manages AWS auth backend identity configuration in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -72,110 +78,114 @@ spec: description: Unique name of the auth backend to configure. type: string ec2Alias: - description: How to generate the identity alias when using the - ec2 auth method. Valid choices are role_id, instance_id, and - image_id. Defaults to role_id Configures how to generate the - identity alias when using the ec2 auth method. + description: |- + How to generate the identity alias when using the ec2 auth method. Valid choices are + role_id, instance_id, and image_id. Defaults to role_id + Configures how to generate the identity alias when using the ec2 auth method. type: string ec2Metadata: - description: The metadata to include on the token returned by - the login endpoint. This metadata will be added to both audit - logs, and on the ec2_alias The metadata to include on the token - returned by the login endpoint. + description: |- + The metadata to include on the token returned by the login endpoint. This metadata will be + added to both audit logs, and on the ec2_alias + The metadata to include on the token returned by the login endpoint. items: type: string type: array iamAlias: - description: How to generate the identity alias when using the - iam auth method. Valid choices are role_id, unique_id, and full_arn. - Defaults to role_id How to generate the identity alias when - using the iam auth method. + description: |- + How to generate the identity alias when using the iam auth method. Valid choices are + role_id, unique_id, and full_arn. Defaults to role_id + How to generate the identity alias when using the iam auth method. type: string iamMetadata: - description: The metadata to include on the token returned by - the login endpoint. This metadata will be added to both audit - logs, and on the iam_alias The metadata to include on the token - returned by the login endpoint. + description: |- + The metadata to include on the token returned by the login endpoint. This metadata will be + added to both audit logs, and on the iam_alias + The metadata to include on the token returned by the login endpoint. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: description: Unique name of the auth backend to configure. type: string ec2Alias: - description: How to generate the identity alias when using the - ec2 auth method. Valid choices are role_id, instance_id, and - image_id. Defaults to role_id Configures how to generate the - identity alias when using the ec2 auth method. + description: |- + How to generate the identity alias when using the ec2 auth method. Valid choices are + role_id, instance_id, and image_id. Defaults to role_id + Configures how to generate the identity alias when using the ec2 auth method. type: string ec2Metadata: - description: The metadata to include on the token returned by - the login endpoint. This metadata will be added to both audit - logs, and on the ec2_alias The metadata to include on the token - returned by the login endpoint. + description: |- + The metadata to include on the token returned by the login endpoint. This metadata will be + added to both audit logs, and on the ec2_alias + The metadata to include on the token returned by the login endpoint. items: type: string type: array iamAlias: - description: How to generate the identity alias when using the - iam auth method. Valid choices are role_id, unique_id, and full_arn. - Defaults to role_id How to generate the identity alias when - using the iam auth method. + description: |- + How to generate the identity alias when using the iam auth method. Valid choices are + role_id, unique_id, and full_arn. Defaults to role_id + How to generate the identity alias when using the iam auth method. type: string iamMetadata: - description: The metadata to include on the token returned by - the login endpoint. This metadata will be added to both audit - logs, and on the iam_alias The metadata to include on the token - returned by the login endpoint. + description: |- + The metadata to include on the token returned by the login endpoint. This metadata will be + added to both audit logs, and on the iam_alias + The metadata to include on the token returned by the login endpoint. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -188,9 +198,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -200,57 +211,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -260,17 +235,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -280,21 +257,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -309,21 +286,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -334,14 +312,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -366,41 +345,42 @@ spec: description: Unique name of the auth backend to configure. type: string ec2Alias: - description: How to generate the identity alias when using the - ec2 auth method. Valid choices are role_id, instance_id, and - image_id. Defaults to role_id Configures how to generate the - identity alias when using the ec2 auth method. + description: |- + How to generate the identity alias when using the ec2 auth method. Valid choices are + role_id, instance_id, and image_id. Defaults to role_id + Configures how to generate the identity alias when using the ec2 auth method. type: string ec2Metadata: - description: The metadata to include on the token returned by - the login endpoint. This metadata will be added to both audit - logs, and on the ec2_alias The metadata to include on the token - returned by the login endpoint. + description: |- + The metadata to include on the token returned by the login endpoint. This metadata will be + added to both audit logs, and on the ec2_alias + The metadata to include on the token returned by the login endpoint. items: type: string type: array iamAlias: - description: How to generate the identity alias when using the - iam auth method. Valid choices are role_id, unique_id, and full_arn. - Defaults to role_id How to generate the identity alias when - using the iam auth method. + description: |- + How to generate the identity alias when using the iam auth method. Valid choices are + role_id, unique_id, and full_arn. Defaults to role_id + How to generate the identity alias when using the iam auth method. type: string iamMetadata: - description: The metadata to include on the token returned by - the login endpoint. This metadata will be added to both audit - logs, and on the iam_alias The metadata to include on the token - returned by the login endpoint. + description: |- + The metadata to include on the token returned by the login endpoint. This metadata will be + added to both audit logs, and on the iam_alias + The metadata to include on the token returned by the login endpoint. items: type: string type: array id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -409,13 +389,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -426,8 +408,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -436,6 +419,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendidentitywhitelists.yaml b/package/crds/aws.vault.upbound.io_authbackendidentitywhitelists.yaml index 160753c7..83ecb809 100644 --- a/package/crds/aws.vault.upbound.io_authbackendidentitywhitelists.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendidentitywhitelists.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendidentitywhitelists.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -39,14 +39,19 @@ spec: entries. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,13 +61,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -70,83 +76,91 @@ spec: forProvider: properties: backend: - description: The path of the AWS backend being configured. Unique - name of the auth backend to configure. + description: |- + The path of the AWS backend being configured. + Unique name of the auth backend to configure. type: string disablePeriodicTidy: - description: If set to true, disables the periodic tidying of - the identity-whitelist entries. If true, disables the periodic - tidying of the identiy whitelist entries. + description: |- + If set to true, disables the periodic + tidying of the identity-whitelist entries. + If true, disables the periodic tidying of the identiy whitelist entries. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string safetyBuffer: - description: The amount of extra time, in minutes, that must have - passed beyond the roletag expiration, before it is removed from - the backend storage. The amount of extra time that must have - passed beyond the roletag expiration, before it's removed from + description: |- + The amount of extra time, in minutes, that must + have passed beyond the roletag expiration, before it is removed from the backend storage. + The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path of the AWS backend being configured. Unique - name of the auth backend to configure. + description: |- + The path of the AWS backend being configured. + Unique name of the auth backend to configure. type: string disablePeriodicTidy: - description: If set to true, disables the periodic tidying of - the identity-whitelist entries. If true, disables the periodic - tidying of the identiy whitelist entries. + description: |- + If set to true, disables the periodic + tidying of the identity-whitelist entries. + If true, disables the periodic tidying of the identiy whitelist entries. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string safetyBuffer: - description: The amount of extra time, in minutes, that must have - passed beyond the roletag expiration, before it is removed from - the backend storage. The amount of extra time that must have - passed beyond the roletag expiration, before it's removed from + description: |- + The amount of extra time, in minutes, that must + have passed beyond the roletag expiration, before it is removed from the backend storage. + The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -159,9 +173,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -171,57 +186,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -231,17 +210,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -251,21 +232,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -280,21 +261,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -305,14 +287,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -334,29 +317,32 @@ spec: atProvider: properties: backend: - description: The path of the AWS backend being configured. Unique - name of the auth backend to configure. + description: |- + The path of the AWS backend being configured. + Unique name of the auth backend to configure. type: string disablePeriodicTidy: - description: If set to true, disables the periodic tidying of - the identity-whitelist entries. If true, disables the periodic - tidying of the identiy whitelist entries. + description: |- + If set to true, disables the periodic + tidying of the identity-whitelist entries. + If true, disables the periodic tidying of the identiy whitelist entries. type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string safetyBuffer: - description: The amount of extra time, in minutes, that must have - passed beyond the roletag expiration, before it is removed from - the backend storage. The amount of extra time that must have - passed beyond the roletag expiration, before it's removed from + description: |- + The amount of extra time, in minutes, that must + have passed beyond the roletag expiration, before it is removed from the backend storage. + The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage. type: number type: object conditions: @@ -365,13 +351,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -382,8 +370,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -392,6 +381,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendlogins.yaml b/package/crds/aws.vault.upbound.io_authbackendlogins.yaml index 9a731fda..2abfff81 100644 --- a/package/crds/aws.vault.upbound.io_authbackendlogins.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendlogins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendlogins.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: Manages Vault tokens acquired using the AWS auth backend. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,159 +74,183 @@ spec: forProvider: properties: backend: - description: The unique name of the AWS auth backend. Defaults - to 'aws'. AWS Auth Backend to read the token from. + description: |- + The unique name of the AWS auth backend. Defaults to + 'aws'. + AWS Auth Backend to read the token from. type: string iamHttpRequestMethod: - description: The HTTP method used in the signed IAM request. The - HTTP method used in the signed request. + description: |- + The HTTP method used in the signed IAM + request. + The HTTP method used in the signed request. type: string iamRequestBody: - description: The base64-encoded body of the signed request. The - Base64-encoded body of the signed request. + description: |- + The base64-encoded body of the signed + request. + The Base64-encoded body of the signed request. type: string iamRequestHeaders: - description: The base64-encoded, JSON serialized representation - of the GetCallerIdentity HTTP request headers. The Base64-encoded, - JSON serialized representation of the sts:GetCallerIdentity - HTTP request headers. + description: |- + The base64-encoded, JSON serialized + representation of the GetCallerIdentity HTTP request headers. + The Base64-encoded, JSON serialized representation of the sts:GetCallerIdentity HTTP request headers. type: string iamRequestUrl: - description: The base64-encoded HTTP URL used in the signed request. + description: |- + The base64-encoded HTTP URL used in the signed + request. The Base64-encoded HTTP URL used in the signed request. type: string identity: - description: The base64-encoded EC2 instance identity document - to authenticate with. Can be retrieved from the EC2 metadata - server. Base64-encoded EC2 instance identity document to authenticate - with. + description: |- + The base64-encoded EC2 instance identity document to + authenticate with. Can be retrieved from the EC2 metadata server. + Base64-encoded EC2 instance identity document to authenticate with. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string nonce: - description: The unique nonce to be used for login requests. Can - be set to a user-specified value, or will contain the server-generated - value once a token is issued. EC2 instances can only acquire - a single token until the whitelist is tidied again unless they - keep track of this nonce. The nonce to be used for subsequent - login requests. + description: |- + The unique nonce to be used for login requests. Can be + set to a user-specified value, or will contain the server-generated value + once a token is issued. EC2 instances can only acquire a single token until + the whitelist is tidied again unless they keep track of this nonce. + The nonce to be used for subsequent login requests. type: string pkcs7: - description: The PKCS#7 signature of the identity document to - authenticate with, with all newline characters removed. Can - be retrieved from the EC2 metadata server. PKCS7 signature of - the identity document to authenticate with, with all newline - characters removed. + description: |- + The PKCS#7 signature of the identity document to + authenticate with, with all newline characters removed. Can be retrieved from + the EC2 metadata server. + PKCS7 signature of the identity document to authenticate with, with all newline characters removed. type: string role: - description: The name of the AWS auth backend role to create tokens - against. AWS Auth Role to read the token from. + description: |- + The name of the AWS auth backend role to create tokens + against. + AWS Auth Role to read the token from. type: string signature: - description: The base64-encoded SHA256 RSA signature of the instance - identity document to authenticate with, with all newline characters - removed. Can be retrieved from the EC2 metadata server. Base64-encoded - SHA256 RSA signature of the instance identtiy document to authenticate - with. + description: |- + The base64-encoded SHA256 RSA signature of the + instance identity document to authenticate with, with all newline characters + removed. Can be retrieved from the EC2 metadata server. + Base64-encoded SHA256 RSA signature of the instance identtiy document to authenticate with. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The unique name of the AWS auth backend. Defaults - to 'aws'. AWS Auth Backend to read the token from. + description: |- + The unique name of the AWS auth backend. Defaults to + 'aws'. + AWS Auth Backend to read the token from. type: string iamHttpRequestMethod: - description: The HTTP method used in the signed IAM request. The - HTTP method used in the signed request. + description: |- + The HTTP method used in the signed IAM + request. + The HTTP method used in the signed request. type: string iamRequestBody: - description: The base64-encoded body of the signed request. The - Base64-encoded body of the signed request. + description: |- + The base64-encoded body of the signed + request. + The Base64-encoded body of the signed request. type: string iamRequestHeaders: - description: The base64-encoded, JSON serialized representation - of the GetCallerIdentity HTTP request headers. The Base64-encoded, - JSON serialized representation of the sts:GetCallerIdentity - HTTP request headers. + description: |- + The base64-encoded, JSON serialized + representation of the GetCallerIdentity HTTP request headers. + The Base64-encoded, JSON serialized representation of the sts:GetCallerIdentity HTTP request headers. type: string iamRequestUrl: - description: The base64-encoded HTTP URL used in the signed request. + description: |- + The base64-encoded HTTP URL used in the signed + request. The Base64-encoded HTTP URL used in the signed request. type: string identity: - description: The base64-encoded EC2 instance identity document - to authenticate with. Can be retrieved from the EC2 metadata - server. Base64-encoded EC2 instance identity document to authenticate - with. + description: |- + The base64-encoded EC2 instance identity document to + authenticate with. Can be retrieved from the EC2 metadata server. + Base64-encoded EC2 instance identity document to authenticate with. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string nonce: - description: The unique nonce to be used for login requests. Can - be set to a user-specified value, or will contain the server-generated - value once a token is issued. EC2 instances can only acquire - a single token until the whitelist is tidied again unless they - keep track of this nonce. The nonce to be used for subsequent - login requests. + description: |- + The unique nonce to be used for login requests. Can be + set to a user-specified value, or will contain the server-generated value + once a token is issued. EC2 instances can only acquire a single token until + the whitelist is tidied again unless they keep track of this nonce. + The nonce to be used for subsequent login requests. type: string pkcs7: - description: The PKCS#7 signature of the identity document to - authenticate with, with all newline characters removed. Can - be retrieved from the EC2 metadata server. PKCS7 signature of - the identity document to authenticate with, with all newline - characters removed. + description: |- + The PKCS#7 signature of the identity document to + authenticate with, with all newline characters removed. Can be retrieved from + the EC2 metadata server. + PKCS7 signature of the identity document to authenticate with, with all newline characters removed. type: string role: - description: The name of the AWS auth backend role to create tokens - against. AWS Auth Role to read the token from. + description: |- + The name of the AWS auth backend role to create tokens + against. + AWS Auth Role to read the token from. type: string signature: - description: The base64-encoded SHA256 RSA signature of the instance - identity document to authenticate with, with all newline characters - removed. Can be retrieved from the EC2 metadata server. Base64-encoded - SHA256 RSA signature of the instance identtiy document to authenticate - with. + description: |- + The base64-encoded SHA256 RSA signature of the + instance identity document to authenticate with, with all newline characters + removed. Can be retrieved from the EC2 metadata server. + Base64-encoded SHA256 RSA signature of the instance identtiy document to authenticate with. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -233,9 +263,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -245,57 +276,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -305,17 +300,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -325,21 +322,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -354,21 +351,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -379,14 +377,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -407,104 +406,120 @@ spec: atProvider: properties: accessor: - description: The token's accessor. The accessor returned from - Vault for this token. + description: |- + The token's accessor. + The accessor returned from Vault for this token. type: string authType: - description: The authentication type used to generate this token. + description: |- + The authentication type used to generate this token. The auth method used to generate this token. type: string backend: - description: The unique name of the AWS auth backend. Defaults - to 'aws'. AWS Auth Backend to read the token from. + description: |- + The unique name of the AWS auth backend. Defaults to + 'aws'. + AWS Auth Backend to read the token from. type: string iamHttpRequestMethod: - description: The HTTP method used in the signed IAM request. The - HTTP method used in the signed request. + description: |- + The HTTP method used in the signed IAM + request. + The HTTP method used in the signed request. type: string iamRequestBody: - description: The base64-encoded body of the signed request. The - Base64-encoded body of the signed request. + description: |- + The base64-encoded body of the signed + request. + The Base64-encoded body of the signed request. type: string iamRequestHeaders: - description: The base64-encoded, JSON serialized representation - of the GetCallerIdentity HTTP request headers. The Base64-encoded, - JSON serialized representation of the sts:GetCallerIdentity - HTTP request headers. + description: |- + The base64-encoded, JSON serialized + representation of the GetCallerIdentity HTTP request headers. + The Base64-encoded, JSON serialized representation of the sts:GetCallerIdentity HTTP request headers. type: string iamRequestUrl: - description: The base64-encoded HTTP URL used in the signed request. + description: |- + The base64-encoded HTTP URL used in the signed + request. The Base64-encoded HTTP URL used in the signed request. type: string id: type: string identity: - description: The base64-encoded EC2 instance identity document - to authenticate with. Can be retrieved from the EC2 metadata - server. Base64-encoded EC2 instance identity document to authenticate - with. + description: |- + The base64-encoded EC2 instance identity document to + authenticate with. Can be retrieved from the EC2 metadata server. + Base64-encoded EC2 instance identity document to authenticate with. type: string leaseDuration: - description: The duration in seconds the token will be valid, - relative to the time in lease_start_time. Lease duration in - seconds relative to the time in lease_start_time. + description: |- + The duration in seconds the token will be valid, relative + to the time in lease_start_time. + Lease duration in seconds relative to the time in lease_start_time. type: number leaseStartTime: - description: the approximate time at which the token was created, - using the clock of the system where Upbound official provider - was running. time at which the lease was read, using the clock - of the system where Upbound official provider was running + description: |- + the approximate time at which the token was created, + using the clock of the system where Upbound official provider was running. + time at which the lease was read, using the clock of the system where Upbound official provider was running type: string metadata: additionalProperties: type: string - description: A map of information returned by the Vault server - about the authentication used to generate this token. The metadata - reported by the Vault server. + description: |- + A map of information returned by the Vault server about the + authentication used to generate this token. + The metadata reported by the Vault server. type: object namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string nonce: - description: The unique nonce to be used for login requests. Can - be set to a user-specified value, or will contain the server-generated - value once a token is issued. EC2 instances can only acquire - a single token until the whitelist is tidied again unless they - keep track of this nonce. The nonce to be used for subsequent - login requests. + description: |- + The unique nonce to be used for login requests. Can be + set to a user-specified value, or will contain the server-generated value + once a token is issued. EC2 instances can only acquire a single token until + the whitelist is tidied again unless they keep track of this nonce. + The nonce to be used for subsequent login requests. type: string pkcs7: - description: The PKCS#7 signature of the identity document to - authenticate with, with all newline characters removed. Can - be retrieved from the EC2 metadata server. PKCS7 signature of - the identity document to authenticate with, with all newline - characters removed. + description: |- + The PKCS#7 signature of the identity document to + authenticate with, with all newline characters removed. Can be retrieved from + the EC2 metadata server. + PKCS7 signature of the identity document to authenticate with, with all newline characters removed. type: string policies: - description: The Vault policies assigned to this token. The policies - assigned to this token. + description: |- + The Vault policies assigned to this token. + The policies assigned to this token. items: type: string type: array renewable: - description: Set to true if the token can be extended through - renewal. True if the duration of this lease can be extended - through renewal. + description: |- + Set to true if the token can be extended through renewal. + True if the duration of this lease can be extended through renewal. type: boolean role: - description: The name of the AWS auth backend role to create tokens - against. AWS Auth Role to read the token from. + description: |- + The name of the AWS auth backend role to create tokens + against. + AWS Auth Role to read the token from. type: string signature: - description: The base64-encoded SHA256 RSA signature of the instance - identity document to authenticate with, with all newline characters - removed. Can be retrieved from the EC2 metadata server. Base64-encoded - SHA256 RSA signature of the instance identtiy document to authenticate - with. + description: |- + The base64-encoded SHA256 RSA signature of the + instance identity document to authenticate with, with all newline characters + removed. Can be retrieved from the EC2 metadata server. + Base64-encoded SHA256 RSA signature of the instance identtiy document to authenticate with. type: string type: object conditions: @@ -513,13 +528,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -530,8 +547,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -540,6 +558,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendroles.yaml b/package/crds/aws.vault.upbound.io_authbackendroles.yaml index ed51fecf..178af8c9 100644 --- a/package/crds/aws.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: AWS auth backend roles in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,37 +74,39 @@ spec: forProvider: properties: allowInstanceMigration: - description: If set to true, allows migration of the underlying - instance where the client resides. When true, allows migration - of the underlying instance where the client resides. Use with - caution. + description: |- + If set to true, allows migration of + the underlying instance where the client resides. + When true, allows migration of the underlying instance where the client resides. Use with caution. type: boolean authType: - description: The auth type permitted for this role. Valid choices - are ec2 and iam. Defaults to iam. The auth type permitted for - this role. + description: |- + The auth type permitted for this role. Valid choices + are ec2 and iam. Defaults to iam. + The auth type permitted for this role. type: string backend: - description: Path to the mounted aws auth backend. Unique name - of the auth backend to configure. + description: |- + Path to the mounted aws auth backend. + Unique name of the auth backend to configure. type: string boundAccountIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they should be using - the account ID specified by this field. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances with this account ID - in their identity document will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they should be using the + account ID specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances with this account ID in their identity document will be permitted to log in. items: type: string type: array boundAmiIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they should be using - the AMI ID specified by this field. auth_type must be set to - ec2 or inferred_entity_type must be set to ec2_instance to use - this constraint. Only EC2 instances using this AMI ID will be - permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that they should be using the AMI ID + specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances using this AMI ID will be permitted to log in. items: type: string type: array @@ -109,223 +117,243 @@ spec: type: string type: array boundIamInstanceProfileArns: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they must be associated - with an IAM instance profile ARN which has a prefix that matches - the value specified by this field. The value is prefix-matched - as though it were a glob ending in *. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances associated with an IAM - instance profile ARN that matches this value will be permitted - to log in. + description: |- + If set, defines a constraint on + the EC2 instances that can perform the login operation that they must be + associated with an IAM instance profile ARN which has a prefix that matches + the value specified by this field. The value is prefix-matched as though it + were a glob ending in *. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in. items: type: string type: array boundIamPrincipalArns: - description: If set, defines the IAM principal that must be authenticated - when auth_type is set to iam. Wildcards are supported at the - end of the ARN. The IAM principal that must be authenticated - using the iam auth method. + description: |- + If set, defines the IAM principal that + must be authenticated when auth_type is set to iam. Wildcards are + supported at the end of the ARN. + The IAM principal that must be authenticated using the iam auth method. items: type: string type: array boundIamRoleArns: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they must match the - IAM role ARN specified by this field. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances that match this IAM - role ARN will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they must match the IAM + role ARN specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances that match this IAM role ARN will be permitted to log in. items: type: string type: array boundRegions: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that the region in their - identity document must match the one specified by this field. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. Only EC2 instances - in this region will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that the region in their identity + document must match the one specified by this field. auth_type must be set + to ec2 or inferred_entity_type must be set to ec2_instance to use this + constraint. + Only EC2 instances in this region will be permitted to log in. items: type: string type: array boundSubnetIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they be associated - with the subnet ID that matches the value specified by this - field. auth_type must be set to ec2 or inferred_entity_type - must be set to ec2_instance to use this constraint. Only EC2 - instances associated with this subnet ID will be permitted to - log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they be associated with + the subnet ID that matches the value specified by this field. auth_type + must be set to ec2 or inferred_entity_type must be set to ec2_instance + to use this constraint. + Only EC2 instances associated with this subnet ID will be permitted to log in. items: type: string type: array boundVpcIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they be associated - with the VPC ID that matches the value specified by this field. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. Only EC2 instances - associated with this VPC ID will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that they be associated with the VPC ID + that matches the value specified by this field. auth_type must be set to + ec2 or inferred_entity_type must be set to ec2_instance to use this + constraint. + Only EC2 instances associated with this VPC ID will be permitted to log in. items: type: string type: array disallowReauthentication: - description: IF set to true, only allows a single token to be - granted per instance ID. This can only be set when auth_type - is set to ec2. When true, only allows a single token to be granted - per instance ID. + description: |- + IF set to true, only allows a + single token to be granted per instance ID. This can only be set when + auth_type is set to ec2. + When true, only allows a single token to be granted per instance ID. type: boolean inferredAwsRegion: - description: When inferred_entity_type is set, this is the region - to search for the inferred entities. Required if inferred_entity_type - is set. This only applies when auth_type is set to iam. The - region to search for the inferred entities in. + description: |- + When inferred_entity_type is set, this + is the region to search for the inferred entities. Required if + inferred_entity_type is set. This only applies when auth_type is set to + iam. + The region to search for the inferred entities in. type: string inferredEntityType: - description: If set, instructs Vault to turn on inferencing. The - only valid value is ec2_instance, which instructs Vault to infer - that the role comes from an EC2 instance in an IAM instance - profile. This only applies when auth_type is set to iam. The - type of inferencing Vault should do. + description: |- + If set, instructs Vault to turn on + inferencing. The only valid value is ec2_instance, which instructs Vault to + infer that the role comes from an EC2 instance in an IAM instance profile. + This only applies when auth_type is set to iam. + The type of inferencing Vault should do. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string resolveAwsUniqueIds: - description: Only valid when auth_type is iam. If set to true, - the bound_iam_principal_arns are resolved to AWS Unique IDs - for the bound principal ARN. This field is ignored when a bound_iam_principal_arn - ends in a wildcard. Resolving to unique IDs more closely mimics - the behavior of AWS services in that if an IAM user or role - is deleted and a new one is recreated with the same name, those - new users or roles won't get access to roles in Vault that were - permissioned to the prior principals of the same name. Defaults - to true. Once set to true, this cannot be changed to false without - recreating the role. Whether or not Vault should resolve the - bound_iam_principal_arn to an AWS Unique ID. When true, deleting - a principal and recreating it with the same name won't automatically - grant the new principal the same roles in Vault that the old - principal had. + description: |- + Only valid when + auth_type is iam. If set to true, the bound_iam_principal_arns are + resolved to AWS Unique + IDs + for the bound principal ARN. This field is ignored when a + bound_iam_principal_arn ends in a wildcard. Resolving to unique IDs more + closely mimics the behavior of AWS services in that if an IAM user or role is + deleted and a new one is recreated with the same name, those new users or + roles won't get access to roles in Vault that were permissioned to the prior + principals of the same name. Defaults to true. + Once set to true, this cannot be changed to false without recreating the role. + Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID. When true, deleting a principal and recreating it with the same name won't automatically grant the new principal the same roles in Vault that the old principal had. type: boolean role: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string roleTag: - description: If set, enable role tags for this role. The value - set for this field should be the key of the tag on the EC2 instance. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. The key of the tag - on EC2 instance to use for role tags. + description: |- + If set, enable role tags for this role. The value set + for this field should be the key of the tag on the EC2 instance. auth_type + must be set to ec2 or inferred_entity_type must be set to ec2_instance + to use this constraint. + The key of the tag on EC2 instance to use for role tags. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowInstanceMigration: - description: If set to true, allows migration of the underlying - instance where the client resides. When true, allows migration - of the underlying instance where the client resides. Use with - caution. + description: |- + If set to true, allows migration of + the underlying instance where the client resides. + When true, allows migration of the underlying instance where the client resides. Use with caution. type: boolean authType: - description: The auth type permitted for this role. Valid choices - are ec2 and iam. Defaults to iam. The auth type permitted for - this role. + description: |- + The auth type permitted for this role. Valid choices + are ec2 and iam. Defaults to iam. + The auth type permitted for this role. type: string backend: - description: Path to the mounted aws auth backend. Unique name - of the auth backend to configure. + description: |- + Path to the mounted aws auth backend. + Unique name of the auth backend to configure. type: string boundAccountIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they should be using - the account ID specified by this field. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances with this account ID - in their identity document will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they should be using the + account ID specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances with this account ID in their identity document will be permitted to log in. items: type: string type: array boundAmiIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they should be using - the AMI ID specified by this field. auth_type must be set to - ec2 or inferred_entity_type must be set to ec2_instance to use - this constraint. Only EC2 instances using this AMI ID will be - permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that they should be using the AMI ID + specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances using this AMI ID will be permitted to log in. items: type: string type: array @@ -336,195 +364,213 @@ spec: type: string type: array boundIamInstanceProfileArns: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they must be associated - with an IAM instance profile ARN which has a prefix that matches - the value specified by this field. The value is prefix-matched - as though it were a glob ending in *. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances associated with an IAM - instance profile ARN that matches this value will be permitted - to log in. + description: |- + If set, defines a constraint on + the EC2 instances that can perform the login operation that they must be + associated with an IAM instance profile ARN which has a prefix that matches + the value specified by this field. The value is prefix-matched as though it + were a glob ending in *. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in. items: type: string type: array boundIamPrincipalArns: - description: If set, defines the IAM principal that must be authenticated - when auth_type is set to iam. Wildcards are supported at the - end of the ARN. The IAM principal that must be authenticated - using the iam auth method. + description: |- + If set, defines the IAM principal that + must be authenticated when auth_type is set to iam. Wildcards are + supported at the end of the ARN. + The IAM principal that must be authenticated using the iam auth method. items: type: string type: array boundIamRoleArns: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they must match the - IAM role ARN specified by this field. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances that match this IAM - role ARN will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they must match the IAM + role ARN specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances that match this IAM role ARN will be permitted to log in. items: type: string type: array boundRegions: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that the region in their - identity document must match the one specified by this field. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. Only EC2 instances - in this region will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that the region in their identity + document must match the one specified by this field. auth_type must be set + to ec2 or inferred_entity_type must be set to ec2_instance to use this + constraint. + Only EC2 instances in this region will be permitted to log in. items: type: string type: array boundSubnetIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they be associated - with the subnet ID that matches the value specified by this - field. auth_type must be set to ec2 or inferred_entity_type - must be set to ec2_instance to use this constraint. Only EC2 - instances associated with this subnet ID will be permitted to - log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they be associated with + the subnet ID that matches the value specified by this field. auth_type + must be set to ec2 or inferred_entity_type must be set to ec2_instance + to use this constraint. + Only EC2 instances associated with this subnet ID will be permitted to log in. items: type: string type: array boundVpcIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they be associated - with the VPC ID that matches the value specified by this field. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. Only EC2 instances - associated with this VPC ID will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that they be associated with the VPC ID + that matches the value specified by this field. auth_type must be set to + ec2 or inferred_entity_type must be set to ec2_instance to use this + constraint. + Only EC2 instances associated with this VPC ID will be permitted to log in. items: type: string type: array disallowReauthentication: - description: IF set to true, only allows a single token to be - granted per instance ID. This can only be set when auth_type - is set to ec2. When true, only allows a single token to be granted - per instance ID. + description: |- + IF set to true, only allows a + single token to be granted per instance ID. This can only be set when + auth_type is set to ec2. + When true, only allows a single token to be granted per instance ID. type: boolean inferredAwsRegion: - description: When inferred_entity_type is set, this is the region - to search for the inferred entities. Required if inferred_entity_type - is set. This only applies when auth_type is set to iam. The - region to search for the inferred entities in. + description: |- + When inferred_entity_type is set, this + is the region to search for the inferred entities. Required if + inferred_entity_type is set. This only applies when auth_type is set to + iam. + The region to search for the inferred entities in. type: string inferredEntityType: - description: If set, instructs Vault to turn on inferencing. The - only valid value is ec2_instance, which instructs Vault to infer - that the role comes from an EC2 instance in an IAM instance - profile. This only applies when auth_type is set to iam. The - type of inferencing Vault should do. + description: |- + If set, instructs Vault to turn on + inferencing. The only valid value is ec2_instance, which instructs Vault to + infer that the role comes from an EC2 instance in an IAM instance profile. + This only applies when auth_type is set to iam. + The type of inferencing Vault should do. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string resolveAwsUniqueIds: - description: Only valid when auth_type is iam. If set to true, - the bound_iam_principal_arns are resolved to AWS Unique IDs - for the bound principal ARN. This field is ignored when a bound_iam_principal_arn - ends in a wildcard. Resolving to unique IDs more closely mimics - the behavior of AWS services in that if an IAM user or role - is deleted and a new one is recreated with the same name, those - new users or roles won't get access to roles in Vault that were - permissioned to the prior principals of the same name. Defaults - to true. Once set to true, this cannot be changed to false without - recreating the role. Whether or not Vault should resolve the - bound_iam_principal_arn to an AWS Unique ID. When true, deleting - a principal and recreating it with the same name won't automatically - grant the new principal the same roles in Vault that the old - principal had. + description: |- + Only valid when + auth_type is iam. If set to true, the bound_iam_principal_arns are + resolved to AWS Unique + IDs + for the bound principal ARN. This field is ignored when a + bound_iam_principal_arn ends in a wildcard. Resolving to unique IDs more + closely mimics the behavior of AWS services in that if an IAM user or role is + deleted and a new one is recreated with the same name, those new users or + roles won't get access to roles in Vault that were permissioned to the prior + principals of the same name. Defaults to true. + Once set to true, this cannot be changed to false without recreating the role. + Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID. When true, deleting a principal and recreating it with the same name won't automatically grant the new principal the same roles in Vault that the old principal had. type: boolean role: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string roleTag: - description: If set, enable role tags for this role. The value - set for this field should be the key of the tag on the EC2 instance. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. The key of the tag - on EC2 instance to use for role tags. + description: |- + If set, enable role tags for this role. The value set + for this field should be the key of the tag on the EC2 instance. auth_type + must be set to ec2 or inferred_entity_type must be set to ec2_instance + to use this constraint. + The key of the tag on EC2 instance to use for role tags. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -537,9 +583,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -549,57 +596,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -609,17 +620,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -629,21 +642,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -658,21 +671,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -683,14 +697,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -716,37 +731,39 @@ spec: atProvider: properties: allowInstanceMigration: - description: If set to true, allows migration of the underlying - instance where the client resides. When true, allows migration - of the underlying instance where the client resides. Use with - caution. + description: |- + If set to true, allows migration of + the underlying instance where the client resides. + When true, allows migration of the underlying instance where the client resides. Use with caution. type: boolean authType: - description: The auth type permitted for this role. Valid choices - are ec2 and iam. Defaults to iam. The auth type permitted for - this role. + description: |- + The auth type permitted for this role. Valid choices + are ec2 and iam. Defaults to iam. + The auth type permitted for this role. type: string backend: - description: Path to the mounted aws auth backend. Unique name - of the auth backend to configure. + description: |- + Path to the mounted aws auth backend. + Unique name of the auth backend to configure. type: string boundAccountIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they should be using - the account ID specified by this field. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances with this account ID - in their identity document will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they should be using the + account ID specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances with this account ID in their identity document will be permitted to log in. items: type: string type: array boundAmiIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they should be using - the AMI ID specified by this field. auth_type must be set to - ec2 or inferred_entity_type must be set to ec2_instance to use - this constraint. Only EC2 instances using this AMI ID will be - permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that they should be using the AMI ID + specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances using this AMI ID will be permitted to log in. items: type: string type: array @@ -757,182 +774,200 @@ spec: type: string type: array boundIamInstanceProfileArns: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they must be associated - with an IAM instance profile ARN which has a prefix that matches - the value specified by this field. The value is prefix-matched - as though it were a glob ending in *. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances associated with an IAM - instance profile ARN that matches this value will be permitted - to log in. + description: |- + If set, defines a constraint on + the EC2 instances that can perform the login operation that they must be + associated with an IAM instance profile ARN which has a prefix that matches + the value specified by this field. The value is prefix-matched as though it + were a glob ending in *. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in. items: type: string type: array boundIamPrincipalArns: - description: If set, defines the IAM principal that must be authenticated - when auth_type is set to iam. Wildcards are supported at the - end of the ARN. The IAM principal that must be authenticated - using the iam auth method. + description: |- + If set, defines the IAM principal that + must be authenticated when auth_type is set to iam. Wildcards are + supported at the end of the ARN. + The IAM principal that must be authenticated using the iam auth method. items: type: string type: array boundIamRoleArns: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they must match the - IAM role ARN specified by this field. auth_type must be set - to ec2 or inferred_entity_type must be set to ec2_instance to - use this constraint. Only EC2 instances that match this IAM - role ARN will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they must match the IAM + role ARN specified by this field. auth_type must be set to ec2 or + inferred_entity_type must be set to ec2_instance to use this constraint. + Only EC2 instances that match this IAM role ARN will be permitted to log in. items: type: string type: array boundRegions: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that the region in their - identity document must match the one specified by this field. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. Only EC2 instances - in this region will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that the region in their identity + document must match the one specified by this field. auth_type must be set + to ec2 or inferred_entity_type must be set to ec2_instance to use this + constraint. + Only EC2 instances in this region will be permitted to log in. items: type: string type: array boundSubnetIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they be associated - with the subnet ID that matches the value specified by this - field. auth_type must be set to ec2 or inferred_entity_type - must be set to ec2_instance to use this constraint. Only EC2 - instances associated with this subnet ID will be permitted to - log in. + description: |- + If set, defines a constraint on the EC2 + instances that can perform the login operation that they be associated with + the subnet ID that matches the value specified by this field. auth_type + must be set to ec2 or inferred_entity_type must be set to ec2_instance + to use this constraint. + Only EC2 instances associated with this subnet ID will be permitted to log in. items: type: string type: array boundVpcIds: - description: If set, defines a constraint on the EC2 instances - that can perform the login operation that they be associated - with the VPC ID that matches the value specified by this field. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. Only EC2 instances - associated with this VPC ID will be permitted to log in. + description: |- + If set, defines a constraint on the EC2 instances + that can perform the login operation that they be associated with the VPC ID + that matches the value specified by this field. auth_type must be set to + ec2 or inferred_entity_type must be set to ec2_instance to use this + constraint. + Only EC2 instances associated with this VPC ID will be permitted to log in. items: type: string type: array disallowReauthentication: - description: IF set to true, only allows a single token to be - granted per instance ID. This can only be set when auth_type - is set to ec2. When true, only allows a single token to be granted - per instance ID. + description: |- + IF set to true, only allows a + single token to be granted per instance ID. This can only be set when + auth_type is set to ec2. + When true, only allows a single token to be granted per instance ID. type: boolean id: type: string inferredAwsRegion: - description: When inferred_entity_type is set, this is the region - to search for the inferred entities. Required if inferred_entity_type - is set. This only applies when auth_type is set to iam. The - region to search for the inferred entities in. + description: |- + When inferred_entity_type is set, this + is the region to search for the inferred entities. Required if + inferred_entity_type is set. This only applies when auth_type is set to + iam. + The region to search for the inferred entities in. type: string inferredEntityType: - description: If set, instructs Vault to turn on inferencing. The - only valid value is ec2_instance, which instructs Vault to infer - that the role comes from an EC2 instance in an IAM instance - profile. This only applies when auth_type is set to iam. The - type of inferencing Vault should do. + description: |- + If set, instructs Vault to turn on + inferencing. The only valid value is ec2_instance, which instructs Vault to + infer that the role comes from an EC2 instance in an IAM instance profile. + This only applies when auth_type is set to iam. + The type of inferencing Vault should do. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string resolveAwsUniqueIds: - description: Only valid when auth_type is iam. If set to true, - the bound_iam_principal_arns are resolved to AWS Unique IDs - for the bound principal ARN. This field is ignored when a bound_iam_principal_arn - ends in a wildcard. Resolving to unique IDs more closely mimics - the behavior of AWS services in that if an IAM user or role - is deleted and a new one is recreated with the same name, those - new users or roles won't get access to roles in Vault that were - permissioned to the prior principals of the same name. Defaults - to true. Once set to true, this cannot be changed to false without - recreating the role. Whether or not Vault should resolve the - bound_iam_principal_arn to an AWS Unique ID. When true, deleting - a principal and recreating it with the same name won't automatically - grant the new principal the same roles in Vault that the old - principal had. + description: |- + Only valid when + auth_type is iam. If set to true, the bound_iam_principal_arns are + resolved to AWS Unique + IDs + for the bound principal ARN. This field is ignored when a + bound_iam_principal_arn ends in a wildcard. Resolving to unique IDs more + closely mimics the behavior of AWS services in that if an IAM user or role is + deleted and a new one is recreated with the same name, those new users or + roles won't get access to roles in Vault that were permissioned to the prior + principals of the same name. Defaults to true. + Once set to true, this cannot be changed to false without recreating the role. + Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID. When true, deleting a principal and recreating it with the same name won't automatically grant the new principal the same roles in Vault that the old principal had. type: boolean role: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string roleId: - description: The Vault generated role ID. The Vault generated - role ID. + description: |- + The Vault generated role ID. + The Vault generated role ID. type: string roleTag: - description: If set, enable role tags for this role. The value - set for this field should be the key of the tag on the EC2 instance. - auth_type must be set to ec2 or inferred_entity_type must be - set to ec2_instance to use this constraint. The key of the tag - on EC2 instance to use for role tags. + description: |- + If set, enable role tags for this role. The value set + for this field should be the key of the tag on the EC2 instance. auth_type + must be set to ec2 or inferred_entity_type must be set to ec2_instance + to use this constraint. + The key of the tag on EC2 instance to use for role tags. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object conditions: @@ -941,13 +976,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -958,8 +995,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -968,6 +1006,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendroletagblacklists.yaml b/package/crds/aws.vault.upbound.io_authbackendroletagblacklists.yaml index b3771edb..4306875a 100644 --- a/package/crds/aws.vault.upbound.io_authbackendroletagblacklists.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendroletagblacklists.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroletagblacklists.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -39,14 +39,19 @@ spec: entries. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,13 +61,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -70,83 +76,93 @@ spec: forProvider: properties: backend: - description: The path the AWS auth backend being configured was - mounted at. Unique name of the auth backend to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. + Unique name of the auth backend to configure. type: string disablePeriodicTidy: - description: If set to true, disables the periodic tidying of - the roletag blacklist entries. Defaults to false. If true, disables - the periodic tidying of the roletag blacklist entries. + description: |- + If set to true, disables the periodic + tidying of the roletag blacklist entries. Defaults to false. + If true, disables the periodic tidying of the roletag blacklist entries. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string safetyBuffer: - description: The amount of extra time that must have passed beyond - the roletag expiration, before it is removed from the backend - storage. Defaults to 259,200 seconds, or 72 hours. The amount - of extra time that must have passed beyond the roletag expiration, - before it's removed from backend storage. + description: |- + The amount of extra time that must have passed + beyond the roletag expiration, before it is removed from the backend storage. + Defaults to 259,200 seconds, or 72 hours. + The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path the AWS auth backend being configured was - mounted at. Unique name of the auth backend to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. + Unique name of the auth backend to configure. type: string disablePeriodicTidy: - description: If set to true, disables the periodic tidying of - the roletag blacklist entries. Defaults to false. If true, disables - the periodic tidying of the roletag blacklist entries. + description: |- + If set to true, disables the periodic + tidying of the roletag blacklist entries. Defaults to false. + If true, disables the periodic tidying of the roletag blacklist entries. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string safetyBuffer: - description: The amount of extra time that must have passed beyond - the roletag expiration, before it is removed from the backend - storage. Defaults to 259,200 seconds, or 72 hours. The amount - of extra time that must have passed beyond the roletag expiration, - before it's removed from backend storage. + description: |- + The amount of extra time that must have passed + beyond the roletag expiration, before it is removed from the backend storage. + Defaults to 259,200 seconds, or 72 hours. + The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -159,9 +175,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -171,57 +188,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -231,17 +212,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -251,21 +234,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -280,21 +263,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -305,14 +289,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -339,29 +324,33 @@ spec: atProvider: properties: backend: - description: The path the AWS auth backend being configured was - mounted at. Unique name of the auth backend to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. + Unique name of the auth backend to configure. type: string disablePeriodicTidy: - description: If set to true, disables the periodic tidying of - the roletag blacklist entries. Defaults to false. If true, disables - the periodic tidying of the roletag blacklist entries. + description: |- + If set to true, disables the periodic + tidying of the roletag blacklist entries. Defaults to false. + If true, disables the periodic tidying of the roletag blacklist entries. type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string safetyBuffer: - description: The amount of extra time that must have passed beyond - the roletag expiration, before it is removed from the backend - storage. Defaults to 259,200 seconds, or 72 hours. The amount - of extra time that must have passed beyond the roletag expiration, - before it's removed from backend storage. + description: |- + The amount of extra time that must have passed + beyond the roletag expiration, before it is removed from the backend storage. + Defaults to 259,200 seconds, or 72 hours. + The amount of extra time that must have passed beyond the roletag expiration, before it's removed from backend storage. type: number type: object conditions: @@ -370,13 +359,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -387,8 +378,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -397,6 +389,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendroletags.yaml b/package/crds/aws.vault.upbound.io_authbackendroletags.yaml index 9ea85500..be47fcbb 100644 --- a/package/crds/aws.vault.upbound.io_authbackendroletags.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendroletags.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroletags.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Reads role tags from a Vault AWS auth backend. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,123 +74,133 @@ spec: forProvider: properties: allowInstanceMigration: - description: If set, allows migration of the underlying instances - where the client resides. Use with caution. Allows migration - of the underlying instance where the client resides. + description: |- + If set, allows migration of the underlying instances where the client resides. Use with caution. + Allows migration of the underlying instance where the client resides. type: boolean backend: - description: The path to the AWS auth backend to read role tags - from, with no leading or trailing /s. Defaults to "aws". AWS - auth backend to read tags from. + description: |- + The path to the AWS auth backend to + read role tags from, with no leading or trailing /s. Defaults to "aws". + AWS auth backend to read tags from. type: string disallowReauthentication: - description: If set, only allows a single token to be granted - per instance ID. Only allow a single token to be granted per - instance ID. + description: |- + If set, only allows a single token to be granted per instance ID. + Only allow a single token to be granted per instance ID. type: boolean instanceId: - description: Instance ID for which this tag is intended for. If - set, the created tag can only be used by the instance with the - given ID. Instance ID for which this tag is intended. The created - tag can only be used by the instance with the given ID. + description: |- + Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID. + Instance ID for which this tag is intended. The created tag can only be used by the instance with the given ID. type: string maxTtl: - description: The maximum TTL of the tokens issued using this role. + description: |- + The maximum TTL of the tokens issued using this role. The maximum allowed lifetime of tokens issued using this role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: The policies to be associated with the tag. Must - be a subset of the policies associated with the role. Policies - to be associated with the tag. + description: |- + The policies to be associated with the tag. Must be a subset of the policies associated with the role. + Policies to be associated with the tag. items: type: string type: array role: - description: The name of the AWS auth backend role to read role - tags from, with no leading or trailing /s. Name of the role. + description: |- + The name of the AWS auth backend role to read + role tags from, with no leading or trailing /s. + Name of the role. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowInstanceMigration: - description: If set, allows migration of the underlying instances - where the client resides. Use with caution. Allows migration - of the underlying instance where the client resides. + description: |- + If set, allows migration of the underlying instances where the client resides. Use with caution. + Allows migration of the underlying instance where the client resides. type: boolean backend: - description: The path to the AWS auth backend to read role tags - from, with no leading or trailing /s. Defaults to "aws". AWS - auth backend to read tags from. + description: |- + The path to the AWS auth backend to + read role tags from, with no leading or trailing /s. Defaults to "aws". + AWS auth backend to read tags from. type: string disallowReauthentication: - description: If set, only allows a single token to be granted - per instance ID. Only allow a single token to be granted per - instance ID. + description: |- + If set, only allows a single token to be granted per instance ID. + Only allow a single token to be granted per instance ID. type: boolean instanceId: - description: Instance ID for which this tag is intended for. If - set, the created tag can only be used by the instance with the - given ID. Instance ID for which this tag is intended. The created - tag can only be used by the instance with the given ID. + description: |- + Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID. + Instance ID for which this tag is intended. The created tag can only be used by the instance with the given ID. type: string maxTtl: - description: The maximum TTL of the tokens issued using this role. + description: |- + The maximum TTL of the tokens issued using this role. The maximum allowed lifetime of tokens issued using this role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: The policies to be associated with the tag. Must - be a subset of the policies associated with the role. Policies - to be associated with the tag. + description: |- + The policies to be associated with the tag. Must be a subset of the policies associated with the role. + Policies to be associated with the tag. items: type: string type: array role: - description: The name of the AWS auth backend role to read role - tags from, with no leading or trailing /s. Name of the role. + description: |- + The name of the AWS auth backend role to read + role tags from, with no leading or trailing /s. + Name of the role. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -197,9 +213,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -209,57 +226,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -269,17 +250,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -289,21 +272,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -318,21 +301,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -343,14 +327,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -376,49 +361,53 @@ spec: atProvider: properties: allowInstanceMigration: - description: If set, allows migration of the underlying instances - where the client resides. Use with caution. Allows migration - of the underlying instance where the client resides. + description: |- + If set, allows migration of the underlying instances where the client resides. Use with caution. + Allows migration of the underlying instance where the client resides. type: boolean backend: - description: The path to the AWS auth backend to read role tags - from, with no leading or trailing /s. Defaults to "aws". AWS - auth backend to read tags from. + description: |- + The path to the AWS auth backend to + read role tags from, with no leading or trailing /s. Defaults to "aws". + AWS auth backend to read tags from. type: string disallowReauthentication: - description: If set, only allows a single token to be granted - per instance ID. Only allow a single token to be granted per - instance ID. + description: |- + If set, only allows a single token to be granted per instance ID. + Only allow a single token to be granted per instance ID. type: boolean id: type: string instanceId: - description: Instance ID for which this tag is intended for. If - set, the created tag can only be used by the instance with the - given ID. Instance ID for which this tag is intended. The created - tag can only be used by the instance with the given ID. + description: |- + Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID. + Instance ID for which this tag is intended. The created tag can only be used by the instance with the given ID. type: string maxTtl: - description: The maximum TTL of the tokens issued using this role. + description: |- + The maximum TTL of the tokens issued using this role. The maximum allowed lifetime of tokens issued using this role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: The policies to be associated with the tag. Must - be a subset of the policies associated with the role. Policies - to be associated with the tag. + description: |- + The policies to be associated with the tag. Must be a subset of the policies associated with the role. + Policies to be associated with the tag. items: type: string type: array role: - description: The name of the AWS auth backend role to read role - tags from, with no leading or trailing /s. Name of the role. + description: |- + The name of the AWS auth backend role to read + role tags from, with no leading or trailing /s. + Name of the role. type: string tagKey: description: The key of the role tag. @@ -433,13 +422,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -450,8 +441,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -460,6 +452,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_authbackendstsroles.yaml b/package/crds/aws.vault.upbound.io_authbackendstsroles.yaml index ddd9d92e..fa612537 100644 --- a/package/crds/aws.vault.upbound.io_authbackendstsroles.yaml +++ b/package/crds/aws.vault.upbound.io_authbackendstsroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendstsroles.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Configures an STS role in the Vault AWS Auth backend. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,81 +74,89 @@ spec: forProvider: properties: accountId: - description: The AWS account ID to configure the STS role for. + description: |- + The AWS account ID to configure the STS role for. AWS account ID to be associated with STS role. type: string backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string stsRole: - description: The STS role to assume when verifying requests made - by EC2 instances in the account specified by account_id. AWS - ARN for STS role to be assumed when interacting with the account - specified. + description: |- + The STS role to assume when verifying requests made + by EC2 instances in the account specified by account_id. + AWS ARN for STS role to be assumed when interacting with the account specified. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: accountId: - description: The AWS account ID to configure the STS role for. + description: |- + The AWS account ID to configure the STS role for. AWS account ID to be associated with STS role. type: string backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string stsRole: - description: The STS role to assume when verifying requests made - by EC2 instances in the account specified by account_id. AWS - ARN for STS role to be assumed when interacting with the account - specified. + description: |- + The STS role to assume when verifying requests made + by EC2 instances in the account specified by account_id. + AWS ARN for STS role to be assumed when interacting with the account specified. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -155,9 +169,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -167,57 +182,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -227,17 +206,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -247,21 +228,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -276,21 +257,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -301,14 +283,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -338,28 +321,31 @@ spec: atProvider: properties: accountId: - description: The AWS account ID to configure the STS role for. + description: |- + The AWS account ID to configure the STS role for. AWS account ID to be associated with STS role. type: string backend: - description: The path the AWS auth backend being configured was - mounted at. Defaults to aws. Unique name of the auth backend - to configure. + description: |- + The path the AWS auth backend being configured was + mounted at. Defaults to aws. + Unique name of the auth backend to configure. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string stsRole: - description: The STS role to assume when verifying requests made - by EC2 instances in the account specified by account_id. AWS - ARN for STS role to be assumed when interacting with the account - specified. + description: |- + The STS role to assume when verifying requests made + by EC2 instances in the account specified by account_id. + AWS ARN for STS role to be assumed when interacting with the account specified. type: string type: object conditions: @@ -368,13 +354,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -385,8 +373,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -395,6 +384,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_secretbackendroles.yaml b/package/crds/aws.vault.upbound.io_secretbackendroles.yaml index 757bcde2..543b9207 100644 --- a/package/crds/aws.vault.upbound.io_secretbackendroles.yaml +++ b/package/crds/aws.vault.upbound.io_secretbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendroles.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: Creates a role on an AWS Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,235 +74,239 @@ spec: forProvider: properties: backend: - description: The path the AWS secret backend is mounted at, with - no leading or trailing /s. The path of the AWS Secret Backend - the role belongs to. + description: |- + The path the AWS secret backend is mounted at, + with no leading or trailing /s. + The path of the AWS Secret Backend the role belongs to. type: string credentialType: - description: Specifies the type of credential to be used when - retrieving credentials from the role. Must be one of iam_user, - assumed_role, or federation_token. Role credential type. + description: |- + Specifies the type of credential to be used when + retrieving credentials from the role. Must be one of iam_user, assumed_role, or + federation_token. + Role credential type. type: string defaultStsTtl: - description: The default TTL in seconds for STS credentials. When - a TTL is not specified when STS credentials are requested, and - a default TTL is specified on the role, then this default TTL - will be used. Valid only when credential_type is one of assumed_role - or federation_token. The default TTL in seconds for STS credentials. + description: |- + The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, - and a default TTL is specified on the role, then this default - TTL will be used. Valid only when credential_type is one of + and a default TTL is specified on the role, + then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token. + The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token. type: number iamGroups: - description: A list of IAM group names. IAM users generated against - this vault role will be added to these IAM Groups. For a credential - type of assumed_role or federation_token, the policies sent - to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) - will be the policies from each group in iam_groups combined - with the policy_document and policy_arns parameters. A list - of IAM group names. IAM users generated against this vault role - will be added to these IAM Groups. For a credential type of - assumed_role or federation_token, the policies sent to the corresponding - AWS call (sts:AssumeRole or sts:GetFederation) will be the policies - from each group in iam_groups combined with the policy_document + description: |- + A list of IAM group names. IAM users generated + against this vault role will be added to these IAM Groups. For a credential + type of assumed_role or federation_token, the policies sent to the + corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the + policies from each group in iam_groups combined with the policy_document and policy_arns parameters. + A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters. items: type: string type: array maxStsTtl: - description: The max allowed TTL in seconds for STS credentials - (credentials TTL are capped to max_sts_ttl). Valid only when - credential_type is one of assumed_role or federation_token. - The max allowed TTL in seconds for STS credentials (credentials - TTL are capped to max_sts_ttl). Valid only when credential_type - is one of assumed_role or federation_token. + description: |- + The max allowed TTL in seconds for STS credentials + (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is + one of assumed_role or federation_token. + The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token. type: number name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string permissionsBoundaryArn: - description: The ARN of the AWS Permissions Boundary to attach - to IAM users created in the role. Valid only when credential_type - is iam_user. If not specified, then no permissions boundary - policy will be attached. The ARN of the AWS Permissions Boundary - to attach to IAM users created in the role. Valid only when - credential_type is iam_user. If not specified, then no permissions - boundary policy will be attached. + description: |- + The ARN of the AWS Permissions + Boundary to attach to IAM users created in the role. Valid only when + credential_type is iam_user. If not specified, then no permissions boundary + policy will be attached. + The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached. type: string policyArns: - description: Specifies a list of AWS managed policy ARNs. The - behavior depends on the credential type. With iam_user, the - policies will be attached to IAM users when they are requested. - With assumed_role and federation_token, the policy ARNs will - act as a filter on what the credentials can do, similar to policy_document. - When credential_type is iam_user or federation_token, at least - one of policy_document or policy_arns must be specified. ARN - for an existing IAM policy the role should use. + description: |- + Specifies a list of AWS managed policy ARNs. The + behavior depends on the credential type. With iam_user, the policies will be + attached to IAM users when they are requested. With assumed_role and + federation_token, the policy ARNs will act as a filter on what the credentials + can do, similar to policy_document. When credential_type is iam_user or + federation_token, at least one of policy_document or policy_arns must + be specified. + ARN for an existing IAM policy the role should use. items: type: string type: array policyDocument: - description: The IAM policy document for the role. The behavior - depends on the credential type. With iam_user, the policy document - will be attached to the IAM user generated and augment the permissions - the IAM user has. With assumed_role and federation_token, the - policy document will act as a filter on what the credentials - can do, similar to policy_arns. IAM policy the role should use - in JSON format. + description: |- + The IAM policy document for the role. The + behavior depends on the credential type. With iam_user, the policy document + will be attached to the IAM user generated and augment the permissions the IAM + user has. With assumed_role and federation_token, the policy document will + act as a filter on what the credentials can do, similar to policy_arns. + IAM policy the role should use in JSON format. type: string roleArns: - description: Specifies the ARNs of the AWS roles this Vault role - is allowed to assume. Required when credential_type is assumed_role - and prohibited otherwise. ARNs of AWS roles allowed to be assumed. - Only valid when credential_type is 'assumed_role' + description: |- + Specifies the ARNs of the AWS roles this Vault role + is allowed to assume. Required when credential_type is assumed_role and + prohibited otherwise. + ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role' items: type: string type: array userPath: - description: The path for the user name. Valid only when credential_type - is iam_user. Default is /. The path for the user name. Valid - only when credential_type is iam_user. Default is / + description: |- + The path for the user name. Valid only when + credential_type is iam_user. Default is /. + The path for the user name. Valid only when credential_type is iam_user. Default is / type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path the AWS secret backend is mounted at, with - no leading or trailing /s. The path of the AWS Secret Backend - the role belongs to. + description: |- + The path the AWS secret backend is mounted at, + with no leading or trailing /s. + The path of the AWS Secret Backend the role belongs to. type: string credentialType: - description: Specifies the type of credential to be used when - retrieving credentials from the role. Must be one of iam_user, - assumed_role, or federation_token. Role credential type. + description: |- + Specifies the type of credential to be used when + retrieving credentials from the role. Must be one of iam_user, assumed_role, or + federation_token. + Role credential type. type: string defaultStsTtl: - description: The default TTL in seconds for STS credentials. When - a TTL is not specified when STS credentials are requested, and - a default TTL is specified on the role, then this default TTL - will be used. Valid only when credential_type is one of assumed_role - or federation_token. The default TTL in seconds for STS credentials. + description: |- + The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, - and a default TTL is specified on the role, then this default - TTL will be used. Valid only when credential_type is one of + and a default TTL is specified on the role, + then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token. + The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token. type: number iamGroups: - description: A list of IAM group names. IAM users generated against - this vault role will be added to these IAM Groups. For a credential - type of assumed_role or federation_token, the policies sent - to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) - will be the policies from each group in iam_groups combined - with the policy_document and policy_arns parameters. A list - of IAM group names. IAM users generated against this vault role - will be added to these IAM Groups. For a credential type of - assumed_role or federation_token, the policies sent to the corresponding - AWS call (sts:AssumeRole or sts:GetFederation) will be the policies - from each group in iam_groups combined with the policy_document + description: |- + A list of IAM group names. IAM users generated + against this vault role will be added to these IAM Groups. For a credential + type of assumed_role or federation_token, the policies sent to the + corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the + policies from each group in iam_groups combined with the policy_document and policy_arns parameters. + A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters. items: type: string type: array maxStsTtl: - description: The max allowed TTL in seconds for STS credentials - (credentials TTL are capped to max_sts_ttl). Valid only when - credential_type is one of assumed_role or federation_token. - The max allowed TTL in seconds for STS credentials (credentials - TTL are capped to max_sts_ttl). Valid only when credential_type - is one of assumed_role or federation_token. + description: |- + The max allowed TTL in seconds for STS credentials + (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is + one of assumed_role or federation_token. + The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token. type: number name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string permissionsBoundaryArn: - description: The ARN of the AWS Permissions Boundary to attach - to IAM users created in the role. Valid only when credential_type - is iam_user. If not specified, then no permissions boundary - policy will be attached. The ARN of the AWS Permissions Boundary - to attach to IAM users created in the role. Valid only when - credential_type is iam_user. If not specified, then no permissions - boundary policy will be attached. + description: |- + The ARN of the AWS Permissions + Boundary to attach to IAM users created in the role. Valid only when + credential_type is iam_user. If not specified, then no permissions boundary + policy will be attached. + The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached. type: string policyArns: - description: Specifies a list of AWS managed policy ARNs. The - behavior depends on the credential type. With iam_user, the - policies will be attached to IAM users when they are requested. - With assumed_role and federation_token, the policy ARNs will - act as a filter on what the credentials can do, similar to policy_document. - When credential_type is iam_user or federation_token, at least - one of policy_document or policy_arns must be specified. ARN - for an existing IAM policy the role should use. + description: |- + Specifies a list of AWS managed policy ARNs. The + behavior depends on the credential type. With iam_user, the policies will be + attached to IAM users when they are requested. With assumed_role and + federation_token, the policy ARNs will act as a filter on what the credentials + can do, similar to policy_document. When credential_type is iam_user or + federation_token, at least one of policy_document or policy_arns must + be specified. + ARN for an existing IAM policy the role should use. items: type: string type: array policyDocument: - description: The IAM policy document for the role. The behavior - depends on the credential type. With iam_user, the policy document - will be attached to the IAM user generated and augment the permissions - the IAM user has. With assumed_role and federation_token, the - policy document will act as a filter on what the credentials - can do, similar to policy_arns. IAM policy the role should use - in JSON format. + description: |- + The IAM policy document for the role. The + behavior depends on the credential type. With iam_user, the policy document + will be attached to the IAM user generated and augment the permissions the IAM + user has. With assumed_role and federation_token, the policy document will + act as a filter on what the credentials can do, similar to policy_arns. + IAM policy the role should use in JSON format. type: string roleArns: - description: Specifies the ARNs of the AWS roles this Vault role - is allowed to assume. Required when credential_type is assumed_role - and prohibited otherwise. ARNs of AWS roles allowed to be assumed. - Only valid when credential_type is 'assumed_role' + description: |- + Specifies the ARNs of the AWS roles this Vault role + is allowed to assume. Required when credential_type is assumed_role and + prohibited otherwise. + ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role' items: type: string type: array userPath: - description: The path for the user name. Valid only when credential_type - is iam_user. Default is /. The path for the user name. Valid - only when credential_type is iam_user. Default is / + description: |- + The path for the user name. Valid only when + credential_type is iam_user. Default is /. + The path for the user name. Valid only when credential_type is iam_user. Default is / type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -309,9 +319,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -321,57 +332,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -381,17 +356,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -401,21 +378,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -430,21 +407,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -455,14 +433,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -496,105 +475,106 @@ spec: atProvider: properties: backend: - description: The path the AWS secret backend is mounted at, with - no leading or trailing /s. The path of the AWS Secret Backend - the role belongs to. + description: |- + The path the AWS secret backend is mounted at, + with no leading or trailing /s. + The path of the AWS Secret Backend the role belongs to. type: string credentialType: - description: Specifies the type of credential to be used when - retrieving credentials from the role. Must be one of iam_user, - assumed_role, or federation_token. Role credential type. + description: |- + Specifies the type of credential to be used when + retrieving credentials from the role. Must be one of iam_user, assumed_role, or + federation_token. + Role credential type. type: string defaultStsTtl: - description: The default TTL in seconds for STS credentials. When - a TTL is not specified when STS credentials are requested, and - a default TTL is specified on the role, then this default TTL - will be used. Valid only when credential_type is one of assumed_role - or federation_token. The default TTL in seconds for STS credentials. + description: |- + The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, - and a default TTL is specified on the role, then this default - TTL will be used. Valid only when credential_type is one of + and a default TTL is specified on the role, + then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token. + The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token. type: number iamGroups: - description: A list of IAM group names. IAM users generated against - this vault role will be added to these IAM Groups. For a credential - type of assumed_role or federation_token, the policies sent - to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) - will be the policies from each group in iam_groups combined - with the policy_document and policy_arns parameters. A list - of IAM group names. IAM users generated against this vault role - will be added to these IAM Groups. For a credential type of - assumed_role or federation_token, the policies sent to the corresponding - AWS call (sts:AssumeRole or sts:GetFederation) will be the policies - from each group in iam_groups combined with the policy_document + description: |- + A list of IAM group names. IAM users generated + against this vault role will be added to these IAM Groups. For a credential + type of assumed_role or federation_token, the policies sent to the + corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the + policies from each group in iam_groups combined with the policy_document and policy_arns parameters. + A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters. items: type: string type: array id: type: string maxStsTtl: - description: The max allowed TTL in seconds for STS credentials - (credentials TTL are capped to max_sts_ttl). Valid only when - credential_type is one of assumed_role or federation_token. - The max allowed TTL in seconds for STS credentials (credentials - TTL are capped to max_sts_ttl). Valid only when credential_type - is one of assumed_role or federation_token. + description: |- + The max allowed TTL in seconds for STS credentials + (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is + one of assumed_role or federation_token. + The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token. type: number name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string permissionsBoundaryArn: - description: The ARN of the AWS Permissions Boundary to attach - to IAM users created in the role. Valid only when credential_type - is iam_user. If not specified, then no permissions boundary - policy will be attached. The ARN of the AWS Permissions Boundary - to attach to IAM users created in the role. Valid only when - credential_type is iam_user. If not specified, then no permissions - boundary policy will be attached. + description: |- + The ARN of the AWS Permissions + Boundary to attach to IAM users created in the role. Valid only when + credential_type is iam_user. If not specified, then no permissions boundary + policy will be attached. + The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached. type: string policyArns: - description: Specifies a list of AWS managed policy ARNs. The - behavior depends on the credential type. With iam_user, the - policies will be attached to IAM users when they are requested. - With assumed_role and federation_token, the policy ARNs will - act as a filter on what the credentials can do, similar to policy_document. - When credential_type is iam_user or federation_token, at least - one of policy_document or policy_arns must be specified. ARN - for an existing IAM policy the role should use. + description: |- + Specifies a list of AWS managed policy ARNs. The + behavior depends on the credential type. With iam_user, the policies will be + attached to IAM users when they are requested. With assumed_role and + federation_token, the policy ARNs will act as a filter on what the credentials + can do, similar to policy_document. When credential_type is iam_user or + federation_token, at least one of policy_document or policy_arns must + be specified. + ARN for an existing IAM policy the role should use. items: type: string type: array policyDocument: - description: The IAM policy document for the role. The behavior - depends on the credential type. With iam_user, the policy document - will be attached to the IAM user generated and augment the permissions - the IAM user has. With assumed_role and federation_token, the - policy document will act as a filter on what the credentials - can do, similar to policy_arns. IAM policy the role should use - in JSON format. + description: |- + The IAM policy document for the role. The + behavior depends on the credential type. With iam_user, the policy document + will be attached to the IAM user generated and augment the permissions the IAM + user has. With assumed_role and federation_token, the policy document will + act as a filter on what the credentials can do, similar to policy_arns. + IAM policy the role should use in JSON format. type: string roleArns: - description: Specifies the ARNs of the AWS roles this Vault role - is allowed to assume. Required when credential_type is assumed_role - and prohibited otherwise. ARNs of AWS roles allowed to be assumed. - Only valid when credential_type is 'assumed_role' + description: |- + Specifies the ARNs of the AWS roles this Vault role + is allowed to assume. Required when credential_type is assumed_role and + prohibited otherwise. + ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role' items: type: string type: array userPath: - description: The path for the user name. Valid only when credential_type - is iam_user. Default is /. The path for the user name. Valid - only when credential_type is iam_user. Default is / + description: |- + The path for the user name. Valid only when + credential_type is iam_user. Default is /. + The path for the user name. Valid only when credential_type is iam_user. Default is / type: string type: object conditions: @@ -603,13 +583,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -620,8 +602,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -630,6 +613,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/aws.vault.upbound.io_secretbackends.yaml b/package/crds/aws.vault.upbound.io_secretbackends.yaml index 9f8cbdca..3c2ecf38 100644 --- a/package/crds/aws.vault.upbound.io_secretbackends.yaml +++ b/package/crds/aws.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.aws.vault.upbound.io spec: group: aws.vault.upbound.io @@ -38,14 +38,19 @@ spec: an AWS secret backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,11 +74,10 @@ spec: forProvider: properties: accessKeySecretRef: - description: The AWS Access Key ID this backend should use to - issue new credentials. Vault uses the official AWS SDK to authenticate, - and thus can also use standard AWS environment credentials, - shared file credentials or IAM role/ECS task credentials. The - AWS Access Key ID to use when generating new credentials. + description: |- + The AWS Access Key ID this backend should use to + issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials. + The AWS Access Key ID to use when generating new credentials. properties: key: description: The key to select. @@ -89,72 +94,82 @@ spec: - namespace type: object defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials + issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean iamEndpoint: - description: Specifies a custom HTTP IAM endpoint to use. Specifies - a custom HTTP IAM endpoint to use. + description: |- + Specifies a custom HTTP IAM endpoint to use. + Specifies a custom HTTP IAM endpoint to use. type: string identityTokenAudience: - description: The audience claim value. Requires Vault 1.16+. The - audience claim value. + description: |- + The audience claim value. Requires Vault 1.16+. + The audience claim value. type: string identityTokenKey: - description: The key to use for signing identity tokens. Requires - Vault 1.16+. The key to use for signing identity tokens. + description: |- + The key to use for signing identity tokens. Requires Vault 1.16+. + The key to use for signing identity tokens. type: string identityTokenTtl: - description: The TTL of generated identity tokens in seconds. - Requires Vault 1.16+. The TTL of generated identity tokens in - seconds. + description: |- + The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + The TTL of generated identity tokens in seconds. type: number local: - description: Specifies whether the secrets mount will be marked - as local. Local mounts are not replicated to performance replicas. + description: |- + Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. Specifies if the secret backend is local only type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to aws. Path to mount - the backend at. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to aws. + Path to mount the backend at. type: string region: - description: The AWS region for API calls. Defaults to us-east-1. + description: |- + The AWS region for API calls. Defaults to us-east-1. The AWS region to make API calls against. Defaults to us-east-1. type: string roleArn: - description: Role ARN to assume for plugin identity token federation. - Requires Vault 1.16+. Role ARN to assume for plugin identity - token federation. + description: |- + Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + Role ARN to assume for plugin identity token federation. type: string secretKeySecretRef: - description: The AWS Secret Key this backend should use to issue - new credentials. Vault uses the official AWS SDK to authenticate, - and thus can also use standard AWS environment credentials, - shared file credentials or IAM role/ECS task credentials. The - AWS Secret Access Key to use when generating new credentials. + description: |- + The AWS Secret Key this backend should use to + issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials. + The AWS Secret Access Key to use when generating new credentials. properties: key: description: The key to select. @@ -171,120 +186,131 @@ spec: - namespace type: object stsEndpoint: - description: Specifies a custom HTTP STS endpoint to use. Specifies - a custom HTTP STS endpoint to use. + description: |- + Specifies a custom HTTP STS endpoint to use. + Specifies a custom HTTP STS endpoint to use. type: string usernameTemplate: - description: 'Template describing how dynamic usernames are generated. - The username template is used to generate both IAM usernames - (capped at 64 characters) and STS usernames (capped at 32 characters). - If no template is provided the field defaults to the template: - Template describing how dynamic usernames are generated.' + description: |- + Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template: + Template describing how dynamic usernames are generated. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials + issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean iamEndpoint: - description: Specifies a custom HTTP IAM endpoint to use. Specifies - a custom HTTP IAM endpoint to use. + description: |- + Specifies a custom HTTP IAM endpoint to use. + Specifies a custom HTTP IAM endpoint to use. type: string identityTokenAudience: - description: The audience claim value. Requires Vault 1.16+. The - audience claim value. + description: |- + The audience claim value. Requires Vault 1.16+. + The audience claim value. type: string identityTokenKey: - description: The key to use for signing identity tokens. Requires - Vault 1.16+. The key to use for signing identity tokens. + description: |- + The key to use for signing identity tokens. Requires Vault 1.16+. + The key to use for signing identity tokens. type: string identityTokenTtl: - description: The TTL of generated identity tokens in seconds. - Requires Vault 1.16+. The TTL of generated identity tokens in - seconds. + description: |- + The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + The TTL of generated identity tokens in seconds. type: number local: - description: Specifies whether the secrets mount will be marked - as local. Local mounts are not replicated to performance replicas. + description: |- + Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. Specifies if the secret backend is local only type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to aws. Path to mount - the backend at. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to aws. + Path to mount the backend at. type: string region: - description: The AWS region for API calls. Defaults to us-east-1. + description: |- + The AWS region for API calls. Defaults to us-east-1. The AWS region to make API calls against. Defaults to us-east-1. type: string roleArn: - description: Role ARN to assume for plugin identity token federation. - Requires Vault 1.16+. Role ARN to assume for plugin identity - token federation. + description: |- + Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + Role ARN to assume for plugin identity token federation. type: string stsEndpoint: - description: Specifies a custom HTTP STS endpoint to use. Specifies - a custom HTTP STS endpoint to use. + description: |- + Specifies a custom HTTP STS endpoint to use. + Specifies a custom HTTP STS endpoint to use. type: string usernameTemplate: - description: 'Template describing how dynamic usernames are generated. - The username template is used to generate both IAM usernames - (capped at 64 characters) and STS usernames (capped at 32 characters). - If no template is provided the field defaults to the template: - Template describing how dynamic usernames are generated.' + description: |- + Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template: + Template describing how dynamic usernames are generated. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -297,9 +323,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -309,57 +336,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -369,17 +360,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -389,21 +382,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -418,21 +411,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -443,14 +437,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -471,78 +466,88 @@ spec: atProvider: properties: defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials + issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean iamEndpoint: - description: Specifies a custom HTTP IAM endpoint to use. Specifies - a custom HTTP IAM endpoint to use. + description: |- + Specifies a custom HTTP IAM endpoint to use. + Specifies a custom HTTP IAM endpoint to use. type: string id: type: string identityTokenAudience: - description: The audience claim value. Requires Vault 1.16+. The - audience claim value. + description: |- + The audience claim value. Requires Vault 1.16+. + The audience claim value. type: string identityTokenKey: - description: The key to use for signing identity tokens. Requires - Vault 1.16+. The key to use for signing identity tokens. + description: |- + The key to use for signing identity tokens. Requires Vault 1.16+. + The key to use for signing identity tokens. type: string identityTokenTtl: - description: The TTL of generated identity tokens in seconds. - Requires Vault 1.16+. The TTL of generated identity tokens in - seconds. + description: |- + The TTL of generated identity tokens in seconds. Requires Vault 1.16+. + The TTL of generated identity tokens in seconds. type: number local: - description: Specifies whether the secrets mount will be marked - as local. Local mounts are not replicated to performance replicas. + description: |- + Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas. Specifies if the secret backend is local only type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to aws. Path to mount - the backend at. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to aws. + Path to mount the backend at. type: string region: - description: The AWS region for API calls. Defaults to us-east-1. + description: |- + The AWS region for API calls. Defaults to us-east-1. The AWS region to make API calls against. Defaults to us-east-1. type: string roleArn: - description: Role ARN to assume for plugin identity token federation. - Requires Vault 1.16+. Role ARN to assume for plugin identity - token federation. + description: |- + Role ARN to assume for plugin identity token federation. Requires Vault 1.16+. + Role ARN to assume for plugin identity token federation. type: string stsEndpoint: - description: Specifies a custom HTTP STS endpoint to use. Specifies - a custom HTTP STS endpoint to use. + description: |- + Specifies a custom HTTP STS endpoint to use. + Specifies a custom HTTP STS endpoint to use. type: string usernameTemplate: - description: 'Template describing how dynamic usernames are generated. - The username template is used to generate both IAM usernames - (capped at 64 characters) and STS usernames (capped at 32 characters). - If no template is provided the field defaults to the template: - Template describing how dynamic usernames are generated.' + description: |- + Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template: + Template describing how dynamic usernames are generated. type: string type: object conditions: @@ -551,13 +556,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -568,8 +575,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -578,6 +586,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/azure.vault.upbound.io_authbackendconfigs.yaml b/package/crds/azure.vault.upbound.io_authbackendconfigs.yaml index 1d62b464..f415d361 100644 --- a/package/crds/azure.vault.upbound.io_authbackendconfigs.yaml +++ b/package/crds/azure.vault.upbound.io_authbackendconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendconfigs.azure.vault.upbound.io spec: group: azure.vault.upbound.io @@ -38,14 +38,19 @@ spec: Configures the Azure Auth Backend in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,16 +74,16 @@ spec: forProvider: properties: backend: - description: The path the Azure auth backend being configured - was mounted at. Defaults to azure. Unique name of the auth - backend to configure. + description: |- + The path the Azure auth backend being configured was + mounted at. Defaults to azure. + Unique name of the auth backend to configure. type: string clientIdSecretRef: - description: The client id for credentials to query the Azure - APIs. Currently read permissions to query compute resources - are required. The client id for credentials to query the Azure - APIs. Currently read permissions to query compute resources - are required. + description: |- + The client id for credentials to query the Azure APIs. + Currently read permissions to query compute resources are required. + The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required. properties: key: description: The key to select. @@ -94,8 +100,10 @@ spec: - namespace type: object clientSecretSecretRef: - description: The client secret for credentials to query the Azure - APIs. The client secret for credentials to query the Azure APIs + description: |- + The client secret for credentials to query the + Azure APIs. + The client secret for credentials to query the Azure APIs properties: key: description: The key to select. @@ -112,25 +120,30 @@ spec: - namespace type: object environment: - description: 'The Azure cloud environment. Valid values: AzurePublicCloud, - AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults - to AzurePublicCloud. The Azure cloud environment. Valid values: - AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.' + description: |- + The Azure cloud environment. Valid values: + AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, + AzureGermanCloud. Defaults to AzurePublicCloud. + The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string resource: - description: The configured URL for the application registered - in Azure Active Directory. The configured URL for the application - registered in Azure Active Directory. + description: |- + The configured URL for the application registered in + Azure Active Directory. + The configured URL for the application registered in Azure Active Directory. type: string tenantIdSecretRef: - description: The tenant id for the Azure Active Directory organization. + description: |- + The tenant id for the Azure Active Directory + organization. The tenant id for the Azure Active Directory organization. properties: key: @@ -149,59 +162,65 @@ spec: type: object type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path the Azure auth backend being configured - was mounted at. Defaults to azure. Unique name of the auth - backend to configure. + description: |- + The path the Azure auth backend being configured was + mounted at. Defaults to azure. + Unique name of the auth backend to configure. type: string environment: - description: 'The Azure cloud environment. Valid values: AzurePublicCloud, - AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults - to AzurePublicCloud. The Azure cloud environment. Valid values: - AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.' + description: |- + The Azure cloud environment. Valid values: + AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, + AzureGermanCloud. Defaults to AzurePublicCloud. + The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string resource: - description: The configured URL for the application registered - in Azure Active Directory. The configured URL for the application - registered in Azure Active Directory. + description: |- + The configured URL for the application registered in + Azure Active Directory. + The configured URL for the application registered in Azure Active Directory. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -214,9 +233,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -226,57 +246,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -286,17 +270,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -306,21 +292,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -335,21 +321,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -360,14 +347,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -396,29 +384,33 @@ spec: atProvider: properties: backend: - description: The path the Azure auth backend being configured - was mounted at. Defaults to azure. Unique name of the auth - backend to configure. + description: |- + The path the Azure auth backend being configured was + mounted at. Defaults to azure. + Unique name of the auth backend to configure. type: string environment: - description: 'The Azure cloud environment. Valid values: AzurePublicCloud, - AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. Defaults - to AzurePublicCloud. The Azure cloud environment. Valid values: - AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud.' + description: |- + The Azure cloud environment. Valid values: + AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, + AzureGermanCloud. Defaults to AzurePublicCloud. + The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string resource: - description: The configured URL for the application registered - in Azure Active Directory. The configured URL for the application - registered in Azure Active Directory. + description: |- + The configured URL for the application registered in + Azure Active Directory. + The configured URL for the application registered in Azure Active Directory. type: string type: object conditions: @@ -427,13 +419,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -444,8 +438,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -454,6 +449,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/azure.vault.upbound.io_authbackendroles.yaml b/package/crds/azure.vault.upbound.io_authbackendroles.yaml index a88bfd41..49fcfd1a 100644 --- a/package/crds/azure.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/azure.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.azure.vault.upbound.io spec: group: azure.vault.upbound.io @@ -38,14 +38,19 @@ spec: Azure auth backend roles in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -71,274 +77,308 @@ spec: description: Unique name of the auth backend to configure. type: string boundGroupIds: - description: If set, defines a constraint on the groups that can - perform the login operation that they should be using the group - ID specified by this field. The list of group ids that login - is restricted to. + description: |- + If set, defines a constraint on the groups + that can perform the login operation that they should be using the group + ID specified by this field. + The list of group ids that login is restricted to. items: type: string type: array boundLocations: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that the location in their - identity document must match the one specified by this field. + description: |- + If set, defines a constraint on the virtual machines + that can perform the login operation that the location in their identity + document must match the one specified by this field. The list of locations that login is restricted to. items: type: string type: array boundResourceGroups: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that they be associated - with the resource group that matches the value specified by - this field. The list of resource groups that login is restricted - to. + description: |- + If set, defines a constraint on the virtual + machines that can perform the login operation that they be associated with + the resource group that matches the value specified by this field. + The list of resource groups that login is restricted to. items: type: string type: array boundScaleSets: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that they must match the - scale set specified by this field. The list of scale set names - that the login is restricted to. + description: |- + If set, defines a constraint on the virtual + machines that can perform the login operation that they must match the scale set + specified by this field. + The list of scale set names that the login is restricted to. items: type: string type: array boundServicePrincipalIds: - description: If set, defines a constraint on the service principals - that can perform the login operation that they should be possess - the ids specified by this field. The list of Service Principal - IDs that login is restricted to. + description: |- + If set, defines a constraint on the + service principals that can perform the login operation that they should be possess + the ids specified by this field. + The list of Service Principal IDs that login is restricted to. items: type: string type: array boundSubscriptionIds: - description: If set, defines a constraint on the subscriptions - that can perform the login operation to ones which matches - the value specified by this field. The list of subscription - IDs that login is restricted to. + description: |- + If set, defines a constraint on the subscriptions + that can perform the login operation to ones which matches the value specified by this + field. + The list of subscription IDs that login is restricted to. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: description: Unique name of the auth backend to configure. type: string boundGroupIds: - description: If set, defines a constraint on the groups that can - perform the login operation that they should be using the group - ID specified by this field. The list of group ids that login - is restricted to. + description: |- + If set, defines a constraint on the groups + that can perform the login operation that they should be using the group + ID specified by this field. + The list of group ids that login is restricted to. items: type: string type: array boundLocations: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that the location in their - identity document must match the one specified by this field. + description: |- + If set, defines a constraint on the virtual machines + that can perform the login operation that the location in their identity + document must match the one specified by this field. The list of locations that login is restricted to. items: type: string type: array boundResourceGroups: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that they be associated - with the resource group that matches the value specified by - this field. The list of resource groups that login is restricted - to. + description: |- + If set, defines a constraint on the virtual + machines that can perform the login operation that they be associated with + the resource group that matches the value specified by this field. + The list of resource groups that login is restricted to. items: type: string type: array boundScaleSets: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that they must match the - scale set specified by this field. The list of scale set names - that the login is restricted to. + description: |- + If set, defines a constraint on the virtual + machines that can perform the login operation that they must match the scale set + specified by this field. + The list of scale set names that the login is restricted to. items: type: string type: array boundServicePrincipalIds: - description: If set, defines a constraint on the service principals - that can perform the login operation that they should be possess - the ids specified by this field. The list of Service Principal - IDs that login is restricted to. + description: |- + If set, defines a constraint on the + service principals that can perform the login operation that they should be possess + the ids specified by this field. + The list of Service Principal IDs that login is restricted to. items: type: string type: array boundSubscriptionIds: - description: If set, defines a constraint on the subscriptions - that can perform the login operation to ones which matches - the value specified by this field. The list of subscription - IDs that login is restricted to. + description: |- + If set, defines a constraint on the subscriptions + that can perform the login operation to ones which matches the value specified by this + field. + The list of subscription IDs that login is restricted to. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -351,9 +391,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -363,57 +404,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -423,17 +428,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -443,21 +450,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -472,21 +479,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -497,14 +505,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -533,123 +542,139 @@ spec: description: Unique name of the auth backend to configure. type: string boundGroupIds: - description: If set, defines a constraint on the groups that can - perform the login operation that they should be using the group - ID specified by this field. The list of group ids that login - is restricted to. + description: |- + If set, defines a constraint on the groups + that can perform the login operation that they should be using the group + ID specified by this field. + The list of group ids that login is restricted to. items: type: string type: array boundLocations: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that the location in their - identity document must match the one specified by this field. + description: |- + If set, defines a constraint on the virtual machines + that can perform the login operation that the location in their identity + document must match the one specified by this field. The list of locations that login is restricted to. items: type: string type: array boundResourceGroups: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that they be associated - with the resource group that matches the value specified by - this field. The list of resource groups that login is restricted - to. + description: |- + If set, defines a constraint on the virtual + machines that can perform the login operation that they be associated with + the resource group that matches the value specified by this field. + The list of resource groups that login is restricted to. items: type: string type: array boundScaleSets: - description: If set, defines a constraint on the virtual machines - that can perform the login operation that they must match the - scale set specified by this field. The list of scale set names - that the login is restricted to. + description: |- + If set, defines a constraint on the virtual + machines that can perform the login operation that they must match the scale set + specified by this field. + The list of scale set names that the login is restricted to. items: type: string type: array boundServicePrincipalIds: - description: If set, defines a constraint on the service principals - that can perform the login operation that they should be possess - the ids specified by this field. The list of Service Principal - IDs that login is restricted to. + description: |- + If set, defines a constraint on the + service principals that can perform the login operation that they should be possess + the ids specified by this field. + The list of Service Principal IDs that login is restricted to. items: type: string type: array boundSubscriptionIds: - description: If set, defines a constraint on the subscriptions - that can perform the login operation to ones which matches - the value specified by this field. The list of subscription - IDs that login is restricted to. + description: |- + If set, defines a constraint on the subscriptions + that can perform the login operation to ones which matches the value specified by this + field. + The list of subscription IDs that login is restricted to. items: type: string type: array id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object conditions: @@ -658,13 +683,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -675,8 +702,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -685,6 +713,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/azure.vault.upbound.io_secretbackendroles.yaml b/package/crds/azure.vault.upbound.io_secretbackendroles.yaml index 744f2308..c04c4be2 100644 --- a/package/crds/azure.vault.upbound.io_secretbackendroles.yaml +++ b/package/crds/azure.vault.upbound.io_secretbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendroles.azure.vault.upbound.io spec: group: azure.vault.upbound.io @@ -38,14 +38,19 @@ spec: Creates an azure secret backend role for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,11 +74,10 @@ spec: forProvider: properties: applicationObjectId: - description: Application Object ID for an existing service principal - that will be used instead of creating dynamic service principals. - If present, azure_roles and permanently_delete will be ignored. - Application Object ID for an existing service principal that - will be used instead of creating dynamic service principals. + description: |- + Application Object ID for an existing service principal that will + be used instead of creating dynamic service principals. If present, azure_roles and permanently_delete will be ignored. + Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. type: string azureGroups: description: List of Azure groups to be assigned to the generated @@ -97,79 +102,77 @@ spec: type: object type: array backend: - description: Path to the mounted Azure auth backend Unique name - of the auth backend to configure. + description: |- + Path to the mounted Azure auth backend + Unique name of the auth backend to configure. type: string description: description: Human-friendly description of the mount for the backend. type: string maxTtl: - description: – Specifies the maximum TTL for service principals - generated using this role. Accepts time suffixed strings ("1h") - or an integer number of seconds. Defaults to the system/engine - max TTL time. Human-friendly description of the mount for the - backend. + description: |- + – Specifies the maximum TTL for service principals generated using this role. Accepts time + suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time. + Human-friendly description of the mount for the backend. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string permanentlyDelete: - description: Indicates whether the applications and service principals - created by Vault will be permanently deleted when the corresponding - leases expire. Defaults to false. For Vault v1.12+. Indicates - whether the applications and service principals created by Vault - will be permanently deleted when the corresponding leases expire. + description: |- + Indicates whether the applications and service principals created by Vault will be permanently + deleted when the corresponding leases expire. Defaults to false. For Vault v1.12+. + Indicates whether the applications and service principals created by Vault will be permanently deleted when the corresponding leases expire. type: boolean role: - description: Name of the Azure role Name of the role to create + description: |- + Name of the Azure role + Name of the role to create type: string signInAudience: - description: 'Specifies the security principal types that are - allowed to sign in to the application. Valid values are: AzureADMyOrg, - AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. - Requires Vault 1.16+. Specifies the security principal types - that are allowed to sign in to the application. Valid values - are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, - PersonalMicrosoftAccount' + description: |- + Specifies the security principal types that are allowed to sign in to the application. + Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+. + Specifies the security principal types that are allowed to sign in to the application. Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount type: string tags: - description: '- A list of Azure tags to attach to an application. - Requires Vault 1.16+. Comma-separated strings of Azure tags - to attach to an application.' + description: |- + - A list of Azure tags to attach to an application. Requires Vault 1.16+. + Comma-separated strings of Azure tags to attach to an application. items: type: string type: array ttl: - description: – Specifies the default TTL for service principals - generated using this role. Accepts time suffixed strings ("1h") - or an integer number of seconds. Defaults to the system/engine - default TTL time. Human-friendly description of the mount for - the backend. + description: |- + – Specifies the default TTL for service principals generated using this role. + Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time. + Human-friendly description of the mount for the backend. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: applicationObjectId: - description: Application Object ID for an existing service principal - that will be used instead of creating dynamic service principals. - If present, azure_roles and permanently_delete will be ignored. - Application Object ID for an existing service principal that - will be used instead of creating dynamic service principals. + description: |- + Application Object ID for an existing service principal that will + be used instead of creating dynamic service principals. If present, azure_roles and permanently_delete will be ignored. + Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. type: string azureGroups: description: List of Azure groups to be assigned to the generated @@ -194,77 +197,76 @@ spec: type: object type: array backend: - description: Path to the mounted Azure auth backend Unique name - of the auth backend to configure. + description: |- + Path to the mounted Azure auth backend + Unique name of the auth backend to configure. type: string description: description: Human-friendly description of the mount for the backend. type: string maxTtl: - description: – Specifies the maximum TTL for service principals - generated using this role. Accepts time suffixed strings ("1h") - or an integer number of seconds. Defaults to the system/engine - max TTL time. Human-friendly description of the mount for the - backend. + description: |- + – Specifies the maximum TTL for service principals generated using this role. Accepts time + suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time. + Human-friendly description of the mount for the backend. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string permanentlyDelete: - description: Indicates whether the applications and service principals - created by Vault will be permanently deleted when the corresponding - leases expire. Defaults to false. For Vault v1.12+. Indicates - whether the applications and service principals created by Vault - will be permanently deleted when the corresponding leases expire. + description: |- + Indicates whether the applications and service principals created by Vault will be permanently + deleted when the corresponding leases expire. Defaults to false. For Vault v1.12+. + Indicates whether the applications and service principals created by Vault will be permanently deleted when the corresponding leases expire. type: boolean role: - description: Name of the Azure role Name of the role to create + description: |- + Name of the Azure role + Name of the role to create type: string signInAudience: - description: 'Specifies the security principal types that are - allowed to sign in to the application. Valid values are: AzureADMyOrg, - AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. - Requires Vault 1.16+. Specifies the security principal types - that are allowed to sign in to the application. Valid values - are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, - PersonalMicrosoftAccount' + description: |- + Specifies the security principal types that are allowed to sign in to the application. + Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+. + Specifies the security principal types that are allowed to sign in to the application. Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount type: string tags: - description: '- A list of Azure tags to attach to an application. - Requires Vault 1.16+. Comma-separated strings of Azure tags - to attach to an application.' + description: |- + - A list of Azure tags to attach to an application. Requires Vault 1.16+. + Comma-separated strings of Azure tags to attach to an application. items: type: string type: array ttl: - description: – Specifies the default TTL for service principals - generated using this role. Accepts time suffixed strings ("1h") - or an integer number of seconds. Defaults to the system/engine - default TTL time. Human-friendly description of the mount for - the backend. + description: |- + – Specifies the default TTL for service principals generated using this role. + Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time. + Human-friendly description of the mount for the backend. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -277,9 +279,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -289,57 +292,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -349,17 +316,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -369,21 +338,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -398,21 +367,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -423,14 +393,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -456,11 +427,10 @@ spec: atProvider: properties: applicationObjectId: - description: Application Object ID for an existing service principal - that will be used instead of creating dynamic service principals. - If present, azure_roles and permanently_delete will be ignored. - Application Object ID for an existing service principal that - will be used instead of creating dynamic service principals. + description: |- + Application Object ID for an existing service principal that will + be used instead of creating dynamic service principals. If present, azure_roles and permanently_delete will be ignored. + Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. type: string azureGroups: description: List of Azure groups to be assigned to the generated @@ -487,8 +457,9 @@ spec: type: object type: array backend: - description: Path to the mounted Azure auth backend Unique name - of the auth backend to configure. + description: |- + Path to the mounted Azure auth backend + Unique name of the auth backend to configure. type: string description: description: Human-friendly description of the mount for the backend. @@ -496,51 +467,48 @@ spec: id: type: string maxTtl: - description: – Specifies the maximum TTL for service principals - generated using this role. Accepts time suffixed strings ("1h") - or an integer number of seconds. Defaults to the system/engine - max TTL time. Human-friendly description of the mount for the - backend. + description: |- + – Specifies the maximum TTL for service principals generated using this role. Accepts time + suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time. + Human-friendly description of the mount for the backend. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string permanentlyDelete: - description: Indicates whether the applications and service principals - created by Vault will be permanently deleted when the corresponding - leases expire. Defaults to false. For Vault v1.12+. Indicates - whether the applications and service principals created by Vault - will be permanently deleted when the corresponding leases expire. + description: |- + Indicates whether the applications and service principals created by Vault will be permanently + deleted when the corresponding leases expire. Defaults to false. For Vault v1.12+. + Indicates whether the applications and service principals created by Vault will be permanently deleted when the corresponding leases expire. type: boolean role: - description: Name of the Azure role Name of the role to create + description: |- + Name of the Azure role + Name of the role to create type: string signInAudience: - description: 'Specifies the security principal types that are - allowed to sign in to the application. Valid values are: AzureADMyOrg, - AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. - Requires Vault 1.16+. Specifies the security principal types - that are allowed to sign in to the application. Valid values - are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, - PersonalMicrosoftAccount' + description: |- + Specifies the security principal types that are allowed to sign in to the application. + Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+. + Specifies the security principal types that are allowed to sign in to the application. Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount type: string tags: - description: '- A list of Azure tags to attach to an application. - Requires Vault 1.16+. Comma-separated strings of Azure tags - to attach to an application.' + description: |- + - A list of Azure tags to attach to an application. Requires Vault 1.16+. + Comma-separated strings of Azure tags to attach to an application. items: type: string type: array ttl: - description: – Specifies the default TTL for service principals - generated using this role. Accepts time suffixed strings ("1h") - or an integer number of seconds. Defaults to the system/engine - default TTL time. Human-friendly description of the mount for - the backend. + description: |- + – Specifies the default TTL for service principals generated using this role. + Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time. + Human-friendly description of the mount for the backend. type: string type: object conditions: @@ -549,13 +517,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -566,8 +536,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -576,6 +547,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/azure.vault.upbound.io_secretbackends.yaml b/package/crds/azure.vault.upbound.io_secretbackends.yaml index 49fd0edb..597b6884 100644 --- a/package/crds/azure.vault.upbound.io_secretbackends.yaml +++ b/package/crds/azure.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.azure.vault.upbound.io spec: group: azure.vault.upbound.io @@ -38,14 +38,19 @@ spec: an azure secret backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,9 +74,9 @@ spec: forProvider: properties: clientIdSecretRef: - description: The OAuth2 client id to connect to Azure. The client - id for credentials to query the Azure APIs. Currently read permissions - to query compute resources are required. + description: |- + The OAuth2 client id to connect to Azure. + The client id for credentials to query the Azure APIs. Currently read permissions to query compute resources are required. properties: key: description: The key to select. @@ -87,8 +93,9 @@ spec: - namespace type: object clientSecretSecretRef: - description: The OAuth2 client secret to connect to Azure. The - client secret for credentials to query the Azure APIs + description: |- + The OAuth2 client secret to connect to Azure. + The client secret for credentials to query the Azure APIs properties: key: description: The key to select. @@ -108,28 +115,32 @@ spec: description: Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean environment: - description: 'The Azure environment. The Azure cloud environment. - Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, - AzureGermanCloud.' + description: |- + The Azure environment. + The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Defaults to azure. Path to mount the backend at. + description: |- + The unique path this backend should be mounted at. Defaults to azure. + Path to mount the backend at. type: string subscriptionIdSecretRef: - description: The subscription id for the Azure Active Directory. + description: |- + The subscription id for the Azure Active Directory. The subscription id for the Azure Active Directory. properties: key: @@ -147,8 +158,9 @@ spec: - namespace type: object tenantIdSecretRef: - description: The tenant id for the Azure Active Directory. The - tenant id for the Azure Active Directory organization. + description: |- + The tenant id for the Azure Active Directory. + The tenant id for the Azure Active Directory organization. properties: key: description: The key to select. @@ -165,75 +177,80 @@ spec: - namespace type: object useMicrosoftGraphApi: - description: Indicates whether the secrets engine should use the - Microsoft Graph API. This parameter has been deprecated and - will be ignored in vault-1.12+. For more information, please - refer to the Vault docs Use the Microsoft Graph API. Should - be set to true on vault-1.10+ + description: |- + Indicates whether the secrets engine should use + the Microsoft Graph API. This parameter has been deprecated and will be ignored in vault-1.12+. + For more information, please refer to the Vault docs + Use the Microsoft Graph API. Should be set to true on vault-1.10+ type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: description: description: Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean environment: - description: 'The Azure environment. The Azure cloud environment. - Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, - AzureGermanCloud.' + description: |- + The Azure environment. + The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Defaults to azure. Path to mount the backend at. + description: |- + The unique path this backend should be mounted at. Defaults to azure. + Path to mount the backend at. type: string useMicrosoftGraphApi: - description: Indicates whether the secrets engine should use the - Microsoft Graph API. This parameter has been deprecated and - will be ignored in vault-1.12+. For more information, please - refer to the Vault docs Use the Microsoft Graph API. Should - be set to true on vault-1.10+ + description: |- + Indicates whether the secrets engine should use + the Microsoft Graph API. This parameter has been deprecated and will be ignored in vault-1.12+. + For more information, please refer to the Vault docs + Use the Microsoft Graph API. Should be set to true on vault-1.10+ type: boolean type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -246,45 +263,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -294,21 +276,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -318,17 +300,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -338,21 +322,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -367,21 +351,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -392,14 +377,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -430,34 +416,37 @@ spec: description: Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean environment: - description: 'The Azure environment. The Azure cloud environment. - Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, - AzureGermanCloud.' + description: |- + The Azure environment. + The Azure cloud environment. Valid values: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Defaults to azure. Path to mount the backend at. + description: |- + The unique path this backend should be mounted at. Defaults to azure. + Path to mount the backend at. type: string useMicrosoftGraphApi: - description: Indicates whether the secrets engine should use the - Microsoft Graph API. This parameter has been deprecated and - will be ignored in vault-1.12+. For more information, please - refer to the Vault docs Use the Microsoft Graph API. Should - be set to true on vault-1.10+ + description: |- + Indicates whether the secrets engine should use + the Microsoft Graph API. This parameter has been deprecated and will be ignored in vault-1.12+. + For more information, please refer to the Vault docs + Use the Microsoft Graph API. Should be set to true on vault-1.10+ type: boolean type: object conditions: @@ -466,13 +455,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -483,8 +474,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -493,6 +485,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/cert.vault.upbound.io_authbackendroles.yaml b/package/crds/cert.vault.upbound.io_authbackendroles.yaml index 90933629..1a22c55e 100644 --- a/package/crds/cert.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/cert.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.cert.vault.upbound.io spec: group: cert.vault.upbound.io @@ -38,14 +38,19 @@ spec: value> properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -171,17 +177,18 @@ spec: type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedCommonNames: items: @@ -289,20 +296,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -315,9 +323,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -327,57 +336,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -387,17 +360,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -407,21 +382,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -436,21 +411,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -461,14 +437,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -608,13 +585,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -625,8 +604,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -635,6 +615,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/consul.vault.upbound.io_secretbackendroles.yaml b/package/crds/consul.vault.upbound.io_secretbackendroles.yaml index c0495c66..f6258b16 100644 --- a/package/crds/consul.vault.upbound.io_secretbackendroles.yaml +++ b/package/crds/consul.vault.upbound.io_secretbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendroles.consul.vault.upbound.io spec: group: consul.vault.upbound.io @@ -38,14 +38,19 @@ spec: Manages a Consul secrets role for a Consul secrets engine in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,221 +74,225 @@ spec: forProvider: properties: backend: - description: The unique name of an existing Consul secrets backend - mount. Must not begin or end with a /. One of path or backend - is required. The path of the Consul Secret Backend the role - belongs to. + description: |- + The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required. + The path of the Consul Secret Backend the role belongs to. type: string consulNamespace: - description: The Consul namespace that the token will be created - in. Applicable for Vault 1.10+ and Consul 1.7+". The Consul - namespace that the token will be created in. Applicable for - Vault 1.10+ and Consul 1.7+ + description: |- + The Consul namespace that the token will be created in. + Applicable for Vault 1.10+ and Consul 1.7+". + The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+ type: string consulPolicies: - description: SEE NOTE The list of Consul ACL policies to associate - with these roles. List of Consul policies to associate with - this role + description: |- + SEE NOTE The list of Consul ACL policies to associate with these roles. + List of Consul policies to associate with this role items: type: string type: array consulRoles: - description: SEE NOTE Set of Consul roles to attach to the token. - Applicable for Vault 1.10+ with Consul 1.5+. Set of Consul roles - to attach to the token. Applicable for Vault 1.10+ with Consul - 1.5+ + description: |- + SEE NOTE Set of Consul roles to attach to the token. + Applicable for Vault 1.10+ with Consul 1.5+. + Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+ items: type: string type: array local: - description: Indicates that the token should not be replicated - globally and instead be local to the current datacenter. Indicates - that the token should not be replicated globally and instead - be local to the current datacenter. + description: |- + Indicates that the token should not be replicated globally and instead be local to the current datacenter. + Indicates that the token should not be replicated globally and instead be local to the current datacenter. type: boolean maxTtl: - description: Maximum TTL for leases associated with this role, - in seconds. Maximum TTL for leases associated with this role, - in seconds. + description: |- + Maximum TTL for leases associated with this role, in seconds. + Maximum TTL for leases associated with this role, in seconds. type: number name: - description: The name of the Consul secrets engine role to create. - The name of an existing role against which to create this Consul - credential + description: |- + The name of the Consul secrets engine role to create. + The name of an existing role against which to create this Consul credential type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string nodeIdentities: - description: SEE NOTE Set of Consul node identities to attach - to the token. Applicable for Vault 1.11+ with Consul 1.8+. Set - of Consul node identities to attach to the token. Applicable - for Vault 1.11+ with Consul 1.8+ + description: |- + SEE NOTE Set of Consul node + identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+. + Set of Consul node identities to attach to + the token. Applicable for Vault 1.11+ with Consul 1.8+ items: type: string type: array partition: - description: The admin partition that the token will be created - in. Applicable for Vault 1.10+ and Consul 1.11+". The Consul - admin partition that the token will be created in. Applicable - for Vault 1.10+ and Consul 1.11+ + description: |- + The admin partition that the token will be created in. + Applicable for Vault 1.10+ and Consul 1.11+". + The Consul admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+ type: string policies: - description: 'The list of Consul ACL policies to associate with - these roles. NOTE: The new parameter consul_policies should - be used in favor of this. This parameter, policies, remains - supported for legacy users, but Vault has deprecated this field. - List of Consul policies to associate with this role' + description: |- + The list of Consul ACL policies to associate with these roles. + NOTE: The new parameter consul_policies should be used in favor of this. This parameter, + policies, remains supported for legacy users, but Vault has deprecated this field. + List of Consul policies to associate with this role items: type: string type: array serviceIdentities: - description: SEE NOTE Set of Consul service identities to attach - to the token. Applicable for Vault 1.11+ with Consul 1.5+. Set - of Consul service identities to attach to the token. Applicable - for Vault 1.11+ with Consul 1.5+ + description: |- + SEE NOTE Set of Consul + service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+. + Set of Consul service identities to attach to + the token. Applicable for Vault 1.11+ with Consul 1.5+ items: type: string type: array tokenType: - description: 'Specifies the type of token to create when using - this role. Valid values are "client" or "management". Deprecated: - Consul 1.11 and later removed the legacy ACL system which supported - this field. Specifies the type of token to create when using - this role. Valid values are "client" or "management".' + description: |- + Specifies the type of token to create when using this role. Valid values are "client" or "management". + Deprecated: Consul 1.11 and later removed the legacy ACL system which supported this field. + Specifies the type of token to create when using this role. Valid values are "client" or "management". type: string ttl: - description: Specifies the TTL for this role. Specifies the TTL - for this role. + description: |- + Specifies the TTL for this role. + Specifies the TTL for this role. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The unique name of an existing Consul secrets backend - mount. Must not begin or end with a /. One of path or backend - is required. The path of the Consul Secret Backend the role - belongs to. + description: |- + The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required. + The path of the Consul Secret Backend the role belongs to. type: string consulNamespace: - description: The Consul namespace that the token will be created - in. Applicable for Vault 1.10+ and Consul 1.7+". The Consul - namespace that the token will be created in. Applicable for - Vault 1.10+ and Consul 1.7+ + description: |- + The Consul namespace that the token will be created in. + Applicable for Vault 1.10+ and Consul 1.7+". + The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+ type: string consulPolicies: - description: SEE NOTE The list of Consul ACL policies to associate - with these roles. List of Consul policies to associate with - this role + description: |- + SEE NOTE The list of Consul ACL policies to associate with these roles. + List of Consul policies to associate with this role items: type: string type: array consulRoles: - description: SEE NOTE Set of Consul roles to attach to the token. - Applicable for Vault 1.10+ with Consul 1.5+. Set of Consul roles - to attach to the token. Applicable for Vault 1.10+ with Consul - 1.5+ + description: |- + SEE NOTE Set of Consul roles to attach to the token. + Applicable for Vault 1.10+ with Consul 1.5+. + Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+ items: type: string type: array local: - description: Indicates that the token should not be replicated - globally and instead be local to the current datacenter. Indicates - that the token should not be replicated globally and instead - be local to the current datacenter. + description: |- + Indicates that the token should not be replicated globally and instead be local to the current datacenter. + Indicates that the token should not be replicated globally and instead be local to the current datacenter. type: boolean maxTtl: - description: Maximum TTL for leases associated with this role, - in seconds. Maximum TTL for leases associated with this role, - in seconds. + description: |- + Maximum TTL for leases associated with this role, in seconds. + Maximum TTL for leases associated with this role, in seconds. type: number name: - description: The name of the Consul secrets engine role to create. - The name of an existing role against which to create this Consul - credential + description: |- + The name of the Consul secrets engine role to create. + The name of an existing role against which to create this Consul credential type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string nodeIdentities: - description: SEE NOTE Set of Consul node identities to attach - to the token. Applicable for Vault 1.11+ with Consul 1.8+. Set - of Consul node identities to attach to the token. Applicable - for Vault 1.11+ with Consul 1.8+ + description: |- + SEE NOTE Set of Consul node + identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+. + Set of Consul node identities to attach to + the token. Applicable for Vault 1.11+ with Consul 1.8+ items: type: string type: array partition: - description: The admin partition that the token will be created - in. Applicable for Vault 1.10+ and Consul 1.11+". The Consul - admin partition that the token will be created in. Applicable - for Vault 1.10+ and Consul 1.11+ + description: |- + The admin partition that the token will be created in. + Applicable for Vault 1.10+ and Consul 1.11+". + The Consul admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+ type: string policies: - description: 'The list of Consul ACL policies to associate with - these roles. NOTE: The new parameter consul_policies should - be used in favor of this. This parameter, policies, remains - supported for legacy users, but Vault has deprecated this field. - List of Consul policies to associate with this role' + description: |- + The list of Consul ACL policies to associate with these roles. + NOTE: The new parameter consul_policies should be used in favor of this. This parameter, + policies, remains supported for legacy users, but Vault has deprecated this field. + List of Consul policies to associate with this role items: type: string type: array serviceIdentities: - description: SEE NOTE Set of Consul service identities to attach - to the token. Applicable for Vault 1.11+ with Consul 1.5+. Set - of Consul service identities to attach to the token. Applicable - for Vault 1.11+ with Consul 1.5+ + description: |- + SEE NOTE Set of Consul + service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+. + Set of Consul service identities to attach to + the token. Applicable for Vault 1.11+ with Consul 1.5+ items: type: string type: array tokenType: - description: 'Specifies the type of token to create when using - this role. Valid values are "client" or "management". Deprecated: - Consul 1.11 and later removed the legacy ACL system which supported - this field. Specifies the type of token to create when using - this role. Valid values are "client" or "management".' + description: |- + Specifies the type of token to create when using this role. Valid values are "client" or "management". + Deprecated: Consul 1.11 and later removed the legacy ACL system which supported this field. + Specifies the type of token to create when using this role. Valid values are "client" or "management". type: string ttl: - description: Specifies the TTL for this role. Specifies the TTL - for this role. + description: |- + Specifies the TTL for this role. + Specifies the TTL for this role. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -295,9 +305,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -307,57 +318,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -367,17 +342,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -387,21 +364,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -416,21 +393,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -441,14 +419,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -474,98 +453,99 @@ spec: atProvider: properties: backend: - description: The unique name of an existing Consul secrets backend - mount. Must not begin or end with a /. One of path or backend - is required. The path of the Consul Secret Backend the role - belongs to. + description: |- + The unique name of an existing Consul secrets backend mount. Must not begin or end with a /. One of path or backend is required. + The path of the Consul Secret Backend the role belongs to. type: string consulNamespace: - description: The Consul namespace that the token will be created - in. Applicable for Vault 1.10+ and Consul 1.7+". The Consul - namespace that the token will be created in. Applicable for - Vault 1.10+ and Consul 1.7+ + description: |- + The Consul namespace that the token will be created in. + Applicable for Vault 1.10+ and Consul 1.7+". + The Consul namespace that the token will be created in. Applicable for Vault 1.10+ and Consul 1.7+ type: string consulPolicies: - description: SEE NOTE The list of Consul ACL policies to associate - with these roles. List of Consul policies to associate with - this role + description: |- + SEE NOTE The list of Consul ACL policies to associate with these roles. + List of Consul policies to associate with this role items: type: string type: array consulRoles: - description: SEE NOTE Set of Consul roles to attach to the token. - Applicable for Vault 1.10+ with Consul 1.5+. Set of Consul roles - to attach to the token. Applicable for Vault 1.10+ with Consul - 1.5+ + description: |- + SEE NOTE Set of Consul roles to attach to the token. + Applicable for Vault 1.10+ with Consul 1.5+. + Set of Consul roles to attach to the token. Applicable for Vault 1.10+ with Consul 1.5+ items: type: string type: array id: type: string local: - description: Indicates that the token should not be replicated - globally and instead be local to the current datacenter. Indicates - that the token should not be replicated globally and instead - be local to the current datacenter. + description: |- + Indicates that the token should not be replicated globally and instead be local to the current datacenter. + Indicates that the token should not be replicated globally and instead be local to the current datacenter. type: boolean maxTtl: - description: Maximum TTL for leases associated with this role, - in seconds. Maximum TTL for leases associated with this role, - in seconds. + description: |- + Maximum TTL for leases associated with this role, in seconds. + Maximum TTL for leases associated with this role, in seconds. type: number name: - description: The name of the Consul secrets engine role to create. - The name of an existing role against which to create this Consul - credential + description: |- + The name of the Consul secrets engine role to create. + The name of an existing role against which to create this Consul credential type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string nodeIdentities: - description: SEE NOTE Set of Consul node identities to attach - to the token. Applicable for Vault 1.11+ with Consul 1.8+. Set - of Consul node identities to attach to the token. Applicable - for Vault 1.11+ with Consul 1.8+ + description: |- + SEE NOTE Set of Consul node + identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.8+. + Set of Consul node identities to attach to + the token. Applicable for Vault 1.11+ with Consul 1.8+ items: type: string type: array partition: - description: The admin partition that the token will be created - in. Applicable for Vault 1.10+ and Consul 1.11+". The Consul - admin partition that the token will be created in. Applicable - for Vault 1.10+ and Consul 1.11+ + description: |- + The admin partition that the token will be created in. + Applicable for Vault 1.10+ and Consul 1.11+". + The Consul admin partition that the token will be created in. Applicable for Vault 1.10+ and Consul 1.11+ type: string policies: - description: 'The list of Consul ACL policies to associate with - these roles. NOTE: The new parameter consul_policies should - be used in favor of this. This parameter, policies, remains - supported for legacy users, but Vault has deprecated this field. - List of Consul policies to associate with this role' + description: |- + The list of Consul ACL policies to associate with these roles. + NOTE: The new parameter consul_policies should be used in favor of this. This parameter, + policies, remains supported for legacy users, but Vault has deprecated this field. + List of Consul policies to associate with this role items: type: string type: array serviceIdentities: - description: SEE NOTE Set of Consul service identities to attach - to the token. Applicable for Vault 1.11+ with Consul 1.5+. Set - of Consul service identities to attach to the token. Applicable - for Vault 1.11+ with Consul 1.5+ + description: |- + SEE NOTE Set of Consul + service identities to attach to the token. Applicable for Vault 1.11+ with Consul 1.5+. + Set of Consul service identities to attach to + the token. Applicable for Vault 1.11+ with Consul 1.5+ items: type: string type: array tokenType: - description: 'Specifies the type of token to create when using - this role. Valid values are "client" or "management". Deprecated: - Consul 1.11 and later removed the legacy ACL system which supported - this field. Specifies the type of token to create when using - this role. Valid values are "client" or "management".' + description: |- + Specifies the type of token to create when using this role. Valid values are "client" or "management". + Deprecated: Consul 1.11 and later removed the legacy ACL system which supported this field. + Specifies the type of token to create when using this role. Valid values are "client" or "management". type: string ttl: - description: Specifies the TTL for this role. Specifies the TTL - for this role. + description: |- + Specifies the TTL for this role. + Specifies the TTL for this role. type: number type: object conditions: @@ -574,13 +554,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -591,8 +573,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -601,6 +584,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/consul.vault.upbound.io_secretbackends.yaml b/package/crds/consul.vault.upbound.io_secretbackends.yaml index 7f547f53..73e42018 100644 --- a/package/crds/consul.vault.upbound.io_secretbackends.yaml +++ b/package/crds/consul.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.consul.vault.upbound.io spec: group: consul.vault.upbound.io @@ -38,14 +38,19 @@ spec: a Consul secret backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,27 +74,25 @@ spec: forProvider: properties: address: - description: Specifies the address of the Consul instance, provided - as "host:port" like "127.0.0.1:8500". Specifies the address - of the Consul instance, provided as "host:port" like "127.0.0.1:8500". + description: |- + Specifies the address of the Consul instance, provided as "host:port" like "127.0.0.1:8500". + Specifies the address of the Consul instance, provided as "host:port" like "127.0.0.1:8500". type: string bootstrap: - description: Denotes that the resource is used to bootstrap the - Consul ACL system. Denotes a backend resource that is used to - bootstrap the Consul ACL system. Only one resource may be used - to bootstrap. + description: |- + Denotes that the resource is used to bootstrap the Consul ACL system. + Denotes a backend resource that is used to bootstrap the Consul ACL system. Only one resource may be used to bootstrap. type: boolean caCert: - description: CA certificate to use when verifying Consul server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying Consul server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded. + CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded. type: string clientCertSecretRef: - description: Client certificate used for Consul's TLS communication, - must be x509 PEM encoded and if this is set you need to also - set client_key. Client certificate used for Consul's TLS communication, - must be x509 PEM encoded and if this is set you need to also - set client_key. + description: |- + Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if + this is set you need to also set client_key. + Client certificate used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key. properties: key: description: The key to select. @@ -105,11 +109,10 @@ spec: - namespace type: object clientKeySecretRef: - description: Client key used for Consul's TLS communication, must - be x509 PEM encoded and if this is set you need to also set - client_cert. Client key used for Consul's TLS communication, - must be x509 PEM encoded and if this is set you need to also - set client_cert. + description: |- + Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set + you need to also set client_cert. + Client key used for Consul's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert. properties: key: description: The key to select. @@ -126,48 +129,56 @@ spec: - namespace type: object defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean local: - description: Specifies if the secret backend is local only. Specifies - if the secret backend is local only + description: |- + Specifies if the secret backend is local only. + Specifies if the secret backend is local only type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique location this backend should be mounted - at. Must not begin or end with a /. Defaults to consul. Unique - name of the Vault Consul mount to configure + description: |- + The unique location this backend should be mounted at. Must not begin or end with a /. Defaults + to consul. + Unique name of the Vault Consul mount to configure type: string scheme: - description: Specifies the URL scheme to use. Defaults to http. + description: |- + Specifies the URL scheme to use. Defaults to http. Specifies the URL scheme to use. Defaults to "http". type: string tokenSecretRef: - description: The Consul management token this backend should use - to issue new tokens. This field is required when bootstrap is - false. Specifies the Consul token to use when managing or issuing - new tokens. + description: |- + The Consul management token this backend should use to issue new tokens. This field is required + when bootstrap is false. + Specifies the Consul token to use when managing or issuing new tokens. properties: key: description: The key to select. @@ -185,90 +196,99 @@ spec: type: object type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: address: - description: Specifies the address of the Consul instance, provided - as "host:port" like "127.0.0.1:8500". Specifies the address - of the Consul instance, provided as "host:port" like "127.0.0.1:8500". + description: |- + Specifies the address of the Consul instance, provided as "host:port" like "127.0.0.1:8500". + Specifies the address of the Consul instance, provided as "host:port" like "127.0.0.1:8500". type: string bootstrap: - description: Denotes that the resource is used to bootstrap the - Consul ACL system. Denotes a backend resource that is used to - bootstrap the Consul ACL system. Only one resource may be used - to bootstrap. + description: |- + Denotes that the resource is used to bootstrap the Consul ACL system. + Denotes a backend resource that is used to bootstrap the Consul ACL system. Only one resource may be used to bootstrap. type: boolean caCert: - description: CA certificate to use when verifying Consul server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying Consul server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded. + CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded. type: string defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean local: - description: Specifies if the secret backend is local only. Specifies - if the secret backend is local only + description: |- + Specifies if the secret backend is local only. + Specifies if the secret backend is local only type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique location this backend should be mounted - at. Must not begin or end with a /. Defaults to consul. Unique - name of the Vault Consul mount to configure + description: |- + The unique location this backend should be mounted at. Must not begin or end with a /. Defaults + to consul. + Unique name of the Vault Consul mount to configure type: string scheme: - description: Specifies the URL scheme to use. Defaults to http. + description: |- + Specifies the URL scheme to use. Defaults to http. Specifies the URL scheme to use. Defaults to "http". type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -281,9 +301,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -293,57 +314,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -353,17 +338,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -373,21 +360,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -402,21 +389,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -427,14 +415,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -460,59 +449,66 @@ spec: atProvider: properties: address: - description: Specifies the address of the Consul instance, provided - as "host:port" like "127.0.0.1:8500". Specifies the address - of the Consul instance, provided as "host:port" like "127.0.0.1:8500". + description: |- + Specifies the address of the Consul instance, provided as "host:port" like "127.0.0.1:8500". + Specifies the address of the Consul instance, provided as "host:port" like "127.0.0.1:8500". type: string bootstrap: - description: Denotes that the resource is used to bootstrap the - Consul ACL system. Denotes a backend resource that is used to - bootstrap the Consul ACL system. Only one resource may be used - to bootstrap. + description: |- + Denotes that the resource is used to bootstrap the Consul ACL system. + Denotes a backend resource that is used to bootstrap the Consul ACL system. Only one resource may be used to bootstrap. type: boolean caCert: - description: CA certificate to use when verifying Consul server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying Consul server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded. + CA certificate to use when verifying Consul server certificate, must be x509 PEM encoded. type: string defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean id: type: string local: - description: Specifies if the secret backend is local only. Specifies - if the secret backend is local only + description: |- + Specifies if the secret backend is local only. + Specifies if the secret backend is local only type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique location this backend should be mounted - at. Must not begin or end with a /. Defaults to consul. Unique - name of the Vault Consul mount to configure + description: |- + The unique location this backend should be mounted at. Must not begin or end with a /. Defaults + to consul. + Unique name of the Vault Consul mount to configure type: string scheme: - description: Specifies the URL scheme to use. Defaults to http. + description: |- + Specifies the URL scheme to use. Defaults to http. Specifies the URL scheme to use. Defaults to "http". type: string type: object @@ -522,13 +518,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -539,8 +537,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -549,6 +548,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/database.vault.upbound.io_secretbackendconnections.yaml b/package/crds/database.vault.upbound.io_secretbackendconnections.yaml index 92085066..1e77794d 100644 --- a/package/crds/database.vault.upbound.io_secretbackendconnections.yaml +++ b/package/crds/database.vault.upbound.io_secretbackendconnections.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendconnections.database.vault.upbound.io spec: group: database.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Configures a database secret backend connection for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -69,40 +75,47 @@ spec: forProvider: properties: allowedRoles: - description: A list of roles that are allowed to use this connection. + description: |- + A list of roles that are allowed to use this + connection. A list of roles that are allowed to use this connection. items: type: string type: array backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. Unique name of the Vault mount to configure. type: string cassandra: - description: A nested block containing configuration options for - Cassandra connections. Connection parameters for the cassandra-database-plugin - plugin. + description: |- + A nested block containing configuration options for Cassandra connections. + Connection parameters for the cassandra-database-plugin plugin. items: properties: connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number hosts: - description: The hosts to connect to. Cassandra hosts to - connect to. + description: |- + The hosts to connect to. + Cassandra hosts to connect to. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean passwordSecretRef: - description: The password to authenticate with. The password - to use when authenticating with Cassandra. + description: |- + The password to authenticate with. + The password to use when authenticating with Cassandra. properties: key: description: The key to select. @@ -119,10 +132,10 @@ spec: - namespace type: object pemBundleSecretRef: - description: Concatenated PEM blocks configuring the certificate - chain. Concatenated PEM blocks containing a certificate - and private key; a certificate, private key, and issuing - CA certificate; or just a CA certificate. + description: |- + Concatenated PEM blocks configuring the certificate + chain. + Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate. properties: key: description: The key to select. @@ -139,10 +152,9 @@ spec: - namespace type: object pemJsonSecretRef: - description: A JSON structure configuring the certificate - chain. Specifies JSON containing a certificate and private - key; a certificate, private key, and issuing CA certificate; - or just a CA certificate. + description: |- + A JSON structure configuring the certificate chain. + Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate. properties: key: description: The key to select. @@ -159,36 +171,38 @@ spec: - namespace type: object port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Cassandra. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Cassandra. type: number protocolVersion: - description: The CQL protocol version to use. The CQL protocol - version to use. + description: |- + The CQL protocol version to use. + The CQL protocol version to use. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Cassandra. type: boolean username: - description: The username to authenticate with. The username - to use when authenticating with Cassandra. + description: |- + The username to authenticate with. + The username to use when authenticating with Cassandra. type: string type: object type: array couchbase: - description: A nested block containing configuration options for - Couchbase connections. Connection parameters for the couchbase-database-plugin - plugin. + description: |- + A nested block containing configuration options for Couchbase connections. + Connection parameters for the couchbase-database-plugin plugin. items: properties: base64PemSecretRef: - description: Required if tls is true. Specifies the certificate - authority of the Couchbase server, as a PEM certificate - that has been base64 encoded. Required if `tls` is `true`. - Specifies the certificate authority of the Couchbase server, - as a PEM certificate that has been base64 encoded. + description: |- + Required if tls is true. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. + Required if `tls` is `true`. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. properties: key: description: The key to select. @@ -205,27 +219,27 @@ spec: - namespace type: object bucketName: - description: Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. + description: |- + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. type: string hosts: - description: The hosts to connect to. A set of Couchbase - URIs to connect to. Must use `couchbases://` scheme if - `tls` is `true`. + description: |- + The hosts to connect to. + A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean passwordSecretRef: - description: The password to authenticate with. Specifies - the password corresponding to the given username. + description: |- + The password to authenticate with. + Specifies the password corresponding to the given username. properties: key: description: The key to select. @@ -242,17 +256,19 @@ spec: - namespace type: object tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Couchbase. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string required: - passwordSecretRef @@ -261,45 +277,45 @@ spec: data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object elasticsearch: - description: A nested block containing configuration options for - Elasticsearch connections. Connection parameters for the elasticsearch-database-plugin. + description: |- + A nested block containing configuration options for Elasticsearch connections. + Connection parameters for the elasticsearch-database-plugin. items: properties: caCert: - description: The contents of a PEM-encoded CA cert file - to use to verify the Redis server's identity. The path - to a PEM-encoded CA cert file to use to verify the Elasticsearch - server's identity + description: |- + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity type: string caPath: - description: The path to a directory of PEM-encoded CA cert - files to use to verify the Elasticsearch server's identity. - The path to a directory of PEM-encoded CA cert files to - use to verify the Elasticsearch server's identity + description: |- + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity. + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity type: string clientCert: - description: The path to the certificate for the Elasticsearch - client to present for communication. The path to the certificate - for the Elasticsearch client to present for communication + description: |- + The path to the certificate for the Elasticsearch client to present for communication. + The path to the certificate for the Elasticsearch client to present for communication type: string clientKey: - description: The path to the key for the Elasticsearch client - to use for communication. The path to the key for the - Elasticsearch client to use for communication + description: |- + The path to the key for the Elasticsearch client to use for communication. + The path to the key for the Elasticsearch client to use for communication type: string insecure: - description: Whether to disable certificate verification. + description: |- + Whether to disable certificate verification. Whether to disable certificate verification type: boolean passwordSecretRef: - description: The password to authenticate with. The password - to be used in the connection URL + description: |- + The password to authenticate with. + The password to be used in the connection URL properties: key: description: The key to select. @@ -316,60 +332,70 @@ spec: - namespace type: object tlsServerName: - description: This, if set, is used to set the SNI host when - connecting via TLS. This, if set, is used to set the SNI - host when connecting via TLS + description: |- + This, if set, is used to set the SNI host when connecting via TLS. + This, if set, is used to set the SNI host when connecting via TLS type: string url: - description: The url to connect to including the port; e.g. - master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. + description: |- + The url to connect to including the port; e.g. master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. The URL for Elasticsearch's API type: string username: - description: The username to authenticate with. The username - to be used in the connection URL + description: |- + The username to authenticate with. + The username to be used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string required: - passwordSecretRef type: object type: array hana: - description: A nested block containing configuration options for - SAP HanaDB connections. Connection parameters for the hana-database-plugin - plugin. + description: |- + A nested block containing configuration options for SAP HanaDB connections. + Connection parameters for the hana-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -386,34 +412,39 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string type: object type: array influxdb: - description: A nested block containing configuration options for - InfluxDB connections. Connection parameters for the influxdb-database-plugin - plugin. + description: |- + A nested block containing configuration options for InfluxDB connections. + Connection parameters for the influxdb-database-plugin plugin. items: properties: connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number host: - description: The host to connect to. Influxdb host to connect - to. + description: |- + The host to connect to. + Influxdb host to connect to. type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean passwordSecretRef: - description: The password to authenticate with. Specifies - the password corresponding to the given username. + description: |- + The password to authenticate with. + Specifies the password corresponding to the given username. properties: key: description: The key to select. @@ -430,10 +461,10 @@ spec: - namespace type: object pemBundleSecretRef: - description: Concatenated PEM blocks configuring the certificate - chain. Concatenated PEM blocks containing a certificate - and private key; a certificate, private key, and issuing - CA certificate; or just a CA certificate. + description: |- + Concatenated PEM blocks configuring the certificate + chain. + Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate. properties: key: description: The key to select. @@ -450,10 +481,9 @@ spec: - namespace type: object pemJsonSecretRef: - description: A JSON structure configuring the certificate - chain. Specifies JSON containing a certificate and private - key; a certificate, private key, and issuing CA certificate; - or just a CA certificate. + description: |- + A JSON structure configuring the certificate chain. + Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate. properties: key: description: The key to select. @@ -470,54 +500,66 @@ spec: - namespace type: object port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Influxdb. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Influxdb. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Influxdb. type: boolean username: - description: The username to authenticate with. Specifies - the username to use for superuser access. + description: |- + The username to authenticate with. + Specifies the username to use for superuser access. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string required: - passwordSecretRef type: object type: array mongodb: - description: A nested block containing configuration options for - MongoDB connections. Connection parameters for the mongodb-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB connections. + Connection parameters for the mongodb-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -534,25 +576,27 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mongodbatlas: - description: A nested block containing configuration options for - MongoDB Atlas connections. Connection parameters for the mongodbatlas-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB Atlas connections. + Connection parameters for the mongodbatlas-database-plugin plugin. items: properties: privateKeySecretRef: - description: The Private Programmatic API Key used to connect - with MongoDB Atlas API. The Private Programmatic API Key - used to connect with MongoDB Atlas API. + description: |- + The Private Programmatic API Key used to connect with MongoDB Atlas API. + The Private Programmatic API Key used to connect with MongoDB Atlas API. properties: key: description: The key to select. @@ -569,57 +613,68 @@ spec: - namespace type: object projectId: - description: The Project ID the Database User should be - created within. The Project ID the Database User should - be created within. + description: |- + The Project ID the Database User should be created within. + The Project ID the Database User should be created within. type: string publicKey: - description: The Public Programmatic API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API - Key used to authenticate with the MongoDB Atlas API. + description: |- + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. type: string required: - privateKeySecretRef type: object type: array mssql: - description: A nested block containing configuration options for - MSSQL connections. Connection parameters for the mssql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MSSQL connections. + Connection parameters for the mssql-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string containedDb: - description: For Vault v1.9+. Set to true when the target - is a Contained Database, e.g. AzureSQL. See the Vault - docs Set to true when the target is a Contained Database, - e.g. AzureSQL. + description: |- + For Vault v1.9+. Set to true when the target is a + Contained Database, e.g. AzureSQL. + See the Vault + docs + Set to true when the target is a Contained Database, e.g. AzureSQL. type: boolean disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -636,47 +691,58 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysql: - description: A nested block containing configuration options for - MySQL connections. Connection parameters for the mysql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MySQL connections. + Connection parameters for the mysql-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -693,9 +759,9 @@ spec: - namespace type: object serviceAccountJsonSecretRef: - description: JSON encoding of an IAM access key. Requires - auth_type to be gcp_iam. A JSON encoded credential for - use with IAM authorization + description: |- + JSON encoding of an IAM access key. Requires auth_type to be gcp_iam. + A JSON encoded credential for use with IAM authorization properties: key: description: The key to select. @@ -712,17 +778,14 @@ spec: - namespace type: object tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string tlsCertificateKeySecretRef: - description: x509 certificate for connecting to the database. - This must be a PEM encoded version of the private key - and the certificate combined. x509 certificate for connecting - to the database. This must be a PEM encoded version of - the private key and the certificate combined. + description: |- + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. properties: key: description: The key to select. @@ -739,47 +802,58 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlAurora: - description: A nested block containing configuration options for - Aurora MySQL connections. Connection parameters for the mysql-aurora-database-plugin - plugin. + description: |- + A nested block containing configuration options for Aurora MySQL connections. + Connection parameters for the mysql-aurora-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -796,9 +870,9 @@ spec: - namespace type: object serviceAccountJsonSecretRef: - description: JSON encoding of an IAM access key. Requires - auth_type to be gcp_iam. A JSON encoded credential for - use with IAM authorization + description: |- + JSON encoding of an IAM access key. Requires auth_type to be gcp_iam. + A JSON encoded credential for use with IAM authorization properties: key: description: The key to select. @@ -815,17 +889,14 @@ spec: - namespace type: object tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string tlsCertificateKeySecretRef: - description: x509 certificate for connecting to the database. - This must be a PEM encoded version of the private key - and the certificate combined. x509 certificate for connecting - to the database. This must be a PEM encoded version of - the private key and the certificate combined. + description: |- + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. properties: key: description: The key to select. @@ -842,47 +913,58 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlLegacy: - description: A nested block containing configuration options for - legacy MySQL connections. Connection parameters for the mysql-legacy-database-plugin - plugin. + description: |- + A nested block containing configuration options for legacy MySQL connections. + Connection parameters for the mysql-legacy-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -899,9 +981,9 @@ spec: - namespace type: object serviceAccountJsonSecretRef: - description: JSON encoding of an IAM access key. Requires - auth_type to be gcp_iam. A JSON encoded credential for - use with IAM authorization + description: |- + JSON encoding of an IAM access key. Requires auth_type to be gcp_iam. + A JSON encoded credential for use with IAM authorization properties: key: description: The key to select. @@ -918,17 +1000,14 @@ spec: - namespace type: object tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string tlsCertificateKeySecretRef: - description: x509 certificate for connecting to the database. - This must be a PEM encoded version of the private key - and the certificate combined. x509 certificate for connecting - to the database. This must be a PEM encoded version of - the private key and the certificate combined. + description: |- + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. properties: key: description: The key to select. @@ -945,47 +1024,58 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlRds: - description: A nested block containing configuration options for - RDS MySQL connections. Connection parameters for the mysql-rds-database-plugin - plugin. + description: |- + A nested block containing configuration options for RDS MySQL connections. + Connection parameters for the mysql-rds-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1002,9 +1092,9 @@ spec: - namespace type: object serviceAccountJsonSecretRef: - description: JSON encoding of an IAM access key. Requires - auth_type to be gcp_iam. A JSON encoded credential for - use with IAM authorization + description: |- + JSON encoding of an IAM access key. Requires auth_type to be gcp_iam. + A JSON encoded credential for use with IAM authorization properties: key: description: The key to select. @@ -1021,17 +1111,14 @@ spec: - namespace type: object tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string tlsCertificateKeySecretRef: - description: x509 certificate for connecting to the database. - This must be a PEM encoded version of the private key - and the certificate combined. x509 certificate for connecting - to the database. This must be a PEM encoded version of - the private key and the certificate combined. + description: |- + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. properties: key: description: The key to select. @@ -1048,58 +1135,71 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array name: - description: A unique name to give the database connection. Name - of the database connection. + description: |- + A unique name to give the database connection. + Name of the database connection. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string oracle: - description: A nested block containing configuration options for - Oracle connections. Connection parameters for the oracle-database-plugin - plugin. + description: |- + A nested block containing configuration options for Oracle connections. + Connection parameters for the oracle-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disconnectSessions: - description: Enable the built-in session disconnect mechanism. - Set to true to disconnect any open sessions prior to running - the revocation statements. + description: |- + Enable the built-in session disconnect mechanism. + Set to true to disconnect any open sessions prior to running the revocation statements. type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1116,61 +1216,73 @@ spec: - namespace type: object splitStatements: - description: Enable spliting statements after semi-colons. + description: |- + Enable spliting statements after semi-colons. Set to true in order to split statements after semi-colons. type: boolean username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must be prefixed - with the name of one of the supported database engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string postgresql: - description: A nested block containing configuration options for - PostgreSQL connections. Connection parameters for the postgresql-database-plugin - plugin. + description: |- + A nested block containing configuration options for PostgreSQL connections. + Connection parameters for the postgresql-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1187,9 +1299,9 @@ spec: - namespace type: object serviceAccountJsonSecretRef: - description: JSON encoding of an IAM access key. Requires - auth_type to be gcp_iam. A JSON encoded credential for - use with IAM authorization + description: |- + JSON encoding of an IAM access key. Requires auth_type to be gcp_iam. + A JSON encoded credential for use with IAM authorization properties: key: description: The key to select. @@ -1206,39 +1318,43 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array redis: - description: A nested block containing configuration options for - Redis connections. Connection parameters for the redis-database-plugin - plugin. + description: |- + A nested block containing configuration options for Redis connections. + Connection parameters for the redis-database-plugin plugin. items: properties: caCert: - description: The contents of a PEM-encoded CA cert file - to use to verify the Redis server's identity. The contents - of a PEM-encoded CA cert file to use to verify the Redis - server's identity. + description: |- + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. type: string host: - description: The host to connect to. Specifies the host - to connect to + description: |- + The host to connect to. + Specifies the host to connect to type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean passwordSecretRef: - description: The password to authenticate with. Specifies - the password corresponding to the given username. + description: |- + The password to authenticate with. + Specifies the password corresponding to the given username. properties: key: description: The key to select. @@ -1255,32 +1371,35 @@ spec: - namespace type: object port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Redis. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Redis. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Redis. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string required: - passwordSecretRef type: object type: array redisElasticache: - description: A nested block containing configuration options for - Redis ElastiCache connections. Connection parameters for the - redis-elasticache-database-plugin plugin. + description: |- + A nested block containing configuration options for Redis ElastiCache connections. + Connection parameters for the redis-elasticache-database-plugin plugin. items: properties: passwordSecretRef: - description: The password to authenticate with. The AWS - secret key id to use to talk to ElastiCache. If omitted - the credentials chain provider is used instead. + description: |- + The password to authenticate with. + The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead. properties: key: description: The key to select. @@ -1297,22 +1416,19 @@ spec: - namespace type: object region: - description: The region where the ElastiCache cluster is - hosted. If omitted Vault tries to infer from the environment - instead. The AWS region where the ElastiCache cluster - is hosted. If omitted the plugin tries to infer the region - from the environment. + description: |- + The region where the ElastiCache cluster is hosted. If omitted Vault tries to infer from the environment instead. + The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment. type: string url: - description: The url to connect to including the port; e.g. - master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. - The configuration endpoint for the ElastiCache cluster - to connect to. + description: |- + The url to connect to including the port; e.g. master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. + The configuration endpoint for the ElastiCache cluster to connect to. type: string usernameSecretRef: - description: The username to authenticate with. The AWS - access key id to use to talk to ElastiCache. If omitted - the credentials chain provider is used instead. + description: |- + The username to authenticate with. + The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead. properties: key: description: The key to select. @@ -1336,31 +1452,40 @@ spec: items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1377,49 +1502,60 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array rootRotationStatements: - description: A list of database statements to be executed to rotate - the root user's credentials. A list of database statements to - be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array snowflake: - description: A nested block containing configuration options for - Snowflake connections. Connection parameters for the snowflake-database-plugin - plugin. + description: |- + A nested block containing configuration options for Snowflake connections. + Connection parameters for the snowflake-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1436,694 +1572,806 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array verifyConnection: - description: Whether the connection should be verified on initial - configuration or not. Specifies if the connection is verified - during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedRoles: - description: A list of roles that are allowed to use this connection. + description: |- + A list of roles that are allowed to use this + connection. A list of roles that are allowed to use this connection. items: type: string type: array backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. Unique name of the Vault mount to configure. type: string cassandra: - description: A nested block containing configuration options for - Cassandra connections. Connection parameters for the cassandra-database-plugin - plugin. + description: |- + A nested block containing configuration options for Cassandra connections. + Connection parameters for the cassandra-database-plugin plugin. items: properties: connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number hosts: - description: The hosts to connect to. Cassandra hosts to - connect to. + description: |- + The hosts to connect to. + Cassandra hosts to connect to. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Cassandra. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Cassandra. type: number protocolVersion: - description: The CQL protocol version to use. The CQL protocol - version to use. + description: |- + The CQL protocol version to use. + The CQL protocol version to use. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Cassandra. type: boolean username: - description: The username to authenticate with. The username - to use when authenticating with Cassandra. + description: |- + The username to authenticate with. + The username to use when authenticating with Cassandra. type: string type: object type: array couchbase: - description: A nested block containing configuration options for - Couchbase connections. Connection parameters for the couchbase-database-plugin - plugin. + description: |- + A nested block containing configuration options for Couchbase connections. + Connection parameters for the couchbase-database-plugin plugin. items: properties: bucketName: - description: Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. + description: |- + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. type: string hosts: - description: The hosts to connect to. A set of Couchbase - URIs to connect to. Must use `couchbases://` scheme if - `tls` is `true`. + description: |- + The hosts to connect to. + A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Couchbase. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string type: object type: array data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object elasticsearch: - description: A nested block containing configuration options for - Elasticsearch connections. Connection parameters for the elasticsearch-database-plugin. + description: |- + A nested block containing configuration options for Elasticsearch connections. + Connection parameters for the elasticsearch-database-plugin. items: properties: caCert: - description: The contents of a PEM-encoded CA cert file - to use to verify the Redis server's identity. The path - to a PEM-encoded CA cert file to use to verify the Elasticsearch - server's identity + description: |- + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity type: string caPath: - description: The path to a directory of PEM-encoded CA cert - files to use to verify the Elasticsearch server's identity. - The path to a directory of PEM-encoded CA cert files to - use to verify the Elasticsearch server's identity + description: |- + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity. + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity type: string clientCert: - description: The path to the certificate for the Elasticsearch - client to present for communication. The path to the certificate - for the Elasticsearch client to present for communication + description: |- + The path to the certificate for the Elasticsearch client to present for communication. + The path to the certificate for the Elasticsearch client to present for communication type: string clientKey: - description: The path to the key for the Elasticsearch client - to use for communication. The path to the key for the - Elasticsearch client to use for communication + description: |- + The path to the key for the Elasticsearch client to use for communication. + The path to the key for the Elasticsearch client to use for communication type: string insecure: - description: Whether to disable certificate verification. + description: |- + Whether to disable certificate verification. Whether to disable certificate verification type: boolean tlsServerName: - description: This, if set, is used to set the SNI host when - connecting via TLS. This, if set, is used to set the SNI - host when connecting via TLS + description: |- + This, if set, is used to set the SNI host when connecting via TLS. + This, if set, is used to set the SNI host when connecting via TLS type: string url: - description: The url to connect to including the port; e.g. - master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. + description: |- + The url to connect to including the port; e.g. master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. The URL for Elasticsearch's API type: string username: - description: The username to authenticate with. The username - to be used in the connection URL + description: |- + The username to authenticate with. + The username to be used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string type: object type: array hana: - description: A nested block containing configuration options for - SAP HanaDB connections. Connection parameters for the hana-database-plugin - plugin. + description: |- + A nested block containing configuration options for SAP HanaDB connections. + Connection parameters for the hana-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string type: object type: array influxdb: - description: A nested block containing configuration options for - InfluxDB connections. Connection parameters for the influxdb-database-plugin - plugin. + description: |- + A nested block containing configuration options for InfluxDB connections. + Connection parameters for the influxdb-database-plugin plugin. items: properties: connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number host: - description: The host to connect to. Influxdb host to connect - to. + description: |- + The host to connect to. + Influxdb host to connect to. type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Influxdb. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Influxdb. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Influxdb. type: boolean username: - description: The username to authenticate with. Specifies - the username to use for superuser access. + description: |- + The username to authenticate with. + Specifies the username to use for superuser access. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string type: object type: array mongodb: - description: A nested block containing configuration options for - MongoDB connections. Connection parameters for the mongodb-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB connections. + Connection parameters for the mongodb-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mongodbatlas: - description: A nested block containing configuration options for - MongoDB Atlas connections. Connection parameters for the mongodbatlas-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB Atlas connections. + Connection parameters for the mongodbatlas-database-plugin plugin. items: properties: projectId: - description: The Project ID the Database User should be - created within. The Project ID the Database User should - be created within. + description: |- + The Project ID the Database User should be created within. + The Project ID the Database User should be created within. type: string publicKey: - description: The Public Programmatic API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API - Key used to authenticate with the MongoDB Atlas API. + description: |- + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. type: string type: object type: array mssql: - description: A nested block containing configuration options for - MSSQL connections. Connection parameters for the mssql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MSSQL connections. + Connection parameters for the mssql-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string containedDb: - description: For Vault v1.9+. Set to true when the target - is a Contained Database, e.g. AzureSQL. See the Vault - docs Set to true when the target is a Contained Database, - e.g. AzureSQL. + description: |- + For Vault v1.9+. Set to true when the target is a + Contained Database, e.g. AzureSQL. + See the Vault + docs + Set to true when the target is a Contained Database, e.g. AzureSQL. type: boolean disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysql: - description: A nested block containing configuration options for - MySQL connections. Connection parameters for the mysql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MySQL connections. + Connection parameters for the mysql-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlAurora: - description: A nested block containing configuration options for - Aurora MySQL connections. Connection parameters for the mysql-aurora-database-plugin - plugin. + description: |- + A nested block containing configuration options for Aurora MySQL connections. + Connection parameters for the mysql-aurora-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlLegacy: - description: A nested block containing configuration options for - legacy MySQL connections. Connection parameters for the mysql-legacy-database-plugin - plugin. + description: |- + A nested block containing configuration options for legacy MySQL connections. + Connection parameters for the mysql-legacy-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlRds: - description: A nested block containing configuration options for - RDS MySQL connections. Connection parameters for the mysql-rds-database-plugin - plugin. + description: |- + A nested block containing configuration options for RDS MySQL connections. + Connection parameters for the mysql-rds-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array name: - description: A unique name to give the database connection. Name - of the database connection. + description: |- + A unique name to give the database connection. + Name of the database connection. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string oracle: - description: A nested block containing configuration options for - Oracle connections. Connection parameters for the oracle-database-plugin - plugin. + description: |- + A nested block containing configuration options for Oracle connections. + Connection parameters for the oracle-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disconnectSessions: - description: Enable the built-in session disconnect mechanism. - Set to true to disconnect any open sessions prior to running - the revocation statements. + description: |- + Enable the built-in session disconnect mechanism. + Set to true to disconnect any open sessions prior to running the revocation statements. type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number splitStatements: - description: Enable spliting statements after semi-colons. + description: |- + Enable spliting statements after semi-colons. Set to true in order to split statements after semi-colons. type: boolean username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must be prefixed - with the name of one of the supported database engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string postgresql: - description: A nested block containing configuration options for - PostgreSQL connections. Connection parameters for the postgresql-database-plugin - plugin. + description: |- + A nested block containing configuration options for PostgreSQL connections. + Connection parameters for the postgresql-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array redis: - description: A nested block containing configuration options for - Redis connections. Connection parameters for the redis-database-plugin - plugin. + description: |- + A nested block containing configuration options for Redis connections. + Connection parameters for the redis-database-plugin plugin. items: properties: caCert: - description: The contents of a PEM-encoded CA cert file - to use to verify the Redis server's identity. The contents - of a PEM-encoded CA cert file to use to verify the Redis - server's identity. + description: |- + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. type: string host: - description: The host to connect to. Specifies the host - to connect to + description: |- + The host to connect to. + Specifies the host to connect to type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Redis. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Redis. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Redis. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string type: object type: array redisElasticache: - description: A nested block containing configuration options for - Redis ElastiCache connections. Connection parameters for the - redis-elasticache-database-plugin plugin. + description: |- + A nested block containing configuration options for Redis ElastiCache connections. + Connection parameters for the redis-elasticache-database-plugin plugin. items: properties: region: - description: The region where the ElastiCache cluster is - hosted. If omitted Vault tries to infer from the environment - instead. The AWS region where the ElastiCache cluster - is hosted. If omitted the plugin tries to infer the region - from the environment. + description: |- + The region where the ElastiCache cluster is hosted. If omitted Vault tries to infer from the environment instead. + The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment. type: string url: - description: The url to connect to including the port; e.g. - master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. - The configuration endpoint for the ElastiCache cluster - to connect to. + description: |- + The url to connect to including the port; e.g. master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. + The configuration endpoint for the ElastiCache cluster to connect to. type: string type: object type: array @@ -2133,102 +2381,124 @@ spec: items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array rootRotationStatements: - description: A list of database statements to be executed to rotate - the root user's credentials. A list of database statements to - be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array snowflake: - description: A nested block containing configuration options for - Snowflake connections. Connection parameters for the snowflake-database-plugin - plugin. + description: |- + A nested block containing configuration options for Snowflake connections. + Connection parameters for the snowflake-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array verifyConnection: - description: Whether the connection should be verified on initial - configuration or not. Specifies if the connection is verified - during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -2241,9 +2511,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -2253,57 +2524,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -2313,17 +2548,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -2333,21 +2570,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -2362,21 +2599,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -2387,14 +2625,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -2425,667 +2664,775 @@ spec: atProvider: properties: allowedRoles: - description: A list of roles that are allowed to use this connection. + description: |- + A list of roles that are allowed to use this + connection. A list of roles that are allowed to use this connection. items: type: string type: array backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. Unique name of the Vault mount to configure. type: string cassandra: - description: A nested block containing configuration options for - Cassandra connections. Connection parameters for the cassandra-database-plugin - plugin. + description: |- + A nested block containing configuration options for Cassandra connections. + Connection parameters for the cassandra-database-plugin plugin. items: properties: connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number hosts: - description: The hosts to connect to. Cassandra hosts to - connect to. + description: |- + The hosts to connect to. + Cassandra hosts to connect to. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Cassandra. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Cassandra. type: number protocolVersion: - description: The CQL protocol version to use. The CQL protocol - version to use. + description: |- + The CQL protocol version to use. + The CQL protocol version to use. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Cassandra. type: boolean username: - description: The username to authenticate with. The username - to use when authenticating with Cassandra. + description: |- + The username to authenticate with. + The username to use when authenticating with Cassandra. type: string type: object type: array couchbase: - description: A nested block containing configuration options for - Couchbase connections. Connection parameters for the couchbase-database-plugin - plugin. + description: |- + A nested block containing configuration options for Couchbase connections. + Connection parameters for the couchbase-database-plugin plugin. items: properties: bucketName: - description: Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. + description: |- + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. type: string hosts: - description: The hosts to connect to. A set of Couchbase - URIs to connect to. Must use `couchbases://` scheme if - `tls` is `true`. + description: |- + The hosts to connect to. + A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Couchbase. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string type: object type: array data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object elasticsearch: - description: A nested block containing configuration options for - Elasticsearch connections. Connection parameters for the elasticsearch-database-plugin. + description: |- + A nested block containing configuration options for Elasticsearch connections. + Connection parameters for the elasticsearch-database-plugin. items: properties: caCert: - description: The contents of a PEM-encoded CA cert file - to use to verify the Redis server's identity. The path - to a PEM-encoded CA cert file to use to verify the Elasticsearch - server's identity + description: |- + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity type: string caPath: - description: The path to a directory of PEM-encoded CA cert - files to use to verify the Elasticsearch server's identity. - The path to a directory of PEM-encoded CA cert files to - use to verify the Elasticsearch server's identity + description: |- + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity. + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity type: string clientCert: - description: The path to the certificate for the Elasticsearch - client to present for communication. The path to the certificate - for the Elasticsearch client to present for communication + description: |- + The path to the certificate for the Elasticsearch client to present for communication. + The path to the certificate for the Elasticsearch client to present for communication type: string clientKey: - description: The path to the key for the Elasticsearch client - to use for communication. The path to the key for the - Elasticsearch client to use for communication + description: |- + The path to the key for the Elasticsearch client to use for communication. + The path to the key for the Elasticsearch client to use for communication type: string insecure: - description: Whether to disable certificate verification. + description: |- + Whether to disable certificate verification. Whether to disable certificate verification type: boolean tlsServerName: - description: This, if set, is used to set the SNI host when - connecting via TLS. This, if set, is used to set the SNI - host when connecting via TLS + description: |- + This, if set, is used to set the SNI host when connecting via TLS. + This, if set, is used to set the SNI host when connecting via TLS type: string url: - description: The url to connect to including the port; e.g. - master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. + description: |- + The url to connect to including the port; e.g. master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. The URL for Elasticsearch's API type: string username: - description: The username to authenticate with. The username - to be used in the connection URL + description: |- + The username to authenticate with. + The username to be used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string type: object type: array hana: - description: A nested block containing configuration options for - SAP HanaDB connections. Connection parameters for the hana-database-plugin - plugin. + description: |- + A nested block containing configuration options for SAP HanaDB connections. + Connection parameters for the hana-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string type: object type: array id: type: string influxdb: - description: A nested block containing configuration options for - InfluxDB connections. Connection parameters for the influxdb-database-plugin - plugin. + description: |- + A nested block containing configuration options for InfluxDB connections. + Connection parameters for the influxdb-database-plugin plugin. items: properties: connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number host: - description: The host to connect to. Influxdb host to connect - to. + description: |- + The host to connect to. + Influxdb host to connect to. type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Influxdb. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Influxdb. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Influxdb. type: boolean username: - description: The username to authenticate with. Specifies - the username to use for superuser access. + description: |- + The username to authenticate with. + Specifies the username to use for superuser access. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string type: object type: array mongodb: - description: A nested block containing configuration options for - MongoDB connections. Connection parameters for the mongodb-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB connections. + Connection parameters for the mongodb-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mongodbatlas: - description: A nested block containing configuration options for - MongoDB Atlas connections. Connection parameters for the mongodbatlas-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB Atlas connections. + Connection parameters for the mongodbatlas-database-plugin plugin. items: properties: projectId: - description: The Project ID the Database User should be - created within. The Project ID the Database User should - be created within. + description: |- + The Project ID the Database User should be created within. + The Project ID the Database User should be created within. type: string publicKey: - description: The Public Programmatic API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API - Key used to authenticate with the MongoDB Atlas API. + description: |- + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. type: string type: object type: array mssql: - description: A nested block containing configuration options for - MSSQL connections. Connection parameters for the mssql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MSSQL connections. + Connection parameters for the mssql-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string containedDb: - description: For Vault v1.9+. Set to true when the target - is a Contained Database, e.g. AzureSQL. See the Vault - docs Set to true when the target is a Contained Database, - e.g. AzureSQL. + description: |- + For Vault v1.9+. Set to true when the target is a + Contained Database, e.g. AzureSQL. + See the Vault + docs + Set to true when the target is a Contained Database, e.g. AzureSQL. type: boolean disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysql: - description: A nested block containing configuration options for - MySQL connections. Connection parameters for the mysql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MySQL connections. + Connection parameters for the mysql-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlAurora: - description: A nested block containing configuration options for - Aurora MySQL connections. Connection parameters for the mysql-aurora-database-plugin - plugin. + description: |- + A nested block containing configuration options for Aurora MySQL connections. + Connection parameters for the mysql-aurora-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlLegacy: - description: A nested block containing configuration options for - legacy MySQL connections. Connection parameters for the mysql-legacy-database-plugin - plugin. + description: |- + A nested block containing configuration options for legacy MySQL connections. + Connection parameters for the mysql-legacy-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array mysqlRds: - description: A nested block containing configuration options for - RDS MySQL connections. Connection parameters for the mysql-rds-database-plugin - plugin. + description: |- + A nested block containing configuration options for RDS MySQL connections. + Connection parameters for the mysql-rds-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array name: - description: A unique name to give the database connection. Name - of the database connection. + description: |- + A unique name to give the database connection. + Name of the database connection. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string oracle: - description: A nested block containing configuration options for - Oracle connections. Connection parameters for the oracle-database-plugin - plugin. + description: |- + A nested block containing configuration options for Oracle connections. + Connection parameters for the oracle-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disconnectSessions: - description: Enable the built-in session disconnect mechanism. - Set to true to disconnect any open sessions prior to running - the revocation statements. + description: |- + Enable the built-in session disconnect mechanism. + Set to true to disconnect any open sessions prior to running the revocation statements. type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number splitStatements: - description: Enable spliting statements after semi-colons. + description: |- + Enable spliting statements after semi-colons. Set to true in order to split statements after semi-colons. type: boolean username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must be prefixed - with the name of one of the supported database engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string postgresql: - description: A nested block containing configuration options for - PostgreSQL connections. Connection parameters for the postgresql-database-plugin - plugin. + description: |- + A nested block containing configuration options for PostgreSQL connections. + Connection parameters for the postgresql-database-plugin plugin. items: properties: authType: - description: Enable IAM authentication to a Google Cloud - instance when set to gcp_iam Specify alternative authorization - type. (Only 'gcp_iam' is valid currently) + description: |- + Enable IAM authentication to a Google Cloud instance when set to gcp_iam + Specify alternative authorization type. (Only 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array redis: - description: A nested block containing configuration options for - Redis connections. Connection parameters for the redis-database-plugin - plugin. + description: |- + A nested block containing configuration options for Redis connections. + Connection parameters for the redis-database-plugin plugin. items: properties: caCert: - description: The contents of a PEM-encoded CA cert file - to use to verify the Redis server's identity. The contents - of a PEM-encoded CA cert file to use to verify the Redis - server's identity. + description: |- + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. type: string host: - description: The host to connect to. Specifies the host - to connect to + description: |- + The host to connect to. + Specifies the host to connect to type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Redis. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Redis. type: number tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Redis. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string type: object type: array redisElasticache: - description: A nested block containing configuration options for - Redis ElastiCache connections. Connection parameters for the - redis-elasticache-database-plugin plugin. + description: |- + A nested block containing configuration options for Redis ElastiCache connections. + Connection parameters for the redis-elasticache-database-plugin plugin. items: properties: region: - description: The region where the ElastiCache cluster is - hosted. If omitted Vault tries to infer from the environment - instead. The AWS region where the ElastiCache cluster - is hosted. If omitted the plugin tries to infer the region - from the environment. + description: |- + The region where the ElastiCache cluster is hosted. If omitted Vault tries to infer from the environment instead. + The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment. type: string url: - description: The url to connect to including the port; e.g. - master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. - The configuration endpoint for the ElastiCache cluster - to connect to. + description: |- + The url to connect to including the port; e.g. master.my-cluster.xxxxxx.use1.cache.amazonaws.com:6379. + The configuration endpoint for the ElastiCache cluster to connect to. type: string type: object type: array @@ -3095,83 +3442,104 @@ spec: items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array rootRotationStatements: - description: A list of database statements to be executed to rotate - the root user's credentials. A list of database statements to - be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array snowflake: - description: A nested block containing configuration options for - Snowflake connections. Connection parameters for the snowflake-database-plugin - plugin. + description: |- + A nested block containing configuration options for Snowflake connections. + Connection parameters for the snowflake-database-plugin plugin. items: properties: connectionUrl: - description: A URL containing connection information. See - the Vault docs for an example. Connection string to use - to connect to the database. + description: |- + A URL containing connection information. See + the Vault + docs + for an example. + Connection string to use to connect to the database. type: string maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string type: object type: array verifyConnection: - description: Whether the connection should be verified on initial - configuration or not. Specifies if the connection is verified - during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object conditions: @@ -3180,13 +3548,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -3197,8 +3567,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -3207,6 +3578,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/database.vault.upbound.io_secretbackendroles.yaml b/package/crds/database.vault.upbound.io_secretbackendroles.yaml index c0823eaf..79877b4b 100644 --- a/package/crds/database.vault.upbound.io_secretbackendroles.yaml +++ b/package/crds/database.vault.upbound.io_secretbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendroles.database.vault.upbound.io spec: group: database.vault.upbound.io @@ -38,14 +38,19 @@ spec: Configures a database secret backend role for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,148 +74,183 @@ spec: forProvider: properties: backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. The path of the Database Secret Backend the role belongs to. type: string creationStatements: - description: The database statements to execute when creating - a user. Database statements to execute to create and configure - a user. + description: |- + The database statements to execute when + creating a user. + Database statements to execute to create and configure a user. items: type: string type: array credentialConfig: additionalProperties: type: string - description: – Specifies the configuration for the given credential_type. + description: |- + – Specifies the configuration + for the given credential_type. Specifies the configuration for the given credential_type. type: object credentialType: - description: '– Specifies the type of credential that will be - generated for the role. Options include: password, rsa_private_key, - client_certificate. See the plugin''s API page for credential - types supported by individual databases. Specifies the type - of credential that will be generated for the role.' + description: |- + – Specifies the type of credential that + will be generated for the role. Options include: password, rsa_private_key, client_certificate. + See the plugin's API page for credential types supported by individual databases. + Specifies the type of credential that will be generated for the role. type: string dbName: - description: The unique name of the database connection to use - for the role. Database connection to use for this role. + description: |- + The unique name of the database connection to use for + the role. + Database connection to use for this role. type: string defaultTtl: - description: The default number of seconds for leases for this - role. Default TTL for leases associated with this role, in seconds. + description: |- + The default number of seconds for leases for this + role. + Default TTL for leases associated with this role, in seconds. type: number maxTtl: - description: The maximum number of seconds for leases for this - role. Maximum TTL for leases associated with this role, in seconds. + description: |- + The maximum number of seconds for leases for this + role. + Maximum TTL for leases associated with this role, in seconds. type: number name: - description: A unique name to give the role. Unique name for the - role. + description: |- + A unique name to give the role. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string renewStatements: - description: The database statements to execute when renewing - a user. Database statements to execute to renew a user. + description: |- + The database statements to execute when + renewing a user. + Database statements to execute to renew a user. items: type: string type: array revocationStatements: - description: The database statements to execute when revoking - a user. Database statements to execute to revoke a user. + description: |- + The database statements to execute when + revoking a user. + Database statements to execute to revoke a user. items: type: string type: array rollbackStatements: - description: The database statements to execute when rolling back - creation due to an error. Database statements to execute to - rollback a create operation in the event of an error. + description: |- + The database statements to execute when + rolling back creation due to an error. + Database statements to execute to rollback a create operation in the event of an error. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. The path of the Database Secret Backend the role belongs to. type: string creationStatements: - description: The database statements to execute when creating - a user. Database statements to execute to create and configure - a user. + description: |- + The database statements to execute when + creating a user. + Database statements to execute to create and configure a user. items: type: string type: array credentialConfig: additionalProperties: type: string - description: – Specifies the configuration for the given credential_type. + description: |- + – Specifies the configuration + for the given credential_type. Specifies the configuration for the given credential_type. type: object credentialType: - description: '– Specifies the type of credential that will be - generated for the role. Options include: password, rsa_private_key, - client_certificate. See the plugin''s API page for credential - types supported by individual databases. Specifies the type - of credential that will be generated for the role.' + description: |- + – Specifies the type of credential that + will be generated for the role. Options include: password, rsa_private_key, client_certificate. + See the plugin's API page for credential types supported by individual databases. + Specifies the type of credential that will be generated for the role. type: string dbName: - description: The unique name of the database connection to use - for the role. Database connection to use for this role. + description: |- + The unique name of the database connection to use for + the role. + Database connection to use for this role. type: string defaultTtl: - description: The default number of seconds for leases for this - role. Default TTL for leases associated with this role, in seconds. + description: |- + The default number of seconds for leases for this + role. + Default TTL for leases associated with this role, in seconds. type: number maxTtl: - description: The maximum number of seconds for leases for this - role. Maximum TTL for leases associated with this role, in seconds. + description: |- + The maximum number of seconds for leases for this + role. + Maximum TTL for leases associated with this role, in seconds. type: number name: - description: A unique name to give the role. Unique name for the - role. + description: |- + A unique name to give the role. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string renewStatements: - description: The database statements to execute when renewing - a user. Database statements to execute to renew a user. + description: |- + The database statements to execute when + renewing a user. + Database statements to execute to renew a user. items: type: string type: array revocationStatements: - description: The database statements to execute when revoking - a user. Database statements to execute to revoke a user. + description: |- + The database statements to execute when + revoking a user. + Database statements to execute to revoke a user. items: type: string type: array rollbackStatements: - description: The database statements to execute when rolling back - creation due to an error. Database statements to execute to - rollback a create operation in the event of an error. + description: |- + The database statements to execute when + rolling back creation due to an error. + Database statements to execute to rollback a create operation in the event of an error. items: type: string type: array @@ -217,20 +258,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -243,9 +285,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -255,57 +298,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -315,17 +322,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -335,21 +344,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -364,21 +373,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -389,14 +399,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -434,70 +445,87 @@ spec: atProvider: properties: backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. The path of the Database Secret Backend the role belongs to. type: string creationStatements: - description: The database statements to execute when creating - a user. Database statements to execute to create and configure - a user. + description: |- + The database statements to execute when + creating a user. + Database statements to execute to create and configure a user. items: type: string type: array credentialConfig: additionalProperties: type: string - description: – Specifies the configuration for the given credential_type. + description: |- + – Specifies the configuration + for the given credential_type. Specifies the configuration for the given credential_type. type: object credentialType: - description: '– Specifies the type of credential that will be - generated for the role. Options include: password, rsa_private_key, - client_certificate. See the plugin''s API page for credential - types supported by individual databases. Specifies the type - of credential that will be generated for the role.' + description: |- + – Specifies the type of credential that + will be generated for the role. Options include: password, rsa_private_key, client_certificate. + See the plugin's API page for credential types supported by individual databases. + Specifies the type of credential that will be generated for the role. type: string dbName: - description: The unique name of the database connection to use - for the role. Database connection to use for this role. + description: |- + The unique name of the database connection to use for + the role. + Database connection to use for this role. type: string defaultTtl: - description: The default number of seconds for leases for this - role. Default TTL for leases associated with this role, in seconds. + description: |- + The default number of seconds for leases for this + role. + Default TTL for leases associated with this role, in seconds. type: number id: type: string maxTtl: - description: The maximum number of seconds for leases for this - role. Maximum TTL for leases associated with this role, in seconds. + description: |- + The maximum number of seconds for leases for this + role. + Maximum TTL for leases associated with this role, in seconds. type: number name: - description: A unique name to give the role. Unique name for the - role. + description: |- + A unique name to give the role. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string renewStatements: - description: The database statements to execute when renewing - a user. Database statements to execute to renew a user. + description: |- + The database statements to execute when + renewing a user. + Database statements to execute to renew a user. items: type: string type: array revocationStatements: - description: The database statements to execute when revoking - a user. Database statements to execute to revoke a user. + description: |- + The database statements to execute when + revoking a user. + Database statements to execute to revoke a user. items: type: string type: array rollbackStatements: - description: The database statements to execute when rolling back - creation due to an error. Database statements to execute to - rollback a create operation in the event of an error. + description: |- + The database statements to execute when + rolling back creation due to an error. + Database statements to execute to rollback a create operation in the event of an error. items: type: string type: array @@ -508,13 +536,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -525,8 +555,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -535,6 +566,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/database.vault.upbound.io_secretbackendstaticroles.yaml b/package/crds/database.vault.upbound.io_secretbackendstaticroles.yaml index 6ee62efc..808811c6 100644 --- a/package/crds/database.vault.upbound.io_secretbackendstaticroles.yaml +++ b/package/crds/database.vault.upbound.io_secretbackendstaticroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendstaticroles.database.vault.upbound.io spec: group: database.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Configures a database secret backend static role for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -69,133 +75,145 @@ spec: forProvider: properties: backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. The path of the Database Secret Backend the role belongs to. type: string dbName: - description: The unique name of the database connection to use - for the static role. Database connection to use for this role. + description: |- + The unique name of the database connection to use for the static role. + Database connection to use for this role. type: string name: - description: A unique name to give the static role. Unique name - for the static role. + description: |- + A unique name to give the static role. + Unique name for the static role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string rotationPeriod: - description: The amount of time Vault should wait before rotating - the password, in seconds. Mutually exclusive with rotation_schedule. - The amount of time Vault should wait before rotating the password, - in seconds. + description: |- + The amount of time Vault should wait before rotating the password, in seconds. + Mutually exclusive with rotation_schedule. + The amount of time Vault should wait before rotating the password, in seconds. type: number rotationSchedule: - description: A cron-style string that will define the schedule - on which rotations should occur. Mutually exclusive with rotation_period. - A cron-style string that will define the schedule on which rotations - should occur. + description: |- + A cron-style string that will define the schedule on which rotations should occur. + Mutually exclusive with rotation_period. + A cron-style string that will define the schedule on which rotations should occur. type: string rotationStatements: - description: Database statements to execute to rotate the password - for the configured database user. Database statements to execute - to rotate the password for the configured database user. + description: |- + Database statements to execute to rotate the password for the configured database user. + Database statements to execute to rotate the password for the configured database user. items: type: string type: array rotationWindow: - description: The amount of time, in seconds, in which rotations - are allowed to occur starting from a given rotation_schedule. - The amount of time in seconds in which the rotations are allowed - to occur starting from a given rotation_schedule. + description: |- + The amount of time, in seconds, in which rotations are allowed to occur starting + from a given rotation_schedule. + The amount of time in seconds in which the rotations are allowed to occur starting from a given rotation_schedule. type: number username: - description: The database username that this static role corresponds - to. The database username that this role corresponds to. + description: |- + The database username that this static role corresponds to. + The database username that this role corresponds to. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. The path of the Database Secret Backend the role belongs to. type: string dbName: - description: The unique name of the database connection to use - for the static role. Database connection to use for this role. + description: |- + The unique name of the database connection to use for the static role. + Database connection to use for this role. type: string name: - description: A unique name to give the static role. Unique name - for the static role. + description: |- + A unique name to give the static role. + Unique name for the static role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string rotationPeriod: - description: The amount of time Vault should wait before rotating - the password, in seconds. Mutually exclusive with rotation_schedule. - The amount of time Vault should wait before rotating the password, - in seconds. + description: |- + The amount of time Vault should wait before rotating the password, in seconds. + Mutually exclusive with rotation_schedule. + The amount of time Vault should wait before rotating the password, in seconds. type: number rotationSchedule: - description: A cron-style string that will define the schedule - on which rotations should occur. Mutually exclusive with rotation_period. - A cron-style string that will define the schedule on which rotations - should occur. + description: |- + A cron-style string that will define the schedule on which rotations should occur. + Mutually exclusive with rotation_period. + A cron-style string that will define the schedule on which rotations should occur. type: string rotationStatements: - description: Database statements to execute to rotate the password - for the configured database user. Database statements to execute - to rotate the password for the configured database user. + description: |- + Database statements to execute to rotate the password for the configured database user. + Database statements to execute to rotate the password for the configured database user. items: type: string type: array rotationWindow: - description: The amount of time, in seconds, in which rotations - are allowed to occur starting from a given rotation_schedule. - The amount of time in seconds in which the rotations are allowed - to occur starting from a given rotation_schedule. + description: |- + The amount of time, in seconds, in which rotations are allowed to occur starting + from a given rotation_schedule. + The amount of time in seconds in which the rotations are allowed to occur starting from a given rotation_schedule. type: number username: - description: The database username that this static role corresponds - to. The database username that this role corresponds to. + description: |- + The database username that this static role corresponds to. + The database username that this role corresponds to. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -208,9 +226,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -220,57 +239,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -280,17 +263,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -300,21 +285,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -329,21 +314,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -354,14 +340,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -400,54 +387,59 @@ spec: atProvider: properties: backend: - description: The unique name of the Vault mount to configure. + description: |- + The unique name of the Vault mount to configure. The path of the Database Secret Backend the role belongs to. type: string dbName: - description: The unique name of the database connection to use - for the static role. Database connection to use for this role. + description: |- + The unique name of the database connection to use for the static role. + Database connection to use for this role. type: string id: type: string name: - description: A unique name to give the static role. Unique name - for the static role. + description: |- + A unique name to give the static role. + Unique name for the static role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string rotationPeriod: - description: The amount of time Vault should wait before rotating - the password, in seconds. Mutually exclusive with rotation_schedule. - The amount of time Vault should wait before rotating the password, - in seconds. + description: |- + The amount of time Vault should wait before rotating the password, in seconds. + Mutually exclusive with rotation_schedule. + The amount of time Vault should wait before rotating the password, in seconds. type: number rotationSchedule: - description: A cron-style string that will define the schedule - on which rotations should occur. Mutually exclusive with rotation_period. - A cron-style string that will define the schedule on which rotations - should occur. + description: |- + A cron-style string that will define the schedule on which rotations should occur. + Mutually exclusive with rotation_period. + A cron-style string that will define the schedule on which rotations should occur. type: string rotationStatements: - description: Database statements to execute to rotate the password - for the configured database user. Database statements to execute - to rotate the password for the configured database user. + description: |- + Database statements to execute to rotate the password for the configured database user. + Database statements to execute to rotate the password for the configured database user. items: type: string type: array rotationWindow: - description: The amount of time, in seconds, in which rotations - are allowed to occur starting from a given rotation_schedule. - The amount of time in seconds in which the rotations are allowed - to occur starting from a given rotation_schedule. + description: |- + The amount of time, in seconds, in which rotations are allowed to occur starting + from a given rotation_schedule. + The amount of time in seconds in which the rotations are allowed to occur starting from a given rotation_schedule. type: number username: - description: The database username that this static role corresponds - to. The database username that this role corresponds to. + description: |- + The database username that this static role corresponds to. + The database username that this role corresponds to. type: string type: object conditions: @@ -456,13 +448,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -473,8 +467,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -483,6 +478,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/database.vault.upbound.io_secretsmounts.yaml b/package/crds/database.vault.upbound.io_secretsmounts.yaml index 702dc155..9a39da3b 100644 --- a/package/crds/database.vault.upbound.io_secretsmounts.yaml +++ b/package/crds/database.vault.upbound.io_secretsmounts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretsmounts.database.vault.upbound.io spec: group: database.vault.upbound.io @@ -38,14 +38,19 @@ spec: any number of database secrets engines under a single mount resource properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,72 +74,76 @@ spec: forProvider: properties: allowedManagedKeys: - description: Set of managed key registry entry names that the - mount in question is allowed to access List of managed key registry - entry names that the mount in question is allowed to access + description: |- + Set of managed key registry entry names that the mount in question is allowed to access + List of managed key registry entry names that the mount in question is allowed to access items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the request data object. Specifies the list - of keys that will not be HMAC'd by audit devices in the request - data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the response data object. Specifies the - list of keys that will not be HMAC'd by audit devices in the - response data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. items: type: string type: array cassandra: - description: A nested block containing configuration options for - Cassandra connections. See Connection parameters for the cassandra-database-plugin - plugin. + description: |- + A nested block containing configuration options for Cassandra connections. + See + Connection parameters for the cassandra-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object hosts: - description: The hosts to connect to. Cassandra hosts to - connect to. + description: |- + The hosts to connect to. + Cassandra hosts to connect to. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The password - to use when authenticating with Cassandra. + description: |- + The password to authenticate with. + The password to use when authenticating with Cassandra. properties: key: description: The key to select. @@ -150,10 +160,10 @@ spec: - namespace type: object pemBundleSecretRef: - description: Concatenated PEM blocks configuring the certificate - chain. Concatenated PEM blocks containing a certificate - and private key; a certificate, private key, and issuing - CA certificate; or just a CA certificate. + description: |- + Concatenated PEM blocks configuring the certificate + chain. + Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate. properties: key: description: The key to select. @@ -170,10 +180,9 @@ spec: - namespace type: object pemJsonSecretRef: - description: A JSON structure configuring the certificate - chain. Specifies JSON containing a certificate and private - key; a certificate, private key, and issuing CA certificate; - or just a CA certificate. + description: |- + A JSON structure configuring the certificate chain. + Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate. properties: key: description: The key to select. @@ -190,61 +199,65 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Cassandra. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Cassandra. type: number protocolVersion: - description: The CQL protocol version to use. The CQL protocol - version to use. + description: |- + The CQL protocol version to use. + The CQL protocol version to use. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Cassandra. type: boolean username: - description: The username to authenticate with. The username - to use when authenticating with Cassandra. + description: |- + The username to authenticate with. + The username to use when authenticating with Cassandra. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array couchbase: - description: A nested block containing configuration options for - Couchbase connections. See Connection parameters for the couchbase-database-plugin - plugin. + description: |- + A nested block containing configuration options for Couchbase connections. + See + Connection parameters for the couchbase-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array base64PemSecretRef: - description: Required if tls is true. Specifies the certificate - authority of the Couchbase server, as a PEM certificate - that has been base64 encoded. Required if `tls` is `true`. - Specifies the certificate authority of the Couchbase server, - as a PEM certificate that has been base64 encoded. + description: |- + Required if tls is true. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. + Required if `tls` is `true`. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded. properties: key: description: The key to select. @@ -261,39 +274,39 @@ spec: - namespace type: object bucketName: - description: Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. + description: |- + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object hosts: - description: The hosts to connect to. A set of Couchbase - URIs to connect to. Must use `couchbases://` scheme if - `tls` is `true`. + description: |- + The hosts to connect to. + A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. Specifies - the password corresponding to the given username. + description: |- + The password to authenticate with. + Specifies the password corresponding to the given username. properties: key: description: The key to select. @@ -310,102 +323,108 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Couchbase. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean required: - passwordSecretRef type: object type: array defaultLeaseTtlSeconds: - description: Default lease duration for tokens and secrets in - seconds Default lease duration for tokens and secrets in seconds + description: |- + Default lease duration for tokens and secrets in seconds + Default lease duration for tokens and secrets in seconds type: number description: - description: Human-friendly description of the mount Human-friendly - description of the mount + description: |- + Human-friendly description of the mount + Human-friendly description of the mount type: string elasticsearch: - description: A nested block containing configuration options for - Elasticsearch connections. See Connection parameters for the - elasticsearch-database-plugin. + description: |- + A nested block containing configuration options for Elasticsearch connections. + See + Connection parameters for the elasticsearch-database-plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array caCert: - description: The path to a PEM-encoded CA cert file to use - to verify the Elasticsearch server's identity. The path - to a PEM-encoded CA cert file to use to verify the Elasticsearch - server's identity + description: |- + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity. + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity type: string caPath: - description: The path to a directory of PEM-encoded CA cert - files to use to verify the Elasticsearch server's identity. - The path to a directory of PEM-encoded CA cert files to - use to verify the Elasticsearch server's identity + description: |- + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity. + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity type: string clientCert: - description: The path to the certificate for the Elasticsearch - client to present for communication. The path to the certificate - for the Elasticsearch client to present for communication + description: |- + The path to the certificate for the Elasticsearch client to present for communication. + The path to the certificate for the Elasticsearch client to present for communication type: string clientKey: - description: The path to the key for the Elasticsearch client - to use for communication. The path to the key for the - Elasticsearch client to use for communication + description: |- + The path to the key for the Elasticsearch client to use for communication. + The path to the key for the Elasticsearch client to use for communication type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object insecure: - description: Whether to disable certificate verification. + description: |- + Whether to disable certificate verification. Whether to disable certificate verification type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The password - to be used in the connection URL + description: |- + The password to authenticate with. + The password to be used in the connection URL properties: key: description: The key to select. @@ -422,103 +441,113 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsServerName: - description: This, if set, is used to set the SNI host when - connecting via TLS. This, if set, is used to set the SNI - host when connecting via TLS + description: |- + This, if set, is used to set the SNI host when connecting via TLS. + This, if set, is used to set the SNI host when connecting via TLS type: string url: - description: The URL for Elasticsearch's API. https requires - certificate by trusted CA if used. The URL for Elasticsearch's - API + description: |- + The URL for Elasticsearch's API. https requires certificate + by trusted CA if used. + The URL for Elasticsearch's API type: string username: - description: The username to authenticate with. The username - to be used in the connection URL + description: |- + The username to authenticate with. + The username to be used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean required: - passwordSecretRef type: object type: array externalEntropyAccess: - description: Boolean flag that can be explicitly set to true to - enable the secrets engine to access Vault's external entropy - source Enable the secrets engine to access Vault's external - entropy source + description: |- + Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source + Enable the secrets engine to access Vault's external entropy source type: boolean hana: - description: A nested block containing configuration options for - SAP HanaDB connections. See Connection parameters for the hana-database-plugin - plugin. + description: |- + A nested block containing configuration options for SAP HanaDB connections. + See + Connection parameters for the hana-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -535,71 +564,78 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array influxdb: - description: A nested block containing configuration options for - InfluxDB connections. See Connection parameters for the influxdb-database-plugin - plugin. + description: |- + A nested block containing configuration options for InfluxDB connections. + See + Connection parameters for the influxdb-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object host: - description: The host to connect to. Influxdb host to connect - to. + description: |- + The host to connect to. + Influxdb host to connect to. type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. Specifies - the password corresponding to the given username. + description: |- + The password to authenticate with. + Specifies the password corresponding to the given username. properties: key: description: The key to select. @@ -616,10 +652,10 @@ spec: - namespace type: object pemBundleSecretRef: - description: Concatenated PEM blocks configuring the certificate - chain. Concatenated PEM blocks containing a certificate - and private key; a certificate, private key, and issuing - CA certificate; or just a CA certificate. + description: |- + Concatenated PEM blocks configuring the certificate + chain. + Concatenated PEM blocks containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate. properties: key: description: The key to select. @@ -636,10 +672,9 @@ spec: - namespace type: object pemJsonSecretRef: - description: A JSON structure configuring the certificate - chain. Specifies JSON containing a certificate and private - key; a certificate, private key, and issuing CA certificate; - or just a CA certificate. + description: |- + A JSON structure configuring the certificate chain. + Specifies JSON containing a certificate and private key; a certificate, private key, and issuing CA certificate; or just a CA certificate. properties: key: description: The key to select. @@ -656,101 +691,113 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Influxdb. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Influxdb. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Influxdb. type: boolean username: - description: The username to authenticate with. Specifies - the username to use for superuser access. + description: |- + The username to authenticate with. + Specifies the username to use for superuser access. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean required: - passwordSecretRef type: object type: array local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for tokens and secrets - in seconds Maximum possible lease duration for tokens and secrets - in seconds + description: |- + Maximum possible lease duration for tokens and secrets in seconds + Maximum possible lease duration for tokens and secrets in seconds type: number mongodb: - description: A nested block containing configuration options for - MongoDB connections. See Connection parameters for the mongodb-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB connections. + See + Connection parameters for the mongodb-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -767,68 +814,71 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mongodbatlas: - description: A nested block containing configuration options for - MongoDB Atlas connections. See Connection parameters for the - mongodbatlas-database-plugin plugin. + description: |- + A nested block containing configuration options for MongoDB Atlas connections. + See + Connection parameters for the mongodbatlas-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string privateKeySecretRef: - description: The Private Programmatic API Key used to connect - with MongoDB Atlas API. The Private Programmatic API Key - used to connect with MongoDB Atlas API. + description: |- + The Private Programmatic API Key used to connect with MongoDB Atlas API. + The Private Programmatic API Key used to connect with MongoDB Atlas API. properties: key: description: The key to select. @@ -845,88 +895,99 @@ spec: - namespace type: object projectId: - description: The Project ID the Database User should be - created within. The Project ID the Database User should - be created within. + description: |- + The Project ID the Database User should be created within. + The Project ID the Database User should be created within. type: string publicKey: - description: The Public Programmatic API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API - Key used to authenticate with the MongoDB Atlas API. + description: |- + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean required: - privateKeySecretRef type: object type: array mssql: - description: A nested block containing configuration options for - MSSQL connections. See Connection parameters for the mssql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MSSQL connections. + See + Connection parameters for the mssql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string containedDb: - description: For Vault v1.9+. Set to true when the target - is a Contained Database, e.g. AzureSQL. See Vault docs - Set to true when the target is a Contained Database, e.g. - AzureSQL. + description: |- + For Vault v1.9+. Set to true when the target is a + Contained Database, e.g. AzureSQL. + See Vault docs + Set to true when the target is a Contained Database, e.g. AzureSQL. type: boolean data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -943,43 +1004,47 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysql: - description: A nested block containing configuration options for - MySQL connections. See Connection parameters for the mysql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MySQL connections. + See + Connection parameters for the mysql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -988,38 +1053,45 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1036,15 +1108,14 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array @@ -1067,17 +1138,14 @@ spec: - namespace type: object tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string tlsCertificateKeySecretRef: - description: x509 certificate for connecting to the database. - This must be a PEM encoded version of the private key - and the certificate combined. x509 certificate for connecting - to the database. This must be a PEM encoded version of - the private key and the certificate combined. + description: |- + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. properties: key: description: The key to select. @@ -1094,30 +1162,35 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlAurora: - description: A nested block containing configuration options for - Aurora MySQL connections. See Connection parameters for the - mysql-aurora-database-plugin plugin. + description: |- + A nested block containing configuration options for Aurora MySQL connections. + See + Connection parameters for the mysql-aurora-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -1126,38 +1199,45 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1174,15 +1254,14 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array @@ -1205,17 +1284,14 @@ spec: - namespace type: object tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string tlsCertificateKeySecretRef: - description: x509 certificate for connecting to the database. - This must be a PEM encoded version of the private key - and the certificate combined. x509 certificate for connecting - to the database. This must be a PEM encoded version of - the private key and the certificate combined. + description: |- + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. properties: key: description: The key to select. @@ -1232,30 +1308,35 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlLegacy: - description: A nested block containing configuration options for - legacy MySQL connections. See Connection parameters for the - mysql-legacy-database-plugin plugin. + description: |- + A nested block containing configuration options for legacy MySQL connections. + See + Connection parameters for the mysql-legacy-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -1264,38 +1345,45 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1312,15 +1400,14 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array @@ -1343,17 +1430,14 @@ spec: - namespace type: object tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string tlsCertificateKeySecretRef: - description: x509 certificate for connecting to the database. - This must be a PEM encoded version of the private key - and the certificate combined. x509 certificate for connecting - to the database. This must be a PEM encoded version of - the private key and the certificate combined. + description: |- + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. properties: key: description: The key to select. @@ -1370,30 +1454,35 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlRds: - description: A nested block containing configuration options for - RDS MySQL connections. See Connection parameters for the mysql-rds-database-plugin - plugin. + description: |- + A nested block containing configuration options for RDS MySQL connections. + See + Connection parameters for the mysql-rds-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -1402,38 +1491,45 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1450,15 +1546,14 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array @@ -1481,17 +1576,14 @@ spec: - namespace type: object tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string tlsCertificateKeySecretRef: - description: x509 certificate for connecting to the database. - This must be a PEM encoded version of the private key - and the certificate combined. x509 certificate for connecting - to the database. This must be a PEM encoded version of - the private key and the certificate combined. + description: |- + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. + x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined. properties: key: description: The key to select. @@ -1508,17 +1600,20 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array @@ -1528,60 +1623,69 @@ spec: options: additionalProperties: type: string - description: Specifies mount type specific options that are passed - to the backend Specifies mount type specific options that are - passed to the backend + description: |- + Specifies mount type specific options that are passed to the backend + Specifies mount type specific options that are passed to the backend type: object oracle: - description: A nested block containing configuration options for - Oracle connections. See Connection parameters for the oracle-database-plugin - plugin. + description: |- + A nested block containing configuration options for Oracle connections. + See + Connection parameters for the oracle-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disconnectSessions: description: Set to true to disconnect any open sessions prior to running the revocation statements. type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1598,15 +1702,14 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array @@ -1615,34 +1718,40 @@ spec: semi-colons. type: boolean username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array path: - description: Where the secret backend will be mounted Where the - secret backend will be mounted + description: |- + Where the secret backend will be mounted + Where the secret backend will be mounted type: string postgresql: - description: A nested block containing configuration options for - PostgreSQL connections. See Connection parameters for the postgresql-database-plugin - plugin. + description: |- + A nested block containing configuration options for PostgreSQL connections. + See + Connection parameters for the postgresql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -1651,43 +1760,50 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -1704,15 +1820,14 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array @@ -1735,63 +1850,70 @@ spec: - namespace type: object username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array redis: - description: A nested block containing configuration options for - Redis connections. See Connection parameters for the redis-database-plugin - plugin. + description: |- + A nested block containing configuration options for Redis connections. + See + Connection parameters for the redis-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array caCert: - description: The path to a PEM-encoded CA cert file to use - to verify the Elasticsearch server's identity. The contents - of a PEM-encoded CA cert file to use to verify the Redis - server's identity. + description: |- + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity. + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object host: - description: The host to connect to. Specifies the host - to connect to + description: |- + The host to connect to. + Specifies the host to connect to type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. Specifies - the password corresponding to the given username. + description: |- + The password to authenticate with. + Specifies the password corresponding to the given username. properties: key: description: The key to select. @@ -1808,69 +1930,74 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Redis. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Redis. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Redis. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean required: - passwordSecretRef type: object type: array redisElasticache: - description: A nested block containing configuration options for - Redis ElastiCache connections. See Connection parameters for - the redis-elasticache-database-plugin plugin. + description: |- + A nested block containing configuration options for Redis ElastiCache connections. + See + Connection parameters for the redis-elasticache-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The AWS - secret key id to use to talk to ElastiCache. If omitted - the credentials chain provider is used instead. + description: |- + The password to authenticate with. + The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead. properties: key: description: The key to select. @@ -1887,34 +2014,33 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string region: - description: The AWS region where the ElastiCache cluster - is hosted. If omitted the plugin tries to infer the region - from the environment. The AWS region where the ElastiCache - cluster is hosted. If omitted the plugin tries to infer - the region from the environment. + description: |- + The AWS region where the ElastiCache cluster is hosted. + If omitted the plugin tries to infer the region from the environment. + The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array url: - description: The URL for Elasticsearch's API. https requires - certificate by trusted CA if used. The configuration endpoint - for the ElastiCache cluster to connect to. + description: |- + The URL for Elasticsearch's API. https requires certificate + by trusted CA if used. + The configuration endpoint for the ElastiCache cluster to connect to. type: string usernameSecretRef: - description: The username to authenticate with. The AWS - access key id to use to talk to ElastiCache. If omitted - the credentials chain provider is used instead. + description: |- + The username to authenticate with. + The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead. properties: key: description: The key to select. @@ -1931,63 +2057,73 @@ spec: - namespace type: object verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array redshift: - description: A nested block containing configuration options for - AWS Redshift connections. See Connection parameters for the - redshift-database-plugin plugin. + description: |- + A nested block containing configuration options for AWS Redshift connections. + See + Connection parameters for the redshift-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -2004,86 +2140,95 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array sealWrap: - description: Boolean flag that can be explicitly set to true to - enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability - Enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability + description: |- + Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability + Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability type: boolean snowflake: - description: A nested block containing configuration options for - Snowflake connections. See Connection parameters for the snowflake-database-plugin - plugin. + description: |- + A nested block containing configuration options for Snowflake connections. + See + Connection parameters for the snowflake-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string passwordSecretRef: - description: The password to authenticate with. The root - credential password used in the connection URL + description: |- + The password to authenticate with. + The root credential password used in the connection URL properties: key: description: The key to select. @@ -2100,706 +2245,765 @@ spec: - namespace type: object pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedManagedKeys: - description: Set of managed key registry entry names that the - mount in question is allowed to access List of managed key registry - entry names that the mount in question is allowed to access + description: |- + Set of managed key registry entry names that the mount in question is allowed to access + List of managed key registry entry names that the mount in question is allowed to access items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the request data object. Specifies the list - of keys that will not be HMAC'd by audit devices in the request - data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the response data object. Specifies the - list of keys that will not be HMAC'd by audit devices in the - response data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. items: type: string type: array cassandra: - description: A nested block containing configuration options for - Cassandra connections. See Connection parameters for the cassandra-database-plugin - plugin. + description: |- + A nested block containing configuration options for Cassandra connections. + See + Connection parameters for the cassandra-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object hosts: - description: The hosts to connect to. Cassandra hosts to - connect to. + description: |- + The hosts to connect to. + Cassandra hosts to connect to. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Cassandra. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Cassandra. type: number protocolVersion: - description: The CQL protocol version to use. The CQL protocol - version to use. + description: |- + The CQL protocol version to use. + The CQL protocol version to use. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Cassandra. type: boolean username: - description: The username to authenticate with. The username - to use when authenticating with Cassandra. + description: |- + The username to authenticate with. + The username to use when authenticating with Cassandra. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array couchbase: - description: A nested block containing configuration options for - Couchbase connections. See Connection parameters for the couchbase-database-plugin - plugin. + description: |- + A nested block containing configuration options for Couchbase connections. + See + Connection parameters for the couchbase-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array bucketName: - description: Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. + description: |- + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object hosts: - description: The hosts to connect to. A set of Couchbase - URIs to connect to. Must use `couchbases://` scheme if - `tls` is `true`. + description: |- + The hosts to connect to. + A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Couchbase. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array defaultLeaseTtlSeconds: - description: Default lease duration for tokens and secrets in - seconds Default lease duration for tokens and secrets in seconds + description: |- + Default lease duration for tokens and secrets in seconds + Default lease duration for tokens and secrets in seconds type: number description: - description: Human-friendly description of the mount Human-friendly - description of the mount + description: |- + Human-friendly description of the mount + Human-friendly description of the mount type: string elasticsearch: - description: A nested block containing configuration options for - Elasticsearch connections. See Connection parameters for the - elasticsearch-database-plugin. + description: |- + A nested block containing configuration options for Elasticsearch connections. + See + Connection parameters for the elasticsearch-database-plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array caCert: - description: The path to a PEM-encoded CA cert file to use - to verify the Elasticsearch server's identity. The path - to a PEM-encoded CA cert file to use to verify the Elasticsearch - server's identity + description: |- + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity. + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity type: string caPath: - description: The path to a directory of PEM-encoded CA cert - files to use to verify the Elasticsearch server's identity. - The path to a directory of PEM-encoded CA cert files to - use to verify the Elasticsearch server's identity + description: |- + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity. + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity type: string clientCert: - description: The path to the certificate for the Elasticsearch - client to present for communication. The path to the certificate - for the Elasticsearch client to present for communication + description: |- + The path to the certificate for the Elasticsearch client to present for communication. + The path to the certificate for the Elasticsearch client to present for communication type: string clientKey: - description: The path to the key for the Elasticsearch client - to use for communication. The path to the key for the - Elasticsearch client to use for communication + description: |- + The path to the key for the Elasticsearch client to use for communication. + The path to the key for the Elasticsearch client to use for communication type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object insecure: - description: Whether to disable certificate verification. + description: |- + Whether to disable certificate verification. Whether to disable certificate verification type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsServerName: - description: This, if set, is used to set the SNI host when - connecting via TLS. This, if set, is used to set the SNI - host when connecting via TLS + description: |- + This, if set, is used to set the SNI host when connecting via TLS. + This, if set, is used to set the SNI host when connecting via TLS type: string url: - description: The URL for Elasticsearch's API. https requires - certificate by trusted CA if used. The URL for Elasticsearch's - API + description: |- + The URL for Elasticsearch's API. https requires certificate + by trusted CA if used. + The URL for Elasticsearch's API type: string username: - description: The username to authenticate with. The username - to be used in the connection URL + description: |- + The username to authenticate with. + The username to be used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array externalEntropyAccess: - description: Boolean flag that can be explicitly set to true to - enable the secrets engine to access Vault's external entropy - source Enable the secrets engine to access Vault's external - entropy source + description: |- + Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source + Enable the secrets engine to access Vault's external entropy source type: boolean hana: - description: A nested block containing configuration options for - SAP HanaDB connections. See Connection parameters for the hana-database-plugin - plugin. + description: |- + A nested block containing configuration options for SAP HanaDB connections. + See + Connection parameters for the hana-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array influxdb: - description: A nested block containing configuration options for - InfluxDB connections. See Connection parameters for the influxdb-database-plugin - plugin. + description: |- + A nested block containing configuration options for InfluxDB connections. + See + Connection parameters for the influxdb-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object host: - description: The host to connect to. Influxdb host to connect - to. + description: |- + The host to connect to. + Influxdb host to connect to. type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Influxdb. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Influxdb. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Influxdb. type: boolean username: - description: The username to authenticate with. Specifies - the username to use for superuser access. + description: |- + The username to authenticate with. + Specifies the username to use for superuser access. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for tokens and secrets - in seconds Maximum possible lease duration for tokens and secrets - in seconds + description: |- + Maximum possible lease duration for tokens and secrets in seconds + Maximum possible lease duration for tokens and secrets in seconds type: number mongodb: - description: A nested block containing configuration options for - MongoDB connections. See Connection parameters for the mongodb-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB connections. + See + Connection parameters for the mongodb-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mongodbatlas: - description: A nested block containing configuration options for - MongoDB Atlas connections. See Connection parameters for the - mongodbatlas-database-plugin plugin. + description: |- + A nested block containing configuration options for MongoDB Atlas connections. + See + Connection parameters for the mongodbatlas-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string projectId: - description: The Project ID the Database User should be - created within. The Project ID the Database User should - be created within. + description: |- + The Project ID the Database User should be created within. + The Project ID the Database User should be created within. type: string publicKey: - description: The Public Programmatic API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API - Key used to authenticate with the MongoDB Atlas API. + description: |- + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mssql: - description: A nested block containing configuration options for - MSSQL connections. See Connection parameters for the mssql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MSSQL connections. + See + Connection parameters for the mssql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string containedDb: - description: For Vault v1.9+. Set to true when the target - is a Contained Database, e.g. AzureSQL. See Vault docs - Set to true when the target is a Contained Database, e.g. - AzureSQL. + description: |- + For Vault v1.9+. Set to true when the target is a + Contained Database, e.g. AzureSQL. + See Vault docs + Set to true when the target is a Contained Database, e.g. AzureSQL. type: boolean data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysql: - description: A nested block containing configuration options for - MySQL connections. See Connection parameters for the mysql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MySQL connections. + See + Connection parameters for the mysql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -2808,79 +3012,88 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlAurora: - description: A nested block containing configuration options for - Aurora MySQL connections. See Connection parameters for the - mysql-aurora-database-plugin plugin. + description: |- + A nested block containing configuration options for Aurora MySQL connections. + See + Connection parameters for the mysql-aurora-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -2889,79 +3102,88 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlLegacy: - description: A nested block containing configuration options for - legacy MySQL connections. See Connection parameters for the - mysql-legacy-database-plugin plugin. + description: |- + A nested block containing configuration options for legacy MySQL connections. + See + Connection parameters for the mysql-legacy-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -2970,79 +3192,88 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlRds: - description: A nested block containing configuration options for - RDS MySQL connections. See Connection parameters for the mysql-rds-database-plugin - plugin. + description: |- + A nested block containing configuration options for RDS MySQL connections. + See + Connection parameters for the mysql-rds-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -3051,66 +3282,73 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array @@ -3120,67 +3358,74 @@ spec: options: additionalProperties: type: string - description: Specifies mount type specific options that are passed - to the backend Specifies mount type specific options that are - passed to the backend + description: |- + Specifies mount type specific options that are passed to the backend + Specifies mount type specific options that are passed to the backend type: object oracle: - description: A nested block containing configuration options for - Oracle connections. See Connection parameters for the oracle-database-plugin - plugin. + description: |- + A nested block containing configuration options for Oracle connections. + See + Connection parameters for the oracle-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disconnectSessions: description: Set to true to disconnect any open sessions prior to running the revocation statements. type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array @@ -3189,34 +3434,40 @@ spec: semi-colons. type: boolean username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array path: - description: Where the secret backend will be mounted Where the - secret backend will be mounted + description: |- + Where the secret backend will be mounted + Where the secret backend will be mounted type: string postgresql: - description: A nested block containing configuration options for - PostgreSQL connections. See Connection parameters for the postgresql-database-plugin - plugin. + description: |- + A nested block containing configuration options for PostgreSQL connections. + See + Connection parameters for the postgresql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -3225,349 +3476,383 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array redis: - description: A nested block containing configuration options for - Redis connections. See Connection parameters for the redis-database-plugin - plugin. + description: |- + A nested block containing configuration options for Redis connections. + See + Connection parameters for the redis-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array caCert: - description: The path to a PEM-encoded CA cert file to use - to verify the Elasticsearch server's identity. The contents - of a PEM-encoded CA cert file to use to verify the Redis - server's identity. + description: |- + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity. + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object host: - description: The host to connect to. Specifies the host - to connect to + description: |- + The host to connect to. + Specifies the host to connect to type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Redis. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Redis. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Redis. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array redisElasticache: - description: A nested block containing configuration options for - Redis ElastiCache connections. See Connection parameters for - the redis-elasticache-database-plugin plugin. + description: |- + A nested block containing configuration options for Redis ElastiCache connections. + See + Connection parameters for the redis-elasticache-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string region: - description: The AWS region where the ElastiCache cluster - is hosted. If omitted the plugin tries to infer the region - from the environment. The AWS region where the ElastiCache - cluster is hosted. If omitted the plugin tries to infer - the region from the environment. + description: |- + The AWS region where the ElastiCache cluster is hosted. + If omitted the plugin tries to infer the region from the environment. + The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array url: - description: The URL for Elasticsearch's API. https requires - certificate by trusted CA if used. The configuration endpoint - for the ElastiCache cluster to connect to. + description: |- + The URL for Elasticsearch's API. https requires certificate + by trusted CA if used. + The configuration endpoint for the ElastiCache cluster to connect to. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array redshift: - description: A nested block containing configuration options for - AWS Redshift connections. See Connection parameters for the - redshift-database-plugin plugin. + description: |- + A nested block containing configuration options for AWS Redshift connections. + See + Connection parameters for the redshift-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array sealWrap: - description: Boolean flag that can be explicitly set to true to - enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability - Enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability + description: |- + Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability + Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability type: boolean snowflake: - description: A nested block containing configuration options for - Snowflake connections. See Connection parameters for the snowflake-database-plugin - plugin. + description: |- + A nested block containing configuration options for Snowflake connections. + See + Connection parameters for the snowflake-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array @@ -3575,20 +3860,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -3601,45 +3887,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -3649,21 +3900,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -3673,17 +3924,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -3693,21 +3946,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -3722,21 +3975,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -3747,14 +4001,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -3783,671 +4038,727 @@ spec: description: Accessor of the mount type: string allowedManagedKeys: - description: Set of managed key registry entry names that the - mount in question is allowed to access List of managed key registry - entry names that the mount in question is allowed to access + description: |- + Set of managed key registry entry names that the mount in question is allowed to access + List of managed key registry entry names that the mount in question is allowed to access items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the request data object. Specifies the list - of keys that will not be HMAC'd by audit devices in the request - data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the response data object. Specifies the - list of keys that will not be HMAC'd by audit devices in the - response data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. items: type: string type: array cassandra: - description: A nested block containing configuration options for - Cassandra connections. See Connection parameters for the cassandra-database-plugin - plugin. + description: |- + A nested block containing configuration options for Cassandra connections. + See + Connection parameters for the cassandra-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object hosts: - description: The hosts to connect to. Cassandra hosts to - connect to. + description: |- + The hosts to connect to. + Cassandra hosts to connect to. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Cassandra. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Cassandra. type: number protocolVersion: - description: The CQL protocol version to use. The CQL protocol - version to use. + description: |- + The CQL protocol version to use. + The CQL protocol version to use. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Cassandra. type: boolean username: - description: The username to authenticate with. The username - to use when authenticating with Cassandra. + description: |- + The username to authenticate with. + The username to use when authenticating with Cassandra. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array couchbase: - description: A nested block containing configuration options for - Couchbase connections. See Connection parameters for the couchbase-database-plugin - plugin. + description: |- + A nested block containing configuration options for Couchbase connections. + See + Connection parameters for the couchbase-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array bucketName: - description: Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. Required for Couchbase versions prior to 6.5.0. - This is only used to verify vault's connection to the - server. + description: |- + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. + Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object hosts: - description: The hosts to connect to. A set of Couchbase - URIs to connect to. Must use `couchbases://` scheme if - `tls` is `true`. + description: |- + The hosts to connect to. + A set of Couchbase URIs to connect to. Must use `couchbases://` scheme if `tls` is `true`. items: type: string type: array insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Couchbase. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array defaultLeaseTtlSeconds: - description: Default lease duration for tokens and secrets in - seconds Default lease duration for tokens and secrets in seconds + description: |- + Default lease duration for tokens and secrets in seconds + Default lease duration for tokens and secrets in seconds type: number description: - description: Human-friendly description of the mount Human-friendly - description of the mount + description: |- + Human-friendly description of the mount + Human-friendly description of the mount type: string elasticsearch: - description: A nested block containing configuration options for - Elasticsearch connections. See Connection parameters for the - elasticsearch-database-plugin. + description: |- + A nested block containing configuration options for Elasticsearch connections. + See + Connection parameters for the elasticsearch-database-plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array caCert: - description: The path to a PEM-encoded CA cert file to use - to verify the Elasticsearch server's identity. The path - to a PEM-encoded CA cert file to use to verify the Elasticsearch - server's identity + description: |- + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity. + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity type: string caPath: - description: The path to a directory of PEM-encoded CA cert - files to use to verify the Elasticsearch server's identity. - The path to a directory of PEM-encoded CA cert files to - use to verify the Elasticsearch server's identity + description: |- + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity. + The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity type: string clientCert: - description: The path to the certificate for the Elasticsearch - client to present for communication. The path to the certificate - for the Elasticsearch client to present for communication + description: |- + The path to the certificate for the Elasticsearch client to present for communication. + The path to the certificate for the Elasticsearch client to present for communication type: string clientKey: - description: The path to the key for the Elasticsearch client - to use for communication. The path to the key for the - Elasticsearch client to use for communication + description: |- + The path to the key for the Elasticsearch client to use for communication. + The path to the key for the Elasticsearch client to use for communication type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object insecure: - description: Whether to disable certificate verification. + description: |- + Whether to disable certificate verification. Whether to disable certificate verification type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsServerName: - description: This, if set, is used to set the SNI host when - connecting via TLS. This, if set, is used to set the SNI - host when connecting via TLS + description: |- + This, if set, is used to set the SNI host when connecting via TLS. + This, if set, is used to set the SNI host when connecting via TLS type: string url: - description: The URL for Elasticsearch's API. https requires - certificate by trusted CA if used. The URL for Elasticsearch's - API + description: |- + The URL for Elasticsearch's API. https requires certificate + by trusted CA if used. + The URL for Elasticsearch's API type: string username: - description: The username to authenticate with. The username - to be used in the connection URL + description: |- + The username to authenticate with. + The username to be used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array engineCount: - description: The total number of database secrets engines configured. - Total number of database secret engines configured under the - mount. + description: |- + The total number of database secrets engines configured. + Total number of database secret engines configured under the mount. type: number externalEntropyAccess: - description: Boolean flag that can be explicitly set to true to - enable the secrets engine to access Vault's external entropy - source Enable the secrets engine to access Vault's external - entropy source + description: |- + Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source + Enable the secrets engine to access Vault's external entropy source type: boolean hana: - description: A nested block containing configuration options for - SAP HanaDB connections. See Connection parameters for the hana-database-plugin - plugin. + description: |- + A nested block containing configuration options for SAP HanaDB connections. + See + Connection parameters for the hana-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array id: type: string influxdb: - description: A nested block containing configuration options for - InfluxDB connections. See Connection parameters for the influxdb-database-plugin - plugin. + description: |- + A nested block containing configuration options for InfluxDB connections. + See + Connection parameters for the influxdb-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectTimeout: - description: The number of seconds to use as a connection - timeout. The number of seconds to use as a connection + description: |- + The number of seconds to use as a connection timeout. + The number of seconds to use as a connection timeout. type: number data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object host: - description: The host to connect to. Influxdb host to connect - to. + description: |- + The host to connect to. + Influxdb host to connect to. type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Whether to skip verification - of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Influxdb. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Influxdb. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Whether to use TLS when connecting to Influxdb. type: boolean username: - description: The username to authenticate with. Specifies - the username to use for superuser access. + description: |- + The username to authenticate with. + Specifies the username to use for superuser access. type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Template describing how dynamic usernames are - generated. + description: |- + Template describing how dynamic usernames are generated. + Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for tokens and secrets - in seconds Maximum possible lease duration for tokens and secrets - in seconds + description: |- + Maximum possible lease duration for tokens and secrets in seconds + Maximum possible lease duration for tokens and secrets in seconds type: number mongodb: - description: A nested block containing configuration options for - MongoDB connections. See Connection parameters for the mongodb-database-plugin - plugin. + description: |- + A nested block containing configuration options for MongoDB connections. + See + Connection parameters for the mongodb-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mongodbatlas: - description: A nested block containing configuration options for - MongoDB Atlas connections. See Connection parameters for the - mongodbatlas-database-plugin plugin. + description: |- + A nested block containing configuration options for MongoDB Atlas connections. + See + Connection parameters for the mongodbatlas-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string projectId: - description: The Project ID the Database User should be - created within. The Project ID the Database User should - be created within. + description: |- + The Project ID the Database User should be created within. + The Project ID the Database User should be created within. type: string publicKey: - description: The Public Programmatic API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API - Key used to authenticate with the MongoDB Atlas API. + description: |- + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mssql: - description: A nested block containing configuration options for - MSSQL connections. See Connection parameters for the mssql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MSSQL connections. + See + Connection parameters for the mssql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string containedDb: - description: For Vault v1.9+. Set to true when the target - is a Contained Database, e.g. AzureSQL. See Vault docs - Set to true when the target is a Contained Database, e.g. - AzureSQL. + description: |- + For Vault v1.9+. Set to true when the target is a + Contained Database, e.g. AzureSQL. + See Vault docs + Set to true when the target is a Contained Database, e.g. AzureSQL. type: boolean data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysql: - description: A nested block containing configuration options for - MySQL connections. See Connection parameters for the mysql-database-plugin - plugin. + description: |- + A nested block containing configuration options for MySQL connections. + See + Connection parameters for the mysql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -4456,79 +4767,88 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlAurora: - description: A nested block containing configuration options for - Aurora MySQL connections. See Connection parameters for the - mysql-aurora-database-plugin plugin. + description: |- + A nested block containing configuration options for Aurora MySQL connections. + See + Connection parameters for the mysql-aurora-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -4537,79 +4857,88 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlLegacy: - description: A nested block containing configuration options for - legacy MySQL connections. See Connection parameters for the - mysql-legacy-database-plugin plugin. + description: |- + A nested block containing configuration options for legacy MySQL connections. + See + Connection parameters for the mysql-legacy-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -4618,79 +4947,88 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array mysqlRds: - description: A nested block containing configuration options for - RDS MySQL connections. See Connection parameters for the mysql-rds-database-plugin - plugin. + description: |- + A nested block containing configuration options for RDS MySQL connections. + See + Connection parameters for the mysql-rds-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -4699,66 +5037,73 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tlsCa: - description: x509 CA file for validating the certificate - presented by the MySQL server. Must be PEM encoded. x509 - CA file for validating the certificate presented by the - MySQL server. Must be PEM encoded. + description: |- + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. + x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded. type: string username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array @@ -4768,67 +5113,74 @@ spec: options: additionalProperties: type: string - description: Specifies mount type specific options that are passed - to the backend Specifies mount type specific options that are - passed to the backend + description: |- + Specifies mount type specific options that are passed to the backend + Specifies mount type specific options that are passed to the backend type: object oracle: - description: A nested block containing configuration options for - Oracle connections. See Connection parameters for the oracle-database-plugin - plugin. + description: |- + A nested block containing configuration options for Oracle connections. + See + Connection parameters for the oracle-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disconnectSessions: description: Set to true to disconnect any open sessions prior to running the revocation statements. type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array @@ -4837,34 +5189,40 @@ spec: semi-colons. type: boolean username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array path: - description: Where the secret backend will be mounted Where the - secret backend will be mounted + description: |- + Where the secret backend will be mounted + Where the secret backend will be mounted type: string postgresql: - description: A nested block containing configuration options for - PostgreSQL connections. See Connection parameters for the postgresql-database-plugin - plugin. + description: |- + A nested block containing configuration options for PostgreSQL connections. + See + Connection parameters for the postgresql-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array @@ -4873,349 +5231,383 @@ spec: 'gcp_iam' is valid currently) type: string connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array redis: - description: A nested block containing configuration options for - Redis connections. See Connection parameters for the redis-database-plugin - plugin. + description: |- + A nested block containing configuration options for Redis connections. + See + Connection parameters for the redis-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array caCert: - description: The path to a PEM-encoded CA cert file to use - to verify the Elasticsearch server's identity. The contents - of a PEM-encoded CA cert file to use to verify the Redis - server's identity. + description: |- + The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity. + The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object host: - description: The host to connect to. Specifies the host - to connect to + description: |- + The host to connect to. + Specifies the host to connect to type: string insecureTls: - description: Whether to skip verification of the server - certificate when using TLS. Specifies whether to skip - verification of the server certificate when using TLS. + description: |- + Whether to skip verification of the server + certificate when using TLS. + Specifies whether to skip verification of the server certificate when using TLS. type: boolean name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string port: - description: The default port to connect to if no port is - specified as part of the host. The transport port to use - to connect to Redis. + description: |- + The default port to connect to if no port is specified as + part of the host. + The transport port to use to connect to Redis. type: number rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array tls: - description: Whether to use TLS when connecting to Cassandra. + description: |- + Whether to use TLS when connecting to Cassandra. Specifies whether to use TLS when connecting to Redis. type: boolean username: - description: The username to authenticate with. Specifies - the username for Vault to use. + description: |- + The username to authenticate with. + Specifies the username for Vault to use. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array redisElasticache: - description: A nested block containing configuration options for - Redis ElastiCache connections. See Connection parameters for - the redis-elasticache-database-plugin plugin. + description: |- + A nested block containing configuration options for Redis ElastiCache connections. + See + Connection parameters for the redis-elasticache-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string region: - description: The AWS region where the ElastiCache cluster - is hosted. If omitted the plugin tries to infer the region - from the environment. The AWS region where the ElastiCache - cluster is hosted. If omitted the plugin tries to infer - the region from the environment. + description: |- + The AWS region where the ElastiCache cluster is hosted. + If omitted the plugin tries to infer the region from the environment. + The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array url: - description: The URL for Elasticsearch's API. https requires - certificate by trusted CA if used. The configuration endpoint - for the ElastiCache cluster to connect to. + description: |- + The URL for Elasticsearch's API. https requires certificate + by trusted CA if used. + The configuration endpoint for the ElastiCache cluster to connect to. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array redshift: - description: A nested block containing configuration options for - AWS Redshift connections. See Connection parameters for the - redshift-database-plugin plugin. + description: |- + A nested block containing configuration options for AWS Redshift connections. + See + Connection parameters for the redshift-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object disableEscaping: - description: Disable special character escaping in username - and password. Disable special character escaping in username - and password + description: |- + Disable special character escaping in username and password. + Disable special character escaping in username and password type: boolean maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array sealWrap: - description: Boolean flag that can be explicitly set to true to - enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability - Enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability + description: |- + Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability + Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability type: boolean snowflake: - description: A nested block containing configuration options for - Snowflake connections. See Connection parameters for the snowflake-database-plugin - plugin. + description: |- + A nested block containing configuration options for Snowflake connections. + See + Connection parameters for the snowflake-database-plugin plugin. items: properties: allowedRoles: - description: A list of roles that are allowed to use this - connection. A list of roles that are allowed to use this + description: |- + A list of roles that are allowed to use this connection. + A list of roles that are allowed to use this connection. items: type: string type: array connectionUrl: - description: A URL containing connection information. See - Vault docs Connection string to use to connect to the - database. + description: |- + A URL containing connection information. + See Vault docs + Connection string to use to connect to the database. type: string data: additionalProperties: type: string - description: A map of sensitive data to pass to the endpoint. - Useful for templated connection strings. A map of sensitive - data to pass to the endpoint. Useful for templated connection - strings. + description: |- + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. + A map of sensitive data to pass to the endpoint. Useful for templated connection strings. type: object maxConnectionLifetime: - description: The maximum number of seconds to keep a connection - alive for. Maximum number of seconds a connection may - be reused. + description: |- + The maximum number of seconds to keep + a connection alive for. + Maximum number of seconds a connection may be reused. type: number maxIdleConnections: - description: The maximum number of idle connections to maintain. + description: |- + The maximum number of idle connections to + maintain. Maximum number of idle connections to the database. type: number maxOpenConnections: - description: The maximum number of open connections to use. + description: |- + The maximum number of open connections to + use. Maximum number of open connections to the database. type: number name: - description: for any configured database engine is changed + description: |- + for any configured database engine is changed Name of the database connection. type: string pluginName: - description: Specifies the name of the plugin to use. Specifies - the name of the plugin to use for this connection. Must - be prefixed with the name of one of the supported database - engine types. + description: |- + Specifies the name of the plugin to use. + Specifies the name of the plugin to use for this connection. Must be prefixed with the name of one of the supported database engine types. type: string rootRotationStatements: - description: A list of database statements to be executed - to rotate the root user's credentials. A list of database - statements to be executed to rotate the root user's credentials. + description: |- + A list of database statements to be executed to rotate the root user's credentials. + A list of database statements to be executed to rotate the root user's credentials. items: type: string type: array username: - description: The username to authenticate with. The root - credential username used in the connection URL + description: |- + The username to authenticate with. + The root credential username used in the connection URL type: string usernameTemplate: - description: Template describing how dynamic usernames are - generated. Username generation template. + description: |- + Template describing how dynamic usernames are generated. + Username generation template. type: string verifyConnection: - description: Whether the connection should be verified on - initial configuration or not. Specifies if the connection - is verified during initial configuration. + description: |- + Whether the connection should be verified on + initial configuration or not. + Specifies if the connection is verified during initial configuration. type: boolean type: object type: array @@ -5226,13 +5618,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -5243,8 +5637,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -5253,6 +5648,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/egp.vault.upbound.io_policies.yaml b/package/crds/egp.vault.upbound.io_policies.yaml index 3cb53c62..dbfc704a 100644 --- a/package/crds/egp.vault.upbound.io_policies.yaml +++ b/package/crds/egp.vault.upbound.io_policies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: policies.egp.vault.upbound.io spec: group: egp.vault.upbound.io @@ -38,14 +38,19 @@ spec: governing policies for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,87 +74,99 @@ spec: forProvider: properties: enforcementLevel: - description: 'Enforcement level of Sentinel policy. Can be either - advisory or soft-mandatory or hard-mandatory Enforcement level - of Sentinel policy. Can be one of: ''advisory'', ''soft-mandatory'' - or ''hard-mandatory''' + description: |- + Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory + Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory' type: string name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string paths: - description: List of paths to which the policy will be applied - to List of paths to which the policy will be applied + description: |- + List of paths to which the policy will be applied to + List of paths to which the policy will be applied items: type: string type: array policy: - description: String containing a Sentinel policy The policy document + description: |- + String containing a Sentinel policy + The policy document type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: enforcementLevel: - description: 'Enforcement level of Sentinel policy. Can be either - advisory or soft-mandatory or hard-mandatory Enforcement level - of Sentinel policy. Can be one of: ''advisory'', ''soft-mandatory'' - or ''hard-mandatory''' + description: |- + Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory + Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory' type: string name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string paths: - description: List of paths to which the policy will be applied - to List of paths to which the policy will be applied + description: |- + List of paths to which the policy will be applied to + List of paths to which the policy will be applied items: type: string type: array policy: - description: String containing a Sentinel policy The policy document + description: |- + String containing a Sentinel policy + The policy document type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -161,9 +179,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -173,57 +192,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -233,17 +216,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -253,21 +238,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -282,21 +267,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -307,14 +293,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -352,31 +339,36 @@ spec: atProvider: properties: enforcementLevel: - description: 'Enforcement level of Sentinel policy. Can be either - advisory or soft-mandatory or hard-mandatory Enforcement level - of Sentinel policy. Can be one of: ''advisory'', ''soft-mandatory'' - or ''hard-mandatory''' + description: |- + Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory + Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory' type: string id: type: string name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string paths: - description: List of paths to which the policy will be applied - to List of paths to which the policy will be applied + description: |- + List of paths to which the policy will be applied to + List of paths to which the policy will be applied items: type: string type: array policy: - description: String containing a Sentinel policy The policy document + description: |- + String containing a Sentinel policy + The policy document type: string type: object conditions: @@ -385,13 +377,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -402,8 +396,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -412,6 +407,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/gcp.vault.upbound.io_authbackendroles.yaml b/package/crds/gcp.vault.upbound.io_authbackendroles.yaml index e58ae7fb..78cee18d 100644 --- a/package/crds/gcp.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/gcp.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.gcp.vault.upbound.io spec: group: gcp.vault.upbound.io @@ -38,14 +38,19 @@ spec: roles in an GCP auth backend in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -131,89 +137,99 @@ spec: claim to be customized. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: description: Name of the GCP role type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: description: Type of GCP authentication role (either gce or iam) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: addGroupAliases: type: boolean @@ -279,72 +295,81 @@ spec: claim to be customized. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: description: Name of the GCP role type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: description: Type of GCP authentication role (either gce or iam) @@ -353,20 +378,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -379,9 +405,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -391,57 +418,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -451,17 +442,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -471,21 +464,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -500,21 +493,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -525,14 +519,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -627,72 +622,81 @@ spec: claim to be customized. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: description: Name of the GCP role type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: description: Type of GCP authentication role (either gce or iam) @@ -704,13 +708,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -721,8 +727,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -731,6 +738,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/gcp.vault.upbound.io_authbackends.yaml b/package/crds/gcp.vault.upbound.io_authbackends.yaml index 3b94a222..024ce090 100644 --- a/package/crds/gcp.vault.upbound.io_authbackends.yaml +++ b/package/crds/gcp.vault.upbound.io_authbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackends.gcp.vault.upbound.io spec: group: gcp.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: AuthBackend is the Schema for the AuthBackends API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -159,17 +165,18 @@ spec: type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: clientEmail: type: string @@ -248,20 +255,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -274,9 +282,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -286,57 +295,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -346,17 +319,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -366,21 +341,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -395,21 +370,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -420,14 +396,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -532,13 +509,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -549,8 +528,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -559,6 +539,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/gcp.vault.upbound.io_secretbackends.yaml b/package/crds/gcp.vault.upbound.io_secretbackends.yaml index 4719ae78..82b0d10e 100644 --- a/package/crds/gcp.vault.upbound.io_secretbackends.yaml +++ b/package/crds/gcp.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.gcp.vault.upbound.io spec: group: gcp.vault.upbound.io @@ -38,14 +38,19 @@ spec: an GCP secret backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,7 +74,8 @@ spec: forProvider: properties: credentialsSecretRef: - description: The GCP service account credentials in JSON format. + description: |- + The GCP service account credentials in JSON format. JSON-encoded credentials to use to connect to GCP properties: key: @@ -86,107 +93,123 @@ spec: - namespace type: object defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. - Defaults to '0'. Default lease duration for secrets in seconds + description: |- + The default TTL for credentials + issued by this backend. Defaults to '0'. + Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Defaults to '0'. Maximum possible lease - duration for secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. Defaults to '0'. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to gcp. Path to mount - the backend at. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to gcp. + Path to mount the backend at. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. - Defaults to '0'. Default lease duration for secrets in seconds + description: |- + The default TTL for credentials + issued by this backend. Defaults to '0'. + Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Defaults to '0'. Maximum possible lease - duration for secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. Defaults to '0'. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to gcp. Path to mount - the backend at. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to gcp. + Path to mount the backend at. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -199,9 +222,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -211,57 +235,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -271,17 +259,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -291,21 +281,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -320,21 +310,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -345,14 +336,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -373,41 +365,48 @@ spec: atProvider: properties: defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. - Defaults to '0'. Default lease duration for secrets in seconds + description: |- + The default TTL for credentials + issued by this backend. Defaults to '0'. + Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean id: type: string local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Defaults to '0'. Maximum possible lease - duration for secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. Defaults to '0'. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to gcp. Path to mount - the backend at. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to gcp. + Path to mount the backend at. type: string type: object conditions: @@ -416,13 +415,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -433,8 +434,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -443,6 +445,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/gcp.vault.upbound.io_secretimpersonatedaccounts.yaml b/package/crds/gcp.vault.upbound.io_secretimpersonatedaccounts.yaml index b1f0f095..81a66d2f 100644 --- a/package/crds/gcp.vault.upbound.io_secretimpersonatedaccounts.yaml +++ b/package/crds/gcp.vault.upbound.io_secretimpersonatedaccounts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretimpersonatedaccounts.gcp.vault.upbound.io spec: group: gcp.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Creates a Impersonated Account for the GCP Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -69,62 +75,67 @@ spec: forProvider: properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string impersonatedAccount: - description: Name of the Impersonated Account to create Name of - the Impersonated Account to create + description: |- + Name of the Impersonated Account to create + Name of the Impersonated Account to create type: string namespace: description: Target namespace. (requires Enterprise) type: string serviceAccountEmail: - description: Email of the GCP service account to impersonate. + description: |- + Email of the GCP service account to impersonate. Email of the GCP service account. type: string tokenScopes: - description: List of OAuth scopes to assign to access tokens generated - under this impersonated account. List of OAuth scopes to assign - to `access_token` secrets generated under this impersonated - account (`access_token` impersonated accounts only) + description: |- + List of OAuth scopes to assign to access tokens generated under this impersonated account. + List of OAuth scopes to assign to `access_token` secrets generated under this impersonated account (`access_token` impersonated accounts only) items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string impersonatedAccount: - description: Name of the Impersonated Account to create Name of - the Impersonated Account to create + description: |- + Name of the Impersonated Account to create + Name of the Impersonated Account to create type: string namespace: description: Target namespace. (requires Enterprise) type: string serviceAccountEmail: - description: Email of the GCP service account to impersonate. + description: |- + Email of the GCP service account to impersonate. Email of the GCP service account. type: string tokenScopes: - description: List of OAuth scopes to assign to access tokens generated - under this impersonated account. List of OAuth scopes to assign - to `access_token` secrets generated under this impersonated - account (`access_token` impersonated accounts only) + description: |- + List of OAuth scopes to assign to access tokens generated under this impersonated account. + List of OAuth scopes to assign to `access_token` secrets generated under this impersonated account (`access_token` impersonated accounts only) items: type: string type: array @@ -132,20 +143,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -158,9 +170,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -170,57 +183,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -230,17 +207,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -250,21 +229,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -279,21 +258,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -304,14 +284,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -346,31 +327,34 @@ spec: atProvider: properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string id: type: string impersonatedAccount: - description: Name of the Impersonated Account to create Name of - the Impersonated Account to create + description: |- + Name of the Impersonated Account to create + Name of the Impersonated Account to create type: string namespace: description: Target namespace. (requires Enterprise) type: string serviceAccountEmail: - description: Email of the GCP service account to impersonate. + description: |- + Email of the GCP service account to impersonate. Email of the GCP service account. type: string serviceAccountProject: - description: Project the service account belongs to. Project of - the GCP Service Account managed by this impersonated account + description: |- + Project the service account belongs to. + Project of the GCP Service Account managed by this impersonated account type: string tokenScopes: - description: List of OAuth scopes to assign to access tokens generated - under this impersonated account. List of OAuth scopes to assign - to `access_token` secrets generated under this impersonated - account (`access_token` impersonated accounts only) + description: |- + List of OAuth scopes to assign to access tokens generated under this impersonated account. + List of OAuth scopes to assign to `access_token` secrets generated under this impersonated account (`access_token` impersonated accounts only) items: type: string type: array @@ -381,13 +365,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -398,8 +384,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -408,6 +395,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/gcp.vault.upbound.io_secretrolesets.yaml b/package/crds/gcp.vault.upbound.io_secretrolesets.yaml index 24ed4f5b..c0bb0f5c 100644 --- a/package/crds/gcp.vault.upbound.io_secretrolesets.yaml +++ b/package/crds/gcp.vault.upbound.io_secretrolesets.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretrolesets.gcp.vault.upbound.io spec: group: gcp.vault.upbound.io @@ -38,14 +38,19 @@ spec: a Roleset for the GCP Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,8 +74,9 @@ spec: forProvider: properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string binding: description: Bindings to create for this roleset. This can be @@ -78,65 +85,68 @@ spec: items: properties: resource: - description: Resource or resource path for which IAM policy - information will be bound. The resource path may be specified - in a few different formats. Resource name + description: |- + Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different formats. + Resource name type: string roles: - description: List of GCP IAM roles for the resource. List - of roles to apply to the resource + description: |- + List of GCP IAM roles for the resource. + List of roles to apply to the resource items: type: string type: array type: object type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string project: - description: Name of the GCP project that this roleset's service - account will belong to. Name of the GCP project that this roleset's - service account will belong to. + description: |- + Name of the GCP project that this roleset's service account will belong to. + Name of the GCP project that this roleset's service account will belong to. type: string roleset: - description: Name of the Roleset to create Name of the RoleSet - to create + description: |- + Name of the Roleset to create + Name of the RoleSet to create type: string secretType: - description: 'Type of secret generated for this role set. Accepted - values: access_token, service_account_key. Defaults to access_token. - Type of secret generated for this role set. Defaults to `access_token`. - Accepted values: `access_token`, `service_account_key`' + description: |- + Type of secret generated for this role set. Accepted values: access_token, service_account_key. Defaults to access_token. + Type of secret generated for this role set. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key` type: string tokenScopes: - description: List of OAuth scopes to assign to access_token secrets - generated under this role set (access_token role sets only). - List of OAuth scopes to assign to `access_token` secrets generated - under this role set (`access_token` role sets only) + description: |- + List of OAuth scopes to assign to access_token secrets generated under this role set (access_token role sets only). + List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only) items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string binding: description: Bindings to create for this roleset. This can be @@ -145,45 +155,46 @@ spec: items: properties: resource: - description: Resource or resource path for which IAM policy - information will be bound. The resource path may be specified - in a few different formats. Resource name + description: |- + Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different formats. + Resource name type: string roles: - description: List of GCP IAM roles for the resource. List - of roles to apply to the resource + description: |- + List of GCP IAM roles for the resource. + List of roles to apply to the resource items: type: string type: array type: object type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string project: - description: Name of the GCP project that this roleset's service - account will belong to. Name of the GCP project that this roleset's - service account will belong to. + description: |- + Name of the GCP project that this roleset's service account will belong to. + Name of the GCP project that this roleset's service account will belong to. type: string roleset: - description: Name of the Roleset to create Name of the RoleSet - to create + description: |- + Name of the Roleset to create + Name of the RoleSet to create type: string secretType: - description: 'Type of secret generated for this role set. Accepted - values: access_token, service_account_key. Defaults to access_token. - Type of secret generated for this role set. Defaults to `access_token`. - Accepted values: `access_token`, `service_account_key`' + description: |- + Type of secret generated for this role set. Accepted values: access_token, service_account_key. Defaults to access_token. + Type of secret generated for this role set. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key` type: string tokenScopes: - description: List of OAuth scopes to assign to access_token secrets - generated under this role set (access_token role sets only). - List of OAuth scopes to assign to `access_token` secrets generated - under this role set (`access_token` role sets only) + description: |- + List of OAuth scopes to assign to access_token secrets generated under this role set (access_token role sets only). + List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only) items: type: string type: array @@ -191,20 +202,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -217,9 +229,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -229,57 +242,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -289,17 +266,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -309,21 +288,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -338,21 +317,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -363,14 +343,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -408,8 +389,9 @@ spec: atProvider: properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string binding: description: Bindings to create for this roleset. This can be @@ -418,13 +400,14 @@ spec: items: properties: resource: - description: Resource or resource path for which IAM policy - information will be bound. The resource path may be specified - in a few different formats. Resource name + description: |- + Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different formats. + Resource name type: string roles: - description: List of GCP IAM roles for the resource. List - of roles to apply to the resource + description: |- + List of GCP IAM roles for the resource. + List of roles to apply to the resource items: type: string type: array @@ -433,37 +416,37 @@ spec: id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string project: - description: Name of the GCP project that this roleset's service - account will belong to. Name of the GCP project that this roleset's - service account will belong to. + description: |- + Name of the GCP project that this roleset's service account will belong to. + Name of the GCP project that this roleset's service account will belong to. type: string roleset: - description: Name of the Roleset to create Name of the RoleSet - to create + description: |- + Name of the Roleset to create + Name of the RoleSet to create type: string secretType: - description: 'Type of secret generated for this role set. Accepted - values: access_token, service_account_key. Defaults to access_token. - Type of secret generated for this role set. Defaults to `access_token`. - Accepted values: `access_token`, `service_account_key`' + description: |- + Type of secret generated for this role set. Accepted values: access_token, service_account_key. Defaults to access_token. + Type of secret generated for this role set. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key` type: string serviceAccountEmail: - description: Email of the service account created by Vault for - this Roleset. Email of the service account created by Vault - for this Roleset + description: |- + Email of the service account created by Vault for this Roleset. + Email of the service account created by Vault for this Roleset type: string tokenScopes: - description: List of OAuth scopes to assign to access_token secrets - generated under this role set (access_token role sets only). - List of OAuth scopes to assign to `access_token` secrets generated - under this role set (`access_token` role sets only) + description: |- + List of OAuth scopes to assign to access_token secrets generated under this role set (access_token role sets only). + List of OAuth scopes to assign to `access_token` secrets generated under this role set (`access_token` role sets only) items: type: string type: array @@ -474,13 +457,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -491,8 +476,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -501,6 +487,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/gcp.vault.upbound.io_secretstaticaccounts.yaml b/package/crds/gcp.vault.upbound.io_secretstaticaccounts.yaml index 7f3f5923..4b90fb44 100644 --- a/package/crds/gcp.vault.upbound.io_secretstaticaccounts.yaml +++ b/package/crds/gcp.vault.upbound.io_secretstaticaccounts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretstaticaccounts.gcp.vault.upbound.io spec: group: gcp.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Creates a Static Account for the GCP Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,8 +74,9 @@ spec: forProvider: properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string binding: description: Bindings to create for this static account. This @@ -78,66 +85,68 @@ spec: items: properties: resource: - description: Resource or resource path for which IAM policy - information will be bound. The resource path may be specified - in a few different formats. Resource name + description: |- + Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different formats. + Resource name type: string roles: - description: List of GCP IAM roles for the resource. List - of roles to apply to the resource + description: |- + List of GCP IAM roles for the resource. + List of roles to apply to the resource items: type: string type: array type: object type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string secretType: - description: 'Type of secret generated for this static account. - Accepted values: access_token, service_account_key. Defaults - to access_token. Type of secret generated for this static account. - Defaults to `access_token`. Accepted values: `access_token`, - `service_account_key`' + description: |- + Type of secret generated for this static account. Accepted values: access_token, service_account_key. Defaults to access_token. + Type of secret generated for this static account. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key` type: string serviceAccountEmail: - description: Email of the GCP service account to manage. Email - of the GCP service account. + description: |- + Email of the GCP service account to manage. + Email of the GCP service account. type: string staticAccount: - description: Name of the Static Account to create Name of the - Static Account to create + description: |- + Name of the Static Account to create + Name of the Static Account to create type: string tokenScopes: - description: List of OAuth scopes to assign to access_token secrets - generated under this static account (access_token static accounts - only). List of OAuth scopes to assign to `access_token` secrets - generated under this static account (`access_token` static accounts - only) + description: |- + List of OAuth scopes to assign to access_token secrets generated under this static account (access_token static accounts only). + List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only) items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string binding: description: Bindings to create for this static account. This @@ -146,46 +155,46 @@ spec: items: properties: resource: - description: Resource or resource path for which IAM policy - information will be bound. The resource path may be specified - in a few different formats. Resource name + description: |- + Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different formats. + Resource name type: string roles: - description: List of GCP IAM roles for the resource. List - of roles to apply to the resource + description: |- + List of GCP IAM roles for the resource. + List of roles to apply to the resource items: type: string type: array type: object type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string secretType: - description: 'Type of secret generated for this static account. - Accepted values: access_token, service_account_key. Defaults - to access_token. Type of secret generated for this static account. - Defaults to `access_token`. Accepted values: `access_token`, - `service_account_key`' + description: |- + Type of secret generated for this static account. Accepted values: access_token, service_account_key. Defaults to access_token. + Type of secret generated for this static account. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key` type: string serviceAccountEmail: - description: Email of the GCP service account to manage. Email - of the GCP service account. + description: |- + Email of the GCP service account to manage. + Email of the GCP service account. type: string staticAccount: - description: Name of the Static Account to create Name of the - Static Account to create + description: |- + Name of the Static Account to create + Name of the Static Account to create type: string tokenScopes: - description: List of OAuth scopes to assign to access_token secrets - generated under this static account (access_token static accounts - only). List of OAuth scopes to assign to `access_token` secrets - generated under this static account (`access_token` static accounts - only) + description: |- + List of OAuth scopes to assign to access_token secrets generated under this static account (access_token static accounts only). + List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only) items: type: string type: array @@ -193,20 +202,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -219,9 +229,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -231,57 +242,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -291,17 +266,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -311,21 +288,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -340,21 +317,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -365,14 +343,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -406,8 +385,9 @@ spec: atProvider: properties: backend: - description: Path where the GCP Secrets Engine is mounted Path - where the GCP secrets engine is mounted. + description: |- + Path where the GCP Secrets Engine is mounted + Path where the GCP secrets engine is mounted. type: string binding: description: Bindings to create for this static account. This @@ -416,13 +396,14 @@ spec: items: properties: resource: - description: Resource or resource path for which IAM policy - information will be bound. The resource path may be specified - in a few different formats. Resource name + description: |- + Resource or resource path for which IAM policy information will be bound. The resource path may be specified in a few different formats. + Resource name type: string roles: - description: List of GCP IAM roles for the resource. List - of roles to apply to the resource + description: |- + List of GCP IAM roles for the resource. + List of roles to apply to the resource items: type: string type: array @@ -431,37 +412,37 @@ spec: id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string secretType: - description: 'Type of secret generated for this static account. - Accepted values: access_token, service_account_key. Defaults - to access_token. Type of secret generated for this static account. - Defaults to `access_token`. Accepted values: `access_token`, - `service_account_key`' + description: |- + Type of secret generated for this static account. Accepted values: access_token, service_account_key. Defaults to access_token. + Type of secret generated for this static account. Defaults to `access_token`. Accepted values: `access_token`, `service_account_key` type: string serviceAccountEmail: - description: Email of the GCP service account to manage. Email - of the GCP service account. + description: |- + Email of the GCP service account to manage. + Email of the GCP service account. type: string serviceAccountProject: - description: Project the service account belongs to. Project of - the GCP Service Account managed by this static account + description: |- + Project the service account belongs to. + Project of the GCP Service Account managed by this static account type: string staticAccount: - description: Name of the Static Account to create Name of the - Static Account to create + description: |- + Name of the Static Account to create + Name of the Static Account to create type: string tokenScopes: - description: List of OAuth scopes to assign to access_token secrets - generated under this static account (access_token static accounts - only). List of OAuth scopes to assign to `access_token` secrets - generated under this static account (`access_token` static accounts - only) + description: |- + List of OAuth scopes to assign to access_token secrets generated under this static account (access_token static accounts only). + List of OAuth scopes to assign to `access_token` secrets generated under this static account (`access_token` static accounts only) items: type: string type: array @@ -472,13 +453,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -489,8 +472,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -499,6 +483,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/generic.vault.upbound.io_endpoints.yaml b/package/crds/generic.vault.upbound.io_endpoints.yaml index dc52fd3d..e20dca59 100644 --- a/package/crds/generic.vault.upbound.io_endpoints.yaml +++ b/package/crds/generic.vault.upbound.io_endpoints.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: endpoints.generic.vault.upbound.io spec: group: generic.vault.upbound.io @@ -38,14 +38,19 @@ spec: data to a given path in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,9 +74,10 @@ spec: forProvider: properties: dataJsonSecretRef: - description: String containing a JSON-encoded object that will - be written to the given path as the secret data. JSON-encoded - data to write. + description: |- + String containing a JSON-encoded object that will be + written to the given path as the secret data. + JSON-encoded data to write. properties: key: description: The key to select. @@ -87,116 +94,129 @@ spec: - namespace type: object disableDelete: - description: True/false. Set this to true if your vault authentication - is not able to delete the data or if the endpoint does not support - the DELETE method. Defaults to false. Don't attempt to delete - the path from Vault if true + description: |- + True/false. Set this to true if your + vault authentication is not able to delete the data or if the endpoint + does not support the DELETE method. Defaults to false. + Don't attempt to delete the path from Vault if true type: boolean disableRead: - description: True/false. Set this to true if your vault authentication - is not able to read the data or if the endpoint does not support - the GET method. Setting this to true will break drift detection. - You should set this to true for endpoints that are write-only. - Defaults to false. Don't attempt to read the path from Vault - if true; drift won't be detected + description: |- + True/false. Set this to true if your vault + authentication is not able to read the data or if the endpoint does + not support the GET method. Setting this to true will break drift + detection. You should set this to true for endpoints that are + write-only. Defaults to false. + Don't attempt to read the path from Vault if true; drift won't be detected type: boolean ignoreAbsentFields: - description: True/false. If set to true, ignore any fields present - when the endpoint is read but that were not in data_json. Also, - if a field that was written is not returned when the endpoint - is read, treat that field as being up to date. You should set - this to true when writing to endpoint that, when read, returns - a different set of fields from the ones you wrote, as is common - with many configuration endpoints. Defaults to false. When reading, - disregard fields not present in data_json + description: |- + True/false. If set to true, + ignore any fields present when the endpoint is read but that were not + in data_json. Also, if a field that was written is not returned when + the endpoint is read, treat that field as being up to date. You should + set this to true when writing to endpoint that, when read, returns a + different set of fields from the ones you wrote, as is common with + many configuration endpoints. Defaults to false. + When reading, disregard fields not present in data_json type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The full logical path at which to write the given + description: |- + The full logical path at which to write the given data. Consult each backend's documentation to see which endpoints support the PUT methods and to determine whether they also support - DELETE and GET. Full path where to the endpoint that will be - written + DELETE and GET. + Full path where to the endpoint that will be written type: string writeFields: - description: . A list of fields that should be returned in write_data_json - and write_data. If omitted, data returned by the write operation - is not available to the resource or included in state. This - helps to avoid accidental storage of sensitive values in state. - Some endpoints, such as many dynamic secrets endpoints, return - data from writing to an endpoint rather than reading it. You - should use write_fields if you need information returned in - this way. Top-level fields returned by write to persist in state + description: |- + . A list of fields that should be returned + in write_data_json and write_data. If omitted, data returned by + the write operation is not available to the resource or included in + state. This helps to avoid accidental storage of sensitive values in + state. Some endpoints, such as many dynamic secrets endpoints, return + data from writing to an endpoint rather than reading it. You should + use write_fields if you need information returned in this way. + Top-level fields returned by write to persist in state items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: disableDelete: - description: True/false. Set this to true if your vault authentication - is not able to delete the data or if the endpoint does not support - the DELETE method. Defaults to false. Don't attempt to delete - the path from Vault if true + description: |- + True/false. Set this to true if your + vault authentication is not able to delete the data or if the endpoint + does not support the DELETE method. Defaults to false. + Don't attempt to delete the path from Vault if true type: boolean disableRead: - description: True/false. Set this to true if your vault authentication - is not able to read the data or if the endpoint does not support - the GET method. Setting this to true will break drift detection. - You should set this to true for endpoints that are write-only. - Defaults to false. Don't attempt to read the path from Vault - if true; drift won't be detected + description: |- + True/false. Set this to true if your vault + authentication is not able to read the data or if the endpoint does + not support the GET method. Setting this to true will break drift + detection. You should set this to true for endpoints that are + write-only. Defaults to false. + Don't attempt to read the path from Vault if true; drift won't be detected type: boolean ignoreAbsentFields: - description: True/false. If set to true, ignore any fields present - when the endpoint is read but that were not in data_json. Also, - if a field that was written is not returned when the endpoint - is read, treat that field as being up to date. You should set - this to true when writing to endpoint that, when read, returns - a different set of fields from the ones you wrote, as is common - with many configuration endpoints. Defaults to false. When reading, - disregard fields not present in data_json + description: |- + True/false. If set to true, + ignore any fields present when the endpoint is read but that were not + in data_json. Also, if a field that was written is not returned when + the endpoint is read, treat that field as being up to date. You should + set this to true when writing to endpoint that, when read, returns a + different set of fields from the ones you wrote, as is common with + many configuration endpoints. Defaults to false. + When reading, disregard fields not present in data_json type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The full logical path at which to write the given + description: |- + The full logical path at which to write the given data. Consult each backend's documentation to see which endpoints support the PUT methods and to determine whether they also support - DELETE and GET. Full path where to the endpoint that will be - written + DELETE and GET. + Full path where to the endpoint that will be written type: string writeFields: - description: . A list of fields that should be returned in write_data_json - and write_data. If omitted, data returned by the write operation - is not available to the resource or included in state. This - helps to avoid accidental storage of sensitive values in state. - Some endpoints, such as many dynamic secrets endpoints, return - data from writing to an endpoint rather than reading it. You - should use write_fields if you need information returned in - this way. Top-level fields returned by write to persist in state + description: |- + . A list of fields that should be returned + in write_data_json and write_data. If omitted, data returned by + the write operation is not available to the resource or included in + state. This helps to avoid accidental storage of sensitive values in + state. Some endpoints, such as many dynamic secrets endpoints, return + data from writing to an endpoint rather than reading it. You should + use write_fields if you need information returned in this way. + Top-level fields returned by write to persist in state items: type: string type: array @@ -204,20 +224,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -230,9 +251,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -242,57 +264,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -302,17 +288,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -322,21 +310,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -351,21 +339,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -376,14 +365,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -412,69 +402,77 @@ spec: atProvider: properties: disableDelete: - description: True/false. Set this to true if your vault authentication - is not able to delete the data or if the endpoint does not support - the DELETE method. Defaults to false. Don't attempt to delete - the path from Vault if true + description: |- + True/false. Set this to true if your + vault authentication is not able to delete the data or if the endpoint + does not support the DELETE method. Defaults to false. + Don't attempt to delete the path from Vault if true type: boolean disableRead: - description: True/false. Set this to true if your vault authentication - is not able to read the data or if the endpoint does not support - the GET method. Setting this to true will break drift detection. - You should set this to true for endpoints that are write-only. - Defaults to false. Don't attempt to read the path from Vault - if true; drift won't be detected + description: |- + True/false. Set this to true if your vault + authentication is not able to read the data or if the endpoint does + not support the GET method. Setting this to true will break drift + detection. You should set this to true for endpoints that are + write-only. Defaults to false. + Don't attempt to read the path from Vault if true; drift won't be detected type: boolean id: type: string ignoreAbsentFields: - description: True/false. If set to true, ignore any fields present - when the endpoint is read but that were not in data_json. Also, - if a field that was written is not returned when the endpoint - is read, treat that field as being up to date. You should set - this to true when writing to endpoint that, when read, returns - a different set of fields from the ones you wrote, as is common - with many configuration endpoints. Defaults to false. When reading, - disregard fields not present in data_json + description: |- + True/false. If set to true, + ignore any fields present when the endpoint is read but that were not + in data_json. Also, if a field that was written is not returned when + the endpoint is read, treat that field as being up to date. You should + set this to true when writing to endpoint that, when read, returns a + different set of fields from the ones you wrote, as is common with + many configuration endpoints. Defaults to false. + When reading, disregard fields not present in data_json type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The full logical path at which to write the given + description: |- + The full logical path at which to write the given data. Consult each backend's documentation to see which endpoints support the PUT methods and to determine whether they also support - DELETE and GET. Full path where to the endpoint that will be - written + DELETE and GET. + Full path where to the endpoint that will be written type: string writeData: additionalProperties: type: string - description: A map whose keys are the top-level data keys returned - from Vault by the write operation and whose values are the corresponding - values. This map can only represent string data, so any non-string - values returned from Vault are serialized as JSON. Only fields - set in write_fields are present in the JSON data. Map of strings - returned by write operation + description: |- + A map whose keys are the top-level data keys + returned from Vault by the write operation and whose values are the + corresponding values. This map can only represent string data, so + any non-string values returned from Vault are serialized as JSON. + Only fields set in write_fields are present in the JSON data. + Map of strings returned by write operation type: object writeDataJson: - description: The JSON data returned by the write operation. Only - fields set in write_fields are present in the JSON data. JSON - data returned by write operation + description: |- + The JSON data returned by the write operation. + Only fields set in write_fields are present in the JSON data. + JSON data returned by write operation type: string writeFields: - description: . A list of fields that should be returned in write_data_json - and write_data. If omitted, data returned by the write operation - is not available to the resource or included in state. This - helps to avoid accidental storage of sensitive values in state. - Some endpoints, such as many dynamic secrets endpoints, return - data from writing to an endpoint rather than reading it. You - should use write_fields if you need information returned in - this way. Top-level fields returned by write to persist in state + description: |- + . A list of fields that should be returned + in write_data_json and write_data. If omitted, data returned by + the write operation is not available to the resource or included in + state. This helps to avoid accidental storage of sensitive values in + state. Some endpoints, such as many dynamic secrets endpoints, return + data from writing to an endpoint rather than reading it. You should + use write_fields if you need information returned in this way. + Top-level fields returned by write to persist in state items: type: string type: array @@ -485,13 +483,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -502,8 +502,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -512,6 +513,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/generic.vault.upbound.io_secrets.yaml b/package/crds/generic.vault.upbound.io_secrets.yaml index facc6f46..b80c82a8 100644 --- a/package/crds/generic.vault.upbound.io_secrets.yaml +++ b/package/crds/generic.vault.upbound.io_secrets.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secrets.generic.vault.upbound.io spec: group: generic.vault.upbound.io @@ -38,14 +38,19 @@ spec: to a given path in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,9 +74,10 @@ spec: forProvider: properties: dataJsonSecretRef: - description: String containing a JSON-encoded object that will - be written as the secret data at the given path. JSON-encoded - secret data to write. + description: |- + String containing a JSON-encoded object that will be + written as the secret data at the given path. + JSON-encoded secret data to write. properties: key: description: The key to select. @@ -87,95 +94,103 @@ spec: - namespace type: object deleteAllVersions: - description: true/false. Only applicable for kv-v2 stores. If - set to true, permanently deletes all versions for the specified - key. The default behavior is to only delete the latest version - of the secret. Only applicable for kv-v2 stores. If set, permanently - deletes all versions for the specified key. + description: |- + true/false. Only applicable for kv-v2 stores. + If set to true, permanently deletes all versions for + the specified key. The default behavior is to only delete the latest version of the + secret. + Only applicable for kv-v2 stores. If set, permanently deletes all versions for the specified key. type: boolean disableRead: - description: true/false. Set this to true if your vault authentication - is not able to read the data. Setting this to true will break - drift detection. Defaults to false. Don't attempt to read the - token from Vault if true; drift won't be detected. + description: |- + true/false. Set this to true if your vault + authentication is not able to read the data. Setting this to true will + break drift detection. Defaults to false. + Don't attempt to read the token from Vault if true; drift won't be detected. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The full logical path at which to write the given - data. To write data into the "generic" secret backend mounted - in Vault by default, this should be prefixed with secret/. Writing - to other backends with this resource is possible; consult each - backend's documentation to see which endpoints support the PUT - and DELETE methods. Full path where the generic secret will - be written. + description: |- + The full logical path at which to write the given data. + To write data into the "generic" secret backend mounted in Vault by default, + this should be prefixed with secret/. Writing to other backends with this + resource is possible; consult each backend's documentation to see which + endpoints support the PUT and DELETE methods. + Full path where the generic secret will be written. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: deleteAllVersions: - description: true/false. Only applicable for kv-v2 stores. If - set to true, permanently deletes all versions for the specified - key. The default behavior is to only delete the latest version - of the secret. Only applicable for kv-v2 stores. If set, permanently - deletes all versions for the specified key. + description: |- + true/false. Only applicable for kv-v2 stores. + If set to true, permanently deletes all versions for + the specified key. The default behavior is to only delete the latest version of the + secret. + Only applicable for kv-v2 stores. If set, permanently deletes all versions for the specified key. type: boolean disableRead: - description: true/false. Set this to true if your vault authentication - is not able to read the data. Setting this to true will break - drift detection. Defaults to false. Don't attempt to read the - token from Vault if true; drift won't be detected. + description: |- + true/false. Set this to true if your vault + authentication is not able to read the data. Setting this to true will + break drift detection. Defaults to false. + Don't attempt to read the token from Vault if true; drift won't be detected. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The full logical path at which to write the given - data. To write data into the "generic" secret backend mounted - in Vault by default, this should be prefixed with secret/. Writing - to other backends with this resource is possible; consult each - backend's documentation to see which endpoints support the PUT - and DELETE methods. Full path where the generic secret will - be written. + description: |- + The full logical path at which to write the given data. + To write data into the "generic" secret backend mounted in Vault by default, + this should be prefixed with secret/. Writing to other backends with this + resource is possible; consult each backend's documentation to see which + endpoints support the PUT and DELETE methods. + Full path where the generic secret will be written. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -188,9 +203,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -200,57 +216,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -260,17 +240,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -280,21 +262,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -309,21 +291,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -334,14 +317,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -370,35 +354,38 @@ spec: atProvider: properties: deleteAllVersions: - description: true/false. Only applicable for kv-v2 stores. If - set to true, permanently deletes all versions for the specified - key. The default behavior is to only delete the latest version - of the secret. Only applicable for kv-v2 stores. If set, permanently - deletes all versions for the specified key. + description: |- + true/false. Only applicable for kv-v2 stores. + If set to true, permanently deletes all versions for + the specified key. The default behavior is to only delete the latest version of the + secret. + Only applicable for kv-v2 stores. If set, permanently deletes all versions for the specified key. type: boolean disableRead: - description: true/false. Set this to true if your vault authentication - is not able to read the data. Setting this to true will break - drift detection. Defaults to false. Don't attempt to read the - token from Vault if true; drift won't be detected. + description: |- + true/false. Set this to true if your vault + authentication is not able to read the data. Setting this to true will + break drift detection. Defaults to false. + Don't attempt to read the token from Vault if true; drift won't be detected. type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The full logical path at which to write the given - data. To write data into the "generic" secret backend mounted - in Vault by default, this should be prefixed with secret/. Writing - to other backends with this resource is possible; consult each - backend's documentation to see which endpoints support the PUT - and DELETE methods. Full path where the generic secret will - be written. + description: |- + The full logical path at which to write the given data. + To write data into the "generic" secret backend mounted in Vault by default, + this should be prefixed with secret/. Writing to other backends with this + resource is possible; consult each backend's documentation to see which + endpoints support the PUT and DELETE methods. + Full path where the generic secret will be written. type: string type: object conditions: @@ -407,13 +394,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -424,8 +413,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -434,6 +424,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/github.vault.upbound.io_authbackends.yaml b/package/crds/github.vault.upbound.io_authbackends.yaml index 40a856b0..91e67093 100644 --- a/package/crds/github.vault.upbound.io_authbackends.yaml +++ b/package/crds/github.vault.upbound.io_authbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackends.github.vault.upbound.io spec: group: github.vault.upbound.io @@ -38,14 +38,19 @@ spec: Auth mounts in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,101 +74,113 @@ spec: forProvider: properties: baseUrl: - description: The API endpoint to use. Useful if you are running - GitHub Enterprise or an API-compatible authentication server. - The API endpoint to use. Useful if you are running GitHub Enterprise - or an API-compatible authentication server. + description: |- + The API endpoint to use. Useful if you + are running GitHub Enterprise or an API-compatible authentication server. + The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server. type: string description: - description: Specifies the description of the mount. This overrides - the current stored value, if any. Specifies the description - of the mount. This overrides the current stored value, if any. + description: |- + Specifies the description of the mount. + This overrides the current stored value, if any. + Specifies the description of the mount. This overrides the current stored value, if any. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization configured users must be part of. + description: |- + The organization configured users must be part of. The organization users must be part of. type: string organizationId: - description: The ID of the organization users must be part of. - Vault will attempt to fetch and set this value if it is not - provided. (Vault 1.10+) The ID of the organization users must - be part of. Vault will attempt to fetch and set this value if - it is not provided (vault-1.10+) + description: |- + The ID of the organization users must be part of. + Vault will attempt to fetch and set this value if it is not provided. (Vault 1.10+) + The ID of the organization users must be part of. Vault will attempt to fetch and set this value if it is not provided (vault-1.10+) type: number path: - description: Path where the auth backend is mounted. Defaults - to auth/github if not specified. Path where the auth backend - is mounted + description: |- + Path where the auth backend is mounted. Defaults to auth/github + if not specified. + Path where the auth backend is mounted type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string tune: description: Extra configuration block. Structure is documented @@ -170,161 +188,180 @@ spec: items: properties: allowedResponseHeaders: - description: List of headers to whitelist and allowing a - plugin to include them in the response. + description: |- + List of headers to whitelist and allowing + a plugin to include them in the response. items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the request data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the response data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtl: - description: Specifies the default time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the default time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string listingVisibility: - description: Specifies whether to show this mount in the - UI-specific listing endpoint. Valid values are "unauth" - or "hidden". + description: |- + Specifies whether to show this mount in + the UI-specific listing endpoint. Valid values are "unauth" or "hidden". type: string maxLeaseTtl: - description: Specifies the maximum time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the maximum time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string passthroughRequestHeaders: - description: List of headers to whitelist and pass from - the request to the backend. + description: |- + List of headers to whitelist and + pass from the request to the backend. items: type: string type: array tokenType: - description: Specifies the type of tokens that should be - returned by the mount. Valid values are "default-service", - "default-batch", "service", "batch". + description: |- + Specifies the type of tokens that should be returned by + the mount. Valid values are "default-service", "default-batch", "service", "batch". type: string type: object type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: baseUrl: - description: The API endpoint to use. Useful if you are running - GitHub Enterprise or an API-compatible authentication server. - The API endpoint to use. Useful if you are running GitHub Enterprise - or an API-compatible authentication server. + description: |- + The API endpoint to use. Useful if you + are running GitHub Enterprise or an API-compatible authentication server. + The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server. type: string description: - description: Specifies the description of the mount. This overrides - the current stored value, if any. Specifies the description - of the mount. This overrides the current stored value, if any. + description: |- + Specifies the description of the mount. + This overrides the current stored value, if any. + Specifies the description of the mount. This overrides the current stored value, if any. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization configured users must be part of. + description: |- + The organization configured users must be part of. The organization users must be part of. type: string organizationId: - description: The ID of the organization users must be part of. - Vault will attempt to fetch and set this value if it is not - provided. (Vault 1.10+) The ID of the organization users must - be part of. Vault will attempt to fetch and set this value if - it is not provided (vault-1.10+) + description: |- + The ID of the organization users must be part of. + Vault will attempt to fetch and set this value if it is not provided. (Vault 1.10+) + The ID of the organization users must be part of. Vault will attempt to fetch and set this value if it is not provided (vault-1.10+) type: number path: - description: Path where the auth backend is mounted. Defaults - to auth/github if not specified. Path where the auth backend - is mounted + description: |- + Path where the auth backend is mounted. Defaults to auth/github + if not specified. + Path where the auth backend is mounted type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string tune: description: Extra configuration block. Structure is documented @@ -332,48 +369,54 @@ spec: items: properties: allowedResponseHeaders: - description: List of headers to whitelist and allowing a - plugin to include them in the response. + description: |- + List of headers to whitelist and allowing + a plugin to include them in the response. items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the request data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the response data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtl: - description: Specifies the default time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the default time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string listingVisibility: - description: Specifies whether to show this mount in the - UI-specific listing endpoint. Valid values are "unauth" - or "hidden". + description: |- + Specifies whether to show this mount in + the UI-specific listing endpoint. Valid values are "unauth" or "hidden". type: string maxLeaseTtl: - description: Specifies the maximum time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the maximum time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string passthroughRequestHeaders: - description: List of headers to whitelist and pass from - the request to the backend. + description: |- + List of headers to whitelist and + pass from the request to the backend. items: type: string type: array tokenType: - description: Specifies the type of tokens that should be - returned by the mount. Valid values are "default-service", - "default-batch", "service", "batch". + description: |- + Specifies the type of tokens that should be returned by + the mount. Valid values are "default-service", "default-batch", "service", "batch". type: string type: object type: array @@ -381,20 +424,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -407,9 +451,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -419,57 +464,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -479,17 +488,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -499,21 +510,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -528,21 +539,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -553,14 +565,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -586,108 +599,120 @@ spec: atProvider: properties: accessor: - description: The mount accessor related to the auth mount. It - is useful for integration with Identity Secrets Engine. The - mount accessor related to the auth mount. + description: |- + The mount accessor related to the auth mount. It is useful for integration with Identity Secrets Engine. + The mount accessor related to the auth mount. type: string baseUrl: - description: The API endpoint to use. Useful if you are running - GitHub Enterprise or an API-compatible authentication server. - The API endpoint to use. Useful if you are running GitHub Enterprise - or an API-compatible authentication server. + description: |- + The API endpoint to use. Useful if you + are running GitHub Enterprise or an API-compatible authentication server. + The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server. type: string description: - description: Specifies the description of the mount. This overrides - the current stored value, if any. Specifies the description - of the mount. This overrides the current stored value, if any. + description: |- + Specifies the description of the mount. + This overrides the current stored value, if any. + Specifies the description of the mount. This overrides the current stored value, if any. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization configured users must be part of. + description: |- + The organization configured users must be part of. The organization users must be part of. type: string organizationId: - description: The ID of the organization users must be part of. - Vault will attempt to fetch and set this value if it is not - provided. (Vault 1.10+) The ID of the organization users must - be part of. Vault will attempt to fetch and set this value if - it is not provided (vault-1.10+) + description: |- + The ID of the organization users must be part of. + Vault will attempt to fetch and set this value if it is not provided. (Vault 1.10+) + The ID of the organization users must be part of. Vault will attempt to fetch and set this value if it is not provided (vault-1.10+) type: number path: - description: Path where the auth backend is mounted. Defaults - to auth/github if not specified. Path where the auth backend - is mounted + description: |- + Path where the auth backend is mounted. Defaults to auth/github + if not specified. + Path where the auth backend is mounted type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string tune: description: Extra configuration block. Structure is documented @@ -695,48 +720,54 @@ spec: items: properties: allowedResponseHeaders: - description: List of headers to whitelist and allowing a - plugin to include them in the response. + description: |- + List of headers to whitelist and allowing + a plugin to include them in the response. items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the request data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the response data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtl: - description: Specifies the default time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the default time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string listingVisibility: - description: Specifies whether to show this mount in the - UI-specific listing endpoint. Valid values are "unauth" - or "hidden". + description: |- + Specifies whether to show this mount in + the UI-specific listing endpoint. Valid values are "unauth" or "hidden". type: string maxLeaseTtl: - description: Specifies the maximum time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the maximum time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string passthroughRequestHeaders: - description: List of headers to whitelist and pass from - the request to the backend. + description: |- + List of headers to whitelist and + pass from the request to the backend. items: type: string type: array tokenType: - description: Specifies the type of tokens that should be - returned by the mount. Valid values are "default-service", - "default-batch", "service", "batch". + description: |- + Specifies the type of tokens that should be returned by + the mount. Valid values are "default-service", "default-batch", "service", "batch". type: string type: object type: array @@ -747,13 +778,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -764,8 +797,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -774,6 +808,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/github.vault.upbound.io_teams.yaml b/package/crds/github.vault.upbound.io_teams.yaml index eeda5d22..1a725471 100644 --- a/package/crds/github.vault.upbound.io_teams.yaml +++ b/package/crds/github.vault.upbound.io_teams.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: teams.github.vault.upbound.io spec: group: github.vault.upbound.io @@ -38,14 +38,19 @@ spec: Github Auth backend mounts in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,21 +74,24 @@ spec: forProvider: properties: backend: - description: Path where the github auth backend is mounted. Defaults - to github if not specified. Auth backend to which team mapping - will be configured. + description: |- + Path where the github auth backend is mounted. Defaults to github + if not specified. + Auth backend to which team mapping will be configured. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: An array of strings specifying the policies to be - set on tokens issued using this role. Policies to be assigned - to this team. + description: |- + An array of strings specifying the policies to be set on tokens + issued using this role. + Policies to be assigned to this team. items: type: string type: array @@ -91,34 +100,38 @@ spec: type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: Path where the github auth backend is mounted. Defaults - to github if not specified. Auth backend to which team mapping - will be configured. + description: |- + Path where the github auth backend is mounted. Defaults to github + if not specified. + Auth backend to which team mapping will be configured. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: An array of strings specifying the policies to be - set on tokens issued using this role. Policies to be assigned - to this team. + description: |- + An array of strings specifying the policies to be set on tokens + issued using this role. + Policies to be assigned to this team. items: type: string type: array @@ -129,20 +142,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -155,9 +169,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -167,57 +182,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -227,17 +206,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -247,21 +228,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -276,21 +257,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -301,14 +283,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -334,23 +317,26 @@ spec: atProvider: properties: backend: - description: Path where the github auth backend is mounted. Defaults - to github if not specified. Auth backend to which team mapping - will be configured. + description: |- + Path where the github auth backend is mounted. Defaults to github + if not specified. + Auth backend to which team mapping will be configured. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: An array of strings specifying the policies to be - set on tokens issued using this role. Policies to be assigned - to this team. + description: |- + An array of strings specifying the policies to be set on tokens + issued using this role. + Policies to be assigned to this team. items: type: string type: array @@ -364,13 +350,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -381,8 +369,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -391,6 +380,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/github.vault.upbound.io_users.yaml b/package/crds/github.vault.upbound.io_users.yaml index 4a23ae95..1608ce08 100644 --- a/package/crds/github.vault.upbound.io_users.yaml +++ b/package/crds/github.vault.upbound.io_users.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: users.github.vault.upbound.io spec: group: github.vault.upbound.io @@ -38,14 +38,19 @@ spec: Github Auth backend mounts in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,81 +74,93 @@ spec: forProvider: properties: backend: - description: Path where the github auth backend is mounted. Defaults - to github if not specified. Auth backend to which user mapping - will be congigured. + description: |- + Path where the github auth backend is mounted. Defaults to github + if not specified. + Auth backend to which user mapping will be congigured. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: An array of strings specifying the policies to be - set on tokens issued using this role. Policies to be assigned - to this user. + description: |- + An array of strings specifying the policies to be set on tokens issued + using this role. + Policies to be assigned to this user. items: type: string type: array user: - description: GitHub user name. GitHub user name. + description: |- + GitHub user name. + GitHub user name. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: Path where the github auth backend is mounted. Defaults - to github if not specified. Auth backend to which user mapping - will be congigured. + description: |- + Path where the github auth backend is mounted. Defaults to github + if not specified. + Auth backend to which user mapping will be congigured. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: An array of strings specifying the policies to be - set on tokens issued using this role. Policies to be assigned - to this user. + description: |- + An array of strings specifying the policies to be set on tokens issued + using this role. + Policies to be assigned to this user. items: type: string type: array user: - description: GitHub user name. GitHub user name. + description: |- + GitHub user name. + GitHub user name. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -155,9 +173,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -167,57 +186,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -227,17 +210,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -247,21 +232,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -276,21 +261,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -301,14 +287,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -334,28 +321,33 @@ spec: atProvider: properties: backend: - description: Path where the github auth backend is mounted. Defaults - to github if not specified. Auth backend to which user mapping - will be congigured. + description: |- + Path where the github auth backend is mounted. Defaults to github + if not specified. + Auth backend to which user mapping will be congigured. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: An array of strings specifying the policies to be - set on tokens issued using this role. Policies to be assigned - to this user. + description: |- + An array of strings specifying the policies to be set on tokens issued + using this role. + Policies to be assigned to this user. items: type: string type: array user: - description: GitHub user name. GitHub user name. + description: |- + GitHub user name. + GitHub user name. type: string type: object conditions: @@ -364,13 +356,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -381,8 +375,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -391,6 +386,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_entities.yaml b/package/crds/identity.vault.upbound.io_entities.yaml index 24107a80..af0f651c 100644 --- a/package/crds/identity.vault.upbound.io_entities.yaml +++ b/package/crds/identity.vault.upbound.io_entities.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: entities.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: Entity for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,86 +74,91 @@ spec: forProvider: properties: disabled: - description: True/false Is this entity currently disabled. Defaults - to false Whether the entity is disabled. Disabled entities' - associated tokens cannot be used, but are not revoked. + description: |- + True/false Is this entity currently disabled. Defaults to false + Whether the entity is disabled. Disabled entities' associated tokens cannot be used, but are not revoked. type: boolean externalPolicies: - description: false by default. If set to true, this resource will - ignore any policies return from Vault or specified in the resource. - You can use vault_identity_entity_policies to manage policies - for this entity in a decoupled manner. Manage policies externally - through `vault_identity_entity_policies`. + description: |- + false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use vault_identity_entity_policies to manage policies for this entity in a decoupled manner. + Manage policies externally through `vault_identity_entity_policies`. type: boolean metadata: additionalProperties: type: string - description: A Map of additional metadata to associate with the - user. Metadata to be associated with the entity. + description: |- + A Map of additional metadata to associate with the user. + Metadata to be associated with the entity. type: object name: - description: Name of the identity entity to create. Name of the - entity. + description: |- + Name of the identity entity to create. + Name of the entity. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: A list of policies to apply to the entity. Policies - to be tied to the entity. + description: |- + A list of policies to apply to the entity. + Policies to be tied to the entity. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: disabled: - description: True/false Is this entity currently disabled. Defaults - to false Whether the entity is disabled. Disabled entities' - associated tokens cannot be used, but are not revoked. + description: |- + True/false Is this entity currently disabled. Defaults to false + Whether the entity is disabled. Disabled entities' associated tokens cannot be used, but are not revoked. type: boolean externalPolicies: - description: false by default. If set to true, this resource will - ignore any policies return from Vault or specified in the resource. - You can use vault_identity_entity_policies to manage policies - for this entity in a decoupled manner. Manage policies externally - through `vault_identity_entity_policies`. + description: |- + false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use vault_identity_entity_policies to manage policies for this entity in a decoupled manner. + Manage policies externally through `vault_identity_entity_policies`. type: boolean metadata: additionalProperties: type: string - description: A Map of additional metadata to associate with the - user. Metadata to be associated with the entity. + description: |- + A Map of additional metadata to associate with the user. + Metadata to be associated with the entity. type: object name: - description: Name of the identity entity to create. Name of the - entity. + description: |- + Name of the identity entity to create. + Name of the entity. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: A list of policies to apply to the entity. Policies - to be tied to the entity. + description: |- + A list of policies to apply to the entity. + Policies to be tied to the entity. items: type: string type: array @@ -155,20 +166,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -181,9 +193,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -193,57 +206,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -253,17 +230,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -273,21 +252,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -302,21 +281,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -327,14 +307,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -355,16 +336,14 @@ spec: atProvider: properties: disabled: - description: True/false Is this entity currently disabled. Defaults - to false Whether the entity is disabled. Disabled entities' - associated tokens cannot be used, but are not revoked. + description: |- + True/false Is this entity currently disabled. Defaults to false + Whether the entity is disabled. Disabled entities' associated tokens cannot be used, but are not revoked. type: boolean externalPolicies: - description: false by default. If set to true, this resource will - ignore any policies return from Vault or specified in the resource. - You can use vault_identity_entity_policies to manage policies - for this entity in a decoupled manner. Manage policies externally - through `vault_identity_entity_policies`. + description: |- + false by default. If set to true, this resource will ignore any policies return from Vault or specified in the resource. You can use vault_identity_entity_policies to manage policies for this entity in a decoupled manner. + Manage policies externally through `vault_identity_entity_policies`. type: boolean id: description: The id of the created entity. @@ -372,23 +351,27 @@ spec: metadata: additionalProperties: type: string - description: A Map of additional metadata to associate with the - user. Metadata to be associated with the entity. + description: |- + A Map of additional metadata to associate with the user. + Metadata to be associated with the entity. type: object name: - description: Name of the identity entity to create. Name of the - entity. + description: |- + Name of the identity entity to create. + Name of the entity. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: A list of policies to apply to the entity. Policies - to be tied to the entity. + description: |- + A list of policies to apply to the entity. + Policies to be tied to the entity. items: type: string type: array @@ -399,13 +382,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -416,8 +401,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -426,6 +412,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_entityaliases.yaml b/package/crds/identity.vault.upbound.io_entityaliases.yaml index 480a4683..294419b2 100644 --- a/package/crds/identity.vault.upbound.io_entityaliases.yaml +++ b/package/crds/identity.vault.upbound.io_entityaliases.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: entityaliases.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: Identity Entity Alias for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,8 +74,9 @@ spec: forProvider: properties: canonicalId: - description: Entity ID to which this alias belongs to. ID of the - entity to which this is an alias. + description: |- + Entity ID to which this alias belongs to. + ID of the entity to which this is an alias. type: string customMetadata: additionalProperties: @@ -77,42 +84,42 @@ spec: description: Custom metadata to be associated with this alias. type: object mountAccessor: - description: Accessor of the mount to which the alias should belong - to. Mount accessor to which this alias belongs toMount accessor - to which this alias belongs to. + description: |- + Accessor of the mount to which the alias should belong to. + Mount accessor to which this alias belongs toMount accessor to which this alias belongs to. type: string name: - description: Name of the alias. Name should be the identifier - of the client in the authentication source. For example, if - the alias belongs to userpass backend, the name should be a - valid username within userpass backend. If alias belongs to - GitHub, it should be the GitHub username. Name of the entity - alias. + description: |- + Name of the alias. Name should be the identifier of the client in the authentication source. For example, if the alias belongs to userpass backend, the name should be a valid username within userpass backend. If alias belongs to GitHub, it should be the GitHub username. + Name of the entity alias. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: canonicalId: - description: Entity ID to which this alias belongs to. ID of the - entity to which this is an alias. + description: |- + Entity ID to which this alias belongs to. + ID of the entity to which this is an alias. type: string customMetadata: additionalProperties: @@ -120,43 +127,42 @@ spec: description: Custom metadata to be associated with this alias. type: object mountAccessor: - description: Accessor of the mount to which the alias should belong - to. Mount accessor to which this alias belongs toMount accessor - to which this alias belongs to. + description: |- + Accessor of the mount to which the alias should belong to. + Mount accessor to which this alias belongs toMount accessor to which this alias belongs to. type: string name: - description: Name of the alias. Name should be the identifier - of the client in the authentication source. For example, if - the alias belongs to userpass backend, the name should be a - valid username within userpass backend. If alias belongs to - GitHub, it should be the GitHub username. Name of the entity - alias. + description: |- + Name of the alias. Name should be the identifier of the client in the authentication source. For example, if the alias belongs to userpass backend, the name should be a valid username within userpass backend. If alias belongs to GitHub, it should be the GitHub username. + Name of the entity alias. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -169,9 +175,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -181,57 +188,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -241,17 +212,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -261,21 +234,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -290,21 +263,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -315,14 +289,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -356,8 +331,9 @@ spec: atProvider: properties: canonicalId: - description: Entity ID to which this alias belongs to. ID of the - entity to which this is an alias. + description: |- + Entity ID to which this alias belongs to. + ID of the entity to which this is an alias. type: string customMetadata: additionalProperties: @@ -368,24 +344,22 @@ spec: description: ID of the entity alias. type: string mountAccessor: - description: Accessor of the mount to which the alias should belong - to. Mount accessor to which this alias belongs toMount accessor - to which this alias belongs to. + description: |- + Accessor of the mount to which the alias should belong to. + Mount accessor to which this alias belongs toMount accessor to which this alias belongs to. type: string name: - description: Name of the alias. Name should be the identifier - of the client in the authentication source. For example, if - the alias belongs to userpass backend, the name should be a - valid username within userpass backend. If alias belongs to - GitHub, it should be the GitHub username. Name of the entity - alias. + description: |- + Name of the alias. Name should be the identifier of the client in the authentication source. For example, if the alias belongs to userpass backend, the name should be a valid username within userpass backend. If alias belongs to GitHub, it should be the GitHub username. + Name of the entity alias. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -394,13 +368,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -411,8 +387,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -421,6 +398,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_entitypolicies.yaml b/package/crds/identity.vault.upbound.io_entitypolicies.yaml index d13ba640..848e6af0 100644 --- a/package/crds/identity.vault.upbound.io_entitypolicies.yaml +++ b/package/crds/identity.vault.upbound.io_entitypolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: entitypolicies.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: policies for an Identity Entity for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,56 +74,67 @@ spec: forProvider: properties: entityId: - description: Entity ID to assign policies to. ID of the entity. + description: |- + Entity ID to assign policies to. + ID of the entity. type: string exclusive: - description: Defaults to true. Should the resource manage policies - exclusively + description: |- + Defaults to true. + Should the resource manage policies exclusively type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies to assign to the entity Policies - to be tied to the entity. + description: |- + List of policies to assign to the entity + Policies to be tied to the entity. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: entityId: - description: Entity ID to assign policies to. ID of the entity. + description: |- + Entity ID to assign policies to. + ID of the entity. type: string exclusive: - description: Defaults to true. Should the resource manage policies - exclusively + description: |- + Defaults to true. + Should the resource manage policies exclusively type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies to assign to the entity Policies - to be tied to the entity. + description: |- + List of policies to assign to the entity + Policies to be tied to the entity. items: type: string type: array @@ -125,20 +142,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -151,9 +169,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -163,57 +182,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -223,17 +206,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -243,21 +228,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -272,21 +257,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -297,14 +283,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -334,28 +321,34 @@ spec: atProvider: properties: entityId: - description: Entity ID to assign policies to. ID of the entity. + description: |- + Entity ID to assign policies to. + ID of the entity. type: string entityName: - description: The name of the entity that are assigned the policies. + description: |- + The name of the entity that are assigned the policies. Name of the entity. type: string exclusive: - description: Defaults to true. Should the resource manage policies - exclusively + description: |- + Defaults to true. + Should the resource manage policies exclusively type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies to assign to the entity Policies - to be tied to the entity. + description: |- + List of policies to assign to the entity + Policies to be tied to the entity. items: type: string type: array @@ -366,13 +359,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -383,8 +378,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -393,6 +389,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_groupaliases.yaml b/package/crds/identity.vault.upbound.io_groupaliases.yaml index 30b9c83e..3fc7b3b4 100644 --- a/package/crds/identity.vault.upbound.io_groupaliases.yaml +++ b/package/crds/identity.vault.upbound.io_groupaliases.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: groupaliases.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: Identity Group Alias for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,77 +74,85 @@ spec: forProvider: properties: canonicalId: - description: ID of the group to which this is an alias. ID of - the group to which this is an alias. + description: |- + ID of the group to which this is an alias. + ID of the group to which this is an alias. type: string mountAccessor: - description: Mount accessor of the authentication backend to which - this alias belongs to. Mount accessor to which this alias belongs - to. + description: |- + Mount accessor of the authentication backend to which this alias belongs to. + Mount accessor to which this alias belongs to. type: string name: - description: Name of the group alias to create. Name of the group - alias. + description: |- + Name of the group alias to create. + Name of the group alias. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: canonicalId: - description: ID of the group to which this is an alias. ID of - the group to which this is an alias. + description: |- + ID of the group to which this is an alias. + ID of the group to which this is an alias. type: string mountAccessor: - description: Mount accessor of the authentication backend to which - this alias belongs to. Mount accessor to which this alias belongs - to. + description: |- + Mount accessor of the authentication backend to which this alias belongs to. + Mount accessor to which this alias belongs to. type: string name: - description: Name of the group alias to create. Name of the group - alias. + description: |- + Name of the group alias to create. + Name of the group alias. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -151,9 +165,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -163,57 +178,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -223,17 +202,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -243,21 +224,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -272,21 +253,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -297,14 +279,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -338,27 +321,30 @@ spec: atProvider: properties: canonicalId: - description: ID of the group to which this is an alias. ID of - the group to which this is an alias. + description: |- + ID of the group to which this is an alias. + ID of the group to which this is an alias. type: string id: description: The id of the created group alias. type: string mountAccessor: - description: Mount accessor of the authentication backend to which - this alias belongs to. Mount accessor to which this alias belongs - to. + description: |- + Mount accessor of the authentication backend to which this alias belongs to. + Mount accessor to which this alias belongs to. type: string name: - description: Name of the group alias to create. Name of the group - alias. + description: |- + Name of the group alias to create. + Name of the group alias. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -367,13 +353,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -384,8 +372,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -394,6 +383,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_groupmemberentityidsidses.yaml b/package/crds/identity.vault.upbound.io_groupmemberentityidsidses.yaml index 7803181e..c39776d3 100644 --- a/package/crds/identity.vault.upbound.io_groupmemberentityidsidses.yaml +++ b/package/crds/identity.vault.upbound.io_groupmemberentityidsidses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: groupmemberentityidsidses.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Manages member entities for an Identity Group for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,81 +74,91 @@ spec: forProvider: properties: exclusive: - description: Defaults to true. If set to true, allows the resource - to manage member entity ids exclusively. Beware of race conditions - when disabling exclusive management + description: |- + Defaults to true. + If set to true, allows the resource to manage member entity ids + exclusively. Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign member entities to. ID of the - group. + description: |- + Group ID to assign member entities to. + ID of the group. type: string memberEntityIds: - description: List of member entities that belong to the group + description: |- + List of member entities that belong to the group Entity IDs to be assigned as group members. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: exclusive: - description: Defaults to true. If set to true, allows the resource - to manage member entity ids exclusively. Beware of race conditions - when disabling exclusive management + description: |- + Defaults to true. + If set to true, allows the resource to manage member entity ids + exclusively. Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign member entities to. ID of the - group. + description: |- + Group ID to assign member entities to. + ID of the group. type: string memberEntityIds: - description: List of member entities that belong to the group + description: |- + List of member entities that belong to the group Entity IDs to be assigned as group members. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -155,9 +171,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -167,57 +184,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -227,17 +208,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -247,21 +230,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -276,21 +259,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -301,14 +285,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -335,34 +320,39 @@ spec: atProvider: properties: exclusive: - description: Defaults to true. If set to true, allows the resource - to manage member entity ids exclusively. Beware of race conditions - when disabling exclusive management + description: |- + Defaults to true. + If set to true, allows the resource to manage member entity ids + exclusively. Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign member entities to. ID of the - group. + description: |- + Group ID to assign member entities to. + ID of the group. type: string groupName: - description: 'The name of the group that are assigned the member - entities. Deprecated: The value for group_name may not always - be accurate use data.vault_identity_group.*.group_name, or vault_identity_group.*.group_name - instead. Name of the group.' + description: |- + The name of the group that are assigned the member entities. + Deprecated: The value for group_name may not always be accurate + use data.vault_identity_group.*.group_name, or vault_identity_group.*.group_name instead. + Name of the group. type: string id: type: string memberEntityIds: - description: List of member entities that belong to the group + description: |- + List of member entities that belong to the group Entity IDs to be assigned as group members. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -371,13 +361,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -388,8 +380,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -398,6 +391,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_groupmembergroupidsidses.yaml b/package/crds/identity.vault.upbound.io_groupmembergroupidsidses.yaml index 2569d0c9..82cf7da3 100644 --- a/package/crds/identity.vault.upbound.io_groupmembergroupidsidses.yaml +++ b/package/crds/identity.vault.upbound.io_groupmembergroupidsidses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: groupmembergroupidsidses.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Manages member groups for an Identity Group for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,81 +74,91 @@ spec: forProvider: properties: exclusive: - description: Defaults to true. If set to true, allows the resource - to manage member group ids exclusively. Beware of race conditions - when disabling exclusive management + description: |- + Defaults to true. + If set to true, allows the resource to manage member group ids + exclusively. Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign member entities to. ID of the - group. + description: |- + Group ID to assign member entities to. + ID of the group. type: string memberGroupIds: - description: List of member groups that belong to the group Group - IDs to be assigned as group members. + description: |- + List of member groups that belong to the group + Group IDs to be assigned as group members. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: exclusive: - description: Defaults to true. If set to true, allows the resource - to manage member group ids exclusively. Beware of race conditions - when disabling exclusive management + description: |- + Defaults to true. + If set to true, allows the resource to manage member group ids + exclusively. Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign member entities to. ID of the - group. + description: |- + Group ID to assign member entities to. + ID of the group. type: string memberGroupIds: - description: List of member groups that belong to the group Group - IDs to be assigned as group members. + description: |- + List of member groups that belong to the group + Group IDs to be assigned as group members. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -155,9 +171,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -167,57 +184,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -227,17 +208,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -247,21 +230,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -276,21 +259,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -301,14 +285,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -334,28 +319,32 @@ spec: atProvider: properties: exclusive: - description: Defaults to true. If set to true, allows the resource - to manage member group ids exclusively. Beware of race conditions - when disabling exclusive management + description: |- + Defaults to true. + If set to true, allows the resource to manage member group ids + exclusively. Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign member entities to. ID of the - group. + description: |- + Group ID to assign member entities to. + ID of the group. type: string id: type: string memberGroupIds: - description: List of member groups that belong to the group Group - IDs to be assigned as group members. + description: |- + List of member groups that belong to the group + Group IDs to be assigned as group members. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -364,13 +353,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -381,8 +372,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -391,6 +383,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_grouppolicies.yaml b/package/crds/identity.vault.upbound.io_grouppolicies.yaml index 2acd148d..2cc3d9a2 100644 --- a/package/crds/identity.vault.upbound.io_grouppolicies.yaml +++ b/package/crds/identity.vault.upbound.io_grouppolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: grouppolicies.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: policies for an Identity Group for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,58 +74,67 @@ spec: forProvider: properties: exclusive: - description: Defaults to true. Should the resource manage policies - exclusively? Beware of race conditions when disabling exclusive - management + description: |- + Defaults to true. + Should the resource manage policies exclusively? Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign policies to. ID of the group. + description: |- + Group ID to assign policies to. + ID of the group. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies to assign to the group Policies - to be tied to the group. + description: |- + List of policies to assign to the group + Policies to be tied to the group. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: exclusive: - description: Defaults to true. Should the resource manage policies - exclusively? Beware of race conditions when disabling exclusive - management + description: |- + Defaults to true. + Should the resource manage policies exclusively? Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign policies to. ID of the group. + description: |- + Group ID to assign policies to. + ID of the group. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies to assign to the group Policies - to be tied to the group. + description: |- + List of policies to assign to the group + Policies to be tied to the group. items: type: string type: array @@ -127,20 +142,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -153,9 +169,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -165,57 +182,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -225,17 +206,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -245,21 +228,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -274,21 +257,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -299,14 +283,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -336,29 +321,34 @@ spec: atProvider: properties: exclusive: - description: Defaults to true. Should the resource manage policies - exclusively? Beware of race conditions when disabling exclusive - management + description: |- + Defaults to true. + Should the resource manage policies exclusively? Beware of race conditions when disabling exclusive management type: boolean groupId: - description: Group ID to assign policies to. ID of the group. + description: |- + Group ID to assign policies to. + ID of the group. type: string groupName: - description: The name of the group that are assigned the policies. + description: |- + The name of the group that are assigned the policies. Name of the group. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies to assign to the group Policies - to be tied to the group. + description: |- + List of policies to assign to the group + Policies to be tied to the group. items: type: string type: array @@ -369,13 +359,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -386,8 +378,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -396,6 +389,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_groups.yaml b/package/crds/identity.vault.upbound.io_groups.yaml index f5a1aec7..60a54cc4 100644 --- a/package/crds/identity.vault.upbound.io_groups.yaml +++ b/package/crds/identity.vault.upbound.io_groups.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: groups.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,165 +74,177 @@ spec: forProvider: properties: externalMemberEntityIds: - description: false by default. If set to true, this resource will - ignore any Entity IDs returned from Vault or specified in the - resource. You can use vault_identity_group_member_entity_ids - to manage Entity IDs for this group in a decoupled manner. Manage - member entities externally through `vault_identity_group_member_entity_ids` + description: |- + false by default. If set to true, this resource will ignore any Entity IDs + returned from Vault or specified in the resource. You can use + vault_identity_group_member_entity_ids to manage Entity IDs for this group in a + decoupled manner. + Manage member entities externally through `vault_identity_group_member_entity_ids` type: boolean externalMemberGroupIds: - description: false by default. If set to true, this resource will - ignore any Group IDs returned from Vault or specified in the - resource. You can use vault_identity_group_member_group_ids - to manage Group IDs for this group in a decoupled manner. Manage - member groups externally through `vault_identity_group_member_group_ids` + description: |- + false by default. If set to true, this resource will ignore any Group IDs + returned from Vault or specified in the resource. You can use + vault_identity_group_member_group_ids to manage Group IDs for this group in a + decoupled manner. + Manage member groups externally through `vault_identity_group_member_group_ids` type: boolean externalPolicies: - description: false by default. If set to true, this resource will - ignore any policies returned from Vault or specified in the - resource. You can use vault_identity_group_policies to manage - policies for this group in a decoupled manner. Manage policies - externally through `vault_identity_group_policies`, allows using - group ID in assigned policies. + description: |- + false by default. If set to true, this resource will ignore any policies returned from + Vault or specified in the resource. You can use vault_identity_group_policies to manage + policies for this group in a decoupled manner. + Manage policies externally through `vault_identity_group_policies`, allows using group ID in assigned policies. type: boolean memberEntityIds: - description: A list of Entity IDs to be assigned as group members. - Not allowed on external groups. Entity IDs to be assigned as - group members. + description: |- + A list of Entity IDs to be assigned as group members. Not allowed on external groups. + Entity IDs to be assigned as group members. items: type: string type: array memberGroupIds: - description: A list of Group IDs to be assigned as group members. - Not allowed on external groups. Group IDs to be assigned as - group members. + description: |- + A list of Group IDs to be assigned as group members. Not allowed on external groups. + Group IDs to be assigned as group members. items: type: string type: array metadata: additionalProperties: type: string - description: A Map of additional metadata to associate with the - group. Metadata to be associated with the group. + description: |- + A Map of additional metadata to associate with the group. + Metadata to be associated with the group. type: object name: - description: Name of the identity group to create. Name of the - group. + description: |- + Name of the identity group to create. + Name of the group. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: A list of policies to apply to the group. Policies - to be tied to the group. + description: |- + A list of policies to apply to the group. + Policies to be tied to the group. items: type: string type: array type: - description: Type of the group, internal or external. Defaults - to internal. Type of the group, internal or external. Defaults - to internal. + description: |- + Type of the group, internal or external. Defaults to internal. + Type of the group, internal or external. Defaults to internal. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: externalMemberEntityIds: - description: false by default. If set to true, this resource will - ignore any Entity IDs returned from Vault or specified in the - resource. You can use vault_identity_group_member_entity_ids - to manage Entity IDs for this group in a decoupled manner. Manage - member entities externally through `vault_identity_group_member_entity_ids` + description: |- + false by default. If set to true, this resource will ignore any Entity IDs + returned from Vault or specified in the resource. You can use + vault_identity_group_member_entity_ids to manage Entity IDs for this group in a + decoupled manner. + Manage member entities externally through `vault_identity_group_member_entity_ids` type: boolean externalMemberGroupIds: - description: false by default. If set to true, this resource will - ignore any Group IDs returned from Vault or specified in the - resource. You can use vault_identity_group_member_group_ids - to manage Group IDs for this group in a decoupled manner. Manage - member groups externally through `vault_identity_group_member_group_ids` + description: |- + false by default. If set to true, this resource will ignore any Group IDs + returned from Vault or specified in the resource. You can use + vault_identity_group_member_group_ids to manage Group IDs for this group in a + decoupled manner. + Manage member groups externally through `vault_identity_group_member_group_ids` type: boolean externalPolicies: - description: false by default. If set to true, this resource will - ignore any policies returned from Vault or specified in the - resource. You can use vault_identity_group_policies to manage - policies for this group in a decoupled manner. Manage policies - externally through `vault_identity_group_policies`, allows using - group ID in assigned policies. + description: |- + false by default. If set to true, this resource will ignore any policies returned from + Vault or specified in the resource. You can use vault_identity_group_policies to manage + policies for this group in a decoupled manner. + Manage policies externally through `vault_identity_group_policies`, allows using group ID in assigned policies. type: boolean memberEntityIds: - description: A list of Entity IDs to be assigned as group members. - Not allowed on external groups. Entity IDs to be assigned as - group members. + description: |- + A list of Entity IDs to be assigned as group members. Not allowed on external groups. + Entity IDs to be assigned as group members. items: type: string type: array memberGroupIds: - description: A list of Group IDs to be assigned as group members. - Not allowed on external groups. Group IDs to be assigned as - group members. + description: |- + A list of Group IDs to be assigned as group members. Not allowed on external groups. + Group IDs to be assigned as group members. items: type: string type: array metadata: additionalProperties: type: string - description: A Map of additional metadata to associate with the - group. Metadata to be associated with the group. + description: |- + A Map of additional metadata to associate with the group. + Metadata to be associated with the group. type: object name: - description: Name of the identity group to create. Name of the - group. + description: |- + Name of the identity group to create. + Name of the group. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: A list of policies to apply to the group. Policies - to be tied to the group. + description: |- + A list of policies to apply to the group. + Policies to be tied to the group. items: type: string type: array type: - description: Type of the group, internal or external. Defaults - to internal. Type of the group, internal or external. Defaults - to internal. + description: |- + Type of the group, internal or external. Defaults to internal. + Type of the group, internal or external. Defaults to internal. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -239,9 +257,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -251,57 +270,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -311,17 +294,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -331,21 +316,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -360,21 +345,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -385,14 +371,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -413,71 +400,76 @@ spec: atProvider: properties: externalMemberEntityIds: - description: false by default. If set to true, this resource will - ignore any Entity IDs returned from Vault or specified in the - resource. You can use vault_identity_group_member_entity_ids - to manage Entity IDs for this group in a decoupled manner. Manage - member entities externally through `vault_identity_group_member_entity_ids` + description: |- + false by default. If set to true, this resource will ignore any Entity IDs + returned from Vault or specified in the resource. You can use + vault_identity_group_member_entity_ids to manage Entity IDs for this group in a + decoupled manner. + Manage member entities externally through `vault_identity_group_member_entity_ids` type: boolean externalMemberGroupIds: - description: false by default. If set to true, this resource will - ignore any Group IDs returned from Vault or specified in the - resource. You can use vault_identity_group_member_group_ids - to manage Group IDs for this group in a decoupled manner. Manage - member groups externally through `vault_identity_group_member_group_ids` + description: |- + false by default. If set to true, this resource will ignore any Group IDs + returned from Vault or specified in the resource. You can use + vault_identity_group_member_group_ids to manage Group IDs for this group in a + decoupled manner. + Manage member groups externally through `vault_identity_group_member_group_ids` type: boolean externalPolicies: - description: false by default. If set to true, this resource will - ignore any policies returned from Vault or specified in the - resource. You can use vault_identity_group_policies to manage - policies for this group in a decoupled manner. Manage policies - externally through `vault_identity_group_policies`, allows using - group ID in assigned policies. + description: |- + false by default. If set to true, this resource will ignore any policies returned from + Vault or specified in the resource. You can use vault_identity_group_policies to manage + policies for this group in a decoupled manner. + Manage policies externally through `vault_identity_group_policies`, allows using group ID in assigned policies. type: boolean id: description: The id of the created group. type: string memberEntityIds: - description: A list of Entity IDs to be assigned as group members. - Not allowed on external groups. Entity IDs to be assigned as - group members. + description: |- + A list of Entity IDs to be assigned as group members. Not allowed on external groups. + Entity IDs to be assigned as group members. items: type: string type: array memberGroupIds: - description: A list of Group IDs to be assigned as group members. - Not allowed on external groups. Group IDs to be assigned as - group members. + description: |- + A list of Group IDs to be assigned as group members. Not allowed on external groups. + Group IDs to be assigned as group members. items: type: string type: array metadata: additionalProperties: type: string - description: A Map of additional metadata to associate with the - group. Metadata to be associated with the group. + description: |- + A Map of additional metadata to associate with the group. + Metadata to be associated with the group. type: object name: - description: Name of the identity group to create. Name of the - group. + description: |- + Name of the identity group to create. + Name of the group. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: A list of policies to apply to the group. Policies - to be tied to the group. + description: |- + A list of policies to apply to the group. + Policies to be tied to the group. items: type: string type: array type: - description: Type of the group, internal or external. Defaults - to internal. Type of the group, internal or external. Defaults - to internal. + description: |- + Type of the group, internal or external. Defaults to internal. + Type of the group, internal or external. Defaults to internal. type: string type: object conditions: @@ -486,13 +478,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -503,8 +497,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -513,6 +508,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_mfaduoes.yaml b/package/crds/identity.vault.upbound.io_mfaduoes.yaml index c5cad0ea..79f7271e 100644 --- a/package/crds/identity.vault.upbound.io_mfaduoes.yaml +++ b/package/crds/identity.vault.upbound.io_mfaduoes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: mfaduoes.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: the duo MFA method. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,10 +74,14 @@ spec: forProvider: properties: apiHostname: - description: API hostname for Duo API hostname for Duo + description: |- + API hostname for Duo + API hostname for Duo type: string integrationKeySecretRef: - description: Integration key for Duo Integration key for Duo + description: |- + Integration key for Duo + Integration key for Duo properties: key: description: The key to select. @@ -88,14 +98,19 @@ spec: - namespace type: object namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string pushInfo: - description: Push information for Duo. Push information for Duo. + description: |- + Push information for Duo. + Push information for Duo. type: string secretKeySecretRef: - description: Secret key for Duo Secret key for Duo + description: |- + Secret key for Duo + Secret key for Duo properties: key: description: The key to select. @@ -112,65 +127,74 @@ spec: - namespace type: object usePasscode: - description: Require passcode upon MFA validation. Require passcode - upon MFA validation. + description: |- + Require passcode upon MFA validation. + Require passcode upon MFA validation. type: boolean usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: apiHostname: - description: API hostname for Duo API hostname for Duo + description: |- + API hostname for Duo + API hostname for Duo type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string pushInfo: - description: Push information for Duo. Push information for Duo. + description: |- + Push information for Duo. + Push information for Duo. type: string usePasscode: - description: Require passcode upon MFA validation. Require passcode - upon MFA validation. + description: |- + Require passcode upon MFA validation. + Require passcode upon MFA validation. type: boolean usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -183,9 +207,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -195,57 +220,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -255,17 +244,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -275,21 +266,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -304,21 +295,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -329,14 +321,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -368,46 +361,64 @@ spec: atProvider: properties: apiHostname: - description: API hostname for Duo API hostname for Duo + description: |- + API hostname for Duo + API hostname for Duo type: string id: type: string methodId: - description: Method ID. Method ID. + description: |- + Method ID. + Method ID. type: string mountAccessor: - description: Mount accessor. Mount accessor. + description: |- + Mount accessor. + Mount accessor. type: string name: description: Method name. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string namespaceId: - description: Method's namespace ID. Method's namespace ID. + description: |- + Method's namespace ID. + Method's namespace ID. type: string namespacePath: - description: Method's namespace path. Method's namespace path. + description: |- + Method's namespace path. + Method's namespace path. type: string pushInfo: - description: Push information for Duo. Push information for Duo. + description: |- + Push information for Duo. + Push information for Duo. type: string type: - description: MFA type. MFA type. + description: |- + MFA type. + MFA type. type: string usePasscode: - description: Require passcode upon MFA validation. Require passcode - upon MFA validation. + description: |- + Require passcode upon MFA validation. + Require passcode upon MFA validation. type: boolean usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string uuid: - description: Resource UUID. Resource UUID. + description: |- + Resource UUID. + Resource UUID. type: string type: object conditions: @@ -416,13 +427,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -433,8 +446,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -443,6 +457,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_mfaloginenforcements.yaml b/package/crds/identity.vault.upbound.io_mfaloginenforcements.yaml index a1e956d5..4846653f 100644 --- a/package/crds/identity.vault.upbound.io_mfaloginenforcements.yaml +++ b/package/crds/identity.vault.upbound.io_mfaloginenforcements.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: mfaloginenforcements.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Resource for configuring MFA login-enforcement properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,107 +74,129 @@ spec: forProvider: properties: authMethodAccessors: - description: Set of auth method accessor IDs. Set of auth method - accessor IDs. + description: |- + Set of auth method accessor IDs. + Set of auth method accessor IDs. items: type: string type: array authMethodTypes: - description: Set of auth method types. Set of auth method types. + description: |- + Set of auth method types. + Set of auth method types. items: type: string type: array identityEntityIds: - description: Set of identity entity IDs. Set of identity entity - IDs. + description: |- + Set of identity entity IDs. + Set of identity entity IDs. items: type: string type: array identityGroupIds: - description: Set of identity group IDs. Set of identity group - IDs. + description: |- + Set of identity group IDs. + Set of identity group IDs. items: type: string type: array mfaMethodIds: - description: Set of MFA method UUIDs. Set of MFA method UUIDs. + description: |- + Set of MFA method UUIDs. + Set of MFA method UUIDs. items: type: string type: array name: - description: Login enforcement name. Login enforcement name. + description: |- + Login enforcement name. + Login enforcement name. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: authMethodAccessors: - description: Set of auth method accessor IDs. Set of auth method - accessor IDs. + description: |- + Set of auth method accessor IDs. + Set of auth method accessor IDs. items: type: string type: array authMethodTypes: - description: Set of auth method types. Set of auth method types. + description: |- + Set of auth method types. + Set of auth method types. items: type: string type: array identityEntityIds: - description: Set of identity entity IDs. Set of identity entity - IDs. + description: |- + Set of identity entity IDs. + Set of identity entity IDs. items: type: string type: array identityGroupIds: - description: Set of identity group IDs. Set of identity group - IDs. + description: |- + Set of identity group IDs. + Set of identity group IDs. items: type: string type: array mfaMethodIds: - description: Set of MFA method UUIDs. Set of MFA method UUIDs. + description: |- + Set of MFA method UUIDs. + Set of MFA method UUIDs. items: type: string type: array name: - description: Login enforcement name. Login enforcement name. + description: |- + Login enforcement name. + Login enforcement name. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -181,9 +209,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -193,57 +222,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -253,17 +246,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -273,21 +268,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -302,21 +297,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -327,14 +323,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -364,50 +361,66 @@ spec: atProvider: properties: authMethodAccessors: - description: Set of auth method accessor IDs. Set of auth method - accessor IDs. + description: |- + Set of auth method accessor IDs. + Set of auth method accessor IDs. items: type: string type: array authMethodTypes: - description: Set of auth method types. Set of auth method types. + description: |- + Set of auth method types. + Set of auth method types. items: type: string type: array id: type: string identityEntityIds: - description: Set of identity entity IDs. Set of identity entity - IDs. + description: |- + Set of identity entity IDs. + Set of identity entity IDs. items: type: string type: array identityGroupIds: - description: Set of identity group IDs. Set of identity group - IDs. + description: |- + Set of identity group IDs. + Set of identity group IDs. items: type: string type: array mfaMethodIds: - description: Set of MFA method UUIDs. Set of MFA method UUIDs. + description: |- + Set of MFA method UUIDs. + Set of MFA method UUIDs. items: type: string type: array name: - description: Login enforcement name. Login enforcement name. + description: |- + Login enforcement name. + Login enforcement name. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string namespaceId: - description: Method's namespace ID. Method's namespace ID. + description: |- + Method's namespace ID. + Method's namespace ID. type: string namespacePath: - description: Method's namespace path. Method's namespace path. + description: |- + Method's namespace path. + Method's namespace path. type: string uuid: - description: Resource UUID. Resource UUID. + description: |- + Resource UUID. + Resource UUID. type: string type: object conditions: @@ -416,13 +429,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -433,8 +448,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -443,6 +459,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_mfaoktas.yaml b/package/crds/identity.vault.upbound.io_mfaoktas.yaml index 05483f6a..bdfd065f 100644 --- a/package/crds/identity.vault.upbound.io_mfaoktas.yaml +++ b/package/crds/identity.vault.upbound.io_mfaoktas.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: mfaoktas.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: the okta MFA method. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,7 +74,9 @@ spec: forProvider: properties: apiTokenSecretRef: - description: Okta API token. Okta API token. + description: |- + Okta API token. + Okta API token. properties: key: description: The key to select. @@ -85,79 +93,89 @@ spec: - namespace type: object baseUrl: - description: The base domain to use for API requests. The base - domain to use for API requests. + description: |- + The base domain to use for API requests. + The base domain to use for API requests. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string orgName: - description: Name of the organization to be used in the Okta API. + description: |- + Name of the organization to be used in the Okta API. Name of the organization to be used in the Okta API. type: string primaryEmail: - description: Only match the primary email for the account. Only - match the primary email for the account. + description: |- + Only match the primary email for the account. + Only match the primary email for the account. type: boolean usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: baseUrl: - description: The base domain to use for API requests. The base - domain to use for API requests. + description: |- + The base domain to use for API requests. + The base domain to use for API requests. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string orgName: - description: Name of the organization to be used in the Okta API. + description: |- + Name of the organization to be used in the Okta API. Name of the organization to be used in the Okta API. type: string primaryEmail: - description: Only match the primary email for the account. Only - match the primary email for the account. + description: |- + Only match the primary email for the account. + Only match the primary email for the account. type: boolean usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -170,9 +188,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -182,57 +201,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -242,17 +225,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -262,21 +247,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -291,21 +276,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -316,14 +302,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -352,48 +339,64 @@ spec: atProvider: properties: baseUrl: - description: The base domain to use for API requests. The base - domain to use for API requests. + description: |- + The base domain to use for API requests. + The base domain to use for API requests. type: string id: type: string methodId: - description: Method ID. Method ID. + description: |- + Method ID. + Method ID. type: string mountAccessor: - description: Mount accessor. Mount accessor. + description: |- + Mount accessor. + Mount accessor. type: string name: description: Method name. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string namespaceId: - description: Method's namespace ID. Method's namespace ID. + description: |- + Method's namespace ID. + Method's namespace ID. type: string namespacePath: - description: Method's namespace path. Method's namespace path. + description: |- + Method's namespace path. + Method's namespace path. type: string orgName: - description: Name of the organization to be used in the Okta API. + description: |- + Name of the organization to be used in the Okta API. Name of the organization to be used in the Okta API. type: string primaryEmail: - description: Only match the primary email for the account. Only - match the primary email for the account. + description: |- + Only match the primary email for the account. + Only match the primary email for the account. type: boolean type: - description: MFA type. MFA type. + description: |- + MFA type. + MFA type. type: string usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string uuid: - description: Resource UUID. Resource UUID. + description: |- + Resource UUID. + Resource UUID. type: string type: object conditions: @@ -402,13 +405,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -419,8 +424,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -429,6 +435,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_mfapingids.yaml b/package/crds/identity.vault.upbound.io_mfapingids.yaml index 4c4b70b0..c8f46b5e 100644 --- a/package/crds/identity.vault.upbound.io_mfapingids.yaml +++ b/package/crds/identity.vault.upbound.io_mfapingids.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: mfapingids.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: configuring the pingid MFA method. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,67 +74,69 @@ spec: forProvider: properties: namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string settingsFileBase64: - description: A base64-encoded third-party settings contents as - retrieved from PingID's configuration page. A base64-encoded - third-party settings contents as retrieved from PingID's configuration - page. + description: |- + A base64-encoded third-party settings contents as retrieved from PingID's configuration page. + A base64-encoded third-party settings contents as retrieved from PingID's configuration page. type: string usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string settingsFileBase64: - description: A base64-encoded third-party settings contents as - retrieved from PingID's configuration page. A base64-encoded - third-party settings contents as retrieved from PingID's configuration - page. + description: |- + A base64-encoded third-party settings contents as retrieved from PingID's configuration page. + A base64-encoded third-party settings contents as retrieved from PingID's configuration page. type: string usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -141,9 +149,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -153,57 +162,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -213,17 +186,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -233,21 +208,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -262,21 +237,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -287,14 +263,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -320,64 +297,79 @@ spec: atProvider: properties: adminUrl: - description: The admin URL, derived from "settings_file_base64" + description: |- + The admin URL, derived from "settings_file_base64" The admin URL, derived from "settings_file_base64" type: string authenticatorUrl: - description: A unique identifier of the organization, derived - from "settings_file_base64" A unique identifier of the organization, - derived from "settings_file_base64" + description: |- + A unique identifier of the organization, derived from "settings_file_base64" + A unique identifier of the organization, derived from "settings_file_base64" type: string id: type: string idpUrl: - description: The IDP URL, derived from "settings_file_base64" + description: |- + The IDP URL, derived from "settings_file_base64" The IDP URL, derived from "settings_file_base64" type: string methodId: - description: Method ID. Method ID. + description: |- + Method ID. + Method ID. type: string mountAccessor: - description: Mount accessor. Mount accessor. + description: |- + Mount accessor. + Mount accessor. type: string name: description: Method name. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string namespaceId: - description: Method's namespace ID. Method's namespace ID. + description: |- + Method's namespace ID. + Method's namespace ID. type: string namespacePath: - description: Method's namespace path. Method's namespace path. + description: |- + Method's namespace path. + Method's namespace path. type: string orgAlias: - description: The name of the PingID client organization, derived - from "settings_file_base64" The name of the PingID client organization, - derived from "settings_file_base64" + description: |- + The name of the PingID client organization, derived from "settings_file_base64" + The name of the PingID client organization, derived from "settings_file_base64" type: string settingsFileBase64: - description: A base64-encoded third-party settings contents as - retrieved from PingID's configuration page. A base64-encoded - third-party settings contents as retrieved from PingID's configuration - page. + description: |- + A base64-encoded third-party settings contents as retrieved from PingID's configuration page. + A base64-encoded third-party settings contents as retrieved from PingID's configuration page. type: string type: - description: MFA type. MFA type. + description: |- + MFA type. + MFA type. type: string useSignature: - description: Use signature value, derived from "settings_file_base64" + description: |- + Use signature value, derived from "settings_file_base64" Use signature value, derived from "settings_file_base64" type: boolean usernameFormat: - description: A template string for mapping Identity names to MFA - methods. A template string for mapping Identity names to MFA - methods. + description: |- + A template string for mapping Identity names to MFA methods. + A template string for mapping Identity names to MFA methods. type: string uuid: - description: Resource UUID. Resource UUID. + description: |- + Resource UUID. + Resource UUID. type: string type: object conditions: @@ -386,13 +378,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -403,8 +397,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -413,6 +408,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_mfatotps.yaml b/package/crds/identity.vault.upbound.io_mfatotps.yaml index 27a90434..3ac0fa29 100644 --- a/package/crds/identity.vault.upbound.io_mfatotps.yaml +++ b/package/crds/identity.vault.upbound.io_mfatotps.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: mfatotps.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: the totp MFA method. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,123 +74,129 @@ spec: forProvider: properties: algorithm: - description: Specifies the hashing algorithm used to generate - the TOTP code. Options include SHA1, SHA256, SHA512. Specifies - the hashing algorithm used to generate the TOTP code. Options - include SHA1, SHA256, SHA512. + description: |- + Specifies the hashing algorithm used to generate the TOTP code. Options include SHA1, SHA256, SHA512. + Specifies the hashing algorithm used to generate the TOTP code. Options include SHA1, SHA256, SHA512. type: string digits: - description: The number of digits in the generated TOTP token. - This value can either be 6 or 8 The number of digits in the - generated TOTP token. This value can either be 6 or 8 + description: |- + The number of digits in the generated TOTP token. This value can either be 6 or 8 + The number of digits in the generated TOTP token. This value can either be 6 or 8 type: number issuer: - description: The name of the key's issuing organization. The name - of the key's issuing organization. + description: |- + The name of the key's issuing organization. + The name of the key's issuing organization. type: string keySize: - description: Specifies the size in bytes of the generated key. + description: |- + Specifies the size in bytes of the generated key. Specifies the size in bytes of the generated key. type: number maxValidationAttempts: - description: The maximum number of consecutive failed validation - attempts allowed. The maximum number of consecutive failed validation - attempts allowed. + description: |- + The maximum number of consecutive failed validation attempts allowed. + The maximum number of consecutive failed validation attempts allowed. type: number namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string period: - description: The length of time in seconds used to generate a - counter for the TOTP token calculation. The length of time in - seconds used to generate a counter for the TOTP token calculation. + description: |- + The length of time in seconds used to generate a counter for the TOTP token calculation. + The length of time in seconds used to generate a counter for the TOTP token calculation. type: number qrSize: - description: The pixel size of the generated square QR code. The - pixel size of the generated square QR code. + description: |- + The pixel size of the generated square QR code. + The pixel size of the generated square QR code. type: number skew: - description: The number of delay periods that are allowed when - validating a TOTP token. This value can either be 0 or 1. The - number of delay periods that are allowed when validating a TOTP - token. This value can either be 0 or 1. + description: |- + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: algorithm: - description: Specifies the hashing algorithm used to generate - the TOTP code. Options include SHA1, SHA256, SHA512. Specifies - the hashing algorithm used to generate the TOTP code. Options - include SHA1, SHA256, SHA512. + description: |- + Specifies the hashing algorithm used to generate the TOTP code. Options include SHA1, SHA256, SHA512. + Specifies the hashing algorithm used to generate the TOTP code. Options include SHA1, SHA256, SHA512. type: string digits: - description: The number of digits in the generated TOTP token. - This value can either be 6 or 8 The number of digits in the - generated TOTP token. This value can either be 6 or 8 + description: |- + The number of digits in the generated TOTP token. This value can either be 6 or 8 + The number of digits in the generated TOTP token. This value can either be 6 or 8 type: number issuer: - description: The name of the key's issuing organization. The name - of the key's issuing organization. + description: |- + The name of the key's issuing organization. + The name of the key's issuing organization. type: string keySize: - description: Specifies the size in bytes of the generated key. + description: |- + Specifies the size in bytes of the generated key. Specifies the size in bytes of the generated key. type: number maxValidationAttempts: - description: The maximum number of consecutive failed validation - attempts allowed. The maximum number of consecutive failed validation - attempts allowed. + description: |- + The maximum number of consecutive failed validation attempts allowed. + The maximum number of consecutive failed validation attempts allowed. type: number namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string period: - description: The length of time in seconds used to generate a - counter for the TOTP token calculation. The length of time in - seconds used to generate a counter for the TOTP token calculation. + description: |- + The length of time in seconds used to generate a counter for the TOTP token calculation. + The length of time in seconds used to generate a counter for the TOTP token calculation. type: number qrSize: - description: The pixel size of the generated square QR code. The - pixel size of the generated square QR code. + description: |- + The pixel size of the generated square QR code. + The pixel size of the generated square QR code. type: number skew: - description: The number of delay periods that are allowed when - validating a TOTP token. This value can either be 0 or 1. The - number of delay periods that are allowed when validating a TOTP - token. This value can either be 0 or 1. + description: |- + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -197,9 +209,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -209,57 +222,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -269,17 +246,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -289,21 +268,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -318,21 +297,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -343,14 +323,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -376,70 +357,84 @@ spec: atProvider: properties: algorithm: - description: Specifies the hashing algorithm used to generate - the TOTP code. Options include SHA1, SHA256, SHA512. Specifies - the hashing algorithm used to generate the TOTP code. Options - include SHA1, SHA256, SHA512. + description: |- + Specifies the hashing algorithm used to generate the TOTP code. Options include SHA1, SHA256, SHA512. + Specifies the hashing algorithm used to generate the TOTP code. Options include SHA1, SHA256, SHA512. type: string digits: - description: The number of digits in the generated TOTP token. - This value can either be 6 or 8 The number of digits in the - generated TOTP token. This value can either be 6 or 8 + description: |- + The number of digits in the generated TOTP token. This value can either be 6 or 8 + The number of digits in the generated TOTP token. This value can either be 6 or 8 type: number id: type: string issuer: - description: The name of the key's issuing organization. The name - of the key's issuing organization. + description: |- + The name of the key's issuing organization. + The name of the key's issuing organization. type: string keySize: - description: Specifies the size in bytes of the generated key. + description: |- + Specifies the size in bytes of the generated key. Specifies the size in bytes of the generated key. type: number maxValidationAttempts: - description: The maximum number of consecutive failed validation - attempts allowed. The maximum number of consecutive failed validation - attempts allowed. + description: |- + The maximum number of consecutive failed validation attempts allowed. + The maximum number of consecutive failed validation attempts allowed. type: number methodId: - description: Method ID. Method ID. + description: |- + Method ID. + Method ID. type: string mountAccessor: - description: Mount accessor. Mount accessor. + description: |- + Mount accessor. + Mount accessor. type: string name: description: Method name. type: string namespace: - description: Target namespace. (requires Enterprise) Target namespace. - (requires Enterprise) + description: |- + Target namespace. (requires Enterprise) + Target namespace. (requires Enterprise) type: string namespaceId: - description: Method's namespace ID. Method's namespace ID. + description: |- + Method's namespace ID. + Method's namespace ID. type: string namespacePath: - description: Method's namespace path. Method's namespace path. + description: |- + Method's namespace path. + Method's namespace path. type: string period: - description: The length of time in seconds used to generate a - counter for the TOTP token calculation. The length of time in - seconds used to generate a counter for the TOTP token calculation. + description: |- + The length of time in seconds used to generate a counter for the TOTP token calculation. + The length of time in seconds used to generate a counter for the TOTP token calculation. type: number qrSize: - description: The pixel size of the generated square QR code. The - pixel size of the generated square QR code. + description: |- + The pixel size of the generated square QR code. + The pixel size of the generated square QR code. type: number skew: - description: The number of delay periods that are allowed when - validating a TOTP token. This value can either be 0 or 1. The - number of delay periods that are allowed when validating a TOTP - token. This value can either be 0 or 1. + description: |- + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. type: number type: - description: MFA type. MFA type. + description: |- + MFA type. + MFA type. type: string uuid: - description: Resource UUID. Resource UUID. + description: |- + Resource UUID. + Resource UUID. type: string type: object conditions: @@ -448,13 +443,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -465,8 +462,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -475,6 +473,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_oidcassignments.yaml b/package/crds/identity.vault.upbound.io_oidcassignments.yaml index 924cd048..afd618ca 100644 --- a/package/crds/identity.vault.upbound.io_oidcassignments.yaml +++ b/package/crds/identity.vault.upbound.io_oidcassignments.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oidcassignments.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: OIDC Assignments in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,79 +74,93 @@ spec: forProvider: properties: entityIds: - description: A set of Vault entity IDs. A list of Vault entity - IDs. + description: |- + A set of Vault entity IDs. + A list of Vault entity IDs. items: type: string type: array groupIds: - description: A set of Vault group IDs. A list of Vault group IDs. + description: |- + A set of Vault group IDs. + A list of Vault group IDs. items: type: string type: array name: - description: The name of the assignment. The name of the assignment. + description: |- + The name of the assignment. + The name of the assignment. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: entityIds: - description: A set of Vault entity IDs. A list of Vault entity - IDs. + description: |- + A set of Vault entity IDs. + A list of Vault entity IDs. items: type: string type: array groupIds: - description: A set of Vault group IDs. A list of Vault group IDs. + description: |- + A set of Vault group IDs. + A list of Vault group IDs. items: type: string type: array name: - description: The name of the assignment. The name of the assignment. + description: |- + The name of the assignment. + The name of the assignment. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -153,9 +173,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -165,57 +186,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -225,17 +210,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -245,21 +232,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -274,21 +261,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -299,14 +287,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -332,27 +321,33 @@ spec: atProvider: properties: entityIds: - description: A set of Vault entity IDs. A list of Vault entity - IDs. + description: |- + A set of Vault entity IDs. + A list of Vault entity IDs. items: type: string type: array groupIds: - description: A set of Vault group IDs. A list of Vault group IDs. + description: |- + A set of Vault group IDs. + A list of Vault group IDs. items: type: string type: array id: type: string name: - description: The name of the assignment. The name of the assignment. + description: |- + The name of the assignment. + The name of the assignment. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -361,13 +356,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -378,8 +375,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -388,6 +386,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_oidcclients.yaml b/package/crds/identity.vault.upbound.io_oidcclients.yaml index c51d1003..4424d483 100644 --- a/package/crds/identity.vault.upbound.io_oidcclients.yaml +++ b/package/crds/identity.vault.upbound.io_oidcclients.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oidcclients.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: Clients in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,112 +74,123 @@ spec: forProvider: properties: accessTokenTtl: - description: The time-to-live for access tokens obtained by the - client. The time-to-live for access tokens obtained by the client. + description: |- + The time-to-live for access tokens obtained by the client. + The time-to-live for access tokens obtained by the client. type: number assignments: - description: A list of assignment resources associated with the - client. A list of assignment resources associated with the client. + description: |- + A list of assignment resources associated with the client. + A list of assignment resources associated with the client. items: type: string type: array clientType: - description: 'The client type based on its ability to maintain - confidentiality of credentials. The following client types are - supported: confidential, public. Defaults to confidential. The - client type based on its ability to maintain confidentiality - of credentials.Defaults to ''confidential''.' + description: |- + The client type based on its ability to maintain confidentiality of credentials. + The following client types are supported: confidential, public. Defaults to confidential. + The client type based on its ability to maintain confidentiality of credentials.Defaults to 'confidential'. type: string idTokenTtl: - description: The time-to-live for ID tokens obtained by the client. + description: |- + The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key. - The time-to-live for ID tokens obtained by the client. The value - should be less than the verification_ttl on the key. + The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key. type: number key: - description: A reference to a named key resource in Vault. This - cannot be modified after creation. If not provided, the default - key is used. A reference to a named key resource in Vault. This - cannot be modified after creation. + description: |- + A reference to a named key resource in Vault. + This cannot be modified after creation. If not provided, the default + key is used. + A reference to a named key resource in Vault. This cannot be modified after creation. type: string name: - description: The name of the client. The name of the client. + description: |- + The name of the client. + The name of the client. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string redirectUris: - description: Redirection URI values used by the client. One of - these values must exactly match the redirect_uri parameter value - used in each authentication request. Redirection URI values - used by the client. One of these values must exactly match the - redirect_uri parameter value used in each authentication request. + description: |- + Redirection URI values used by the client. + One of these values must exactly match the redirect_uri parameter value + used in each authentication request. + Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: accessTokenTtl: - description: The time-to-live for access tokens obtained by the - client. The time-to-live for access tokens obtained by the client. + description: |- + The time-to-live for access tokens obtained by the client. + The time-to-live for access tokens obtained by the client. type: number assignments: - description: A list of assignment resources associated with the - client. A list of assignment resources associated with the client. + description: |- + A list of assignment resources associated with the client. + A list of assignment resources associated with the client. items: type: string type: array clientType: - description: 'The client type based on its ability to maintain - confidentiality of credentials. The following client types are - supported: confidential, public. Defaults to confidential. The - client type based on its ability to maintain confidentiality - of credentials.Defaults to ''confidential''.' + description: |- + The client type based on its ability to maintain confidentiality of credentials. + The following client types are supported: confidential, public. Defaults to confidential. + The client type based on its ability to maintain confidentiality of credentials.Defaults to 'confidential'. type: string idTokenTtl: - description: The time-to-live for ID tokens obtained by the client. + description: |- + The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key. - The time-to-live for ID tokens obtained by the client. The value - should be less than the verification_ttl on the key. + The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key. type: number key: - description: A reference to a named key resource in Vault. This - cannot be modified after creation. If not provided, the default - key is used. A reference to a named key resource in Vault. This - cannot be modified after creation. + description: |- + A reference to a named key resource in Vault. + This cannot be modified after creation. If not provided, the default + key is used. + A reference to a named key resource in Vault. This cannot be modified after creation. type: string name: - description: The name of the client. The name of the client. + description: |- + The name of the client. + The name of the client. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string redirectUris: - description: Redirection URI values used by the client. One of - these values must exactly match the redirect_uri parameter value - used in each authentication request. Redirection URI values - used by the client. One of these values must exactly match the - redirect_uri parameter value used in each authentication request. + description: |- + Redirection URI values used by the client. + One of these values must exactly match the redirect_uri parameter value + used in each authentication request. + Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request. items: type: string type: array @@ -181,20 +198,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -207,9 +225,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -219,57 +238,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -279,17 +262,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -299,21 +284,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -328,21 +313,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -353,14 +339,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -386,12 +373,14 @@ spec: atProvider: properties: accessTokenTtl: - description: The time-to-live for access tokens obtained by the - client. The time-to-live for access tokens obtained by the client. + description: |- + The time-to-live for access tokens obtained by the client. + The time-to-live for access tokens obtained by the client. type: number assignments: - description: A list of assignment resources associated with the - client. A list of assignment resources associated with the client. + description: |- + A list of assignment resources associated with the client. + A list of assignment resources associated with the client. items: type: string type: array @@ -399,42 +388,45 @@ spec: description: The Client ID from Vault. type: string clientType: - description: 'The client type based on its ability to maintain - confidentiality of credentials. The following client types are - supported: confidential, public. Defaults to confidential. The - client type based on its ability to maintain confidentiality - of credentials.Defaults to ''confidential''.' + description: |- + The client type based on its ability to maintain confidentiality of credentials. + The following client types are supported: confidential, public. Defaults to confidential. + The client type based on its ability to maintain confidentiality of credentials.Defaults to 'confidential'. type: string id: type: string idTokenTtl: - description: The time-to-live for ID tokens obtained by the client. + description: |- + The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key. - The time-to-live for ID tokens obtained by the client. The value - should be less than the verification_ttl on the key. + The time-to-live for ID tokens obtained by the client. The value should be less than the verification_ttl on the key. type: number key: - description: A reference to a named key resource in Vault. This - cannot be modified after creation. If not provided, the default - key is used. A reference to a named key resource in Vault. This - cannot be modified after creation. + description: |- + A reference to a named key resource in Vault. + This cannot be modified after creation. If not provided, the default + key is used. + A reference to a named key resource in Vault. This cannot be modified after creation. type: string name: - description: The name of the client. The name of the client. + description: |- + The name of the client. + The name of the client. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string redirectUris: - description: Redirection URI values used by the client. One of - these values must exactly match the redirect_uri parameter value - used in each authentication request. Redirection URI values - used by the client. One of these values must exactly match the - redirect_uri parameter value used in each authentication request. + description: |- + Redirection URI values used by the client. + One of these values must exactly match the redirect_uri parameter value + used in each authentication request. + Redirection URI values used by the client. One of these values must exactly match the redirect_uri parameter value used in each authentication request. items: type: string type: array @@ -445,13 +437,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -462,8 +456,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -472,6 +467,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_oidckeyallowedclientids.yaml b/package/crds/identity.vault.upbound.io_oidckeyallowedclientids.yaml index 12ba82e4..97a3db16 100644 --- a/package/crds/identity.vault.upbound.io_oidckeyallowedclientids.yaml +++ b/package/crds/identity.vault.upbound.io_oidckeyallowedclientids.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oidckeyallowedclientids.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Allows an Identity OIDC Role to use an OIDC Named key. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,67 +74,75 @@ spec: forProvider: properties: allowedClientId: - description: Client ID to allow usage with the OIDC named key + description: |- + Client ID to allow usage with the OIDC named key Role Client ID allowed to use the key for signing. type: string keyName: - description: Name of the OIDC Key allow the Client ID. Name of - the key. + description: |- + Name of the OIDC Key allow the Client ID. + Name of the key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedClientId: - description: Client ID to allow usage with the OIDC named key + description: |- + Client ID to allow usage with the OIDC named key Role Client ID allowed to use the key for signing. type: string keyName: - description: Name of the OIDC Key allow the Client ID. Name of - the key. + description: |- + Name of the OIDC Key allow the Client ID. + Name of the key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -141,9 +155,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -153,57 +168,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -213,17 +192,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -233,21 +214,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -262,21 +243,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -287,14 +269,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -325,21 +308,24 @@ spec: atProvider: properties: allowedClientId: - description: Client ID to allow usage with the OIDC named key + description: |- + Client ID to allow usage with the OIDC named key Role Client ID allowed to use the key for signing. type: string id: type: string keyName: - description: Name of the OIDC Key allow the Client ID. Name of - the key. + description: |- + Name of the OIDC Key allow the Client ID. + Name of the key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -348,13 +334,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -365,8 +353,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -375,6 +364,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_oidckeys.yaml b/package/crds/identity.vault.upbound.io_oidckeys.yaml index d425439f..604d8e20 100644 --- a/package/crds/identity.vault.upbound.io_oidckeys.yaml +++ b/package/crds/identity.vault.upbound.io_oidckeys.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oidckeys.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: OIDC Named Key for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,111 +74,115 @@ spec: forProvider: properties: algorithm: - description: 'Signing algorithm to use. Signing algorithm to use. - Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, - ES512, EdDSA. Signing algorithm to use. Signing algorithm to - use. Allowed values are: RS256 (default), RS384, RS512, ES256, - ES384, ES512, EdDSA.' + description: |- + Signing algorithm to use. Signing algorithm to use. + Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA. + Signing algorithm to use. Signing algorithm to use. Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA. type: string allowedClientIds: - description: ': Array of role client ID allowed to use this key - for signing. If empty, no roles are allowed. If ["*"], all roles - are allowed. Array of role client ids allowed to use this key - for signing. If empty, no roles are allowed. If "*", all roles - are allowed.' + description: |- + : Array of role client ID allowed to use this key for signing. If + empty, no roles are allowed. If ["*"], all roles are allowed. + Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If "*", all roles are allowed. items: type: string type: array name: - description: Name of the OIDC Key to create. Name of the key. + description: |- + Name of the OIDC Key to create. + Name of the key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string rotationPeriod: - description: How often to generate a new signing key in number - of seconds How often to generate a new signing key in number - of seconds + description: |- + How often to generate a new signing key in number of seconds + How often to generate a new signing key in number of seconds type: number verificationTtl: - description: '"Controls how long the public portion of a signing - key will be available for verification after being rotated in - seconds. Controls how long the public portion of a signing key - will be available for verification after being rotated in seconds.' + description: |- + "Controls how long the public portion of a signing key will be + available for verification after being rotated in seconds. + Controls how long the public portion of a signing key will be available for verification after being rotated in seconds. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: algorithm: - description: 'Signing algorithm to use. Signing algorithm to use. - Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, - ES512, EdDSA. Signing algorithm to use. Signing algorithm to - use. Allowed values are: RS256 (default), RS384, RS512, ES256, - ES384, ES512, EdDSA.' + description: |- + Signing algorithm to use. Signing algorithm to use. + Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA. + Signing algorithm to use. Signing algorithm to use. Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA. type: string allowedClientIds: - description: ': Array of role client ID allowed to use this key - for signing. If empty, no roles are allowed. If ["*"], all roles - are allowed. Array of role client ids allowed to use this key - for signing. If empty, no roles are allowed. If "*", all roles - are allowed.' + description: |- + : Array of role client ID allowed to use this key for signing. If + empty, no roles are allowed. If ["*"], all roles are allowed. + Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If "*", all roles are allowed. items: type: string type: array name: - description: Name of the OIDC Key to create. Name of the key. + description: |- + Name of the OIDC Key to create. + Name of the key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string rotationPeriod: - description: How often to generate a new signing key in number - of seconds How often to generate a new signing key in number - of seconds + description: |- + How often to generate a new signing key in number of seconds + How often to generate a new signing key in number of seconds type: number verificationTtl: - description: '"Controls how long the public portion of a signing - key will be available for verification after being rotated in - seconds. Controls how long the public portion of a signing key - will be available for verification after being rotated in seconds.' + description: |- + "Controls how long the public portion of a signing key will be + available for verification after being rotated in seconds. + Controls how long the public portion of a signing key will be available for verification after being rotated in seconds. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -185,9 +195,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -197,57 +208,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -257,17 +232,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -277,21 +254,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -306,21 +283,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -331,14 +309,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -364,18 +343,16 @@ spec: atProvider: properties: algorithm: - description: 'Signing algorithm to use. Signing algorithm to use. - Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, - ES512, EdDSA. Signing algorithm to use. Signing algorithm to - use. Allowed values are: RS256 (default), RS384, RS512, ES256, - ES384, ES512, EdDSA.' + description: |- + Signing algorithm to use. Signing algorithm to use. + Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA. + Signing algorithm to use. Signing algorithm to use. Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA. type: string allowedClientIds: - description: ': Array of role client ID allowed to use this key - for signing. If empty, no roles are allowed. If ["*"], all roles - are allowed. Array of role client ids allowed to use this key - for signing. If empty, no roles are allowed. If "*", all roles - are allowed.' + description: |- + : Array of role client ID allowed to use this key for signing. If + empty, no roles are allowed. If ["*"], all roles are allowed. + Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If "*", all roles are allowed. items: type: string type: array @@ -383,25 +360,28 @@ spec: description: The name of the created key. type: string name: - description: Name of the OIDC Key to create. Name of the key. + description: |- + Name of the OIDC Key to create. + Name of the key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string rotationPeriod: - description: How often to generate a new signing key in number - of seconds How often to generate a new signing key in number - of seconds + description: |- + How often to generate a new signing key in number of seconds + How often to generate a new signing key in number of seconds type: number verificationTtl: - description: '"Controls how long the public portion of a signing - key will be available for verification after being rotated in - seconds. Controls how long the public portion of a signing key - will be available for verification after being rotated in seconds.' + description: |- + "Controls how long the public portion of a signing key will be + available for verification after being rotated in seconds. + Controls how long the public portion of a signing key will be available for verification after being rotated in seconds. type: number type: object conditions: @@ -410,13 +390,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -427,8 +409,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -437,6 +420,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_oidcproviders.yaml b/package/crds/identity.vault.upbound.io_oidcproviders.yaml index 7f6d2a00..f88d6466 100644 --- a/package/crds/identity.vault.upbound.io_oidcproviders.yaml +++ b/package/crds/identity.vault.upbound.io_oidcproviders.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oidcproviders.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: OIDC Providers in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,79 +74,92 @@ spec: forProvider: properties: allowedClientIds: - description: The client IDs that are permitted to use the provider. + description: |- + The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed. - The client IDs that are permitted to use the provider. If empty, - no clients are allowed. If "*", all clients are allowed. + The client IDs that are permitted to use the provider. If empty, no clients are allowed. If "*", all clients are allowed. items: type: string type: array httpsEnabled: - description: Set to true if the issuer endpoint uses HTTPS. Set - to true if the issuer endpoint uses HTTPS. + description: |- + Set to true if the issuer endpoint uses HTTPS. + Set to true if the issuer endpoint uses HTTPS. type: boolean issuerHost: - description: The host for the issuer. Can be either host or host:port. + description: |- + The host for the issuer. Can be either host or host:port. The host for the issuer. Can be either host or host:port. type: string name: - description: The name of the provider. The name of the provider. + description: |- + The name of the provider. + The name of the provider. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string scopesSupported: - description: The scopes available for requesting on the provider. + description: |- + The scopes available for requesting on the provider. The scopes available for requesting on the provider. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedClientIds: - description: The client IDs that are permitted to use the provider. + description: |- + The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed. - The client IDs that are permitted to use the provider. If empty, - no clients are allowed. If "*", all clients are allowed. + The client IDs that are permitted to use the provider. If empty, no clients are allowed. If "*", all clients are allowed. items: type: string type: array httpsEnabled: - description: Set to true if the issuer endpoint uses HTTPS. Set - to true if the issuer endpoint uses HTTPS. + description: |- + Set to true if the issuer endpoint uses HTTPS. + Set to true if the issuer endpoint uses HTTPS. type: boolean issuerHost: - description: The host for the issuer. Can be either host or host:port. + description: |- + The host for the issuer. Can be either host or host:port. The host for the issuer. Can be either host or host:port. type: string name: - description: The name of the provider. The name of the provider. + description: |- + The name of the provider. + The name of the provider. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string scopesSupported: - description: The scopes available for requesting on the provider. + description: |- + The scopes available for requesting on the provider. The scopes available for requesting on the provider. items: type: string @@ -149,20 +168,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -175,45 +195,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -223,21 +208,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -247,17 +232,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -267,21 +254,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -296,21 +283,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -321,14 +309,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -354,43 +343,48 @@ spec: atProvider: properties: allowedClientIds: - description: The client IDs that are permitted to use the provider. + description: |- + The client IDs that are permitted to use the provider. If empty, no clients are allowed. If *, all clients are allowed. - The client IDs that are permitted to use the provider. If empty, - no clients are allowed. If "*", all clients are allowed. + The client IDs that are permitted to use the provider. If empty, no clients are allowed. If "*", all clients are allowed. items: type: string type: array httpsEnabled: - description: Set to true if the issuer endpoint uses HTTPS. Set - to true if the issuer endpoint uses HTTPS. + description: |- + Set to true if the issuer endpoint uses HTTPS. + Set to true if the issuer endpoint uses HTTPS. type: boolean id: type: string issuer: - description: Specifies what will be used as the scheme://host:port - component for the iss claim of ID tokens. This value is computed - using the issuer_host and https_enabled fields. Specifies what - will be used as the 'scheme://host:port' component for the 'iss' - claim of ID tokens.This value is computed using the issuer_host - and https_enabled fields. + description: |- + Specifies what will be used as the scheme://host:port + component for the iss claim of ID tokens. This value is computed using the + issuer_host and https_enabled fields. + Specifies what will be used as the 'scheme://host:port' component for the 'iss' claim of ID tokens.This value is computed using the issuer_host and https_enabled fields. type: string issuerHost: - description: The host for the issuer. Can be either host or host:port. + description: |- + The host for the issuer. Can be either host or host:port. The host for the issuer. Can be either host or host:port. type: string name: - description: The name of the provider. The name of the provider. + description: |- + The name of the provider. + The name of the provider. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string scopesSupported: - description: The scopes available for requesting on the provider. + description: |- + The scopes available for requesting on the provider. The scopes available for requesting on the provider. items: type: string @@ -402,13 +396,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -419,8 +415,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -429,6 +426,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_oidcroles.yaml b/package/crds/identity.vault.upbound.io_oidcroles.yaml index ba643f34..05fe4f7e 100644 --- a/package/crds/identity.vault.upbound.io_oidcroles.yaml +++ b/package/crds/identity.vault.upbound.io_oidcroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oidcroles.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: OIDC Role for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,101 +74,115 @@ spec: forProvider: properties: clientId: - description: The value that will be included in the aud field - of all the OIDC identity tokens issued by this role The value - that will be included in the `aud` field of all the OIDC identity + description: |- + The value that will be included in the aud field of all the OIDC identity tokens issued by this role + The value that will be included in the `aud` field of all the OIDC identity tokens issued by this role type: string key: - description: A configured named key, the key must already exist - before tokens can be issued. A configured named key, the key - must already exist. + description: |- + A configured named key, the key must already exist + before tokens can be issued. + A configured named key, the key must already exist. type: string name: - description: Name of the OIDC Role to create. Name of the role. + description: |- + Name of the OIDC Role to create. + Name of the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string template: - description: The template string to use for generating tokens. - This may be in string-ified JSON or base64 format. See the documentation - for the template format. The template string to use for generating - tokens. This may be in string-ified JSON or base64 format. + description: |- + The template string to use for generating tokens. This may be in + string-ified JSON or base64 format. See the + documentation + for the template format. + The template string to use for generating tokens. This may be in string-ified JSON or base64 format. type: string ttl: - description: TTL of the tokens generated against the role in number - of seconds. TTL of the tokens generated against the role in - number of seconds. + description: |- + TTL of the tokens generated against the role in number of seconds. + TTL of the tokens generated against the role in number of seconds. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: clientId: - description: The value that will be included in the aud field - of all the OIDC identity tokens issued by this role The value - that will be included in the `aud` field of all the OIDC identity + description: |- + The value that will be included in the aud field of all the OIDC identity tokens issued by this role + The value that will be included in the `aud` field of all the OIDC identity tokens issued by this role type: string key: - description: A configured named key, the key must already exist - before tokens can be issued. A configured named key, the key - must already exist. + description: |- + A configured named key, the key must already exist + before tokens can be issued. + A configured named key, the key must already exist. type: string name: - description: Name of the OIDC Role to create. Name of the role. + description: |- + Name of the OIDC Role to create. + Name of the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string template: - description: The template string to use for generating tokens. - This may be in string-ified JSON or base64 format. See the documentation - for the template format. The template string to use for generating - tokens. This may be in string-ified JSON or base64 format. + description: |- + The template string to use for generating tokens. This may be in + string-ified JSON or base64 format. See the + documentation + for the template format. + The template string to use for generating tokens. This may be in string-ified JSON or base64 format. type: string ttl: - description: TTL of the tokens generated against the role in number - of seconds. TTL of the tokens generated against the role in - number of seconds. + description: |- + TTL of the tokens generated against the role in number of seconds. + TTL of the tokens generated against the role in number of seconds. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -175,9 +195,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -187,57 +208,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -247,17 +232,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -267,21 +254,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -296,21 +283,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -321,14 +309,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -358,39 +347,45 @@ spec: atProvider: properties: clientId: - description: The value that will be included in the aud field - of all the OIDC identity tokens issued by this role The value - that will be included in the `aud` field of all the OIDC identity + description: |- + The value that will be included in the aud field of all the OIDC identity tokens issued by this role + The value that will be included in the `aud` field of all the OIDC identity tokens issued by this role type: string id: description: The name of the created role. type: string key: - description: A configured named key, the key must already exist - before tokens can be issued. A configured named key, the key - must already exist. + description: |- + A configured named key, the key must already exist + before tokens can be issued. + A configured named key, the key must already exist. type: string name: - description: Name of the OIDC Role to create. Name of the role. + description: |- + Name of the OIDC Role to create. + Name of the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string template: - description: The template string to use for generating tokens. - This may be in string-ified JSON or base64 format. See the documentation - for the template format. The template string to use for generating - tokens. This may be in string-ified JSON or base64 format. + description: |- + The template string to use for generating tokens. This may be in + string-ified JSON or base64 format. See the + documentation + for the template format. + The template string to use for generating tokens. This may be in string-ified JSON or base64 format. type: string ttl: - description: TTL of the tokens generated against the role in number - of seconds. TTL of the tokens generated against the role in - number of seconds. + description: |- + TTL of the tokens generated against the role in number of seconds. + TTL of the tokens generated against the role in number of seconds. type: number type: object conditions: @@ -399,13 +394,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -416,8 +413,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -426,6 +424,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_oidcs.yaml b/package/crds/identity.vault.upbound.io_oidcs.yaml index 5f04d9b3..fd33110c 100644 --- a/package/crds/identity.vault.upbound.io_oidcs.yaml +++ b/package/crds/identity.vault.upbound.io_oidcs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oidcs.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: Tokens Backend for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,73 +74,71 @@ spec: forProvider: properties: issuer: - description: Issuer URL to be used in the iss claim of the token. - If not set, Vault's api_addr will be used. The issuer is a case - sensitive URL using the https scheme that contains scheme, host, - and optionally, port number and path components, but no query - or fragment components. Issuer URL to be used in the iss claim - of the token. If not set, Vault's api_addr will be used. The - issuer is a case sensitive URL using the https scheme that contains - scheme, host, and optionally, port number and path components, - but no query or fragment components. + description: |- + Issuer URL to be used in the iss claim of the token. If not set, Vault's + api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains + scheme, host, and optionally, port number and path components, but no query or fragment + components. + Issuer URL to be used in the iss claim of the token. If not set, Vault's api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components, but no query or fragment components. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: issuer: - description: Issuer URL to be used in the iss claim of the token. - If not set, Vault's api_addr will be used. The issuer is a case - sensitive URL using the https scheme that contains scheme, host, - and optionally, port number and path components, but no query - or fragment components. Issuer URL to be used in the iss claim - of the token. If not set, Vault's api_addr will be used. The - issuer is a case sensitive URL using the https scheme that contains - scheme, host, and optionally, port number and path components, - but no query or fragment components. + description: |- + Issuer URL to be used in the iss claim of the token. If not set, Vault's + api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains + scheme, host, and optionally, port number and path components, but no query or fragment + components. + Issuer URL to be used in the iss claim of the token. If not set, Vault's api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components, but no query or fragment components. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -147,9 +151,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -159,57 +164,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -219,17 +188,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -239,21 +210,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -268,21 +239,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -293,14 +265,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -323,22 +296,20 @@ spec: id: type: string issuer: - description: Issuer URL to be used in the iss claim of the token. - If not set, Vault's api_addr will be used. The issuer is a case - sensitive URL using the https scheme that contains scheme, host, - and optionally, port number and path components, but no query - or fragment components. Issuer URL to be used in the iss claim - of the token. If not set, Vault's api_addr will be used. The - issuer is a case sensitive URL using the https scheme that contains - scheme, host, and optionally, port number and path components, - but no query or fragment components. + description: |- + Issuer URL to be used in the iss claim of the token. If not set, Vault's + api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains + scheme, host, and optionally, port number and path components, but no query or fragment + components. + Issuer URL to be used in the iss claim of the token. If not set, Vault's api_addr will be used. The issuer is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components, but no query or fragment components. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -347,13 +318,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -364,8 +337,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -374,6 +348,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/identity.vault.upbound.io_oidcscopes.yaml b/package/crds/identity.vault.upbound.io_oidcscopes.yaml index 9e4e9b57..4ea62e2a 100644 --- a/package/crds/identity.vault.upbound.io_oidcscopes.yaml +++ b/package/crds/identity.vault.upbound.io_oidcscopes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oidcscopes.identity.vault.upbound.io spec: group: identity.vault.upbound.io @@ -38,14 +38,19 @@ spec: Scopes in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,77 +74,85 @@ spec: forProvider: properties: description: - description: A description of the scope. The scope's description. + description: |- + A description of the scope. + The scope's description. type: string name: - description: The name of the scope. The openid scope name is reserved. + description: |- + The name of the scope. The openid scope name is reserved. The name of the scope. The openid scope name is reserved. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string template: - description: The template string for the scope. This may be provided - as escaped JSON or base64 encoded JSON. The template string - for the scope. This may be provided as escaped JSON or base64 - encoded JSON. + description: |- + The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON. + The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: description: - description: A description of the scope. The scope's description. + description: |- + A description of the scope. + The scope's description. type: string name: - description: The name of the scope. The openid scope name is reserved. + description: |- + The name of the scope. The openid scope name is reserved. The name of the scope. The openid scope name is reserved. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string template: - description: The template string for the scope. This may be provided - as escaped JSON or base64 encoded JSON. The template string - for the scope. This may be provided as escaped JSON or base64 - encoded JSON. + description: |- + The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON. + The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -151,9 +165,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -163,57 +178,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -223,17 +202,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -243,21 +224,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -272,21 +253,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -297,14 +279,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -330,26 +313,29 @@ spec: atProvider: properties: description: - description: A description of the scope. The scope's description. + description: |- + A description of the scope. + The scope's description. type: string id: type: string name: - description: The name of the scope. The openid scope name is reserved. + description: |- + The name of the scope. The openid scope name is reserved. The name of the scope. The openid scope name is reserved. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string template: - description: The template string for the scope. This may be provided - as escaped JSON or base64 encoded JSON. The template string - for the scope. This may be provided as escaped JSON or base64 - encoded JSON. + description: |- + The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON. + The template string for the scope. This may be provided as escaped JSON or base64 encoded JSON. type: string type: object conditions: @@ -358,13 +344,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -375,8 +363,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -385,6 +374,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/jwt.vault.upbound.io_authbackendroles.yaml b/package/crds/jwt.vault.upbound.io_authbackendroles.yaml index 9b74d214..d890f321 100644 --- a/package/crds/jwt.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/jwt.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.jwt.vault.upbound.io spec: group: jwt.vault.upbound.io @@ -38,14 +38,19 @@ spec: JWT/OIDC auth backend roles in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,431 +74,451 @@ spec: forProvider: properties: allowedRedirectUris: - description: The list of allowed values for redirect_uri during - OIDC logins. Required for OIDC roles The list of allowed values - for redirect_uri during OIDC logins. + description: |- + The list of allowed values for redirect_uri during OIDC logins. + Required for OIDC roles + The list of allowed values for redirect_uri during OIDC logins. items: type: string type: array backend: - description: The unique name of the auth backend to configure. - Defaults to jwt. Unique name of the auth backend to configure. + description: |- + The unique name of the auth backend to configure. + Defaults to jwt. + Unique name of the auth backend to configure. type: string boundAudiences: - description: (For "jwt" roles, at least one of bound_audiences, - bound_subject, bound_claims or token_bound_cidrs is required. - Optional for "oidc" roles.) List of aud claims to match against. - Any match is sufficient. List of aud claims to match against. + description: |- + (For "jwt" roles, at least one of bound_audiences, bound_subject, bound_claims + or token_bound_cidrs is required. Optional for "oidc" roles.) List of aud claims to match against. Any match is sufficient. + List of aud claims to match against. Any match is sufficient. items: type: string type: array boundClaims: additionalProperties: type: string - description: If set, a map of claims to values to match against. - A claim's value must be a string, which may contain one value - or multiple comma-separated values, e.g. "red" or "red,green,blue". - Map of claims/values to match against. The expected value may - be a single string or a comma-separated string list. + description: |- + If set, a map of claims to values to match against. + A claim's value must be a string, which may contain one value or multiple + comma-separated values, e.g. "red" or "red,green,blue". + Map of claims/values to match against. The expected value may be a single string or a comma-separated string list. type: object boundClaimsType: - description: 'How to interpret values in the claims/values map - (bound_claims): can be either string (exact match) or glob (wildcard - match). Requires Vault 1.4.0 or above. How to interpret values - in the claims/values map: can be either "string" (exact match) - or "glob" (wildcard match).' + description: |- + How to interpret values in the claims/values + map (bound_claims): can be either string (exact match) or glob (wildcard + match). Requires Vault 1.4.0 or above. + How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match). type: string boundSubject: - description: If set, requires that the sub claim matches this - value. If set, requires that the sub claim matches this value. + description: |- + If set, requires that the sub claim matches + this value. + If set, requires that the sub claim matches this value. type: string claimMappings: additionalProperties: type: string - description: If set, a map of claims (keys) to be copied to specified - metadata fields (values). Map of claims (keys) to be copied + description: |- + If set, a map of claims (keys) to be copied to specified metadata fields (values). + Map of claims (keys) to be copied to specified metadata fields (values). type: object clockSkewLeeway: - description: The amount of leeway to add to all claims to account - for clock skew, in seconds. Defaults to 60 seconds if set to - 0 and can be disabled if set to -1. Only applicable with "jwt" - roles. The amount of leeway to add to all claims to account - for clock skew, in seconds. Defaults to 60 seconds if set to - 0 and can be disabled if set to -1. Only applicable with 'jwt' - roles. + description: |- + The amount of leeway to add to all claims to account for clock skew, in + seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to all claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number disableBoundClaimsParsing: description: Disable bound claim value parsing. Useful when values contain commas. type: boolean expirationLeeway: - description: The amount of leeway to add to expiration (exp) claims - to account for clock skew, in seconds. Defaults to 60 seconds - if set to 0 and can be disabled if set to -1. Only applicable - with "jwt" roles. The amount of leeway to add to expiration - (exp) claims to account for clock skew, in seconds. Defaults - to 60 seconds if set to 0 and can be disabled if set to -1. - Only applicable with 'jwt' roles. + description: |- + The amount of leeway to add to expiration (exp) claims to account for + clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number groupsClaim: - description: The claim to use to uniquely identify the set of - groups to which the user belongs; this will be used as the names - for the Identity group aliases created due to a successful login. - The claim value must be a list of strings. The claim to use - to uniquely identify the set of groups to which the user belongs; - this will be used as the names for the Identity group aliases - created due to a successful login. The claim value must be a - list of strings. + description: |- + The claim to use to uniquely identify + the set of groups to which the user belongs; this will be used as the names + for the Identity group aliases created due to a successful login. The claim + value must be a list of strings. + The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings. type: string maxAge: - description: Specifies the allowable elapsed time in seconds since - the last time the user was actively authenticated with the OIDC - provider. Specifies the allowable elapsed time in seconds since - the last time the user was actively authenticated. + description: |- + Specifies the allowable elapsed time in seconds since the last time + the user was actively authenticated with the OIDC provider. + Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string notBeforeLeeway: - description: The amount of leeway to add to not before (nbf) claims - to account for clock skew, in seconds. Defaults to 60 seconds - if set to 0 and can be disabled if set to -1. Only applicable - with "jwt" roles. The amount of leeway to add to not before - (nbf) claims to account for clock skew, in seconds. Defaults - to 150 seconds if set to 0 and can be disabled if set to -1. - Only applicable with 'jwt' roles. + description: |- + The amount of leeway to add to not before (nbf) claims to account for + clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds. Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number oidcScopes: - description: If set, a list of OIDC scopes to be used with an - OIDC role. The standard scope "openid" is automatically included - and need not be specified. List of OIDC scopes to be used with - an OIDC role. The standard scope "openid" is automatically included - and need not be specified. + description: |- + If set, a list of OIDC scopes to be used with an OIDC role. + The standard scope "openid" is automatically included and need not be specified. + List of OIDC scopes to be used with an OIDC role. The standard scope "openid" is automatically included and need not be specified. items: type: string type: array roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string roleType: - description: Type of role, either "oidc" (default) or "jwt". Type - of role, either "oidc" (default) or "jwt" + description: |- + Type of role, either "oidc" (default) or "jwt". + Type of role, either "oidc" (default) or "jwt" type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string userClaim: - description: The claim to use to uniquely identify the user; this - will be used as the name for the Identity entity alias created - due to a successful login. The claim to use to uniquely identify - the user; this will be used as the name for the Identity entity - alias created due to a successful login. + description: |- + The claim to use to uniquely identify + the user; this will be used as the name for the Identity entity alias created + due to a successful login. + The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login. type: string userClaimJsonPointer: - description: Specifies if the user_claim value uses JSON pointer - syntax for referencing claims. By default, the user_claim value - will not use JSON pointer. Requires Vault 1.11+. Specifies if - the user_claim value uses JSON pointer syntax for referencing - claims. By default, the user_claim value will not use JSON pointer. + description: |- + Specifies if the user_claim value uses + JSON pointer + syntax for referencing claims. By default, the user_claim value will not use JSON pointer. + Requires Vault 1.11+. + Specifies if the user_claim value uses JSON pointer syntax for referencing claims. By default, the user_claim value will not use JSON pointer. type: boolean verboseOidcLogging: - description: Log received OIDC tokens and claims when debug-level - logging is active. Not recommended in production since sensitive - information may be present in OIDC responses. Log received OIDC - tokens and claims when debug-level logging is active. Not recommended - in production since sensitive information may be present in - OIDC responses. + description: |- + Log received OIDC tokens and claims when debug-level + logging is active. Not recommended in production since sensitive information may be present + in OIDC responses. + Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses. type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedRedirectUris: - description: The list of allowed values for redirect_uri during - OIDC logins. Required for OIDC roles The list of allowed values - for redirect_uri during OIDC logins. + description: |- + The list of allowed values for redirect_uri during OIDC logins. + Required for OIDC roles + The list of allowed values for redirect_uri during OIDC logins. items: type: string type: array backend: - description: The unique name of the auth backend to configure. - Defaults to jwt. Unique name of the auth backend to configure. + description: |- + The unique name of the auth backend to configure. + Defaults to jwt. + Unique name of the auth backend to configure. type: string boundAudiences: - description: (For "jwt" roles, at least one of bound_audiences, - bound_subject, bound_claims or token_bound_cidrs is required. - Optional for "oidc" roles.) List of aud claims to match against. - Any match is sufficient. List of aud claims to match against. + description: |- + (For "jwt" roles, at least one of bound_audiences, bound_subject, bound_claims + or token_bound_cidrs is required. Optional for "oidc" roles.) List of aud claims to match against. Any match is sufficient. + List of aud claims to match against. Any match is sufficient. items: type: string type: array boundClaims: additionalProperties: type: string - description: If set, a map of claims to values to match against. - A claim's value must be a string, which may contain one value - or multiple comma-separated values, e.g. "red" or "red,green,blue". - Map of claims/values to match against. The expected value may - be a single string or a comma-separated string list. + description: |- + If set, a map of claims to values to match against. + A claim's value must be a string, which may contain one value or multiple + comma-separated values, e.g. "red" or "red,green,blue". + Map of claims/values to match against. The expected value may be a single string or a comma-separated string list. type: object boundClaimsType: - description: 'How to interpret values in the claims/values map - (bound_claims): can be either string (exact match) or glob (wildcard - match). Requires Vault 1.4.0 or above. How to interpret values - in the claims/values map: can be either "string" (exact match) - or "glob" (wildcard match).' + description: |- + How to interpret values in the claims/values + map (bound_claims): can be either string (exact match) or glob (wildcard + match). Requires Vault 1.4.0 or above. + How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match). type: string boundSubject: - description: If set, requires that the sub claim matches this - value. If set, requires that the sub claim matches this value. + description: |- + If set, requires that the sub claim matches + this value. + If set, requires that the sub claim matches this value. type: string claimMappings: additionalProperties: type: string - description: If set, a map of claims (keys) to be copied to specified - metadata fields (values). Map of claims (keys) to be copied + description: |- + If set, a map of claims (keys) to be copied to specified metadata fields (values). + Map of claims (keys) to be copied to specified metadata fields (values). type: object clockSkewLeeway: - description: The amount of leeway to add to all claims to account - for clock skew, in seconds. Defaults to 60 seconds if set to - 0 and can be disabled if set to -1. Only applicable with "jwt" - roles. The amount of leeway to add to all claims to account - for clock skew, in seconds. Defaults to 60 seconds if set to - 0 and can be disabled if set to -1. Only applicable with 'jwt' - roles. + description: |- + The amount of leeway to add to all claims to account for clock skew, in + seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to all claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number disableBoundClaimsParsing: description: Disable bound claim value parsing. Useful when values contain commas. type: boolean expirationLeeway: - description: The amount of leeway to add to expiration (exp) claims - to account for clock skew, in seconds. Defaults to 60 seconds - if set to 0 and can be disabled if set to -1. Only applicable - with "jwt" roles. The amount of leeway to add to expiration - (exp) claims to account for clock skew, in seconds. Defaults - to 60 seconds if set to 0 and can be disabled if set to -1. - Only applicable with 'jwt' roles. + description: |- + The amount of leeway to add to expiration (exp) claims to account for + clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number groupsClaim: - description: The claim to use to uniquely identify the set of - groups to which the user belongs; this will be used as the names - for the Identity group aliases created due to a successful login. - The claim value must be a list of strings. The claim to use - to uniquely identify the set of groups to which the user belongs; - this will be used as the names for the Identity group aliases - created due to a successful login. The claim value must be a - list of strings. + description: |- + The claim to use to uniquely identify + the set of groups to which the user belongs; this will be used as the names + for the Identity group aliases created due to a successful login. The claim + value must be a list of strings. + The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings. type: string maxAge: - description: Specifies the allowable elapsed time in seconds since - the last time the user was actively authenticated with the OIDC - provider. Specifies the allowable elapsed time in seconds since - the last time the user was actively authenticated. + description: |- + Specifies the allowable elapsed time in seconds since the last time + the user was actively authenticated with the OIDC provider. + Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string notBeforeLeeway: - description: The amount of leeway to add to not before (nbf) claims - to account for clock skew, in seconds. Defaults to 60 seconds - if set to 0 and can be disabled if set to -1. Only applicable - with "jwt" roles. The amount of leeway to add to not before - (nbf) claims to account for clock skew, in seconds. Defaults - to 150 seconds if set to 0 and can be disabled if set to -1. - Only applicable with 'jwt' roles. + description: |- + The amount of leeway to add to not before (nbf) claims to account for + clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds. Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number oidcScopes: - description: If set, a list of OIDC scopes to be used with an - OIDC role. The standard scope "openid" is automatically included - and need not be specified. List of OIDC scopes to be used with - an OIDC role. The standard scope "openid" is automatically included - and need not be specified. + description: |- + If set, a list of OIDC scopes to be used with an OIDC role. + The standard scope "openid" is automatically included and need not be specified. + List of OIDC scopes to be used with an OIDC role. The standard scope "openid" is automatically included and need not be specified. items: type: string type: array roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string roleType: - description: Type of role, either "oidc" (default) or "jwt". Type - of role, either "oidc" (default) or "jwt" + description: |- + Type of role, either "oidc" (default) or "jwt". + Type of role, either "oidc" (default) or "jwt" type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string userClaim: - description: The claim to use to uniquely identify the user; this - will be used as the name for the Identity entity alias created - due to a successful login. The claim to use to uniquely identify - the user; this will be used as the name for the Identity entity - alias created due to a successful login. + description: |- + The claim to use to uniquely identify + the user; this will be used as the name for the Identity entity alias created + due to a successful login. + The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login. type: string userClaimJsonPointer: - description: Specifies if the user_claim value uses JSON pointer - syntax for referencing claims. By default, the user_claim value - will not use JSON pointer. Requires Vault 1.11+. Specifies if - the user_claim value uses JSON pointer syntax for referencing - claims. By default, the user_claim value will not use JSON pointer. + description: |- + Specifies if the user_claim value uses + JSON pointer + syntax for referencing claims. By default, the user_claim value will not use JSON pointer. + Requires Vault 1.11+. + Specifies if the user_claim value uses JSON pointer syntax for referencing claims. By default, the user_claim value will not use JSON pointer. type: boolean verboseOidcLogging: - description: Log received OIDC tokens and claims when debug-level - logging is active. Not recommended in production since sensitive - information may be present in OIDC responses. Log received OIDC - tokens and claims when debug-level logging is active. Not recommended - in production since sensitive information may be present in - OIDC responses. + description: |- + Log received OIDC tokens and claims when debug-level + logging is active. Not recommended in production since sensitive information may be present + in OIDC responses. + Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses. type: boolean type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -505,9 +531,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -517,57 +544,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -577,17 +568,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -597,21 +590,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -626,21 +619,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -651,14 +645,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -688,203 +683,212 @@ spec: atProvider: properties: allowedRedirectUris: - description: The list of allowed values for redirect_uri during - OIDC logins. Required for OIDC roles The list of allowed values - for redirect_uri during OIDC logins. + description: |- + The list of allowed values for redirect_uri during OIDC logins. + Required for OIDC roles + The list of allowed values for redirect_uri during OIDC logins. items: type: string type: array backend: - description: The unique name of the auth backend to configure. - Defaults to jwt. Unique name of the auth backend to configure. + description: |- + The unique name of the auth backend to configure. + Defaults to jwt. + Unique name of the auth backend to configure. type: string boundAudiences: - description: (For "jwt" roles, at least one of bound_audiences, - bound_subject, bound_claims or token_bound_cidrs is required. - Optional for "oidc" roles.) List of aud claims to match against. - Any match is sufficient. List of aud claims to match against. + description: |- + (For "jwt" roles, at least one of bound_audiences, bound_subject, bound_claims + or token_bound_cidrs is required. Optional for "oidc" roles.) List of aud claims to match against. Any match is sufficient. + List of aud claims to match against. Any match is sufficient. items: type: string type: array boundClaims: additionalProperties: type: string - description: If set, a map of claims to values to match against. - A claim's value must be a string, which may contain one value - or multiple comma-separated values, e.g. "red" or "red,green,blue". - Map of claims/values to match against. The expected value may - be a single string or a comma-separated string list. + description: |- + If set, a map of claims to values to match against. + A claim's value must be a string, which may contain one value or multiple + comma-separated values, e.g. "red" or "red,green,blue". + Map of claims/values to match against. The expected value may be a single string or a comma-separated string list. type: object boundClaimsType: - description: 'How to interpret values in the claims/values map - (bound_claims): can be either string (exact match) or glob (wildcard - match). Requires Vault 1.4.0 or above. How to interpret values - in the claims/values map: can be either "string" (exact match) - or "glob" (wildcard match).' + description: |- + How to interpret values in the claims/values + map (bound_claims): can be either string (exact match) or glob (wildcard + match). Requires Vault 1.4.0 or above. + How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match). type: string boundSubject: - description: If set, requires that the sub claim matches this - value. If set, requires that the sub claim matches this value. + description: |- + If set, requires that the sub claim matches + this value. + If set, requires that the sub claim matches this value. type: string claimMappings: additionalProperties: type: string - description: If set, a map of claims (keys) to be copied to specified - metadata fields (values). Map of claims (keys) to be copied + description: |- + If set, a map of claims (keys) to be copied to specified metadata fields (values). + Map of claims (keys) to be copied to specified metadata fields (values). type: object clockSkewLeeway: - description: The amount of leeway to add to all claims to account - for clock skew, in seconds. Defaults to 60 seconds if set to - 0 and can be disabled if set to -1. Only applicable with "jwt" - roles. The amount of leeway to add to all claims to account - for clock skew, in seconds. Defaults to 60 seconds if set to - 0 and can be disabled if set to -1. Only applicable with 'jwt' - roles. + description: |- + The amount of leeway to add to all claims to account for clock skew, in + seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to all claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number disableBoundClaimsParsing: description: Disable bound claim value parsing. Useful when values contain commas. type: boolean expirationLeeway: - description: The amount of leeway to add to expiration (exp) claims - to account for clock skew, in seconds. Defaults to 60 seconds - if set to 0 and can be disabled if set to -1. Only applicable - with "jwt" roles. The amount of leeway to add to expiration - (exp) claims to account for clock skew, in seconds. Defaults - to 60 seconds if set to 0 and can be disabled if set to -1. - Only applicable with 'jwt' roles. + description: |- + The amount of leeway to add to expiration (exp) claims to account for + clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number groupsClaim: - description: The claim to use to uniquely identify the set of - groups to which the user belongs; this will be used as the names - for the Identity group aliases created due to a successful login. - The claim value must be a list of strings. The claim to use - to uniquely identify the set of groups to which the user belongs; - this will be used as the names for the Identity group aliases - created due to a successful login. The claim value must be a - list of strings. + description: |- + The claim to use to uniquely identify + the set of groups to which the user belongs; this will be used as the names + for the Identity group aliases created due to a successful login. The claim + value must be a list of strings. + The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings. type: string id: type: string maxAge: - description: Specifies the allowable elapsed time in seconds since - the last time the user was actively authenticated with the OIDC - provider. Specifies the allowable elapsed time in seconds since - the last time the user was actively authenticated. + description: |- + Specifies the allowable elapsed time in seconds since the last time + the user was actively authenticated with the OIDC provider. + Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string notBeforeLeeway: - description: The amount of leeway to add to not before (nbf) claims - to account for clock skew, in seconds. Defaults to 60 seconds - if set to 0 and can be disabled if set to -1. Only applicable - with "jwt" roles. The amount of leeway to add to not before - (nbf) claims to account for clock skew, in seconds. Defaults - to 150 seconds if set to 0 and can be disabled if set to -1. - Only applicable with 'jwt' roles. + description: |- + The amount of leeway to add to not before (nbf) claims to account for + clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. + Only applicable with "jwt" roles. + The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds. Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles. type: number oidcScopes: - description: If set, a list of OIDC scopes to be used with an - OIDC role. The standard scope "openid" is automatically included - and need not be specified. List of OIDC scopes to be used with - an OIDC role. The standard scope "openid" is automatically included - and need not be specified. + description: |- + If set, a list of OIDC scopes to be used with an OIDC role. + The standard scope "openid" is automatically included and need not be specified. + List of OIDC scopes to be used with an OIDC role. The standard scope "openid" is automatically included and need not be specified. items: type: string type: array roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string roleType: - description: Type of role, either "oidc" (default) or "jwt". Type - of role, either "oidc" (default) or "jwt" + description: |- + Type of role, either "oidc" (default) or "jwt". + Type of role, either "oidc" (default) or "jwt" type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string userClaim: - description: The claim to use to uniquely identify the user; this - will be used as the name for the Identity entity alias created - due to a successful login. The claim to use to uniquely identify - the user; this will be used as the name for the Identity entity - alias created due to a successful login. + description: |- + The claim to use to uniquely identify + the user; this will be used as the name for the Identity entity alias created + due to a successful login. + The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login. type: string userClaimJsonPointer: - description: Specifies if the user_claim value uses JSON pointer - syntax for referencing claims. By default, the user_claim value - will not use JSON pointer. Requires Vault 1.11+. Specifies if - the user_claim value uses JSON pointer syntax for referencing - claims. By default, the user_claim value will not use JSON pointer. + description: |- + Specifies if the user_claim value uses + JSON pointer + syntax for referencing claims. By default, the user_claim value will not use JSON pointer. + Requires Vault 1.11+. + Specifies if the user_claim value uses JSON pointer syntax for referencing claims. By default, the user_claim value will not use JSON pointer. type: boolean verboseOidcLogging: - description: Log received OIDC tokens and claims when debug-level - logging is active. Not recommended in production since sensitive - information may be present in OIDC responses. Log received OIDC - tokens and claims when debug-level logging is active. Not recommended - in production since sensitive information may be present in - OIDC responses. + description: |- + Log received OIDC tokens and claims when debug-level + logging is active. Not recommended in production since sensitive information may be present + in OIDC responses. + Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses. type: boolean type: object conditions: @@ -893,13 +897,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -910,8 +916,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -920,6 +927,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/jwt.vault.upbound.io_authbackends.yaml b/package/crds/jwt.vault.upbound.io_authbackends.yaml index 79e0be53..f9d1a229 100644 --- a/package/crds/jwt.vault.upbound.io_authbackends.yaml +++ b/package/crds/jwt.vault.upbound.io_authbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackends.jwt.vault.upbound.io spec: group: jwt.vault.upbound.io @@ -38,14 +38,19 @@ spec: JWT/OIDC auth backends in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,83 +74,77 @@ spec: forProvider: properties: boundIssuer: - description: The value against which to match the iss claim in - a JWT The value against which to match the iss claim in a JWT + description: |- + The value against which to match the iss claim in a JWT + The value against which to match the iss claim in a JWT type: string defaultRole: - description: The default role to use if none is provided during - login The default role to use if none is provided during login + description: |- + The default role to use if none is provided during login + The default role to use if none is provided during login type: string description: - description: The description of the auth backend The description - of the auth backend + description: |- + The description of the auth backend + The description of the auth backend type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean jwksCaPem: - description: The CA certificate or chain of certificates, in PEM - format, to use to validate connections to the JWKS URL. If not - set, system certificates are used. The CA certificate or chain - of certificates, in PEM format, to use to validate connections - to the JWKS URL. If not set, system certificates are used. + description: |- + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used. + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used. type: string jwksUrl: - description: JWKS URL to use to authenticate signatures. Cannot - be used with "oidc_discovery_url" or "jwt_validation_pubkeys". - JWKS URL to use to authenticate signatures. Cannot be used with - 'oidc_discovery_url' or 'jwt_validation_pubkeys'. + description: |- + JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys". + JWKS URL to use to authenticate signatures. Cannot be used with 'oidc_discovery_url' or 'jwt_validation_pubkeys'. type: string jwtSupportedAlgs: - description: A list of supported signing algorithms. Vault 1.1.0 - defaults to [RS256] but future or past versions of Vault may - differ A list of supported signing algorithms. Defaults to [RS256] + description: |- + A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ + A list of supported signing algorithms. Defaults to [RS256] items: type: string type: array jwtValidationPubkeys: - description: A list of PEM-encoded public keys to use to authenticate - signatures locally. Cannot be used in combination with oidc_discovery_url - A list of PEM-encoded public keys to use to authenticate signatures - locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'. + description: |- + A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with oidc_discovery_url + A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'. items: type: string type: array local: - description: Specifies if the auth method is local only. Specifies - if the auth method is local only + description: |- + Specifies if the auth method is local only. + Specifies if the auth method is local only type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string namespaceInState: - description: Pass namespace in the OIDC state parameter instead - of as a separate query parameter. With this setting, the allowed - redirect URL(s) in Vault and on the provider side should not - contain a namespace query parameter. This means only one redirect - URL entry needs to be maintained on the OIDC provider side for - all vault namespaces that will be authenticating against it. - Defaults to true for new configs Pass namespace in the OIDC - state parameter instead of as a separate query parameter. With - this setting, the allowed redirect URL(s) in Vault and on the - provider side should not contain a namespace query parameter. - This means only one redirect URL entry needs to be maintained - on the OIDC provider side for all vault namespaces that will - be authenticating against it. Defaults to true for new configs. + description: |- + Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs + Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs. type: boolean oidcClientId: - description: Client ID used for OIDC backends Client ID used for - OIDC + description: |- + Client ID used for OIDC backends + Client ID used for OIDC type: string oidcClientSecretSecretRef: - description: Client Secret used for OIDC backends Client Secret - used for OIDC + description: |- + Client Secret used for OIDC backends + Client Secret used for OIDC properties: key: description: The key to select. @@ -161,308 +161,295 @@ spec: - namespace type: object oidcDiscoveryCaPem: - description: The CA certificate or chain of certificates, in PEM - format, to use to validate connections to the OIDC Discovery - URL. If not set, system certificates are used The CA certificate - or chain of certificates, in PEM format, to use to validate - connections to the OIDC Discovery URL. If not set, system certificates - are used + description: |- + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used type: string oidcDiscoveryUrl: - description: The OIDC Discovery URL, without any .well-known component - (base path). Cannot be used in combination with jwt_validation_pubkeys - The OIDC Discovery URL, without any .well-known component (base - path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'. + description: |- + The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with jwt_validation_pubkeys + The OIDC Discovery URL, without any .well-known component (base path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'. type: string oidcResponseMode: - description: The response mode to be used in the OAuth2 request. - Allowed values are query and form_post. Defaults to query. If - using Vault namespaces, and oidc_response_mode is form_post, - then namespace_in_state should be set to false. The response - mode to be used in the OAuth2 request. Allowed values are 'query' - and 'form_post'. Defaults to 'query'. If using Vault namespaces, - and oidc_response_mode is 'form_post', then 'namespace_in_state' - should be set to false. + description: |- + The response mode to be used in the OAuth2 request. Allowed values are query and form_post. Defaults to query. If using Vault namespaces, and oidc_response_mode is form_post, then namespace_in_state should be set to false. + The response mode to be used in the OAuth2 request. Allowed values are 'query' and 'form_post'. Defaults to 'query'. If using Vault namespaces, and oidc_response_mode is 'form_post', then 'namespace_in_state' should be set to false. type: string oidcResponseTypes: - description: 'List of response types to request. Allowed values - are ''code'' and ''id_token''. Defaults to ["code"]. Note: id_token - may only be used if oidc_response_mode is set to form_post. - The response types to request. Allowed values are ''code'' and - ''id_token''. Defaults to ''code''. Note: ''id_token'' may only - be used if ''oidc_response_mode'' is set to ''form_post''.' + description: |- + List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to ["code"]. Note: id_token may only be used if oidc_response_mode is set to form_post. + The response types to request. Allowed values are 'code' and 'id_token'. Defaults to 'code'. Note: 'id_token' may only be used if 'oidc_response_mode' is set to 'form_post'. items: type: string type: array path: - description: Path to mount the JWT/OIDC auth backend path to mount - the backend + description: |- + Path to mount the JWT/OIDC auth backend + path to mount the backend type: string providerConfig: additionalProperties: type: string - description: Provider specific handling configuration. All values - may be strings, and the provider will convert to the appropriate - type when configuring Vault. Provider specific handling configuration + description: |- + Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault. + Provider specific handling configuration type: object tune: items: properties: allowedResponseHeaders: - description: List of headers to whitelist and allowing a - plugin to include them in the response. + description: |- + List of headers to whitelist and allowing + a plugin to include them in the response. items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the request data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the response data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtl: - description: Specifies the default time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the default time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string listingVisibility: - description: Specifies whether to show this mount in the - UI-specific listing endpoint. Valid values are "unauth" - or "hidden". + description: |- + Specifies whether to show this mount in + the UI-specific listing endpoint. Valid values are "unauth" or "hidden". type: string maxLeaseTtl: - description: Specifies the maximum time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the maximum time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string passthroughRequestHeaders: - description: List of headers to whitelist and pass from - the request to the backend. + description: |- + List of headers to whitelist and + pass from the request to the backend. items: type: string type: array tokenType: - description: Specifies the type of tokens that should be - returned by the mount. Valid values are "default-service", - "default-batch", "service", "batch". + description: |- + Specifies the type of tokens that should be returned by + the mount. Valid values are "default-service", "default-batch", "service", "batch". type: string type: object type: array type: - description: Type of auth backend. Should be one of jwt or oidc. - Default - jwt Type of backend. Can be either 'jwt' or 'oidc' + description: |- + Type of auth backend. Should be one of jwt or oidc. Default - jwt + Type of backend. Can be either 'jwt' or 'oidc' type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: boundIssuer: - description: The value against which to match the iss claim in - a JWT The value against which to match the iss claim in a JWT + description: |- + The value against which to match the iss claim in a JWT + The value against which to match the iss claim in a JWT type: string defaultRole: - description: The default role to use if none is provided during - login The default role to use if none is provided during login + description: |- + The default role to use if none is provided during login + The default role to use if none is provided during login type: string description: - description: The description of the auth backend The description - of the auth backend + description: |- + The description of the auth backend + The description of the auth backend type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean jwksCaPem: - description: The CA certificate or chain of certificates, in PEM - format, to use to validate connections to the JWKS URL. If not - set, system certificates are used. The CA certificate or chain - of certificates, in PEM format, to use to validate connections - to the JWKS URL. If not set, system certificates are used. + description: |- + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used. + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used. type: string jwksUrl: - description: JWKS URL to use to authenticate signatures. Cannot - be used with "oidc_discovery_url" or "jwt_validation_pubkeys". - JWKS URL to use to authenticate signatures. Cannot be used with - 'oidc_discovery_url' or 'jwt_validation_pubkeys'. + description: |- + JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys". + JWKS URL to use to authenticate signatures. Cannot be used with 'oidc_discovery_url' or 'jwt_validation_pubkeys'. type: string jwtSupportedAlgs: - description: A list of supported signing algorithms. Vault 1.1.0 - defaults to [RS256] but future or past versions of Vault may - differ A list of supported signing algorithms. Defaults to [RS256] + description: |- + A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ + A list of supported signing algorithms. Defaults to [RS256] items: type: string type: array jwtValidationPubkeys: - description: A list of PEM-encoded public keys to use to authenticate - signatures locally. Cannot be used in combination with oidc_discovery_url - A list of PEM-encoded public keys to use to authenticate signatures - locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'. + description: |- + A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with oidc_discovery_url + A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'. items: type: string type: array local: - description: Specifies if the auth method is local only. Specifies - if the auth method is local only + description: |- + Specifies if the auth method is local only. + Specifies if the auth method is local only type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string namespaceInState: - description: Pass namespace in the OIDC state parameter instead - of as a separate query parameter. With this setting, the allowed - redirect URL(s) in Vault and on the provider side should not - contain a namespace query parameter. This means only one redirect - URL entry needs to be maintained on the OIDC provider side for - all vault namespaces that will be authenticating against it. - Defaults to true for new configs Pass namespace in the OIDC - state parameter instead of as a separate query parameter. With - this setting, the allowed redirect URL(s) in Vault and on the - provider side should not contain a namespace query parameter. - This means only one redirect URL entry needs to be maintained - on the OIDC provider side for all vault namespaces that will - be authenticating against it. Defaults to true for new configs. + description: |- + Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs + Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs. type: boolean oidcClientId: - description: Client ID used for OIDC backends Client ID used for - OIDC + description: |- + Client ID used for OIDC backends + Client ID used for OIDC type: string oidcDiscoveryCaPem: - description: The CA certificate or chain of certificates, in PEM - format, to use to validate connections to the OIDC Discovery - URL. If not set, system certificates are used The CA certificate - or chain of certificates, in PEM format, to use to validate - connections to the OIDC Discovery URL. If not set, system certificates - are used + description: |- + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used type: string oidcDiscoveryUrl: - description: The OIDC Discovery URL, without any .well-known component - (base path). Cannot be used in combination with jwt_validation_pubkeys - The OIDC Discovery URL, without any .well-known component (base - path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'. + description: |- + The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with jwt_validation_pubkeys + The OIDC Discovery URL, without any .well-known component (base path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'. type: string oidcResponseMode: - description: The response mode to be used in the OAuth2 request. - Allowed values are query and form_post. Defaults to query. If - using Vault namespaces, and oidc_response_mode is form_post, - then namespace_in_state should be set to false. The response - mode to be used in the OAuth2 request. Allowed values are 'query' - and 'form_post'. Defaults to 'query'. If using Vault namespaces, - and oidc_response_mode is 'form_post', then 'namespace_in_state' - should be set to false. + description: |- + The response mode to be used in the OAuth2 request. Allowed values are query and form_post. Defaults to query. If using Vault namespaces, and oidc_response_mode is form_post, then namespace_in_state should be set to false. + The response mode to be used in the OAuth2 request. Allowed values are 'query' and 'form_post'. Defaults to 'query'. If using Vault namespaces, and oidc_response_mode is 'form_post', then 'namespace_in_state' should be set to false. type: string oidcResponseTypes: - description: 'List of response types to request. Allowed values - are ''code'' and ''id_token''. Defaults to ["code"]. Note: id_token - may only be used if oidc_response_mode is set to form_post. - The response types to request. Allowed values are ''code'' and - ''id_token''. Defaults to ''code''. Note: ''id_token'' may only - be used if ''oidc_response_mode'' is set to ''form_post''.' + description: |- + List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to ["code"]. Note: id_token may only be used if oidc_response_mode is set to form_post. + The response types to request. Allowed values are 'code' and 'id_token'. Defaults to 'code'. Note: 'id_token' may only be used if 'oidc_response_mode' is set to 'form_post'. items: type: string type: array path: - description: Path to mount the JWT/OIDC auth backend path to mount - the backend + description: |- + Path to mount the JWT/OIDC auth backend + path to mount the backend type: string providerConfig: additionalProperties: type: string - description: Provider specific handling configuration. All values - may be strings, and the provider will convert to the appropriate - type when configuring Vault. Provider specific handling configuration + description: |- + Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault. + Provider specific handling configuration type: object tune: items: properties: allowedResponseHeaders: - description: List of headers to whitelist and allowing a - plugin to include them in the response. + description: |- + List of headers to whitelist and allowing + a plugin to include them in the response. items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the request data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the response data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtl: - description: Specifies the default time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the default time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string listingVisibility: - description: Specifies whether to show this mount in the - UI-specific listing endpoint. Valid values are "unauth" - or "hidden". + description: |- + Specifies whether to show this mount in + the UI-specific listing endpoint. Valid values are "unauth" or "hidden". type: string maxLeaseTtl: - description: Specifies the maximum time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the maximum time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string passthroughRequestHeaders: - description: List of headers to whitelist and pass from - the request to the backend. + description: |- + List of headers to whitelist and + pass from the request to the backend. items: type: string type: array tokenType: - description: Specifies the type of tokens that should be - returned by the mount. Valid values are "default-service", - "default-batch", "service", "batch". + description: |- + Specifies the type of tokens that should be returned by + the mount. Valid values are "default-service", "default-batch", "service", "batch". type: string type: object type: array type: - description: Type of auth backend. Should be one of jwt or oidc. - Default - jwt Type of backend. Can be either 'jwt' or 'oidc' + description: |- + Type of auth backend. Should be one of jwt or oidc. Default - jwt + Type of backend. Can be either 'jwt' or 'oidc' type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -475,9 +462,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -487,57 +475,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -547,17 +499,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -567,21 +521,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -596,21 +550,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -621,14 +576,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -649,183 +605,173 @@ spec: atProvider: properties: accessor: - description: The accessor for this auth method The accessor of - the JWT auth backend + description: |- + The accessor for this auth method + The accessor of the JWT auth backend type: string boundIssuer: - description: The value against which to match the iss claim in - a JWT The value against which to match the iss claim in a JWT + description: |- + The value against which to match the iss claim in a JWT + The value against which to match the iss claim in a JWT type: string defaultRole: - description: The default role to use if none is provided during - login The default role to use if none is provided during login + description: |- + The default role to use if none is provided during login + The default role to use if none is provided during login type: string description: - description: The description of the auth backend The description - of the auth backend + description: |- + The description of the auth backend + The description of the auth backend type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean id: type: string jwksCaPem: - description: The CA certificate or chain of certificates, in PEM - format, to use to validate connections to the JWKS URL. If not - set, system certificates are used. The CA certificate or chain - of certificates, in PEM format, to use to validate connections - to the JWKS URL. If not set, system certificates are used. + description: |- + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used. + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used. type: string jwksUrl: - description: JWKS URL to use to authenticate signatures. Cannot - be used with "oidc_discovery_url" or "jwt_validation_pubkeys". - JWKS URL to use to authenticate signatures. Cannot be used with - 'oidc_discovery_url' or 'jwt_validation_pubkeys'. + description: |- + JWKS URL to use to authenticate signatures. Cannot be used with "oidc_discovery_url" or "jwt_validation_pubkeys". + JWKS URL to use to authenticate signatures. Cannot be used with 'oidc_discovery_url' or 'jwt_validation_pubkeys'. type: string jwtSupportedAlgs: - description: A list of supported signing algorithms. Vault 1.1.0 - defaults to [RS256] but future or past versions of Vault may - differ A list of supported signing algorithms. Defaults to [RS256] + description: |- + A list of supported signing algorithms. Vault 1.1.0 defaults to [RS256] but future or past versions of Vault may differ + A list of supported signing algorithms. Defaults to [RS256] items: type: string type: array jwtValidationPubkeys: - description: A list of PEM-encoded public keys to use to authenticate - signatures locally. Cannot be used in combination with oidc_discovery_url - A list of PEM-encoded public keys to use to authenticate signatures - locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'. + description: |- + A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used in combination with oidc_discovery_url + A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'. items: type: string type: array local: - description: Specifies if the auth method is local only. Specifies - if the auth method is local only + description: |- + Specifies if the auth method is local only. + Specifies if the auth method is local only type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string namespaceInState: - description: Pass namespace in the OIDC state parameter instead - of as a separate query parameter. With this setting, the allowed - redirect URL(s) in Vault and on the provider side should not - contain a namespace query parameter. This means only one redirect - URL entry needs to be maintained on the OIDC provider side for - all vault namespaces that will be authenticating against it. - Defaults to true for new configs Pass namespace in the OIDC - state parameter instead of as a separate query parameter. With - this setting, the allowed redirect URL(s) in Vault and on the - provider side should not contain a namespace query parameter. - This means only one redirect URL entry needs to be maintained - on the OIDC provider side for all vault namespaces that will - be authenticating against it. Defaults to true for new configs. + description: |- + Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs + Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs. type: boolean oidcClientId: - description: Client ID used for OIDC backends Client ID used for - OIDC + description: |- + Client ID used for OIDC backends + Client ID used for OIDC type: string oidcDiscoveryCaPem: - description: The CA certificate or chain of certificates, in PEM - format, to use to validate connections to the OIDC Discovery - URL. If not set, system certificates are used The CA certificate - or chain of certificates, in PEM format, to use to validate - connections to the OIDC Discovery URL. If not set, system certificates - are used + description: |- + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used + The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used type: string oidcDiscoveryUrl: - description: The OIDC Discovery URL, without any .well-known component - (base path). Cannot be used in combination with jwt_validation_pubkeys - The OIDC Discovery URL, without any .well-known component (base - path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'. + description: |- + The OIDC Discovery URL, without any .well-known component (base path). Cannot be used in combination with jwt_validation_pubkeys + The OIDC Discovery URL, without any .well-known component (base path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'. type: string oidcResponseMode: - description: The response mode to be used in the OAuth2 request. - Allowed values are query and form_post. Defaults to query. If - using Vault namespaces, and oidc_response_mode is form_post, - then namespace_in_state should be set to false. The response - mode to be used in the OAuth2 request. Allowed values are 'query' - and 'form_post'. Defaults to 'query'. If using Vault namespaces, - and oidc_response_mode is 'form_post', then 'namespace_in_state' - should be set to false. + description: |- + The response mode to be used in the OAuth2 request. Allowed values are query and form_post. Defaults to query. If using Vault namespaces, and oidc_response_mode is form_post, then namespace_in_state should be set to false. + The response mode to be used in the OAuth2 request. Allowed values are 'query' and 'form_post'. Defaults to 'query'. If using Vault namespaces, and oidc_response_mode is 'form_post', then 'namespace_in_state' should be set to false. type: string oidcResponseTypes: - description: 'List of response types to request. Allowed values - are ''code'' and ''id_token''. Defaults to ["code"]. Note: id_token - may only be used if oidc_response_mode is set to form_post. - The response types to request. Allowed values are ''code'' and - ''id_token''. Defaults to ''code''. Note: ''id_token'' may only - be used if ''oidc_response_mode'' is set to ''form_post''.' + description: |- + List of response types to request. Allowed values are 'code' and 'id_token'. Defaults to ["code"]. Note: id_token may only be used if oidc_response_mode is set to form_post. + The response types to request. Allowed values are 'code' and 'id_token'. Defaults to 'code'. Note: 'id_token' may only be used if 'oidc_response_mode' is set to 'form_post'. items: type: string type: array path: - description: Path to mount the JWT/OIDC auth backend path to mount - the backend + description: |- + Path to mount the JWT/OIDC auth backend + path to mount the backend type: string providerConfig: additionalProperties: type: string - description: Provider specific handling configuration. All values - may be strings, and the provider will convert to the appropriate - type when configuring Vault. Provider specific handling configuration + description: |- + Provider specific handling configuration. All values may be strings, and the provider will convert to the appropriate type when configuring Vault. + Provider specific handling configuration type: object tune: items: properties: allowedResponseHeaders: - description: List of headers to whitelist and allowing a - plugin to include them in the response. + description: |- + List of headers to whitelist and allowing + a plugin to include them in the response. items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the request data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be - HMAC'd by audit devices in the response data object. + description: |- + Specifies the list of keys that will + not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtl: - description: Specifies the default time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the default time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string listingVisibility: - description: Specifies whether to show this mount in the - UI-specific listing endpoint. Valid values are "unauth" - or "hidden". + description: |- + Specifies whether to show this mount in + the UI-specific listing endpoint. Valid values are "unauth" or "hidden". type: string maxLeaseTtl: - description: Specifies the maximum time-to-live. If set, - this overrides the global default. Must be a valid duration - string + description: |- + Specifies the maximum time-to-live. + If set, this overrides the global default. + Must be a valid duration string type: string passthroughRequestHeaders: - description: List of headers to whitelist and pass from - the request to the backend. + description: |- + List of headers to whitelist and + pass from the request to the backend. items: type: string type: array tokenType: - description: Specifies the type of tokens that should be - returned by the mount. Valid values are "default-service", - "default-batch", "service", "batch". + description: |- + Specifies the type of tokens that should be returned by + the mount. Valid values are "default-service", "default-batch", "service", "batch". type: string type: object type: array type: - description: Type of auth backend. Should be one of jwt or oidc. - Default - jwt Type of backend. Can be either 'jwt' or 'oidc' + description: |- + Type of auth backend. Should be one of jwt or oidc. Default - jwt + Type of backend. Can be either 'jwt' or 'oidc' type: string type: object conditions: @@ -834,13 +780,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -851,8 +799,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -861,6 +810,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kmip.vault.upbound.io_secretbackends.yaml b/package/crds/kmip.vault.upbound.io_secretbackends.yaml index 70019e7b..415ec3df 100644 --- a/package/crds/kmip.vault.upbound.io_secretbackends.yaml +++ b/package/crds/kmip.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.kmip.vault.upbound.io spec: group: kmip.vault.upbound.io @@ -38,14 +38,19 @@ spec: KMIP Secret backends in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,167 +74,187 @@ spec: forProvider: properties: defaultTlsClientKeyBits: - description: Client certificate key bits, valid values depend - on key type. Client certificate key bits, valid values depend - on key type + description: |- + Client certificate key bits, valid values depend on key type. + Client certificate key bits, valid values depend on key type type: number defaultTlsClientKeyType: - description: Client certificate key type, rsa or ec. Client certificate - key type, rsa or ec + description: |- + Client certificate key type, rsa or ec. + Client certificate key type, rsa or ec type: string defaultTlsClientTtl: description: Client certificate TTL in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean listenAddrs: - description: Addresses the KMIP server should listen on (host:port). + description: |- + Addresses the KMIP server should listen on (host:port). Addresses the KMIP server should listen on (host:port) items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP secret backend will be mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP secret backend will be mounted type: string serverHostnames: - description: Hostnames to include in the server's TLS certificate - as SAN DNS names. The first will be used as the common name - (CN). Hostnames to include in the server's TLS certificate as - SAN DNS names. The first will be used as the common name (CN) + description: |- + Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN). + Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN) items: type: string type: array serverIps: - description: IPs to include in the server's TLS certificate as - SAN IP addresses. IPs to include in the server's TLS certificate - as SAN IP addresses + description: |- + IPs to include in the server's TLS certificate as SAN IP addresses. + IPs to include in the server's TLS certificate as SAN IP addresses items: type: string type: array tlsCaKeyBits: - description: CA key bits, valid values depend on key type. CA - key bits, valid values depend on key type + description: |- + CA key bits, valid values depend on key type. + CA key bits, valid values depend on key type type: number tlsCaKeyType: - description: CA key type, rsa or ec. CA key type, rsa or ec + description: |- + CA key type, rsa or ec. + CA key type, rsa or ec type: string tlsMinVersion: - description: Minimum TLS version to accept. Minimum TLS version - to accept + description: |- + Minimum TLS version to accept. + Minimum TLS version to accept type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: defaultTlsClientKeyBits: - description: Client certificate key bits, valid values depend - on key type. Client certificate key bits, valid values depend - on key type + description: |- + Client certificate key bits, valid values depend on key type. + Client certificate key bits, valid values depend on key type type: number defaultTlsClientKeyType: - description: Client certificate key type, rsa or ec. Client certificate - key type, rsa or ec + description: |- + Client certificate key type, rsa or ec. + Client certificate key type, rsa or ec type: string defaultTlsClientTtl: description: Client certificate TTL in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean listenAddrs: - description: Addresses the KMIP server should listen on (host:port). + description: |- + Addresses the KMIP server should listen on (host:port). Addresses the KMIP server should listen on (host:port) items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP secret backend will be mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP secret backend will be mounted type: string serverHostnames: - description: Hostnames to include in the server's TLS certificate - as SAN DNS names. The first will be used as the common name - (CN). Hostnames to include in the server's TLS certificate as - SAN DNS names. The first will be used as the common name (CN) + description: |- + Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN). + Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN) items: type: string type: array serverIps: - description: IPs to include in the server's TLS certificate as - SAN IP addresses. IPs to include in the server's TLS certificate - as SAN IP addresses + description: |- + IPs to include in the server's TLS certificate as SAN IP addresses. + IPs to include in the server's TLS certificate as SAN IP addresses items: type: string type: array tlsCaKeyBits: - description: CA key bits, valid values depend on key type. CA - key bits, valid values depend on key type + description: |- + CA key bits, valid values depend on key type. + CA key bits, valid values depend on key type type: number tlsCaKeyType: - description: CA key type, rsa or ec. CA key type, rsa or ec + description: |- + CA key type, rsa or ec. + CA key type, rsa or ec type: string tlsMinVersion: - description: Minimum TLS version to accept. Minimum TLS version - to accept + description: |- + Minimum TLS version to accept. + Minimum TLS version to accept type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -241,9 +267,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -253,57 +280,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -313,17 +304,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -333,21 +326,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -362,21 +355,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -387,14 +381,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -420,71 +415,80 @@ spec: atProvider: properties: defaultTlsClientKeyBits: - description: Client certificate key bits, valid values depend - on key type. Client certificate key bits, valid values depend - on key type + description: |- + Client certificate key bits, valid values depend on key type. + Client certificate key bits, valid values depend on key type type: number defaultTlsClientKeyType: - description: Client certificate key type, rsa or ec. Client certificate - key type, rsa or ec + description: |- + Client certificate key type, rsa or ec. + Client certificate key type, rsa or ec type: string defaultTlsClientTtl: description: Client certificate TTL in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean id: type: string listenAddrs: - description: Addresses the KMIP server should listen on (host:port). + description: |- + Addresses the KMIP server should listen on (host:port). Addresses the KMIP server should listen on (host:port) items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP secret backend will be mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP secret backend will be mounted type: string serverHostnames: - description: Hostnames to include in the server's TLS certificate - as SAN DNS names. The first will be used as the common name - (CN). Hostnames to include in the server's TLS certificate as - SAN DNS names. The first will be used as the common name (CN) + description: |- + Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN). + Hostnames to include in the server's TLS certificate as SAN DNS names. The first will be used as the common name (CN) items: type: string type: array serverIps: - description: IPs to include in the server's TLS certificate as - SAN IP addresses. IPs to include in the server's TLS certificate - as SAN IP addresses + description: |- + IPs to include in the server's TLS certificate as SAN IP addresses. + IPs to include in the server's TLS certificate as SAN IP addresses items: type: string type: array tlsCaKeyBits: - description: CA key bits, valid values depend on key type. CA - key bits, valid values depend on key type + description: |- + CA key bits, valid values depend on key type. + CA key bits, valid values depend on key type type: number tlsCaKeyType: - description: CA key type, rsa or ec. CA key type, rsa or ec + description: |- + CA key type, rsa or ec. + CA key type, rsa or ec type: string tlsMinVersion: - description: Minimum TLS version to accept. Minimum TLS version - to accept + description: |- + Minimum TLS version to accept. + Minimum TLS version to accept type: string type: object conditions: @@ -493,13 +497,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -510,8 +516,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -520,6 +527,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kmip.vault.upbound.io_secretroles.yaml b/package/crds/kmip.vault.upbound.io_secretroles.yaml index ac268e96..1f097236 100644 --- a/package/crds/kmip.vault.upbound.io_secretroles.yaml +++ b/package/crds/kmip.vault.upbound.io_secretroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretroles.kmip.vault.upbound.io spec: group: kmip.vault.upbound.io @@ -38,14 +38,19 @@ spec: Secret roles in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,221 +74,257 @@ spec: forProvider: properties: namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string operationActivate: - description: Grant permission to use the KMIP Activate operation. + description: |- + Grant permission to use the KMIP Activate operation. Grant permission to use the KMIP Activate operation type: boolean operationAddAttribute: - description: Grant permission to use the KMIP Add Attribute operation. + description: |- + Grant permission to use the KMIP Add Attribute operation. Grant permission to use the KMIP Add Attribute operation type: boolean operationAll: - description: Grant all permissions to this role. May not be specified - with any other operation_* params. Grant all permissions to - this role. May not be specified with any other operation_* params + description: |- + Grant all permissions to this role. May not be specified with any other operation_* params. + Grant all permissions to this role. May not be specified with any other operation_* params type: boolean operationCreate: - description: Grant permission to use the KMIP Create operation. + description: |- + Grant permission to use the KMIP Create operation. Grant permission to use the KMIP Create operation type: boolean operationDestroy: - description: Grant permission to use the KMIP Destroy operation. + description: |- + Grant permission to use the KMIP Destroy operation. Grant permission to use the KMIP Destroy operation type: boolean operationDiscoverVersions: - description: Grant permission to use the KMIP Discover Version - operation. Grant permission to use the KMIP Discover Version - operation + description: |- + Grant permission to use the KMIP Discover Version operation. + Grant permission to use the KMIP Discover Version operation type: boolean operationGet: - description: Grant permission to use the KMIP Get operation. Grant - permission to use the KMIP Get operation + description: |- + Grant permission to use the KMIP Get operation. + Grant permission to use the KMIP Get operation type: boolean operationGetAttributeList: - description: Grant permission to use the KMIP Get Atrribute List - operation. Grant permission to use the KMIP Get Attribute List - operation + description: |- + Grant permission to use the KMIP Get Atrribute List operation. + Grant permission to use the KMIP Get Attribute List operation type: boolean operationGetAttributes: - description: Grant permission to use the KMIP Get Atrributes operation. + description: |- + Grant permission to use the KMIP Get Atrributes operation. Grant permission to use the KMIP Get Attributes operation type: boolean operationLocate: - description: Grant permission to use the KMIP Get Locate operation. + description: |- + Grant permission to use the KMIP Get Locate operation. Grant permission to use the KMIP Locate operation type: boolean operationNone: - description: Remove all permissions from this role. May not be - specified with any other operation_* params. Remove all permissions - from this role. May not be specified with any other operation_* - params + description: |- + Remove all permissions from this role. May not be specified with any other operation_* params. + Remove all permissions from this role. May not be specified with any other operation_* params type: boolean operationRegister: - description: Grant permission to use the KMIP Register operation. + description: |- + Grant permission to use the KMIP Register operation. Grant permission to use the KMIP Register operation type: boolean operationRekey: - description: Grant permission to use the KMIP Rekey operation. + description: |- + Grant permission to use the KMIP Rekey operation. Grant permission to use the KMIP Rekey operation type: boolean operationRevoke: - description: Grant permission to use the KMIP Revoke operation. + description: |- + Grant permission to use the KMIP Revoke operation. Grant permission to use the KMIP Revoke operation type: boolean path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP backend is mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP backend is mounted type: string role: - description: Name of the role. Name of the role + description: |- + Name of the role. + Name of the role type: string scope: - description: Name of the scope. Name of the scope + description: |- + Name of the scope. + Name of the scope type: string tlsClientKeyBits: - description: Client certificate key bits, valid values depend - on key type. Client certificate key bits, valid values depend - on key type + description: |- + Client certificate key bits, valid values depend on key type. + Client certificate key bits, valid values depend on key type type: number tlsClientKeyType: - description: Client certificate key type, rsa or ec. Client certificate - key type, rsa or ec + description: |- + Client certificate key type, rsa or ec. + Client certificate key type, rsa or ec type: string tlsClientTtl: - description: Client certificate TTL in seconds. Client certificate - TTL in seconds + description: |- + Client certificate TTL in seconds. + Client certificate TTL in seconds type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string operationActivate: - description: Grant permission to use the KMIP Activate operation. + description: |- + Grant permission to use the KMIP Activate operation. Grant permission to use the KMIP Activate operation type: boolean operationAddAttribute: - description: Grant permission to use the KMIP Add Attribute operation. + description: |- + Grant permission to use the KMIP Add Attribute operation. Grant permission to use the KMIP Add Attribute operation type: boolean operationAll: - description: Grant all permissions to this role. May not be specified - with any other operation_* params. Grant all permissions to - this role. May not be specified with any other operation_* params + description: |- + Grant all permissions to this role. May not be specified with any other operation_* params. + Grant all permissions to this role. May not be specified with any other operation_* params type: boolean operationCreate: - description: Grant permission to use the KMIP Create operation. + description: |- + Grant permission to use the KMIP Create operation. Grant permission to use the KMIP Create operation type: boolean operationDestroy: - description: Grant permission to use the KMIP Destroy operation. + description: |- + Grant permission to use the KMIP Destroy operation. Grant permission to use the KMIP Destroy operation type: boolean operationDiscoverVersions: - description: Grant permission to use the KMIP Discover Version - operation. Grant permission to use the KMIP Discover Version - operation + description: |- + Grant permission to use the KMIP Discover Version operation. + Grant permission to use the KMIP Discover Version operation type: boolean operationGet: - description: Grant permission to use the KMIP Get operation. Grant - permission to use the KMIP Get operation + description: |- + Grant permission to use the KMIP Get operation. + Grant permission to use the KMIP Get operation type: boolean operationGetAttributeList: - description: Grant permission to use the KMIP Get Atrribute List - operation. Grant permission to use the KMIP Get Attribute List - operation + description: |- + Grant permission to use the KMIP Get Atrribute List operation. + Grant permission to use the KMIP Get Attribute List operation type: boolean operationGetAttributes: - description: Grant permission to use the KMIP Get Atrributes operation. + description: |- + Grant permission to use the KMIP Get Atrributes operation. Grant permission to use the KMIP Get Attributes operation type: boolean operationLocate: - description: Grant permission to use the KMIP Get Locate operation. + description: |- + Grant permission to use the KMIP Get Locate operation. Grant permission to use the KMIP Locate operation type: boolean operationNone: - description: Remove all permissions from this role. May not be - specified with any other operation_* params. Remove all permissions - from this role. May not be specified with any other operation_* - params + description: |- + Remove all permissions from this role. May not be specified with any other operation_* params. + Remove all permissions from this role. May not be specified with any other operation_* params type: boolean operationRegister: - description: Grant permission to use the KMIP Register operation. + description: |- + Grant permission to use the KMIP Register operation. Grant permission to use the KMIP Register operation type: boolean operationRekey: - description: Grant permission to use the KMIP Rekey operation. + description: |- + Grant permission to use the KMIP Rekey operation. Grant permission to use the KMIP Rekey operation type: boolean operationRevoke: - description: Grant permission to use the KMIP Revoke operation. + description: |- + Grant permission to use the KMIP Revoke operation. Grant permission to use the KMIP Revoke operation type: boolean path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP backend is mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP backend is mounted type: string role: - description: Name of the role. Name of the role + description: |- + Name of the role. + Name of the role type: string scope: - description: Name of the scope. Name of the scope + description: |- + Name of the scope. + Name of the scope type: string tlsClientKeyBits: - description: Client certificate key bits, valid values depend - on key type. Client certificate key bits, valid values depend - on key type + description: |- + Client certificate key bits, valid values depend on key type. + Client certificate key bits, valid values depend on key type type: number tlsClientKeyType: - description: Client certificate key type, rsa or ec. Client certificate - key type, rsa or ec + description: |- + Client certificate key type, rsa or ec. + Client certificate key type, rsa or ec type: string tlsClientTtl: - description: Client certificate TTL in seconds. Client certificate - TTL in seconds + description: |- + Client certificate TTL in seconds. + Client certificate TTL in seconds type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -295,9 +337,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -307,57 +350,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -367,17 +374,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -387,21 +396,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -416,21 +425,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -441,14 +451,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -484,96 +495,113 @@ spec: id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string operationActivate: - description: Grant permission to use the KMIP Activate operation. + description: |- + Grant permission to use the KMIP Activate operation. Grant permission to use the KMIP Activate operation type: boolean operationAddAttribute: - description: Grant permission to use the KMIP Add Attribute operation. + description: |- + Grant permission to use the KMIP Add Attribute operation. Grant permission to use the KMIP Add Attribute operation type: boolean operationAll: - description: Grant all permissions to this role. May not be specified - with any other operation_* params. Grant all permissions to - this role. May not be specified with any other operation_* params + description: |- + Grant all permissions to this role. May not be specified with any other operation_* params. + Grant all permissions to this role. May not be specified with any other operation_* params type: boolean operationCreate: - description: Grant permission to use the KMIP Create operation. + description: |- + Grant permission to use the KMIP Create operation. Grant permission to use the KMIP Create operation type: boolean operationDestroy: - description: Grant permission to use the KMIP Destroy operation. + description: |- + Grant permission to use the KMIP Destroy operation. Grant permission to use the KMIP Destroy operation type: boolean operationDiscoverVersions: - description: Grant permission to use the KMIP Discover Version - operation. Grant permission to use the KMIP Discover Version - operation + description: |- + Grant permission to use the KMIP Discover Version operation. + Grant permission to use the KMIP Discover Version operation type: boolean operationGet: - description: Grant permission to use the KMIP Get operation. Grant - permission to use the KMIP Get operation + description: |- + Grant permission to use the KMIP Get operation. + Grant permission to use the KMIP Get operation type: boolean operationGetAttributeList: - description: Grant permission to use the KMIP Get Atrribute List - operation. Grant permission to use the KMIP Get Attribute List - operation + description: |- + Grant permission to use the KMIP Get Atrribute List operation. + Grant permission to use the KMIP Get Attribute List operation type: boolean operationGetAttributes: - description: Grant permission to use the KMIP Get Atrributes operation. + description: |- + Grant permission to use the KMIP Get Atrributes operation. Grant permission to use the KMIP Get Attributes operation type: boolean operationLocate: - description: Grant permission to use the KMIP Get Locate operation. + description: |- + Grant permission to use the KMIP Get Locate operation. Grant permission to use the KMIP Locate operation type: boolean operationNone: - description: Remove all permissions from this role. May not be - specified with any other operation_* params. Remove all permissions - from this role. May not be specified with any other operation_* - params + description: |- + Remove all permissions from this role. May not be specified with any other operation_* params. + Remove all permissions from this role. May not be specified with any other operation_* params type: boolean operationRegister: - description: Grant permission to use the KMIP Register operation. + description: |- + Grant permission to use the KMIP Register operation. Grant permission to use the KMIP Register operation type: boolean operationRekey: - description: Grant permission to use the KMIP Rekey operation. + description: |- + Grant permission to use the KMIP Rekey operation. Grant permission to use the KMIP Rekey operation type: boolean operationRevoke: - description: Grant permission to use the KMIP Revoke operation. + description: |- + Grant permission to use the KMIP Revoke operation. Grant permission to use the KMIP Revoke operation type: boolean path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP backend is mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP backend is mounted type: string role: - description: Name of the role. Name of the role + description: |- + Name of the role. + Name of the role type: string scope: - description: Name of the scope. Name of the scope + description: |- + Name of the scope. + Name of the scope type: string tlsClientKeyBits: - description: Client certificate key bits, valid values depend - on key type. Client certificate key bits, valid values depend - on key type + description: |- + Client certificate key bits, valid values depend on key type. + Client certificate key bits, valid values depend on key type type: number tlsClientKeyType: - description: Client certificate key type, rsa or ec. Client certificate - key type, rsa or ec + description: |- + Client certificate key type, rsa or ec. + Client certificate key type, rsa or ec type: string tlsClientTtl: - description: Client certificate TTL in seconds. Client certificate - TTL in seconds + description: |- + Client certificate TTL in seconds. + Client certificate TTL in seconds type: number type: object conditions: @@ -582,13 +610,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -599,8 +629,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -609,6 +640,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kmip.vault.upbound.io_secretscopes.yaml b/package/crds/kmip.vault.upbound.io_secretscopes.yaml index b991161c..e483d064 100644 --- a/package/crds/kmip.vault.upbound.io_secretscopes.yaml +++ b/package/crds/kmip.vault.upbound.io_secretscopes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretscopes.kmip.vault.upbound.io spec: group: kmip.vault.upbound.io @@ -38,14 +38,19 @@ spec: KMIP Secret scopes in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,77 +74,87 @@ spec: forProvider: properties: force: - description: Boolean field to force deletion even if there are - managed objects in the scope. Force deletion even if there are - managed objects in the scope + description: |- + Boolean field to force deletion even if there are managed objects in the scope. + Force deletion even if there are managed objects in the scope type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP backend is mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP backend is mounted type: string scope: - description: Name of the scope. Name of the scope + description: |- + Name of the scope. + Name of the scope type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: force: - description: Boolean field to force deletion even if there are - managed objects in the scope. Force deletion even if there are - managed objects in the scope + description: |- + Boolean field to force deletion even if there are managed objects in the scope. + Force deletion even if there are managed objects in the scope type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP backend is mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP backend is mounted type: string scope: - description: Name of the scope. Name of the scope + description: |- + Name of the scope. + Name of the scope type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -151,9 +167,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -163,57 +180,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -223,17 +204,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -243,21 +226,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -272,21 +255,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -297,14 +281,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -334,26 +319,30 @@ spec: atProvider: properties: force: - description: Boolean field to force deletion even if there are - managed objects in the scope. Force deletion even if there are - managed objects in the scope + description: |- + Boolean field to force deletion even if there are managed objects in the scope. + Force deletion even if there are managed objects in the scope type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to kmip. Path where - KMIP backend is mounted + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to kmip. + Path where KMIP backend is mounted type: string scope: - description: Name of the scope. Name of the scope + description: |- + Name of the scope. + Name of the scope type: string type: object conditions: @@ -362,13 +351,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -379,8 +370,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -389,6 +381,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kubernetes.vault.upbound.io_authbackendconfigs.yaml b/package/crds/kubernetes.vault.upbound.io_authbackendconfigs.yaml index 95d0f4a1..14bb6668 100644 --- a/package/crds/kubernetes.vault.upbound.io_authbackendconfigs.yaml +++ b/package/crds/kubernetes.vault.upbound.io_authbackendconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendconfigs.kubernetes.vault.upbound.io spec: group: kubernetes.vault.upbound.io @@ -38,14 +38,19 @@ spec: Manages Kubernetes auth backend configs in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -71,62 +77,49 @@ spec: description: Unique name of the kubernetes backend to configure. type: string disableIssValidation: - description: Disable JWT issuer validation. Allows to skip ISS - validation. Requires Vault v1.5.4+ or Vault auth kubernetes - plugin v0.7.1+ Optional disable JWT issuer validation. Allows - to skip ISS validation. + description: |- + Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ + Optional disable JWT issuer validation. Allows to skip ISS validation. type: boolean disableLocalCaJwt: - description: Disable defaulting to the local CA cert and service - account JWT when running in a Kubernetes pod. Requires Vault - v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ Optional disable - defaulting to the local CA cert and service account JWT when - running in a Kubernetes pod. + description: |- + Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ + Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. type: boolean issuer: - description: JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount - will be used as the default issuer. Optional JWT issuer. If - no issuer is specified, kubernetes.io/serviceaccount will be - used as the default issuer. + description: |- + JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. + Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. type: string kubernetesCaCert: - description: PEM encoded CA cert for use by the TLS client used - to talk with the Kubernetes API. PEM encoded CA cert for use - by the TLS client used to talk with the Kubernetes API. + description: |- + PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. + PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. type: string kubernetesHost: - description: Host must be a host string, a host:port pair, or - a URL to the base of the Kubernetes API server. Host must be - a host string, a host:port pair, or a URL to the base of the - Kubernetes API server. + description: |- + Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. + Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pemKeys: - description: List of PEM-formatted public keys or certificates - used to verify the signatures of Kubernetes service account - JWTs. If a certificate is given, its public key will be extracted. - Not every installation of Kubernetes exposes these keys. Optional - list of PEM-formatted public keys or certificates used to verify - the signatures of Kubernetes service account JWTs. If a certificate - is given, its public key will be extracted. Not every installation - of Kubernetes exposes these keys. + description: |- + List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys. + Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys. items: type: string type: array tokenReviewerJwtSecretRef: - description: A service account JWT (or other token) used as a - bearer token to access the TokenReview API to validate other - JWTs during login. If not set the JWT used for login will be - used to access the API. A service account JWT (or other token) - used as a bearer token to access the TokenReview API to validate - other JWTs during login. If not set the JWT used for login will - be used to access the API. + description: |- + A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API. + A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API. properties: key: description: The key to select. @@ -144,67 +137,59 @@ spec: type: object type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: description: Unique name of the kubernetes backend to configure. type: string disableIssValidation: - description: Disable JWT issuer validation. Allows to skip ISS - validation. Requires Vault v1.5.4+ or Vault auth kubernetes - plugin v0.7.1+ Optional disable JWT issuer validation. Allows - to skip ISS validation. + description: |- + Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ + Optional disable JWT issuer validation. Allows to skip ISS validation. type: boolean disableLocalCaJwt: - description: Disable defaulting to the local CA cert and service - account JWT when running in a Kubernetes pod. Requires Vault - v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ Optional disable - defaulting to the local CA cert and service account JWT when - running in a Kubernetes pod. + description: |- + Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ + Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. type: boolean issuer: - description: JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount - will be used as the default issuer. Optional JWT issuer. If - no issuer is specified, kubernetes.io/serviceaccount will be - used as the default issuer. + description: |- + JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. + Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. type: string kubernetesCaCert: - description: PEM encoded CA cert for use by the TLS client used - to talk with the Kubernetes API. PEM encoded CA cert for use - by the TLS client used to talk with the Kubernetes API. + description: |- + PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. + PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. type: string kubernetesHost: - description: Host must be a host string, a host:port pair, or - a URL to the base of the Kubernetes API server. Host must be - a host string, a host:port pair, or a URL to the base of the - Kubernetes API server. + description: |- + Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. + Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pemKeys: - description: List of PEM-formatted public keys or certificates - used to verify the signatures of Kubernetes service account - JWTs. If a certificate is given, its public key will be extracted. - Not every installation of Kubernetes exposes these keys. Optional - list of PEM-formatted public keys or certificates used to verify - the signatures of Kubernetes service account JWTs. If a certificate - is given, its public key will be extracted. Not every installation - of Kubernetes exposes these keys. + description: |- + List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys. + Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys. items: type: string type: array @@ -212,20 +197,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -238,9 +224,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -250,57 +237,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -310,17 +261,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -330,21 +283,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -359,21 +312,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -384,14 +338,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -420,53 +375,44 @@ spec: description: Unique name of the kubernetes backend to configure. type: string disableIssValidation: - description: Disable JWT issuer validation. Allows to skip ISS - validation. Requires Vault v1.5.4+ or Vault auth kubernetes - plugin v0.7.1+ Optional disable JWT issuer validation. Allows - to skip ISS validation. + description: |- + Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ + Optional disable JWT issuer validation. Allows to skip ISS validation. type: boolean disableLocalCaJwt: - description: Disable defaulting to the local CA cert and service - account JWT when running in a Kubernetes pod. Requires Vault - v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ Optional disable - defaulting to the local CA cert and service account JWT when - running in a Kubernetes pod. + description: |- + Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault v1.5.4+ or Vault auth kubernetes plugin v0.7.1+ + Optional disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. type: boolean id: type: string issuer: - description: JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount - will be used as the default issuer. Optional JWT issuer. If - no issuer is specified, kubernetes.io/serviceaccount will be - used as the default issuer. + description: |- + JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. + Optional JWT issuer. If no issuer is specified, kubernetes.io/serviceaccount will be used as the default issuer. type: string kubernetesCaCert: - description: PEM encoded CA cert for use by the TLS client used - to talk with the Kubernetes API. PEM encoded CA cert for use - by the TLS client used to talk with the Kubernetes API. + description: |- + PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. + PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API. type: string kubernetesHost: - description: Host must be a host string, a host:port pair, or - a URL to the base of the Kubernetes API server. Host must be - a host string, a host:port pair, or a URL to the base of the - Kubernetes API server. + description: |- + Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. + Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pemKeys: - description: List of PEM-formatted public keys or certificates - used to verify the signatures of Kubernetes service account - JWTs. If a certificate is given, its public key will be extracted. - Not every installation of Kubernetes exposes these keys. Optional - list of PEM-formatted public keys or certificates used to verify - the signatures of Kubernetes service account JWTs. If a certificate - is given, its public key will be extracted. Not every installation - of Kubernetes exposes these keys. + description: |- + List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys. + Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys. items: type: string type: array @@ -477,13 +423,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -494,8 +442,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -504,6 +453,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kubernetes.vault.upbound.io_authbackendroles.yaml b/package/crds/kubernetes.vault.upbound.io_authbackendroles.yaml index 10ef7f29..a5216c08 100644 --- a/package/crds/kubernetes.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/kubernetes.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.kubernetes.vault.upbound.io spec: group: kubernetes.vault.upbound.io @@ -38,14 +38,19 @@ spec: Kubernetes auth backend roles in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,88 +74,96 @@ spec: forProvider: properties: aliasNameSource: - description: 'Configures how identity aliases are generated. Valid - choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+) - Configures how identity aliases are generated. Valid choices - are: serviceaccount_uid, serviceaccount_name' + description: |- + Configures how identity aliases are generated. + Valid choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+) + Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name type: string audience: - description: Audience claim to verify in the JWT. Optional Audience - claim to verify in the JWT. + description: |- + Audience claim to verify in the JWT. + Optional Audience claim to verify in the JWT. type: string backend: - description: Unique name of the kubernetes backend to configure. + description: |- + Unique name of the kubernetes backend to configure. Unique name of the kubernetes backend to configure. type: string boundServiceAccountNames: - description: List of service account names able to access this - role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces - can not be "*". List of service account names able to access - this role. If set to `["*"]` all names are allowed, both this - and bound_service_account_namespaces can not be "*". + description: |- + List of service account names able to access this role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces can not be "*". + List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*". items: type: string type: array boundServiceAccountNamespaces: - description: List of namespaces allowed to access this role. If - set to ["*"] all namespaces are allowed, both this and bound_service_account_names - can not be set to "*". List of namespaces allowed to access - this role. If set to `["*"]` all namespaces are allowed, both - this and bound_service_account_names can not be set to "*". + description: |- + List of namespaces allowed to access this role. If set to ["*"] all namespaces are allowed, both this and bound_service_account_names can not be set to "*". + List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*". items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleName: - description: Name of the role. Name of the role. + description: |- + Name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array @@ -157,111 +171,120 @@ spec: description: The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: aliasNameSource: - description: 'Configures how identity aliases are generated. Valid - choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+) - Configures how identity aliases are generated. Valid choices - are: serviceaccount_uid, serviceaccount_name' + description: |- + Configures how identity aliases are generated. + Valid choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+) + Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name type: string audience: - description: Audience claim to verify in the JWT. Optional Audience - claim to verify in the JWT. + description: |- + Audience claim to verify in the JWT. + Optional Audience claim to verify in the JWT. type: string backend: - description: Unique name of the kubernetes backend to configure. + description: |- + Unique name of the kubernetes backend to configure. Unique name of the kubernetes backend to configure. type: string boundServiceAccountNames: - description: List of service account names able to access this - role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces - can not be "*". List of service account names able to access - this role. If set to `["*"]` all names are allowed, both this - and bound_service_account_namespaces can not be "*". + description: |- + List of service account names able to access this role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces can not be "*". + List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*". items: type: string type: array boundServiceAccountNamespaces: - description: List of namespaces allowed to access this role. If - set to ["*"] all namespaces are allowed, both this and bound_service_account_names - can not be set to "*". List of namespaces allowed to access - this role. If set to `["*"]` all namespaces are allowed, both - this and bound_service_account_names can not be set to "*". + description: |- + List of namespaces allowed to access this role. If set to ["*"] all namespaces are allowed, both this and bound_service_account_names can not be set to "*". + List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*". items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleName: - description: Name of the role. Name of the role. + description: |- + Name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array @@ -269,32 +292,33 @@ spec: description: The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -307,9 +331,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -319,57 +344,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -379,17 +368,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -399,21 +390,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -428,21 +419,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -453,14 +445,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -494,90 +487,98 @@ spec: atProvider: properties: aliasNameSource: - description: 'Configures how identity aliases are generated. Valid - choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+) - Configures how identity aliases are generated. Valid choices - are: serviceaccount_uid, serviceaccount_name' + description: |- + Configures how identity aliases are generated. + Valid choices are: serviceaccount_uid, serviceaccount_name. (vault-1.9+) + Configures how identity aliases are generated. Valid choices are: serviceaccount_uid, serviceaccount_name type: string audience: - description: Audience claim to verify in the JWT. Optional Audience - claim to verify in the JWT. + description: |- + Audience claim to verify in the JWT. + Optional Audience claim to verify in the JWT. type: string backend: - description: Unique name of the kubernetes backend to configure. + description: |- + Unique name of the kubernetes backend to configure. Unique name of the kubernetes backend to configure. type: string boundServiceAccountNames: - description: List of service account names able to access this - role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces - can not be "*". List of service account names able to access - this role. If set to `["*"]` all names are allowed, both this - and bound_service_account_namespaces can not be "*". + description: |- + List of service account names able to access this role. If set to ["*"] all names are allowed, both this and bound_service_account_namespaces can not be "*". + List of service account names able to access this role. If set to `["*"]` all names are allowed, both this and bound_service_account_namespaces can not be "*". items: type: string type: array boundServiceAccountNamespaces: - description: List of namespaces allowed to access this role. If - set to ["*"] all namespaces are allowed, both this and bound_service_account_names - can not be set to "*". List of namespaces allowed to access - this role. If set to `["*"]` all namespaces are allowed, both - this and bound_service_account_names can not be set to "*". + description: |- + List of namespaces allowed to access this role. If set to ["*"] all namespaces are allowed, both this and bound_service_account_names can not be set to "*". + List of namespaces allowed to access this role. If set to `["*"]` all namespaces are allowed, both this and bound_service_account_names can not be set to "*". items: type: string type: array id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string roleName: - description: Name of the role. Name of the role. + description: |- + Name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: - description: List of policies to encode onto generated tokens. - Depending on the auth method, this list may be supplemented - by user/group/other values. Generated Token's Policies + description: |- + List of policies to encode onto generated tokens. Depending + on the auth method, this list may be supplemented by user/group/other values. + Generated Token's Policies items: type: string type: array @@ -585,13 +586,13 @@ spec: description: The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object conditions: @@ -600,13 +601,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -617,8 +620,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -627,6 +631,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kubernetes.vault.upbound.io_secretbackendroles.yaml b/package/crds/kubernetes.vault.upbound.io_secretbackendroles.yaml index 51e1605a..8b763505 100644 --- a/package/crds/kubernetes.vault.upbound.io_secretbackendroles.yaml +++ b/package/crds/kubernetes.vault.upbound.io_secretbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendroles.kubernetes.vault.upbound.io spec: group: kubernetes.vault.upbound.io @@ -38,14 +38,19 @@ spec: Creates a role for the Kubernetes Secrets Engine in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,215 +74,215 @@ spec: forProvider: properties: allowedKubernetesNamespaces: - description: The list of Kubernetes namespaces this role can generate - credentials for. If set to * all namespaces are allowed. The - list of Kubernetes namespaces this role can generate credentials - for. If set to '*' all namespaces are allowed. + description: |- + The list of Kubernetes namespaces this role + can generate credentials for. If set to * all namespaces are allowed. + The list of Kubernetes namespaces this role can generate credentials for. If set to '*' all namespaces are allowed. items: type: string type: array backend: - description: The path of the Kubernetes Secrets Engine backend - mount to create the role in. The mount path for the Kubernetes - secrets engine. + description: |- + The path of the Kubernetes Secrets Engine backend mount to create + the role in. + The mount path for the Kubernetes secrets engine. type: string extraAnnotations: additionalProperties: type: string - description: Additional annotations to apply to all generated - Kubernetes objects. Additional annotations to apply to all generated + description: |- + Additional annotations to apply to all generated Kubernetes objects. + Additional annotations to apply to all generated Kubernetes objects. type: object extraLabels: additionalProperties: type: string - description: Additional labels to apply to all generated Kubernetes - objects. Additional labels to apply to all generated Kubernetes + description: |- + Additional labels to apply to all generated Kubernetes objects. + Additional labels to apply to all generated Kubernetes objects. type: object generatedRoleRules: - description: The Role or ClusterRole rules to use when generating - a role. Accepts either JSON or YAML formatted rules. Mutually - exclusive with service_account_name and kubernetes_role_name. - If set, the entire chain of Kubernetes objects will be generated - when credentials are requested. The Role or ClusterRole rules - to use when generating a role. Accepts either JSON or YAML formatted - rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. - If set, the entire chain of Kubernetes objects will be generated + description: |- + The Role or ClusterRole rules to use when generating + a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with service_account_name + and kubernetes_role_name. If set, the entire chain of Kubernetes objects will be generated when credentials are requested. + The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. If set, the entire chain of Kubernetes objects will be generated when credentials are requested. type: string kubernetesRoleName: - description: The pre-existing Role or ClusterRole to bind a generated - service account to. Mutually exclusive with service_account_name - and generated_role_rules. If set, Kubernetes token, service - account, and role binding objects will be created when credentials - are requested. The pre-existing Role or ClusterRole to bind - a generated service account to. Mutually exclusive with 'service_account_name' - and 'generated_role_rules'. If set, Kubernetes token, service - account, and role binding objects will be created when credentials - are requested. + description: |- + The pre-existing Role or ClusterRole to bind a + generated service account to. Mutually exclusive with service_account_name and + generated_role_rules. If set, Kubernetes token, service account, and role + binding objects will be created when credentials are requested. + The pre-existing Role or ClusterRole to bind a generated service account to. Mutually exclusive with 'service_account_name' and 'generated_role_rules'. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested. type: string kubernetesRoleType: - description: Specifies whether the Kubernetes role is a Role or - ClusterRole. Specifies whether the Kubernetes role is a Role - or ClusterRole. + description: |- + Specifies whether the Kubernetes role is a Role or + ClusterRole. + Specifies whether the Kubernetes role is a Role or ClusterRole. type: string name: - description: The name of the role. The name of the role. + description: |- + The name of the role. + The name of the role. type: string nameTemplate: - description: The name template to use when generating service - accounts, roles and role bindings. If unset, a default template - is used. The name template to use when generating service accounts, + description: |- + The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used. + The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string serviceAccountName: - description: The pre-existing service account to generate tokens - for. Mutually exclusive with kubernetes_role_name and generated_role_rules. - If set, only a Kubernetes token will be created when credentials - are requested. The pre-existing service account to generate - tokens for. Mutually exclusive with 'kubernetes_role_name' and - 'generated_role_rules'. If set, only a Kubernetes token will - be created when credentials are requested. + description: |- + The pre-existing service account to generate tokens for. + Mutually exclusive with kubernetes_role_name and generated_role_rules. If set, only a + Kubernetes token will be created when credentials are requested. + The pre-existing service account to generate tokens for. Mutually exclusive with 'kubernetes_role_name' and 'generated_role_rules'. If set, only a Kubernetes token will be created when credentials are requested. type: string tokenDefaultTtl: - description: The default TTL for generated Kubernetes tokens in - seconds. The default TTL for generated Kubernetes tokens in - seconds. + description: |- + The default TTL for generated Kubernetes tokens in seconds. + The default TTL for generated Kubernetes tokens in seconds. type: number tokenMaxTtl: - description: The maximum TTL for generated Kubernetes tokens in - seconds. The maximum TTL for generated Kubernetes tokens in - seconds. + description: |- + The maximum TTL for generated Kubernetes tokens in seconds. + The maximum TTL for generated Kubernetes tokens in seconds. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedKubernetesNamespaces: - description: The list of Kubernetes namespaces this role can generate - credentials for. If set to * all namespaces are allowed. The - list of Kubernetes namespaces this role can generate credentials - for. If set to '*' all namespaces are allowed. + description: |- + The list of Kubernetes namespaces this role + can generate credentials for. If set to * all namespaces are allowed. + The list of Kubernetes namespaces this role can generate credentials for. If set to '*' all namespaces are allowed. items: type: string type: array backend: - description: The path of the Kubernetes Secrets Engine backend - mount to create the role in. The mount path for the Kubernetes - secrets engine. + description: |- + The path of the Kubernetes Secrets Engine backend mount to create + the role in. + The mount path for the Kubernetes secrets engine. type: string extraAnnotations: additionalProperties: type: string - description: Additional annotations to apply to all generated - Kubernetes objects. Additional annotations to apply to all generated + description: |- + Additional annotations to apply to all generated Kubernetes objects. + Additional annotations to apply to all generated Kubernetes objects. type: object extraLabels: additionalProperties: type: string - description: Additional labels to apply to all generated Kubernetes - objects. Additional labels to apply to all generated Kubernetes + description: |- + Additional labels to apply to all generated Kubernetes objects. + Additional labels to apply to all generated Kubernetes objects. type: object generatedRoleRules: - description: The Role or ClusterRole rules to use when generating - a role. Accepts either JSON or YAML formatted rules. Mutually - exclusive with service_account_name and kubernetes_role_name. - If set, the entire chain of Kubernetes objects will be generated - when credentials are requested. The Role or ClusterRole rules - to use when generating a role. Accepts either JSON or YAML formatted - rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. - If set, the entire chain of Kubernetes objects will be generated + description: |- + The Role or ClusterRole rules to use when generating + a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with service_account_name + and kubernetes_role_name. If set, the entire chain of Kubernetes objects will be generated when credentials are requested. + The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. If set, the entire chain of Kubernetes objects will be generated when credentials are requested. type: string kubernetesRoleName: - description: The pre-existing Role or ClusterRole to bind a generated - service account to. Mutually exclusive with service_account_name - and generated_role_rules. If set, Kubernetes token, service - account, and role binding objects will be created when credentials - are requested. The pre-existing Role or ClusterRole to bind - a generated service account to. Mutually exclusive with 'service_account_name' - and 'generated_role_rules'. If set, Kubernetes token, service - account, and role binding objects will be created when credentials - are requested. + description: |- + The pre-existing Role or ClusterRole to bind a + generated service account to. Mutually exclusive with service_account_name and + generated_role_rules. If set, Kubernetes token, service account, and role + binding objects will be created when credentials are requested. + The pre-existing Role or ClusterRole to bind a generated service account to. Mutually exclusive with 'service_account_name' and 'generated_role_rules'. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested. type: string kubernetesRoleType: - description: Specifies whether the Kubernetes role is a Role or - ClusterRole. Specifies whether the Kubernetes role is a Role - or ClusterRole. + description: |- + Specifies whether the Kubernetes role is a Role or + ClusterRole. + Specifies whether the Kubernetes role is a Role or ClusterRole. type: string name: - description: The name of the role. The name of the role. + description: |- + The name of the role. + The name of the role. type: string nameTemplate: - description: The name template to use when generating service - accounts, roles and role bindings. If unset, a default template - is used. The name template to use when generating service accounts, + description: |- + The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used. + The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string serviceAccountName: - description: The pre-existing service account to generate tokens - for. Mutually exclusive with kubernetes_role_name and generated_role_rules. - If set, only a Kubernetes token will be created when credentials - are requested. The pre-existing service account to generate - tokens for. Mutually exclusive with 'kubernetes_role_name' and - 'generated_role_rules'. If set, only a Kubernetes token will - be created when credentials are requested. + description: |- + The pre-existing service account to generate tokens for. + Mutually exclusive with kubernetes_role_name and generated_role_rules. If set, only a + Kubernetes token will be created when credentials are requested. + The pre-existing service account to generate tokens for. Mutually exclusive with 'kubernetes_role_name' and 'generated_role_rules'. If set, only a Kubernetes token will be created when credentials are requested. type: string tokenDefaultTtl: - description: The default TTL for generated Kubernetes tokens in - seconds. The default TTL for generated Kubernetes tokens in - seconds. + description: |- + The default TTL for generated Kubernetes tokens in seconds. + The default TTL for generated Kubernetes tokens in seconds. type: number tokenMaxTtl: - description: The maximum TTL for generated Kubernetes tokens in - seconds. The maximum TTL for generated Kubernetes tokens in - seconds. + description: |- + The maximum TTL for generated Kubernetes tokens in seconds. + The maximum TTL for generated Kubernetes tokens in seconds. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -289,9 +295,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -301,57 +308,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -361,17 +332,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -381,21 +354,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -410,21 +383,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -435,14 +409,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -476,95 +451,94 @@ spec: atProvider: properties: allowedKubernetesNamespaces: - description: The list of Kubernetes namespaces this role can generate - credentials for. If set to * all namespaces are allowed. The - list of Kubernetes namespaces this role can generate credentials - for. If set to '*' all namespaces are allowed. + description: |- + The list of Kubernetes namespaces this role + can generate credentials for. If set to * all namespaces are allowed. + The list of Kubernetes namespaces this role can generate credentials for. If set to '*' all namespaces are allowed. items: type: string type: array backend: - description: The path of the Kubernetes Secrets Engine backend - mount to create the role in. The mount path for the Kubernetes - secrets engine. + description: |- + The path of the Kubernetes Secrets Engine backend mount to create + the role in. + The mount path for the Kubernetes secrets engine. type: string extraAnnotations: additionalProperties: type: string - description: Additional annotations to apply to all generated - Kubernetes objects. Additional annotations to apply to all generated + description: |- + Additional annotations to apply to all generated Kubernetes objects. + Additional annotations to apply to all generated Kubernetes objects. type: object extraLabels: additionalProperties: type: string - description: Additional labels to apply to all generated Kubernetes - objects. Additional labels to apply to all generated Kubernetes + description: |- + Additional labels to apply to all generated Kubernetes objects. + Additional labels to apply to all generated Kubernetes objects. type: object generatedRoleRules: - description: The Role or ClusterRole rules to use when generating - a role. Accepts either JSON or YAML formatted rules. Mutually - exclusive with service_account_name and kubernetes_role_name. - If set, the entire chain of Kubernetes objects will be generated - when credentials are requested. The Role or ClusterRole rules - to use when generating a role. Accepts either JSON or YAML formatted - rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. - If set, the entire chain of Kubernetes objects will be generated + description: |- + The Role or ClusterRole rules to use when generating + a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with service_account_name + and kubernetes_role_name. If set, the entire chain of Kubernetes objects will be generated when credentials are requested. + The Role or ClusterRole rules to use when generating a role. Accepts either JSON or YAML formatted rules. Mutually exclusive with 'service_account_name' and 'kubernetes_role_name'. If set, the entire chain of Kubernetes objects will be generated when credentials are requested. type: string id: type: string kubernetesRoleName: - description: The pre-existing Role or ClusterRole to bind a generated - service account to. Mutually exclusive with service_account_name - and generated_role_rules. If set, Kubernetes token, service - account, and role binding objects will be created when credentials - are requested. The pre-existing Role or ClusterRole to bind - a generated service account to. Mutually exclusive with 'service_account_name' - and 'generated_role_rules'. If set, Kubernetes token, service - account, and role binding objects will be created when credentials - are requested. + description: |- + The pre-existing Role or ClusterRole to bind a + generated service account to. Mutually exclusive with service_account_name and + generated_role_rules. If set, Kubernetes token, service account, and role + binding objects will be created when credentials are requested. + The pre-existing Role or ClusterRole to bind a generated service account to. Mutually exclusive with 'service_account_name' and 'generated_role_rules'. If set, Kubernetes token, service account, and role binding objects will be created when credentials are requested. type: string kubernetesRoleType: - description: Specifies whether the Kubernetes role is a Role or - ClusterRole. Specifies whether the Kubernetes role is a Role - or ClusterRole. + description: |- + Specifies whether the Kubernetes role is a Role or + ClusterRole. + Specifies whether the Kubernetes role is a Role or ClusterRole. type: string name: - description: The name of the role. The name of the role. + description: |- + The name of the role. + The name of the role. type: string nameTemplate: - description: The name template to use when generating service - accounts, roles and role bindings. If unset, a default template - is used. The name template to use when generating service accounts, + description: |- + The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used. + The name template to use when generating service accounts, roles and role bindings. If unset, a default template is used. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string serviceAccountName: - description: The pre-existing service account to generate tokens - for. Mutually exclusive with kubernetes_role_name and generated_role_rules. - If set, only a Kubernetes token will be created when credentials - are requested. The pre-existing service account to generate - tokens for. Mutually exclusive with 'kubernetes_role_name' and - 'generated_role_rules'. If set, only a Kubernetes token will - be created when credentials are requested. + description: |- + The pre-existing service account to generate tokens for. + Mutually exclusive with kubernetes_role_name and generated_role_rules. If set, only a + Kubernetes token will be created when credentials are requested. + The pre-existing service account to generate tokens for. Mutually exclusive with 'kubernetes_role_name' and 'generated_role_rules'. If set, only a Kubernetes token will be created when credentials are requested. type: string tokenDefaultTtl: - description: The default TTL for generated Kubernetes tokens in - seconds. The default TTL for generated Kubernetes tokens in - seconds. + description: |- + The default TTL for generated Kubernetes tokens in seconds. + The default TTL for generated Kubernetes tokens in seconds. type: number tokenMaxTtl: - description: The maximum TTL for generated Kubernetes tokens in - seconds. The maximum TTL for generated Kubernetes tokens in - seconds. + description: |- + The maximum TTL for generated Kubernetes tokens in seconds. + The maximum TTL for generated Kubernetes tokens in seconds. type: number type: object conditions: @@ -573,13 +547,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -590,8 +566,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -600,6 +577,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kubernetes.vault.upbound.io_secretbackends.yaml b/package/crds/kubernetes.vault.upbound.io_secretbackends.yaml index 51d3e4f6..ef0b06ea 100644 --- a/package/crds/kubernetes.vault.upbound.io_secretbackends.yaml +++ b/package/crds/kubernetes.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.kubernetes.vault.upbound.io spec: group: kubernetes.vault.upbound.io @@ -38,14 +38,19 @@ spec: a Kubernetes Secrets Engine in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -93,29 +99,29 @@ spec: description: Human-friendly description of the mount type: string disableLocalCaJwt: - description: Disable defaulting to the local CA certificate and + description: |- + Disable defaulting to the local CA certificate and service account JWT when Vault is running in a Kubernetes pod. - Disable defaulting to the local CA certificate and service account - JWT when running in a Kubernetes pod. + Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod. type: boolean externalEntropyAccess: description: Enable the secrets engine to access Vault's external entropy source type: boolean kubernetesCaCert: - description: A PEM-encoded CA certificate used by the secrets - engine to verify the Kubernetes API server certificate. Defaults - to the local pod’s CA if Vault is running in Kubernetes. Otherwise, - defaults to the root CA set where Vault is running. A PEM-encoded - CA certificate used by the secret engine to verify the Kubernetes - API server certificate. Defaults to the local pod’s CA if found, - or otherwise the host's root CA set. + description: |- + A PEM-encoded CA certificate used by the + secrets engine to verify the Kubernetes API server certificate. Defaults to the local + pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where + Vault is running. + A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate. Defaults to the local pod’s CA if found, or otherwise the host's root CA set. type: string kubernetesHost: - description: The Kubernetes API URL to connect to. Required if - the standard pod environment variables KUBERNETES_SERVICE_HOST - or KUBERNETES_SERVICE_PORT are not set on the host that Vault - is running on. The Kubernetes API URL to connect to. + description: |- + The Kubernetes API URL to connect to. Required if the + standard pod environment variables KUBERNETES_SERVICE_HOST or KUBERNETES_SERVICE_PORT + are not set on the host that Vault is running on. + The Kubernetes API URL to connect to. type: string local: description: Local mount flag that can be explicitly set to true @@ -126,11 +132,12 @@ spec: in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: @@ -146,12 +153,11 @@ spec: stored by the mount to be wrapped by the seal's encryption capability type: boolean serviceAccountJwtSecretRef: - description: The JSON web token of the service account used by - the secrets engine to manage Kubernetes credentials. Defaults - to the local pod’s JWT if Vault is running in Kubernetes. The - JSON web token of the service account used by the secrets engine - to manage Kubernetes credentials. Defaults to the local pod’s - JWT if found. + description: |- + The JSON web token of the service account used by the + secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if Vault + is running in Kubernetes. + The JSON web token of the service account used by the secrets engine to manage Kubernetes credentials. Defaults to the local pod’s JWT if found. properties: key: description: The key to select. @@ -169,17 +175,18 @@ spec: type: object type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedManagedKeys: description: List of managed key registry entry names that the @@ -207,29 +214,29 @@ spec: description: Human-friendly description of the mount type: string disableLocalCaJwt: - description: Disable defaulting to the local CA certificate and + description: |- + Disable defaulting to the local CA certificate and service account JWT when Vault is running in a Kubernetes pod. - Disable defaulting to the local CA certificate and service account - JWT when running in a Kubernetes pod. + Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod. type: boolean externalEntropyAccess: description: Enable the secrets engine to access Vault's external entropy source type: boolean kubernetesCaCert: - description: A PEM-encoded CA certificate used by the secrets - engine to verify the Kubernetes API server certificate. Defaults - to the local pod’s CA if Vault is running in Kubernetes. Otherwise, - defaults to the root CA set where Vault is running. A PEM-encoded - CA certificate used by the secret engine to verify the Kubernetes - API server certificate. Defaults to the local pod’s CA if found, - or otherwise the host's root CA set. + description: |- + A PEM-encoded CA certificate used by the + secrets engine to verify the Kubernetes API server certificate. Defaults to the local + pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where + Vault is running. + A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate. Defaults to the local pod’s CA if found, or otherwise the host's root CA set. type: string kubernetesHost: - description: The Kubernetes API URL to connect to. Required if - the standard pod environment variables KUBERNETES_SERVICE_HOST - or KUBERNETES_SERVICE_PORT are not set on the host that Vault - is running on. The Kubernetes API URL to connect to. + description: |- + The Kubernetes API URL to connect to. Required if the + standard pod environment variables KUBERNETES_SERVICE_HOST or KUBERNETES_SERVICE_PORT + are not set on the host that Vault is running on. + The Kubernetes API URL to connect to. type: string local: description: Local mount flag that can be explicitly set to true @@ -240,11 +247,12 @@ spec: in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: @@ -263,20 +271,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -289,9 +298,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -301,57 +311,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -361,17 +335,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -381,21 +357,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -410,21 +386,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -435,14 +412,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -496,10 +474,10 @@ spec: description: Human-friendly description of the mount type: string disableLocalCaJwt: - description: Disable defaulting to the local CA certificate and + description: |- + Disable defaulting to the local CA certificate and service account JWT when Vault is running in a Kubernetes pod. - Disable defaulting to the local CA certificate and service account - JWT when running in a Kubernetes pod. + Disable defaulting to the local CA certificate and service account JWT when running in a Kubernetes pod. type: boolean externalEntropyAccess: description: Enable the secrets engine to access Vault's external @@ -508,19 +486,19 @@ spec: id: type: string kubernetesCaCert: - description: A PEM-encoded CA certificate used by the secrets - engine to verify the Kubernetes API server certificate. Defaults - to the local pod’s CA if Vault is running in Kubernetes. Otherwise, - defaults to the root CA set where Vault is running. A PEM-encoded - CA certificate used by the secret engine to verify the Kubernetes - API server certificate. Defaults to the local pod’s CA if found, - or otherwise the host's root CA set. + description: |- + A PEM-encoded CA certificate used by the + secrets engine to verify the Kubernetes API server certificate. Defaults to the local + pod’s CA if Vault is running in Kubernetes. Otherwise, defaults to the root CA set where + Vault is running. + A PEM-encoded CA certificate used by the secret engine to verify the Kubernetes API server certificate. Defaults to the local pod’s CA if found, or otherwise the host's root CA set. type: string kubernetesHost: - description: The Kubernetes API URL to connect to. Required if - the standard pod environment variables KUBERNETES_SERVICE_HOST - or KUBERNETES_SERVICE_PORT are not set on the host that Vault - is running on. The Kubernetes API URL to connect to. + description: |- + The Kubernetes API URL to connect to. Required if the + standard pod environment variables KUBERNETES_SERVICE_HOST or KUBERNETES_SERVICE_PORT + are not set on the host that Vault is running on. + The Kubernetes API URL to connect to. type: string local: description: Local mount flag that can be explicitly set to true @@ -531,11 +509,12 @@ spec: in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: @@ -557,13 +536,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -574,8 +555,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -584,6 +566,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kv.vault.upbound.io_secretbackendv2s.yaml b/package/crds/kv.vault.upbound.io_secretbackendv2s.yaml index b0cfa6b4..5c2cefe8 100644 --- a/package/crds/kv.vault.upbound.io_secretbackendv2s.yaml +++ b/package/crds/kv.vault.upbound.io_secretbackendv2s.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendv2s.kv.vault.upbound.io spec: group: kv.vault.upbound.io @@ -39,14 +39,19 @@ spec: store. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -69,87 +75,99 @@ spec: forProvider: properties: casRequired: - description: If true, all keys will require the cas parameter - to be set on all write requests. If true, all keys will require - the cas parameter to be set on all write requests. + description: |- + If true, all keys will require the cas + parameter to be set on all write requests. + If true, all keys will require the cas parameter to be set on all write requests. type: boolean deleteVersionAfter: - description: If set, specifies the length of time before a version - is deleted. Accepts duration in integer seconds. If set, specifies - the length of time before a version is deleted + description: |- + If set, specifies the length of time before + a version is deleted. Accepts duration in integer seconds. + If set, specifies the length of time before a version is deleted type: number maxVersions: - description: The number of versions to keep per key. The number - of versions to keep per key. + description: |- + The number of versions to keep per key. + The number of versions to keep per key. type: number mount: - description: Path where KV-V2 engine is mounted. Path where KV-V2 - engine is mounted. + description: |- + Path where KV-V2 engine is mounted. + Path where KV-V2 engine is mounted. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: casRequired: - description: If true, all keys will require the cas parameter - to be set on all write requests. If true, all keys will require - the cas parameter to be set on all write requests. + description: |- + If true, all keys will require the cas + parameter to be set on all write requests. + If true, all keys will require the cas parameter to be set on all write requests. type: boolean deleteVersionAfter: - description: If set, specifies the length of time before a version - is deleted. Accepts duration in integer seconds. If set, specifies - the length of time before a version is deleted + description: |- + If set, specifies the length of time before + a version is deleted. Accepts duration in integer seconds. + If set, specifies the length of time before a version is deleted type: number maxVersions: - description: The number of versions to keep per key. The number - of versions to keep per key. + description: |- + The number of versions to keep per key. + The number of versions to keep per key. type: number mount: - description: Path where KV-V2 engine is mounted. Path where KV-V2 - engine is mounted. + description: |- + Path where KV-V2 engine is mounted. + Path where KV-V2 engine is mounted. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -162,9 +180,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -174,57 +193,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -234,17 +217,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -254,21 +239,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -283,21 +268,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -308,14 +294,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -341,31 +328,36 @@ spec: atProvider: properties: casRequired: - description: If true, all keys will require the cas parameter - to be set on all write requests. If true, all keys will require - the cas parameter to be set on all write requests. + description: |- + If true, all keys will require the cas + parameter to be set on all write requests. + If true, all keys will require the cas parameter to be set on all write requests. type: boolean deleteVersionAfter: - description: If set, specifies the length of time before a version - is deleted. Accepts duration in integer seconds. If set, specifies - the length of time before a version is deleted + description: |- + If set, specifies the length of time before + a version is deleted. Accepts duration in integer seconds. + If set, specifies the length of time before a version is deleted type: number id: type: string maxVersions: - description: The number of versions to keep per key. The number - of versions to keep per key. + description: |- + The number of versions to keep per key. + The number of versions to keep per key. type: number mount: - description: Path where KV-V2 engine is mounted. Path where KV-V2 - engine is mounted. + description: |- + Path where KV-V2 engine is mounted. + Path where KV-V2 engine is mounted. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -374,13 +366,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -391,8 +385,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -401,6 +396,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kv.vault.upbound.io_secrets.yaml b/package/crds/kv.vault.upbound.io_secrets.yaml index 8dd786c2..a3389475 100644 --- a/package/crds/kv.vault.upbound.io_secrets.yaml +++ b/package/crds/kv.vault.upbound.io_secrets.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secrets.kv.vault.upbound.io spec: group: kv.vault.upbound.io @@ -38,14 +38,19 @@ spec: to a given path in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,8 +74,10 @@ spec: forProvider: properties: dataJsonSecretRef: - description: JSON-encoded string that will be written as the secret - data at the given path. JSON-encoded secret data to write. + description: |- + JSON-encoded string that will be + written as the secret data at the given path. + JSON-encoded secret data to write. properties: key: description: The key to select. @@ -86,59 +94,65 @@ spec: - namespace type: object namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Full path of the KV-V1 secret. Full path of the KV-V1 - secret. + description: |- + Full path of the KV-V1 secret. + Full path of the KV-V1 secret. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Full path of the KV-V1 secret. Full path of the KV-V1 - secret. + description: |- + Full path of the KV-V1 secret. + Full path of the KV-V1 secret. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -151,9 +165,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -163,57 +178,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -223,17 +202,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -243,21 +224,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -272,21 +253,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -297,14 +279,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -335,15 +318,17 @@ spec: id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Full path of the KV-V1 secret. Full path of the KV-V1 - secret. + description: |- + Full path of the KV-V1 secret. + Full path of the KV-V1 secret. type: string type: object conditions: @@ -352,13 +337,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -369,8 +356,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -379,6 +367,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/kv.vault.upbound.io_secretv2s.yaml b/package/crds/kv.vault.upbound.io_secretv2s.yaml index 338f4345..4c3d661b 100644 --- a/package/crds/kv.vault.upbound.io_secretv2s.yaml +++ b/package/crds/kv.vault.upbound.io_secretv2s.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretv2s.kv.vault.upbound.io spec: group: kv.vault.upbound.io @@ -38,14 +38,19 @@ spec: secret to a given path in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,47 +74,52 @@ spec: forProvider: properties: cas: - description: This flag is required if cas_required is set to true + description: |- + This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a - write operation to be successful, cas must be set to the current - version of the secret. This flag is required if cas_required - is set to true on either the secret or the engine's config. - In order for a write to be successful, cas must be set to the - current version of the secret. + write operation to be successful, cas must be set to the current version + of the secret. + This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a write to be successful, cas must be set to the current version of the secret. type: number customMetadata: - description: A nested block that allows configuring metadata for - the KV secret. Refer to the Configuration Options for more info. + description: |- + A nested block that allows configuring metadata for the + KV secret. Refer to the + Configuration Options for more info. Custom metadata to be set for the secret. items: properties: casRequired: - description: If true, all keys will require the cas parameter - to be set on all write requests. If true, all keys will - require the cas parameter to be set on all write requests. + description: |- + If true, all keys will require the cas + parameter to be set on all write requests. + If true, all keys will require the cas parameter to be set on all write requests. type: boolean data: additionalProperties: type: string - description: A string to string map describing the secret. - A map of arbitrary string to string valued user-provided - metadata meant to describe the secret. + description: |- + A string to string map describing the secret. + A map of arbitrary string to string valued user-provided metadata meant to describe the secret. type: object deleteVersionAfter: - description: If set, specifies the length of time before + description: |- + If set, specifies the length of time before a version is deleted. Accepts duration in integer seconds. - If set, specifies the length of time before a version - is deleted. + If set, specifies the length of time before a version is deleted. type: number maxVersions: - description: The number of versions to keep per key. The - number of versions to keep per key. + description: |- + The number of versions to keep per key. + The number of versions to keep per key. type: number type: object type: array dataJsonSecretRef: - description: JSON-encoded string that will be written as the secret - data at the given path. JSON-encoded secret data to write. + description: |- + JSON-encoded string that will be + written as the secret data at the given path. + JSON-encoded secret data to write. properties: key: description: The key to select. @@ -125,148 +136,161 @@ spec: - namespace type: object deleteAllVersions: - description: If set to true, permanently deletes all versions - for the specified key. If set to true, permanently deletes all + description: |- + If set to true, permanently deletes all versions for the specified key. + If set to true, permanently deletes all versions for the specified key. type: boolean disableRead: - description: 'If set to true, disables reading secret from Vault; - note: drift won''t be detected. If set to true, disables reading - secret from Vault; note: drift won''t be detected.' + description: |- + If set to true, disables reading secret from Vault; + note: drift won't be detected. + If set to true, disables reading secret from Vault; note: drift won't be detected. type: boolean mount: - description: Path where KV-V2 engine is mounted. Path where KV-V2 - engine is mounted. + description: |- + Path where KV-V2 engine is mounted. + Path where KV-V2 engine is mounted. type: string name: - description: Full name of the secret. For a nested secret the - name is the nested path excluding the mount and data prefix. - For example, for a secret at kvv2/data/foo/bar/baz the name - is foo/bar/baz. Full name of the secret. For a nested secret, - the name is the nested path excluding the mount and data prefix. - For example, for a secret at 'kvv2/data/foo/bar/baz', the name - is 'foo/bar/baz' + description: |- + Full name of the secret. For a nested secret + the name is the nested path excluding the mount and data + prefix. For example, for a secret at kvv2/data/foo/bar/baz + the name is foo/bar/baz. + Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz' type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: An object that holds option settings. An object that - holds option settings. + description: |- + An object that holds option settings. + An object that holds option settings. type: object type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: cas: - description: This flag is required if cas_required is set to true + description: |- + This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a - write operation to be successful, cas must be set to the current - version of the secret. This flag is required if cas_required - is set to true on either the secret or the engine's config. - In order for a write to be successful, cas must be set to the - current version of the secret. + write operation to be successful, cas must be set to the current version + of the secret. + This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a write to be successful, cas must be set to the current version of the secret. type: number customMetadata: - description: A nested block that allows configuring metadata for - the KV secret. Refer to the Configuration Options for more info. + description: |- + A nested block that allows configuring metadata for the + KV secret. Refer to the + Configuration Options for more info. Custom metadata to be set for the secret. items: properties: casRequired: - description: If true, all keys will require the cas parameter - to be set on all write requests. If true, all keys will - require the cas parameter to be set on all write requests. + description: |- + If true, all keys will require the cas + parameter to be set on all write requests. + If true, all keys will require the cas parameter to be set on all write requests. type: boolean data: additionalProperties: type: string - description: A string to string map describing the secret. - A map of arbitrary string to string valued user-provided - metadata meant to describe the secret. + description: |- + A string to string map describing the secret. + A map of arbitrary string to string valued user-provided metadata meant to describe the secret. type: object deleteVersionAfter: - description: If set, specifies the length of time before + description: |- + If set, specifies the length of time before a version is deleted. Accepts duration in integer seconds. - If set, specifies the length of time before a version - is deleted. + If set, specifies the length of time before a version is deleted. type: number maxVersions: - description: The number of versions to keep per key. The - number of versions to keep per key. + description: |- + The number of versions to keep per key. + The number of versions to keep per key. type: number type: object type: array deleteAllVersions: - description: If set to true, permanently deletes all versions - for the specified key. If set to true, permanently deletes all + description: |- + If set to true, permanently deletes all versions for the specified key. + If set to true, permanently deletes all versions for the specified key. type: boolean disableRead: - description: 'If set to true, disables reading secret from Vault; - note: drift won''t be detected. If set to true, disables reading - secret from Vault; note: drift won''t be detected.' + description: |- + If set to true, disables reading secret from Vault; + note: drift won't be detected. + If set to true, disables reading secret from Vault; note: drift won't be detected. type: boolean mount: - description: Path where KV-V2 engine is mounted. Path where KV-V2 - engine is mounted. + description: |- + Path where KV-V2 engine is mounted. + Path where KV-V2 engine is mounted. type: string name: - description: Full name of the secret. For a nested secret the - name is the nested path excluding the mount and data prefix. - For example, for a secret at kvv2/data/foo/bar/baz the name - is foo/bar/baz. Full name of the secret. For a nested secret, - the name is the nested path excluding the mount and data prefix. - For example, for a secret at 'kvv2/data/foo/bar/baz', the name - is 'foo/bar/baz' + description: |- + Full name of the secret. For a nested secret + the name is the nested path excluding the mount and data + prefix. For example, for a secret at kvv2/data/foo/bar/baz + the name is foo/bar/baz. + Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz' type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: An object that holds option settings. An object that - holds option settings. + description: |- + An object that holds option settings. + An object that holds option settings. type: object type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -279,9 +303,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -291,57 +316,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -351,17 +340,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -371,21 +362,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -400,21 +391,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -425,14 +417,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -465,90 +458,99 @@ spec: atProvider: properties: cas: - description: This flag is required if cas_required is set to true + description: |- + This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a - write operation to be successful, cas must be set to the current - version of the secret. This flag is required if cas_required - is set to true on either the secret or the engine's config. - In order for a write to be successful, cas must be set to the - current version of the secret. + write operation to be successful, cas must be set to the current version + of the secret. + This flag is required if cas_required is set to true on either the secret or the engine's config. In order for a write to be successful, cas must be set to the current version of the secret. type: number customMetadata: - description: A nested block that allows configuring metadata for - the KV secret. Refer to the Configuration Options for more info. + description: |- + A nested block that allows configuring metadata for the + KV secret. Refer to the + Configuration Options for more info. Custom metadata to be set for the secret. items: properties: casRequired: - description: If true, all keys will require the cas parameter - to be set on all write requests. If true, all keys will - require the cas parameter to be set on all write requests. + description: |- + If true, all keys will require the cas + parameter to be set on all write requests. + If true, all keys will require the cas parameter to be set on all write requests. type: boolean data: additionalProperties: type: string - description: A string to string map describing the secret. - A map of arbitrary string to string valued user-provided - metadata meant to describe the secret. + description: |- + A string to string map describing the secret. + A map of arbitrary string to string valued user-provided metadata meant to describe the secret. type: object deleteVersionAfter: - description: If set, specifies the length of time before + description: |- + If set, specifies the length of time before a version is deleted. Accepts duration in integer seconds. - If set, specifies the length of time before a version - is deleted. + If set, specifies the length of time before a version is deleted. type: number maxVersions: - description: The number of versions to keep per key. The - number of versions to keep per key. + description: |- + The number of versions to keep per key. + The number of versions to keep per key. type: number type: object type: array deleteAllVersions: - description: If set to true, permanently deletes all versions - for the specified key. If set to true, permanently deletes all + description: |- + If set to true, permanently deletes all versions for the specified key. + If set to true, permanently deletes all versions for the specified key. type: boolean disableRead: - description: 'If set to true, disables reading secret from Vault; - note: drift won''t be detected. If set to true, disables reading - secret from Vault; note: drift won''t be detected.' + description: |- + If set to true, disables reading secret from Vault; + note: drift won't be detected. + If set to true, disables reading secret from Vault; note: drift won't be detected. type: boolean id: type: string metadata: additionalProperties: type: string - description: Metadata associated with this secret read from Vault. + description: |- + Metadata associated with this secret read from Vault. Metadata associated with this secret read from Vault. type: object mount: - description: Path where KV-V2 engine is mounted. Path where KV-V2 - engine is mounted. + description: |- + Path where KV-V2 engine is mounted. + Path where KV-V2 engine is mounted. type: string name: - description: Full name of the secret. For a nested secret the - name is the nested path excluding the mount and data prefix. - For example, for a secret at kvv2/data/foo/bar/baz the name - is foo/bar/baz. Full name of the secret. For a nested secret, - the name is the nested path excluding the mount and data prefix. - For example, for a secret at 'kvv2/data/foo/bar/baz', the name - is 'foo/bar/baz' + description: |- + Full name of the secret. For a nested secret + the name is the nested path excluding the mount and data + prefix. For example, for a secret at kvv2/data/foo/bar/baz + the name is foo/bar/baz. + Full name of the secret. For a nested secret, the name is the nested path excluding the mount and data prefix. For example, for a secret at 'kvv2/data/foo/bar/baz', the name is 'foo/bar/baz' type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: An object that holds option settings. An object that - holds option settings. + description: |- + An object that holds option settings. + An object that holds option settings. type: object path: - description: Full path where the KV-V2 secret will be written. + description: |- + Full path where the KV-V2 secret will be written. Full path where the KV-V2 secret will be written. type: string type: object @@ -558,13 +560,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -575,8 +579,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -585,6 +590,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/ldap.vault.upbound.io_authbackendgroups.yaml b/package/crds/ldap.vault.upbound.io_authbackendgroups.yaml index 1b859b43..72866af6 100644 --- a/package/crds/ldap.vault.upbound.io_authbackendgroups.yaml +++ b/package/crds/ldap.vault.upbound.io_authbackendgroups.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendgroups.ldap.vault.upbound.io spec: group: ldap.vault.upbound.io @@ -38,14 +38,19 @@ spec: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -80,17 +86,18 @@ spec: type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: type: string @@ -107,20 +114,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -133,9 +141,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -145,57 +154,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -205,17 +178,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -225,21 +200,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -254,21 +229,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -279,14 +255,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -331,13 +308,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -348,8 +327,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -358,6 +338,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/ldap.vault.upbound.io_authbackends.yaml b/package/crds/ldap.vault.upbound.io_authbackends.yaml index 9eb95415..74974219 100644 --- a/package/crds/ldap.vault.upbound.io_authbackends.yaml +++ b/package/crds/ldap.vault.upbound.io_authbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackends.ldap.vault.upbound.io spec: group: ldap.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: AuthBackend is the Schema for the AuthBackends API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -195,17 +201,18 @@ spec: type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: binddn: type: string @@ -302,20 +309,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -328,9 +336,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -340,57 +349,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -400,17 +373,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -420,21 +395,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -449,21 +424,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -474,14 +450,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -609,13 +586,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -626,8 +605,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -636,6 +616,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/ldap.vault.upbound.io_authbackendusers.yaml b/package/crds/ldap.vault.upbound.io_authbackendusers.yaml index 20f5e97b..5609f853 100644 --- a/package/crds/ldap.vault.upbound.io_authbackendusers.yaml +++ b/package/crds/ldap.vault.upbound.io_authbackendusers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendusers.ldap.vault.upbound.io spec: group: ldap.vault.upbound.io @@ -38,14 +38,19 @@ spec: value> properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -84,17 +90,18 @@ spec: type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: type: string @@ -115,20 +122,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -141,9 +149,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -153,57 +162,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -213,17 +186,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -233,21 +208,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -262,21 +237,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -287,14 +263,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -343,13 +320,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -360,8 +339,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -370,6 +350,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/managed.vault.upbound.io_keys.yaml b/package/crds/managed.vault.upbound.io_keys.yaml index 5d8aed2e..51e1f612 100644 --- a/package/crds/managed.vault.upbound.io_keys.yaml +++ b/package/crds/managed.vault.upbound.io_keys.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: keys.managed.vault.upbound.io spec: group: managed.vault.upbound.io @@ -38,14 +38,19 @@ spec: in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -72,74 +78,76 @@ spec: items: properties: accessKey: - description: The AWS access key to use. The AWS access key - to use + description: |- + The AWS access key to use. + The AWS access key to use type: string allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean curve: - description: The curve to use for an ECDSA key. Used when - key_type is ECDSA. Required if allow_generate_key is true. + description: |- The curve to use for an ECDSA key. Used when key_type - is 'ECDSA'. Required if 'allow_generate_key' is true + is ECDSA. Required if allow_generate_key is true. + The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true type: string endpoint: - description: Used to specify a custom AWS endpoint. Used - to specify a custom AWS endpoint + description: |- + Used to specify a custom AWS endpoint. + Used to specify a custom AWS endpoint type: string keyBits: - description: The size in bits for an RSA key. The size in - bits for an RSA key. This field is required when 'key_type' - is 'RSA' + description: |- + The size in bits for an RSA key. + The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' type: string keyType: - description: The type of key to use. The type of key to - use + description: |- + The type of key to use. + The type of key to use type: string kmsKey: - description: An identifier for the key. An identifier for - the key + description: |- + An identifier for the key. + An identifier for the key type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string region: - description: The AWS region where the keys are stored (or - will be stored). The AWS region where the keys are stored - (or will be stored) + description: |- + The AWS region where the keys are stored (or will be stored). + The AWS region where the keys are stored (or will be stored) type: string secretKey: - description: The AWS access key to use. The AWS secret key - to use + description: |- + The AWS access key to use. + The AWS secret key to use type: string type: object type: array @@ -148,268 +156,273 @@ spec: items: properties: allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean clientId: - description: The client id for credentials to query the - Azure APIs. The client id for credentials to query the - Azure APIs + description: |- + The client id for credentials to query the Azure APIs. + The client id for credentials to query the Azure APIs type: string clientSecret: - description: The client secret for credentials to query - the Azure APIs. The client secret for credentials to query - the Azure APIs + description: |- + The client secret for credentials to query the Azure APIs. + The client secret for credentials to query the Azure APIs type: string environment: - description: The Azure Cloud environment API endpoints to - use. The Azure Cloud environment API endpoints to use + description: |- + The Azure Cloud environment API endpoints to use. + The Azure Cloud environment API endpoints to use type: string keyBits: - description: The size in bits for an RSA key. The size in - bits for an RSA key. This field is required when 'key_type' - is 'RSA' or when 'allow_generate_key' is true + description: |- + The size in bits for an RSA key. + The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true type: string keyName: - description: The Key Vault key to use for encryption and - decryption. The Key Vault key to use for encryption and - decryption + description: |- + The Key Vault key to use for encryption and decryption. + The Key Vault key to use for encryption and decryption type: string keyType: - description: The type of key to use. The type of key to - use + description: |- + The type of key to use. + The type of key to use type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string resource: - description: The Azure Key Vault resource's DNS Suffix to - connect to. The Azure Key Vault resource's DNS Suffix - to connect to + description: |- + The Azure Key Vault resource's DNS Suffix to connect to. + The Azure Key Vault resource's DNS Suffix to connect to type: string tenantId: - description: The tenant id for the Azure Active Directory - organization. The tenant id for the Azure Active Directory - organization + description: |- + The tenant id for the Azure Active Directory organization. + The tenant id for the Azure Active Directory organization type: string vaultName: - description: The Key Vault vault to use for encryption and - decryption. The Key Vault vault to use the encryption - keys for encryption and decryption + description: |- + The Key Vault vault to use for encryption and decryption. + The Key Vault vault to use the encryption keys for encryption and decryption type: string type: object type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pkcs: description: Configuration block for PKCS Managed Keys items: properties: allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean curve: - description: The curve to use for an ECDSA key. Used when - key_type is ECDSA. Required if allow_generate_key is true. - Supplies the curve value when using the 'CKM_ECDSA' mechanism. - Required if 'allow_generate_key' is true + description: |- + The curve to use for an ECDSA key. Used when key_type + is ECDSA. Required if allow_generate_key is true. + Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true type: string forceRwSession: - description: Force all operations to open up a read-write - session to the HSM. Force all operations to open up a - read-write session to the HSM + description: |- + Force all operations to open up a read-write session to + the HSM. + Force all operations to open up a read-write session to the HSM type: string keyBits: - description: The size in bits for an RSA key. Supplies the - size in bits of the key when using 'CKM_RSA_PKCS_PSS', - 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. - Required if 'allow_generate_key' is true + description: |- + The size in bits for an RSA key. + Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true type: string keyId: - description: The id of a PKCS#11 key to use. The id of a - PKCS#11 key to use + description: |- + The id of a PKCS#11 key to use. + The id of a PKCS#11 key to use type: string keyLabel: - description: The label of the key to use. The label of the - key to use + description: |- + The label of the key to use. + The label of the key to use type: string library: - description: The name of the kms_library stanza to use from - Vault's config to lookup the local library path. The name - of the kms_library stanza to use from Vault's config to - lookup the local library path + description: |- + The name of the kms_library stanza to use from Vault's config + to lookup the local library path. + The name of the kms_library stanza to use from Vault's config to lookup the local library path type: string mechanism: - description: The encryption/decryption mechanism to use, - specified as a hexadecimal (prefixed by 0x) string. The - encryption/decryption mechanism to use, specified as a + description: |- + The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string. + The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string. type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string pin: - description: The PIN for login. The PIN for login + description: |- + The PIN for login. + The PIN for login type: string slot: - description: The slot number to use, specified as a string - in a decimal format (e.g. 2305843009213693953). The slot - number to use, specified as a string in a decimal format - (e.g. '2305843009213693953') + description: |- + The slot number to use, specified as a string in a decimal format + (e.g. 2305843009213693953). + The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953') type: string tokenLabel: - description: The slot token label to use. The slot token - label to use + description: |- + The slot token label to use. + The slot token label to use type: string type: object type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: aws: description: Configuration block for AWS Managed Keys items: properties: accessKey: - description: The AWS access key to use. The AWS access key - to use + description: |- + The AWS access key to use. + The AWS access key to use type: string allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean curve: - description: The curve to use for an ECDSA key. Used when - key_type is ECDSA. Required if allow_generate_key is true. + description: |- The curve to use for an ECDSA key. Used when key_type - is 'ECDSA'. Required if 'allow_generate_key' is true + is ECDSA. Required if allow_generate_key is true. + The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true type: string endpoint: - description: Used to specify a custom AWS endpoint. Used - to specify a custom AWS endpoint + description: |- + Used to specify a custom AWS endpoint. + Used to specify a custom AWS endpoint type: string keyBits: - description: The size in bits for an RSA key. The size in - bits for an RSA key. This field is required when 'key_type' - is 'RSA' + description: |- + The size in bits for an RSA key. + The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' type: string keyType: - description: The type of key to use. The type of key to - use + description: |- + The type of key to use. + The type of key to use type: string kmsKey: - description: An identifier for the key. An identifier for - the key + description: |- + An identifier for the key. + An identifier for the key type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string region: - description: The AWS region where the keys are stored (or - will be stored). The AWS region where the keys are stored - (or will be stored) + description: |- + The AWS region where the keys are stored (or will be stored). + The AWS region where the keys are stored (or will be stored) type: string secretKey: - description: The AWS access key to use. The AWS secret key - to use + description: |- + The AWS access key to use. + The AWS secret key to use type: string type: object type: array @@ -418,178 +431,180 @@ spec: items: properties: allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean clientId: - description: The client id for credentials to query the - Azure APIs. The client id for credentials to query the - Azure APIs + description: |- + The client id for credentials to query the Azure APIs. + The client id for credentials to query the Azure APIs type: string clientSecret: - description: The client secret for credentials to query - the Azure APIs. The client secret for credentials to query - the Azure APIs + description: |- + The client secret for credentials to query the Azure APIs. + The client secret for credentials to query the Azure APIs type: string environment: - description: The Azure Cloud environment API endpoints to - use. The Azure Cloud environment API endpoints to use + description: |- + The Azure Cloud environment API endpoints to use. + The Azure Cloud environment API endpoints to use type: string keyBits: - description: The size in bits for an RSA key. The size in - bits for an RSA key. This field is required when 'key_type' - is 'RSA' or when 'allow_generate_key' is true + description: |- + The size in bits for an RSA key. + The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true type: string keyName: - description: The Key Vault key to use for encryption and - decryption. The Key Vault key to use for encryption and - decryption + description: |- + The Key Vault key to use for encryption and decryption. + The Key Vault key to use for encryption and decryption type: string keyType: - description: The type of key to use. The type of key to - use + description: |- + The type of key to use. + The type of key to use type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string resource: - description: The Azure Key Vault resource's DNS Suffix to - connect to. The Azure Key Vault resource's DNS Suffix - to connect to + description: |- + The Azure Key Vault resource's DNS Suffix to connect to. + The Azure Key Vault resource's DNS Suffix to connect to type: string tenantId: - description: The tenant id for the Azure Active Directory - organization. The tenant id for the Azure Active Directory - organization + description: |- + The tenant id for the Azure Active Directory organization. + The tenant id for the Azure Active Directory organization type: string vaultName: - description: The Key Vault vault to use for encryption and - decryption. The Key Vault vault to use the encryption - keys for encryption and decryption + description: |- + The Key Vault vault to use for encryption and decryption. + The Key Vault vault to use the encryption keys for encryption and decryption type: string type: object type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pkcs: description: Configuration block for PKCS Managed Keys items: properties: allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean curve: - description: The curve to use for an ECDSA key. Used when - key_type is ECDSA. Required if allow_generate_key is true. - Supplies the curve value when using the 'CKM_ECDSA' mechanism. - Required if 'allow_generate_key' is true + description: |- + The curve to use for an ECDSA key. Used when key_type + is ECDSA. Required if allow_generate_key is true. + Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true type: string forceRwSession: - description: Force all operations to open up a read-write - session to the HSM. Force all operations to open up a - read-write session to the HSM + description: |- + Force all operations to open up a read-write session to + the HSM. + Force all operations to open up a read-write session to the HSM type: string keyBits: - description: The size in bits for an RSA key. Supplies the - size in bits of the key when using 'CKM_RSA_PKCS_PSS', - 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. - Required if 'allow_generate_key' is true + description: |- + The size in bits for an RSA key. + Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true type: string keyId: - description: The id of a PKCS#11 key to use. The id of a - PKCS#11 key to use + description: |- + The id of a PKCS#11 key to use. + The id of a PKCS#11 key to use type: string keyLabel: - description: The label of the key to use. The label of the - key to use + description: |- + The label of the key to use. + The label of the key to use type: string library: - description: The name of the kms_library stanza to use from - Vault's config to lookup the local library path. The name - of the kms_library stanza to use from Vault's config to - lookup the local library path + description: |- + The name of the kms_library stanza to use from Vault's config + to lookup the local library path. + The name of the kms_library stanza to use from Vault's config to lookup the local library path type: string mechanism: - description: The encryption/decryption mechanism to use, - specified as a hexadecimal (prefixed by 0x) string. The - encryption/decryption mechanism to use, specified as a + description: |- + The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string. + The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string. type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string pin: - description: The PIN for login. The PIN for login + description: |- + The PIN for login. + The PIN for login type: string slot: - description: The slot number to use, specified as a string - in a decimal format (e.g. 2305843009213693953). The slot - number to use, specified as a string in a decimal format - (e.g. '2305843009213693953') + description: |- + The slot number to use, specified as a string in a decimal format + (e.g. 2305843009213693953). + The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953') type: string tokenLabel: - description: The slot token label to use. The slot token - label to use + description: |- + The slot token label to use. + The slot token label to use type: string type: object type: array @@ -597,20 +612,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -623,9 +639,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -635,57 +652,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -695,17 +676,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -715,21 +698,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -744,21 +727,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -769,14 +753,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -801,74 +786,76 @@ spec: items: properties: accessKey: - description: The AWS access key to use. The AWS access key - to use + description: |- + The AWS access key to use. + The AWS access key to use type: string allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean curve: - description: The curve to use for an ECDSA key. Used when - key_type is ECDSA. Required if allow_generate_key is true. + description: |- The curve to use for an ECDSA key. Used when key_type - is 'ECDSA'. Required if 'allow_generate_key' is true + is ECDSA. Required if allow_generate_key is true. + The curve to use for an ECDSA key. Used when key_type is 'ECDSA'. Required if 'allow_generate_key' is true type: string endpoint: - description: Used to specify a custom AWS endpoint. Used - to specify a custom AWS endpoint + description: |- + Used to specify a custom AWS endpoint. + Used to specify a custom AWS endpoint type: string keyBits: - description: The size in bits for an RSA key. The size in - bits for an RSA key. This field is required when 'key_type' - is 'RSA' + description: |- + The size in bits for an RSA key. + The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' type: string keyType: - description: The type of key to use. The type of key to - use + description: |- + The type of key to use. + The type of key to use type: string kmsKey: - description: An identifier for the key. An identifier for - the key + description: |- + An identifier for the key. + An identifier for the key type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string region: - description: The AWS region where the keys are stored (or - will be stored). The AWS region where the keys are stored - (or will be stored) + description: |- + The AWS region where the keys are stored (or will be stored). + The AWS region where the keys are stored (or will be stored) type: string secretKey: - description: The AWS access key to use. The AWS secret key - to use + description: |- + The AWS access key to use. + The AWS secret key to use type: string uuid: description: ID of the managed key read from Vault @@ -880,183 +867,185 @@ spec: items: properties: allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean clientId: - description: The client id for credentials to query the - Azure APIs. The client id for credentials to query the - Azure APIs + description: |- + The client id for credentials to query the Azure APIs. + The client id for credentials to query the Azure APIs type: string clientSecret: - description: The client secret for credentials to query - the Azure APIs. The client secret for credentials to query - the Azure APIs + description: |- + The client secret for credentials to query the Azure APIs. + The client secret for credentials to query the Azure APIs type: string environment: - description: The Azure Cloud environment API endpoints to - use. The Azure Cloud environment API endpoints to use + description: |- + The Azure Cloud environment API endpoints to use. + The Azure Cloud environment API endpoints to use type: string keyBits: - description: The size in bits for an RSA key. The size in - bits for an RSA key. This field is required when 'key_type' - is 'RSA' or when 'allow_generate_key' is true + description: |- + The size in bits for an RSA key. + The size in bits for an RSA key. This field is required when 'key_type' is 'RSA' or when 'allow_generate_key' is true type: string keyName: - description: The Key Vault key to use for encryption and - decryption. The Key Vault key to use for encryption and - decryption + description: |- + The Key Vault key to use for encryption and decryption. + The Key Vault key to use for encryption and decryption type: string keyType: - description: The type of key to use. The type of key to - use + description: |- + The type of key to use. + The type of key to use type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string resource: - description: The Azure Key Vault resource's DNS Suffix to - connect to. The Azure Key Vault resource's DNS Suffix - to connect to + description: |- + The Azure Key Vault resource's DNS Suffix to connect to. + The Azure Key Vault resource's DNS Suffix to connect to type: string tenantId: - description: The tenant id for the Azure Active Directory - organization. The tenant id for the Azure Active Directory - organization + description: |- + The tenant id for the Azure Active Directory organization. + The tenant id for the Azure Active Directory organization type: string uuid: description: ID of the managed key read from Vault type: string vaultName: - description: The Key Vault vault to use for encryption and - decryption. The Key Vault vault to use the encryption - keys for encryption and decryption + description: |- + The Key Vault vault to use for encryption and decryption. + The Key Vault vault to use the encryption keys for encryption and decryption type: string type: object type: array id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pkcs: description: Configuration block for PKCS Managed Keys items: properties: allowGenerateKey: - description: If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend. If no existing key can be found in the referenced - backend, instructs Vault to generate a key within the - backend + description: |- + If no existing key can be found in + the referenced backend, instructs Vault to generate a key within the backend. + If no existing key can be found in the referenced backend, instructs Vault to generate a key within the backend type: boolean allowReplaceKey: - description: Controls the ability for Vault to replace through - generation or importing a key into the configured backend - even if a key is present, if set to false those operations - are forbidden if a key exists. Controls the ability for - Vault to replace through generation or importing a key - into the configured backend even if a key is present, - if set to false those operations are forbidden if a key - exists. + description: |- + Controls the ability for Vault to replace through + generation or importing a key into the configured backend even + if a key is present, if set to false those operations are forbidden + if a key exists. + Controls the ability for Vault to replace through generation or importing a key into the configured backend even if a key is present, if set to false those operations are forbidden if a key exists. type: boolean allowStoreKey: - description: Controls the ability for Vault to import a - key to the configured backend, if false, those operations - will be forbidden. Controls the ability for Vault to import - a key to the configured backend, if 'false', those operations - will be forbidden + description: |- + Controls the ability for Vault to import a key to the + configured backend, if false, those operations will be forbidden. + Controls the ability for Vault to import a key to the configured backend, if 'false', those operations will be forbidden type: boolean anyMount: - description: If true, allows usage from any mount point - within the namespace. Allow usage from any mount point - within the namespace if 'true' + description: |- + If true, allows usage from any mount point within the + namespace. + Allow usage from any mount point within the namespace if 'true' type: boolean curve: - description: The curve to use for an ECDSA key. Used when - key_type is ECDSA. Required if allow_generate_key is true. - Supplies the curve value when using the 'CKM_ECDSA' mechanism. - Required if 'allow_generate_key' is true + description: |- + The curve to use for an ECDSA key. Used when key_type + is ECDSA. Required if allow_generate_key is true. + Supplies the curve value when using the 'CKM_ECDSA' mechanism. Required if 'allow_generate_key' is true type: string forceRwSession: - description: Force all operations to open up a read-write - session to the HSM. Force all operations to open up a - read-write session to the HSM + description: |- + Force all operations to open up a read-write session to + the HSM. + Force all operations to open up a read-write session to the HSM type: string keyBits: - description: The size in bits for an RSA key. Supplies the - size in bits of the key when using 'CKM_RSA_PKCS_PSS', - 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. - Required if 'allow_generate_key' is true + description: |- + The size in bits for an RSA key. + Supplies the size in bits of the key when using 'CKM_RSA_PKCS_PSS', 'CKM_RSA_PKCS_OAEP' or 'CKM_RSA_PKCS' as a value for 'mechanism'. Required if 'allow_generate_key' is true type: string keyId: - description: The id of a PKCS#11 key to use. The id of a - PKCS#11 key to use + description: |- + The id of a PKCS#11 key to use. + The id of a PKCS#11 key to use type: string keyLabel: - description: The label of the key to use. The label of the - key to use + description: |- + The label of the key to use. + The label of the key to use type: string library: - description: The name of the kms_library stanza to use from - Vault's config to lookup the local library path. The name - of the kms_library stanza to use from Vault's config to - lookup the local library path + description: |- + The name of the kms_library stanza to use from Vault's config + to lookup the local library path. + The name of the kms_library stanza to use from Vault's config to lookup the local library path type: string mechanism: - description: The encryption/decryption mechanism to use, - specified as a hexadecimal (prefixed by 0x) string. The - encryption/decryption mechanism to use, specified as a + description: |- + The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string. + The encryption/decryption mechanism to use, specified as a hexadecimal (prefixed by 0x) string. type: string name: - description: A unique lowercase name that serves as identifying - the key. A unique lowercase name that serves as identifying - the key + description: |- + A unique lowercase name that serves as identifying the key. + A unique lowercase name that serves as identifying the key type: string pin: - description: The PIN for login. The PIN for login + description: |- + The PIN for login. + The PIN for login type: string slot: - description: The slot number to use, specified as a string - in a decimal format (e.g. 2305843009213693953). The slot - number to use, specified as a string in a decimal format - (e.g. '2305843009213693953') + description: |- + The slot number to use, specified as a string in a decimal format + (e.g. 2305843009213693953). + The slot number to use, specified as a string in a decimal format (e.g. '2305843009213693953') type: string tokenLabel: - description: The slot token label to use. The slot token - label to use + description: |- + The slot token label to use. + The slot token label to use type: string uuid: description: ID of the managed key read from Vault @@ -1070,13 +1059,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -1087,8 +1078,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -1097,6 +1089,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/mfa.vault.upbound.io_duoes.yaml b/package/crds/mfa.vault.upbound.io_duoes.yaml index 033fc9e1..ee5e6cf6 100644 --- a/package/crds/mfa.vault.upbound.io_duoes.yaml +++ b/package/crds/mfa.vault.upbound.io_duoes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: duoes.mfa.vault.upbound.io spec: group: mfa.vault.upbound.io @@ -38,14 +38,19 @@ spec: configuration properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,10 +74,14 @@ spec: forProvider: properties: apiHostname: - description: API hostname for Duo. API hostname for Duo. + description: |- + API hostname for Duo. + API hostname for Duo. type: string integrationKeySecretRef: - description: Integration key for Duo. Integration key for Duo. + description: |- + Integration key for Duo. + Integration key for Duo. properties: key: description: The key to select. @@ -88,29 +98,32 @@ spec: - namespace type: object mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pushInfo: - description: Push information for Duo. Push information for Duo. + description: |- + Push information for Duo. + Push information for Duo. type: string secretKeySecretRef: - description: Secret key for Duo. Secret key for Duo. + description: |- + Secret key for Duo. + Secret key for Duo. properties: key: description: The key to select. @@ -127,78 +140,77 @@ spec: - namespace type: object usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: - A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + description: |- + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: apiHostname: - description: API hostname for Duo. API hostname for Duo. + description: |- + API hostname for Duo. + API hostname for Duo. type: string mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pushInfo: - description: Push information for Duo. Push information for Duo. + description: |- + Push information for Duo. + Push information for Duo. type: string usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: - A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + description: |- + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -211,9 +223,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -223,57 +236,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -283,17 +260,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -303,21 +282,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -332,21 +311,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -357,14 +337,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -404,39 +385,39 @@ spec: atProvider: properties: apiHostname: - description: API hostname for Duo. API hostname for Duo. + description: |- + API hostname for Duo. + API hostname for Duo. type: string id: type: string mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pushInfo: - description: Push information for Duo. Push information for Duo. + description: |- + Push information for Duo. + Push information for Duo. type: string usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: - A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + description: |- + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object conditions: @@ -445,13 +426,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -462,8 +445,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -472,6 +456,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/mfa.vault.upbound.io_oktas.yaml b/package/crds/mfa.vault.upbound.io_oktas.yaml index a02ac9c2..5da41c0b 100644 --- a/package/crds/mfa.vault.upbound.io_oktas.yaml +++ b/package/crds/mfa.vault.upbound.io_oktas.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: oktas.mfa.vault.upbound.io spec: group: mfa.vault.upbound.io @@ -38,14 +38,19 @@ spec: configuration properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,7 +74,9 @@ spec: forProvider: properties: apiTokenSecretRef: - description: Okta API key. Okta API key. + description: |- + Okta API key. + Okta API key. properties: key: description: The key to select. @@ -85,119 +93,125 @@ spec: - namespace type: object baseUrl: - description: If set, will be used as the base domain for API requests. - Examples are okta.com, oktapreview.com, and okta-emea.com. If - set, will be used as the base domain for API requests. + description: |- + If set, will be used as the base domain for API requests. Examples are okta.com, + oktapreview.com, and okta-emea.com. + If set, will be used as the base domain for API requests. type: string mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. + The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string orgName: - description: Name of the organization to be used in the Okta API. + description: |- + Name of the organization to be used in the Okta API. Name of the organization to be used in the Okta API. type: string primaryEmail: - description: If set to true, the username will only match the - primary email for the account. If set to true, the username - will only match the primary email for the account. + description: |- + If set to true, the username will only match the + primary email for the account. + If set to true, the username will only match the primary email for the account. type: boolean usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: + description: |- A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". + If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: baseUrl: - description: If set, will be used as the base domain for API requests. - Examples are okta.com, oktapreview.com, and okta-emea.com. If - set, will be used as the base domain for API requests. + description: |- + If set, will be used as the base domain for API requests. Examples are okta.com, + oktapreview.com, and okta-emea.com. + If set, will be used as the base domain for API requests. type: string mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. + The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string orgName: - description: Name of the organization to be used in the Okta API. + description: |- + Name of the organization to be used in the Okta API. Name of the organization to be used in the Okta API. type: string primaryEmail: - description: If set to true, the username will only match the - primary email for the account. If set to true, the username - will only match the primary email for the account. + description: |- + If set to true, the username will only match the + primary email for the account. + If set to true, the username will only match the primary email for the account. type: boolean usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: + description: |- A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". + If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -210,9 +224,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -222,57 +237,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -282,17 +261,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -302,21 +283,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -331,21 +312,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -356,14 +338,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -400,47 +383,49 @@ spec: atProvider: properties: baseUrl: - description: If set, will be used as the base domain for API requests. - Examples are okta.com, oktapreview.com, and okta-emea.com. If - set, will be used as the base domain for API requests. + description: |- + If set, will be used as the base domain for API requests. Examples are okta.com, + oktapreview.com, and okta-emea.com. + If set, will be used as the base domain for API requests. type: string id: type: string mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. + The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string orgName: - description: Name of the organization to be used in the Okta API. + description: |- + Name of the organization to be used in the Okta API. Name of the organization to be used in the Okta API. type: string primaryEmail: - description: If set to true, the username will only match the - primary email for the account. If set to true, the username - will only match the primary email for the account. + description: |- + If set to true, the username will only match the + primary email for the account. + If set to true, the username will only match the primary email for the account. type: boolean usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: + description: |- A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". + If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object conditions: @@ -449,13 +434,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -466,8 +453,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -476,6 +464,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/mfa.vault.upbound.io_pingids.yaml b/package/crds/mfa.vault.upbound.io_pingids.yaml index e34f3731..8ca5ffb2 100644 --- a/package/crds/mfa.vault.upbound.io_pingids.yaml +++ b/package/crds/mfa.vault.upbound.io_pingids.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: pingids.mfa.vault.upbound.io spec: group: mfa.vault.upbound.io @@ -38,14 +38,19 @@ spec: method configuration properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,101 +74,103 @@ spec: forProvider: properties: mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. + The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string settingsFileBase64: - description: A base64-encoded third-party settings file retrieved - from PingID's configuration page. A base64-encoded third-party - settings file retrieved from PingID's configuration page. + description: |- + A base64-encoded third-party settings file retrieved + from PingID's configuration page. + A base64-encoded third-party settings file retrieved from PingID's configuration page. type: string usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: + description: |- A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". + If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. + The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string settingsFileBase64: - description: A base64-encoded third-party settings file retrieved - from PingID's configuration page. A base64-encoded third-party - settings file retrieved from PingID's configuration page. + description: |- + A base64-encoded third-party settings file retrieved + from PingID's configuration page. + A base64-encoded third-party settings file retrieved from PingID's configuration page. type: string usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: + description: |- A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". + If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -175,9 +183,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -187,57 +196,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -247,17 +220,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -267,21 +242,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -296,21 +271,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -321,14 +297,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -362,68 +339,74 @@ spec: atProvider: properties: adminUrl: - description: (string) – Admin URL computed by Vault Admin URL - computed by Vault. + description: |- + (string) – Admin URL computed by Vault + Admin URL computed by Vault. type: string authenticatorUrl: - description: (string) – Authenticator URL computed by Vault Authenticator - URL computed by Vault. + description: |- + (string) – Authenticator URL computed by Vault + Authenticator URL computed by Vault. type: string id: description: (string) – ID computed by Vault type: string idpUrl: - description: (string) – IDP URL computed by Vault IDP URL computed - by Vault. + description: |- + (string) – IDP URL computed by Vault + IDP URL computed by Vault. type: string mountAccessor: - description: The mount to tie this method to for use in automatic - mappings. The mapping will use the Name field of Aliases associated - with this mount as the username in the mapping. The mount to - tie this method to for use in automatic mappings. The mapping - will use the Name field of Aliases associated with this mount - as the username in the mapping. + description: |- + The mount to tie this method to for use in automatic mappings. + The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. + The mount to tie this method to for use in automatic mappings. The mapping will use the Name field of Aliases associated with this mount as the username in the mapping. type: string name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string namespaceId: - description: (string) – Namespace ID computed by Vault Namespace - ID computed by Vault. + description: |- + (string) – Namespace ID computed by Vault + Namespace ID computed by Vault. type: string orgAlias: - description: (string) – Org Alias computed by Vault Org Alias - computed by Vault. + description: |- + (string) – Org Alias computed by Vault + Org Alias computed by Vault. type: string settingsFileBase64: - description: A base64-encoded third-party settings file retrieved - from PingID's configuration page. A base64-encoded third-party - settings file retrieved from PingID's configuration page. + description: |- + A base64-encoded third-party settings file retrieved + from PingID's configuration page. + A base64-encoded third-party settings file retrieved from PingID's configuration page. type: string type: - description: (string) – Type of configuration computed by Vault + description: |- + (string) – Type of configuration computed by Vault Type of configuration computed by Vault. type: string useSignature: - description: (string) – If set to true, enables use of PingID - signature. Computed by Vault If set, enables use of PingID signature. - Computed by Vault + description: |- + (string) – If set to true, enables use of PingID signature. Computed by Vault + If set, enables use of PingID signature. Computed by Vault type: boolean usernameFormat: - description: 'A format string for mapping Identity names to MFA - method names. Values to substitute should be placed in {{}}. - For example, "{{alias.name}}@example.com". If blank, the Alias''s - Name field will be used as-is. Currently-supported mappings: + description: |- A format string for mapping Identity names to MFA method names. - Values to substitute should be placed in `{{}}`.' + Values to substitute should be placed in {{}}. For example, "{{alias.name}}@example.com". + If blank, the Alias's Name field will be used as-is. Currently-supported mappings: + A format string for mapping Identity names to MFA method names. Values to substitute should be placed in `{{}}`. type: string type: object conditions: @@ -432,13 +415,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -449,8 +434,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -459,6 +445,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/mfa.vault.upbound.io_totps.yaml b/package/crds/mfa.vault.upbound.io_totps.yaml index f71c442e..0412169a 100644 --- a/package/crds/mfa.vault.upbound.io_totps.yaml +++ b/package/crds/mfa.vault.upbound.io_totps.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: totps.mfa.vault.upbound.io spec: group: mfa.vault.upbound.io @@ -38,14 +38,19 @@ spec: configuration properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,127 +74,141 @@ spec: forProvider: properties: algorithm: - description: Specifies the hashing algorithm used to generate - the TOTP code. Options include SHA1, SHA256 and SHA512 Specifies - the hashing algorithm used to generate the TOTP code. Options - include 'SHA1', 'SHA256' and 'SHA512'. + description: |- + Specifies the hashing algorithm used to generate the TOTP code. + Options include SHA1, SHA256 and SHA512 + Specifies the hashing algorithm used to generate the TOTP code. Options include 'SHA1', 'SHA256' and 'SHA512'. type: string digits: - description: The number of digits in the generated TOTP token. - This value can either be 6 or 8. The number of digits in the - generated TOTP token. This value can either be 6 or 8. + description: |- + The number of digits in the generated TOTP token. + This value can either be 6 or 8. + The number of digits in the generated TOTP token. This value can either be 6 or 8. type: number issuer: - description: The name of the key's issuing organization. The name - of the key's issuing organization. + description: |- + The name of the key's issuing organization. + The name of the key's issuing organization. type: string keySize: - description: Specifies the size in bytes of the generated key. + description: |- + Specifies the size in bytes of the generated key. Specifies the size in bytes of the generated key. type: number name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string period: - description: The length of time used to generate a counter for - the TOTP token calculation. The length of time used to generate - a counter for the TOTP token calculation. + description: |- + The length of time used to generate a counter for the TOTP token calculation. + The length of time used to generate a counter for the TOTP token calculation. type: number qrSize: - description: The pixel size of the generated square QR code. The - pixel size of the generated square QR code. + description: |- + The pixel size of the generated square QR code. + The pixel size of the generated square QR code. type: number skew: - description: The number of delay periods that are allowed when - validating a TOTP token. This value can either be 0 or 1. The - number of delay periods that are allowed when validating a TOTP - token. This value can either be 0 or 1. + description: |- + The number of delay periods that are allowed when validating a TOTP token. + This value can either be 0 or 1. + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: algorithm: - description: Specifies the hashing algorithm used to generate - the TOTP code. Options include SHA1, SHA256 and SHA512 Specifies - the hashing algorithm used to generate the TOTP code. Options - include 'SHA1', 'SHA256' and 'SHA512'. + description: |- + Specifies the hashing algorithm used to generate the TOTP code. + Options include SHA1, SHA256 and SHA512 + Specifies the hashing algorithm used to generate the TOTP code. Options include 'SHA1', 'SHA256' and 'SHA512'. type: string digits: - description: The number of digits in the generated TOTP token. - This value can either be 6 or 8. The number of digits in the - generated TOTP token. This value can either be 6 or 8. + description: |- + The number of digits in the generated TOTP token. + This value can either be 6 or 8. + The number of digits in the generated TOTP token. This value can either be 6 or 8. type: number issuer: - description: The name of the key's issuing organization. The name - of the key's issuing organization. + description: |- + The name of the key's issuing organization. + The name of the key's issuing organization. type: string keySize: - description: Specifies the size in bytes of the generated key. + description: |- + Specifies the size in bytes of the generated key. Specifies the size in bytes of the generated key. type: number name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string period: - description: The length of time used to generate a counter for - the TOTP token calculation. The length of time used to generate - a counter for the TOTP token calculation. + description: |- + The length of time used to generate a counter for the TOTP token calculation. + The length of time used to generate a counter for the TOTP token calculation. type: number qrSize: - description: The pixel size of the generated square QR code. The - pixel size of the generated square QR code. + description: |- + The pixel size of the generated square QR code. + The pixel size of the generated square QR code. type: number skew: - description: The number of delay periods that are allowed when - validating a TOTP token. This value can either be 0 or 1. The - number of delay periods that are allowed when validating a TOTP - token. This value can either be 0 or 1. + description: |- + The number of delay periods that are allowed when validating a TOTP token. + This value can either be 0 or 1. + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -201,9 +221,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -213,57 +234,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -273,17 +258,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -293,21 +280,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -322,21 +309,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -347,14 +335,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -384,51 +373,57 @@ spec: atProvider: properties: algorithm: - description: Specifies the hashing algorithm used to generate - the TOTP code. Options include SHA1, SHA256 and SHA512 Specifies - the hashing algorithm used to generate the TOTP code. Options - include 'SHA1', 'SHA256' and 'SHA512'. + description: |- + Specifies the hashing algorithm used to generate the TOTP code. + Options include SHA1, SHA256 and SHA512 + Specifies the hashing algorithm used to generate the TOTP code. Options include 'SHA1', 'SHA256' and 'SHA512'. type: string digits: - description: The number of digits in the generated TOTP token. - This value can either be 6 or 8. The number of digits in the - generated TOTP token. This value can either be 6 or 8. + description: |- + The number of digits in the generated TOTP token. + This value can either be 6 or 8. + The number of digits in the generated TOTP token. This value can either be 6 or 8. type: number id: type: string issuer: - description: The name of the key's issuing organization. The name - of the key's issuing organization. + description: |- + The name of the key's issuing organization. + The name of the key's issuing organization. type: string keySize: - description: Specifies the size in bytes of the generated key. + description: |- + Specifies the size in bytes of the generated key. Specifies the size in bytes of the generated key. type: number name: - description: '(string: ) – Name of the MFA method. Name - of the MFA method.' + description: |- + (string: ) – Name of the MFA method. + Name of the MFA method. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string period: - description: The length of time used to generate a counter for - the TOTP token calculation. The length of time used to generate - a counter for the TOTP token calculation. + description: |- + The length of time used to generate a counter for the TOTP token calculation. + The length of time used to generate a counter for the TOTP token calculation. type: number qrSize: - description: The pixel size of the generated square QR code. The - pixel size of the generated square QR code. + description: |- + The pixel size of the generated square QR code. + The pixel size of the generated square QR code. type: number skew: - description: The number of delay periods that are allowed when - validating a TOTP token. This value can either be 0 or 1. The - number of delay periods that are allowed when validating a TOTP - token. This value can either be 0 or 1. + description: |- + The number of delay periods that are allowed when validating a TOTP token. + This value can either be 0 or 1. + The number of delay periods that are allowed when validating a TOTP token. This value can either be 0 or 1. type: number type: object conditions: @@ -437,13 +432,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -454,8 +451,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -464,6 +462,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/mongodbatlas.vault.upbound.io_secretbackends.yaml b/package/crds/mongodbatlas.vault.upbound.io_secretbackends.yaml index 396e4c54..d7d2ce92 100644 --- a/package/crds/mongodbatlas.vault.upbound.io_secretbackends.yaml +++ b/package/crds/mongodbatlas.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.mongodbatlas.vault.upbound.io spec: group: mongodbatlas.vault.upbound.io @@ -38,14 +38,19 @@ spec: a MongoDB Atlas secret backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,79 +74,85 @@ spec: forProvider: properties: mount: - description: Path where the MongoDB Atlas Secrets Engine is mounted. + description: |- + Path where the MongoDB Atlas Secrets Engine is mounted. Path where MongoDB Atlas secret backend is mounted type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string privateKey: - description: Specifies the Private API Key used to authenticate - with the MongoDB Atlas API. The Private Programmatic API Key - used to connect with MongoDB Atlas API + description: |- + Specifies the Private API Key used to authenticate with the MongoDB Atlas API. + The Private Programmatic API Key used to connect with MongoDB Atlas API type: string publicKey: - description: Specifies the Public API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API Key - used to authenticate with the MongoDB Atlas API + description: |- + Specifies the Public API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: mount: - description: Path where the MongoDB Atlas Secrets Engine is mounted. + description: |- + Path where the MongoDB Atlas Secrets Engine is mounted. Path where MongoDB Atlas secret backend is mounted type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string privateKey: - description: Specifies the Private API Key used to authenticate - with the MongoDB Atlas API. The Private Programmatic API Key - used to connect with MongoDB Atlas API + description: |- + Specifies the Private API Key used to authenticate with the MongoDB Atlas API. + The Private Programmatic API Key used to connect with MongoDB Atlas API type: string publicKey: - description: Specifies the Public API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API Key - used to authenticate with the MongoDB Atlas API + description: |- + Specifies the Public API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -153,9 +165,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -165,57 +178,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -225,17 +202,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -245,21 +224,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -274,21 +253,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -299,14 +279,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -342,28 +323,30 @@ spec: id: type: string mount: - description: Path where the MongoDB Atlas Secrets Engine is mounted. + description: |- + Path where the MongoDB Atlas Secrets Engine is mounted. Path where MongoDB Atlas secret backend is mounted type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: description: Path where MongoDB Atlas configuration is located type: string privateKey: - description: Specifies the Private API Key used to authenticate - with the MongoDB Atlas API. The Private Programmatic API Key - used to connect with MongoDB Atlas API + description: |- + Specifies the Private API Key used to authenticate with the MongoDB Atlas API. + The Private Programmatic API Key used to connect with MongoDB Atlas API type: string publicKey: - description: Specifies the Public API Key used to authenticate - with the MongoDB Atlas API. The Public Programmatic API Key - used to authenticate with the MongoDB Atlas API + description: |- + Specifies the Public API Key used to authenticate with the MongoDB Atlas API. + The Public Programmatic API Key used to authenticate with the MongoDB Atlas API type: string type: object conditions: @@ -372,13 +355,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -389,8 +374,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -399,6 +385,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/mongodbatlas.vault.upbound.io_secretroles.yaml b/package/crds/mongodbatlas.vault.upbound.io_secretroles.yaml index 38711200..f3e93e54 100644 --- a/package/crds/mongodbatlas.vault.upbound.io_secretroles.yaml +++ b/package/crds/mongodbatlas.vault.upbound.io_secretroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretroles.mongodbatlas.vault.upbound.io spec: group: mongodbatlas.vault.upbound.io @@ -38,14 +38,19 @@ spec: for the MongoDB Atlas Secret Engine in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,157 +74,175 @@ spec: forProvider: properties: cidrBlocks: - description: Whitelist entry in CIDR notation to be added for - the API key. Whitelist entry in CIDR notation to be added for - the API key + description: |- + Whitelist entry in CIDR notation to be added for the API key. + Whitelist entry in CIDR notation to be added for the API key items: type: string type: array ipAddresses: - description: IP address to be added to the whitelist for the API - key. IP address to be added to the whitelist for the API key + description: |- + IP address to be added to the whitelist for the API key. + IP address to be added to the whitelist for the API key items: type: string type: array maxTtl: - description: The maximum allowed lifetime of credentials issued - using this role. The maximum allowed lifetime of credentials - issued using this role + description: |- + The maximum allowed lifetime of credentials issued using this role. + The maximum allowed lifetime of credentials issued using this role type: string mount: - description: Path where the MongoDB Atlas Secrets Engine is mounted. + description: |- + Path where the MongoDB Atlas Secrets Engine is mounted. Path where MongoDB Atlas secret backend is mounted type: string name: - description: The name of the role. Name of the role + description: |- + The name of the role. + Name of the role type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organizationId: - description: Unique identifier for the organization to which the - target API Key belongs. Required if project_id is not set. ID - for the organization to which the target API Key belongs + description: |- + Unique identifier for the organization to which the target API Key belongs. + Required if project_id is not set. + ID for the organization to which the target API Key belongs type: string projectId: - description: Unique identifier for the project to which the target - API Key belongs. Required if organization_id is not set. ID - for the project to which the target API Key belongs + description: |- + Unique identifier for the project to which the target API Key belongs. + Required if organization_id is not set. + ID for the project to which the target API Key belongs type: string projectRoles: - description: Roles assigned when an org API key is assigned to - a project API key. Roles assigned when an org API key is assigned - to a project API key + description: |- + Roles assigned when an org API key is assigned to a project API key. + Roles assigned when an org API key is assigned to a project API key items: type: string type: array roles: - description: List of roles that the API Key needs to have. List - of roles that the API Key needs to have + description: |- + List of roles that the API Key needs to have. + List of roles that the API Key needs to have items: type: string type: array ttl: - description: Duration in seconds after which the issued credential - should expire. Duration in seconds after which the issued credential - should expire + description: |- + Duration in seconds after which the issued credential should expire. + Duration in seconds after which the issued credential should expire type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: cidrBlocks: - description: Whitelist entry in CIDR notation to be added for - the API key. Whitelist entry in CIDR notation to be added for - the API key + description: |- + Whitelist entry in CIDR notation to be added for the API key. + Whitelist entry in CIDR notation to be added for the API key items: type: string type: array ipAddresses: - description: IP address to be added to the whitelist for the API - key. IP address to be added to the whitelist for the API key + description: |- + IP address to be added to the whitelist for the API key. + IP address to be added to the whitelist for the API key items: type: string type: array maxTtl: - description: The maximum allowed lifetime of credentials issued - using this role. The maximum allowed lifetime of credentials - issued using this role + description: |- + The maximum allowed lifetime of credentials issued using this role. + The maximum allowed lifetime of credentials issued using this role type: string mount: - description: Path where the MongoDB Atlas Secrets Engine is mounted. + description: |- + Path where the MongoDB Atlas Secrets Engine is mounted. Path where MongoDB Atlas secret backend is mounted type: string name: - description: The name of the role. Name of the role + description: |- + The name of the role. + Name of the role type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organizationId: - description: Unique identifier for the organization to which the - target API Key belongs. Required if project_id is not set. ID - for the organization to which the target API Key belongs + description: |- + Unique identifier for the organization to which the target API Key belongs. + Required if project_id is not set. + ID for the organization to which the target API Key belongs type: string projectId: - description: Unique identifier for the project to which the target - API Key belongs. Required if organization_id is not set. ID - for the project to which the target API Key belongs + description: |- + Unique identifier for the project to which the target API Key belongs. + Required if organization_id is not set. + ID for the project to which the target API Key belongs type: string projectRoles: - description: Roles assigned when an org API key is assigned to - a project API key. Roles assigned when an org API key is assigned - to a project API key + description: |- + Roles assigned when an org API key is assigned to a project API key. + Roles assigned when an org API key is assigned to a project API key items: type: string type: array roles: - description: List of roles that the API Key needs to have. List - of roles that the API Key needs to have + description: |- + List of roles that the API Key needs to have. + List of roles that the API Key needs to have items: type: string type: array ttl: - description: Duration in seconds after which the issued credential - should expire. Duration in seconds after which the issued credential - should expire + description: |- + Duration in seconds after which the issued credential should expire. + Duration in seconds after which the issued credential should expire type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -231,9 +255,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -243,57 +268,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -303,17 +292,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -323,21 +314,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -352,21 +343,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -377,14 +369,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -418,66 +411,74 @@ spec: atProvider: properties: cidrBlocks: - description: Whitelist entry in CIDR notation to be added for - the API key. Whitelist entry in CIDR notation to be added for - the API key + description: |- + Whitelist entry in CIDR notation to be added for the API key. + Whitelist entry in CIDR notation to be added for the API key items: type: string type: array id: type: string ipAddresses: - description: IP address to be added to the whitelist for the API - key. IP address to be added to the whitelist for the API key + description: |- + IP address to be added to the whitelist for the API key. + IP address to be added to the whitelist for the API key items: type: string type: array maxTtl: - description: The maximum allowed lifetime of credentials issued - using this role. The maximum allowed lifetime of credentials - issued using this role + description: |- + The maximum allowed lifetime of credentials issued using this role. + The maximum allowed lifetime of credentials issued using this role type: string mount: - description: Path where the MongoDB Atlas Secrets Engine is mounted. + description: |- + Path where the MongoDB Atlas Secrets Engine is mounted. Path where MongoDB Atlas secret backend is mounted type: string name: - description: The name of the role. Name of the role + description: |- + The name of the role. + Name of the role type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organizationId: - description: Unique identifier for the organization to which the - target API Key belongs. Required if project_id is not set. ID - for the organization to which the target API Key belongs + description: |- + Unique identifier for the organization to which the target API Key belongs. + Required if project_id is not set. + ID for the organization to which the target API Key belongs type: string projectId: - description: Unique identifier for the project to which the target - API Key belongs. Required if organization_id is not set. ID - for the project to which the target API Key belongs + description: |- + Unique identifier for the project to which the target API Key belongs. + Required if organization_id is not set. + ID for the project to which the target API Key belongs type: string projectRoles: - description: Roles assigned when an org API key is assigned to - a project API key. Roles assigned when an org API key is assigned - to a project API key + description: |- + Roles assigned when an org API key is assigned to a project API key. + Roles assigned when an org API key is assigned to a project API key items: type: string type: array roles: - description: List of roles that the API Key needs to have. List - of roles that the API Key needs to have + description: |- + List of roles that the API Key needs to have. + List of roles that the API Key needs to have items: type: string type: array ttl: - description: Duration in seconds after which the issued credential - should expire. Duration in seconds after which the issued credential - should expire + description: |- + Duration in seconds after which the issued credential should expire. + Duration in seconds after which the issued credential should expire type: string type: object conditions: @@ -486,13 +487,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -503,8 +506,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -513,6 +517,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/nomad.vault.upbound.io_secretbackends.yaml b/package/crds/nomad.vault.upbound.io_secretbackends.yaml index 65373628..722e396f 100644 --- a/package/crds/nomad.vault.upbound.io_secretbackends.yaml +++ b/package/crds/nomad.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.nomad.vault.upbound.io spec: group: nomad.vault.upbound.io @@ -38,14 +38,19 @@ spec: a Nomad secret backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,26 +74,27 @@ spec: forProvider: properties: address: - description: Specifies the address of the Nomad instance, provided - as "protocol://host:port" like "http://127.0.0.1:4646". Specifies - the address of the Nomad instance, provided as "protocol://host:port" - like "http://127.0.0.1:4646". + description: |- + Specifies the address of the Nomad instance, provided + as "protocol://host:port" like "http://127.0.0.1:4646". + Specifies the address of the Nomad instance, provided as "protocol://host:port" like "http://127.0.0.1:4646". type: string backend: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to nomad. The mount - path for the Nomad backend. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to nomad. + The mount path for the Nomad backend. type: string caCert: - description: CA certificate to use when verifying the Nomad server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying Nomad server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying the Nomad server certificate, must be + x509 PEM encoded. + CA certificate to use when verifying Nomad server certificate, must be x509 PEM encoded. type: string clientCertSecretRef: - description: Client certificate to provide to the Nomad server, - must be x509 PEM encoded. Client certificate used for Nomad's - TLS communication, must be x509 PEM encoded and if this is set - you need to also set client_key. + description: |- + Client certificate to provide to the Nomad server, must be x509 PEM encoded. + Client certificate used for Nomad's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_key. properties: key: description: The key to select. @@ -104,10 +111,9 @@ spec: - namespace type: object clientKeySecretRef: - description: Client certificate key to provide to the Nomad server, - must be x509 PEM encoded. Client key used for Nomad's TLS communication, - must be x509 PEM encoded and if this is set you need to also - set client_cert. + description: |- + Client certificate key to provide to the Nomad server, must be x509 PEM encoded. + Client key used for Nomad's TLS communication, must be x509 PEM encoded and if this is set you need to also set client_cert. properties: key: description: The key to select. @@ -124,53 +130,54 @@ spec: - namespace type: object defaultLeaseTtlSeconds: - description: Default lease duration for secrets in seconds. Default - lease duration for secrets in seconds. + description: |- + Default lease duration for secrets in seconds. + Default lease duration for secrets in seconds. type: number description: - description: Human-friendly description of the mount for the Active - Directory backend. Human-friendly description of the mount for - the backend. + description: |- + Human-friendly description of the mount for the Active Directory backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean local: - description: Mark the secrets engine as local-only. Local engines - are not replicated or removed by replication.Tolerance duration - to use when checking the last rotation time. Mark the secrets - engine as local-only. Local engines are not replicated or removed - by replication. Tolerance duration to use when checking the - last rotation time. + description: |- + Mark the secrets engine as local-only. Local engines are not replicated or removed by + replication.Tolerance duration to use when checking the last rotation time. + Mark the secrets engine as local-only. Local engines are not replicated or removed by replication. Tolerance duration to use when checking the last rotation time. type: boolean maxLeaseTtlSeconds: description: Maximum possible lease duration for secrets in seconds. type: number maxTokenNameLength: - description: Specifies the maximum length to use for the name - of the Nomad token generated with Generate Credential. If omitted, - 0 is used and ignored, defaulting to the max value allowed by - the Nomad version. Specifies the maximum length to use for the - name of the Nomad token generated with Generate Credential. - If omitted, 0 is used and ignored, defaulting to the max value - allowed by the Nomad version. + description: |- + Specifies the maximum length to use for the name of the Nomad token + generated with Generate Credential. If omitted, 0 is used and ignored, defaulting to the max value allowed + by the Nomad version. + Specifies the maximum length to use for the name of the Nomad token generated with Generate Credential. If omitted, 0 is used and ignored, defaulting to the max value allowed by the Nomad version. type: number maxTtl: - description: Maximum possible lease duration for secrets in seconds. + description: |- + Maximum possible lease duration for secrets in seconds. Maximum possible lease duration for secrets in seconds. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string tokenSecretRef: - description: Specifies the Nomad Management token to use. Specifies - the Nomad Management token to use. + description: |- + Specifies the Nomad Management token to use. + Specifies the Nomad Management token to use. properties: key: description: The key to select. @@ -187,106 +194,112 @@ spec: - namespace type: object ttl: - description: Specifies the ttl of the lease for the generated - token. Maximum possible lease duration for secrets in seconds. + description: |- + Specifies the ttl of the lease for the generated token. + Maximum possible lease duration for secrets in seconds. type: number type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: address: - description: Specifies the address of the Nomad instance, provided - as "protocol://host:port" like "http://127.0.0.1:4646". Specifies - the address of the Nomad instance, provided as "protocol://host:port" - like "http://127.0.0.1:4646". + description: |- + Specifies the address of the Nomad instance, provided + as "protocol://host:port" like "http://127.0.0.1:4646". + Specifies the address of the Nomad instance, provided as "protocol://host:port" like "http://127.0.0.1:4646". type: string backend: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to nomad. The mount - path for the Nomad backend. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to nomad. + The mount path for the Nomad backend. type: string caCert: - description: CA certificate to use when verifying the Nomad server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying Nomad server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying the Nomad server certificate, must be + x509 PEM encoded. + CA certificate to use when verifying Nomad server certificate, must be x509 PEM encoded. type: string defaultLeaseTtlSeconds: - description: Default lease duration for secrets in seconds. Default - lease duration for secrets in seconds. + description: |- + Default lease duration for secrets in seconds. + Default lease duration for secrets in seconds. type: number description: - description: Human-friendly description of the mount for the Active - Directory backend. Human-friendly description of the mount for - the backend. + description: |- + Human-friendly description of the mount for the Active Directory backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean local: - description: Mark the secrets engine as local-only. Local engines - are not replicated or removed by replication.Tolerance duration - to use when checking the last rotation time. Mark the secrets - engine as local-only. Local engines are not replicated or removed - by replication. Tolerance duration to use when checking the - last rotation time. + description: |- + Mark the secrets engine as local-only. Local engines are not replicated or removed by + replication.Tolerance duration to use when checking the last rotation time. + Mark the secrets engine as local-only. Local engines are not replicated or removed by replication. Tolerance duration to use when checking the last rotation time. type: boolean maxLeaseTtlSeconds: description: Maximum possible lease duration for secrets in seconds. type: number maxTokenNameLength: - description: Specifies the maximum length to use for the name - of the Nomad token generated with Generate Credential. If omitted, - 0 is used and ignored, defaulting to the max value allowed by - the Nomad version. Specifies the maximum length to use for the - name of the Nomad token generated with Generate Credential. - If omitted, 0 is used and ignored, defaulting to the max value - allowed by the Nomad version. + description: |- + Specifies the maximum length to use for the name of the Nomad token + generated with Generate Credential. If omitted, 0 is used and ignored, defaulting to the max value allowed + by the Nomad version. + Specifies the maximum length to use for the name of the Nomad token generated with Generate Credential. If omitted, 0 is used and ignored, defaulting to the max value allowed by the Nomad version. type: number maxTtl: - description: Maximum possible lease duration for secrets in seconds. + description: |- + Maximum possible lease duration for secrets in seconds. Maximum possible lease duration for secrets in seconds. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string ttl: - description: Specifies the ttl of the lease for the generated - token. Maximum possible lease duration for secrets in seconds. + description: |- + Specifies the ttl of the lease for the generated token. + Maximum possible lease duration for secrets in seconds. type: number type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -299,9 +312,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -311,57 +325,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -371,17 +349,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -391,21 +371,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -420,21 +400,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -445,14 +426,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -473,71 +455,74 @@ spec: atProvider: properties: address: - description: Specifies the address of the Nomad instance, provided - as "protocol://host:port" like "http://127.0.0.1:4646". Specifies - the address of the Nomad instance, provided as "protocol://host:port" - like "http://127.0.0.1:4646". + description: |- + Specifies the address of the Nomad instance, provided + as "protocol://host:port" like "http://127.0.0.1:4646". + Specifies the address of the Nomad instance, provided as "protocol://host:port" like "http://127.0.0.1:4646". type: string backend: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to nomad. The mount - path for the Nomad backend. + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to nomad. + The mount path for the Nomad backend. type: string caCert: - description: CA certificate to use when verifying the Nomad server - certificate, must be x509 PEM encoded. CA certificate to use - when verifying Nomad server certificate, must be x509 PEM encoded. + description: |- + CA certificate to use when verifying the Nomad server certificate, must be + x509 PEM encoded. + CA certificate to use when verifying Nomad server certificate, must be x509 PEM encoded. type: string defaultLeaseTtlSeconds: - description: Default lease duration for secrets in seconds. Default - lease duration for secrets in seconds. + description: |- + Default lease duration for secrets in seconds. + Default lease duration for secrets in seconds. type: number description: - description: Human-friendly description of the mount for the Active - Directory backend. Human-friendly description of the mount for - the backend. + description: |- + Human-friendly description of the mount for the Active Directory backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean id: type: string local: - description: Mark the secrets engine as local-only. Local engines - are not replicated or removed by replication.Tolerance duration - to use when checking the last rotation time. Mark the secrets - engine as local-only. Local engines are not replicated or removed - by replication. Tolerance duration to use when checking the - last rotation time. + description: |- + Mark the secrets engine as local-only. Local engines are not replicated or removed by + replication.Tolerance duration to use when checking the last rotation time. + Mark the secrets engine as local-only. Local engines are not replicated or removed by replication. Tolerance duration to use when checking the last rotation time. type: boolean maxLeaseTtlSeconds: description: Maximum possible lease duration for secrets in seconds. type: number maxTokenNameLength: - description: Specifies the maximum length to use for the name - of the Nomad token generated with Generate Credential. If omitted, - 0 is used and ignored, defaulting to the max value allowed by - the Nomad version. Specifies the maximum length to use for the - name of the Nomad token generated with Generate Credential. - If omitted, 0 is used and ignored, defaulting to the max value - allowed by the Nomad version. + description: |- + Specifies the maximum length to use for the name of the Nomad token + generated with Generate Credential. If omitted, 0 is used and ignored, defaulting to the max value allowed + by the Nomad version. + Specifies the maximum length to use for the name of the Nomad token generated with Generate Credential. If omitted, 0 is used and ignored, defaulting to the max value allowed by the Nomad version. type: number maxTtl: - description: Maximum possible lease duration for secrets in seconds. + description: |- + Maximum possible lease duration for secrets in seconds. Maximum possible lease duration for secrets in seconds. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string ttl: - description: Specifies the ttl of the lease for the generated - token. Maximum possible lease duration for secrets in seconds. + description: |- + Specifies the ttl of the lease for the generated token. + Maximum possible lease duration for secrets in seconds. type: number type: object conditions: @@ -546,13 +531,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -563,8 +550,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -573,6 +561,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/nomad.vault.upbound.io_secretroles.yaml b/package/crds/nomad.vault.upbound.io_secretroles.yaml index 4a3c9fe5..4145324a 100644 --- a/package/crds/nomad.vault.upbound.io_secretroles.yaml +++ b/package/crds/nomad.vault.upbound.io_secretroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretroles.nomad.vault.upbound.io spec: group: nomad.vault.upbound.io @@ -38,14 +38,19 @@ spec: role. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,103 +74,117 @@ spec: forProvider: properties: backend: - description: The unique path this backend should be mounted at. + description: |- + The unique path this backend should be mounted at. The mount path for the Nomad backend. type: string global: - description: Specifies if the generated token should be global. - Defaults to false. Specifies if the token should be global. + description: |- + Specifies if the generated token should be global. Defaults to + false. + Specifies if the token should be global. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies attached to the generated token. - This setting is only used when type is 'client'. Comma separated - list of Nomad policies the token is going to be created against. - These need to be created beforehand in Nomad. + description: |- + List of policies attached to the generated token. This setting is only used + when type is 'client'. + Comma separated list of Nomad policies the token is going to be created against. These need to be created beforehand in Nomad. items: type: string type: array role: - description: The name to identify this role within the backend. - Must be unique within the backend. Name of the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Name of the role. type: string type: - description: Specifies the type of token to create when using - this role. Valid settings are 'client' and 'management'. Defaults - to 'client'. Specifies the type of token to create when using - this role. Valid values are "client" or "management". + description: |- + Specifies the type of token to create when using this role. Valid + settings are 'client' and 'management'. Defaults to 'client'. + Specifies the type of token to create when using this role. Valid values are "client" or "management". type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The unique path this backend should be mounted at. + description: |- + The unique path this backend should be mounted at. The mount path for the Nomad backend. type: string global: - description: Specifies if the generated token should be global. - Defaults to false. Specifies if the token should be global. + description: |- + Specifies if the generated token should be global. Defaults to + false. + Specifies if the token should be global. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies attached to the generated token. - This setting is only used when type is 'client'. Comma separated - list of Nomad policies the token is going to be created against. - These need to be created beforehand in Nomad. + description: |- + List of policies attached to the generated token. This setting is only used + when type is 'client'. + Comma separated list of Nomad policies the token is going to be created against. These need to be created beforehand in Nomad. items: type: string type: array role: - description: The name to identify this role within the backend. - Must be unique within the backend. Name of the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Name of the role. type: string type: - description: Specifies the type of token to create when using - this role. Valid settings are 'client' and 'management'. Defaults - to 'client'. Specifies the type of token to create when using - this role. Valid values are "client" or "management". + description: |- + Specifies the type of token to create when using this role. Valid + settings are 'client' and 'management'. Defaults to 'client'. + Specifies the type of token to create when using this role. Valid values are "client" or "management". type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -177,9 +197,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -189,57 +210,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -249,17 +234,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -269,21 +256,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -298,21 +285,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -323,14 +311,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -360,39 +349,45 @@ spec: atProvider: properties: backend: - description: The unique path this backend should be mounted at. + description: |- + The unique path this backend should be mounted at. The mount path for the Nomad backend. type: string global: - description: Specifies if the generated token should be global. - Defaults to false. Specifies if the token should be global. + description: |- + Specifies if the generated token should be global. Defaults to + false. + Specifies if the token should be global. type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policies: - description: List of policies attached to the generated token. - This setting is only used when type is 'client'. Comma separated - list of Nomad policies the token is going to be created against. - These need to be created beforehand in Nomad. + description: |- + List of policies attached to the generated token. This setting is only used + when type is 'client'. + Comma separated list of Nomad policies the token is going to be created against. These need to be created beforehand in Nomad. items: type: string type: array role: - description: The name to identify this role within the backend. - Must be unique within the backend. Name of the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Name of the role. type: string type: - description: Specifies the type of token to create when using - this role. Valid settings are 'client' and 'management'. Defaults - to 'client'. Specifies the type of token to create when using - this role. Valid values are "client" or "management". + description: |- + Specifies the type of token to create when using this role. Valid + settings are 'client' and 'management'. Defaults to 'client'. + Specifies the type of token to create when using this role. Valid values are "client" or "management". type: string type: object conditions: @@ -401,13 +396,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -418,8 +415,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -428,6 +426,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/okta.vault.upbound.io_authbackendgroups.yaml b/package/crds/okta.vault.upbound.io_authbackendgroups.yaml index e89bf55a..1b9af9e9 100644 --- a/package/crds/okta.vault.upbound.io_authbackendgroups.yaml +++ b/package/crds/okta.vault.upbound.io_authbackendgroups.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendgroups.okta.vault.upbound.io spec: group: okta.vault.upbound.io @@ -38,14 +38,19 @@ spec: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -83,17 +89,18 @@ spec: type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: groupName: description: Name of the Okta group @@ -113,20 +120,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -139,9 +147,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -151,57 +160,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -211,17 +184,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -231,21 +206,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -260,21 +235,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -285,14 +261,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -344,13 +321,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -361,8 +340,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -371,6 +351,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/okta.vault.upbound.io_authbackends.yaml b/package/crds/okta.vault.upbound.io_authbackends.yaml index 4fdc1224..ca5b5922 100644 --- a/package/crds/okta.vault.upbound.io_authbackends.yaml +++ b/package/crds/okta.vault.upbound.io_authbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackends.okta.vault.upbound.io spec: group: okta.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: AuthBackend is the Schema for the AuthBackends API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -145,17 +151,18 @@ spec: type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: baseUrl: description: 'The Okta url. Examples: oktapreview.com, okta.com @@ -219,20 +226,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -245,9 +253,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -257,57 +266,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -317,17 +290,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -337,21 +312,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -366,21 +341,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -391,14 +367,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -493,13 +470,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -510,8 +489,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -520,6 +500,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/okta.vault.upbound.io_authbackendusers.yaml b/package/crds/okta.vault.upbound.io_authbackendusers.yaml index cde69c8d..ae51894e 100644 --- a/package/crds/okta.vault.upbound.io_authbackendusers.yaml +++ b/package/crds/okta.vault.upbound.io_authbackendusers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendusers.okta.vault.upbound.io spec: group: okta.vault.upbound.io @@ -38,14 +38,19 @@ spec: value> properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -89,17 +95,18 @@ spec: type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: groups: description: Groups within the Okta auth backend to associate @@ -125,20 +132,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -151,9 +159,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -163,57 +172,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -223,17 +196,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -243,21 +218,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -272,21 +247,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -297,14 +273,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -362,13 +339,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -379,8 +358,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -389,6 +369,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/password.vault.upbound.io_policies.yaml b/package/crds/password.vault.upbound.io_policies.yaml index 0b600eeb..2273b34d 100644 --- a/package/crds/password.vault.upbound.io_policies.yaml +++ b/package/crds/password.vault.upbound.io_policies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: policies.password.vault.upbound.io spec: group: password.vault.upbound.io @@ -38,14 +38,19 @@ spec: for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,67 +74,75 @@ spec: forProvider: properties: name: - description: The name of the password policy. Name of the password - policy. + description: |- + The name of the password policy. + Name of the password policy. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a password policy. The password - policy document + description: |- + String containing a password policy. + The password policy document type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: name: - description: The name of the password policy. Name of the password - policy. + description: |- + The name of the password policy. + Name of the password policy. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a password policy. The password - policy document + description: |- + String containing a password policy. + The password policy document type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -141,9 +155,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -153,57 +168,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -213,17 +192,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -233,21 +214,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -262,21 +243,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -287,14 +269,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -326,19 +309,22 @@ spec: id: type: string name: - description: The name of the password policy. Name of the password - policy. + description: |- + The name of the password policy. + Name of the password policy. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a password policy. The password - policy document + description: |- + String containing a password policy. + The password policy document type: string type: object conditions: @@ -347,13 +333,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -364,8 +352,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -374,6 +363,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendcerts.yaml b/package/crds/pki.vault.upbound.io_secretbackendcerts.yaml index f2c26dc7..ad53669f 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendcerts.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendcerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendcerts.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: Generate an PKI certificate. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,33 +74,41 @@ spec: forProvider: properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array autoRenew: - description: If set to true, certs will be renewed if the expiration - is within min_seconds_remaining. Default false If enabled, a - new certificate will be generated if the expiration is within - min_seconds_remaining + description: |- + If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false + If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining type: boolean backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of certificate to create CN of the certificate - to create. + description: |- + CN of certificate to create + CN of the certificate to create. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array @@ -102,89 +116,110 @@ spec: description: Specifies the default issuer of this request. type: string minSecondsRemaining: - description: Generate a new certificate when the expiration is - within this number of seconds, default is 604800 (7 days) Generate - a new certificate when the expiration is within this number - of seconds + description: |- + Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days) + Generate a new certificate when the expiration is within this number of seconds type: number name: - description: Name of the role to create the certificate against + description: |- + Name of the role to create the certificate against Name of the role to create the certificate against. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string revoke: - description: If set to true, the certificate will be revoked on - resource destruction. Revoke the certificate upon resource destruction. + description: |- + If set to true, the certificate will be revoked on resource destruction. + Revoke the certificate upon resource destruction. type: boolean ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array userIds: - description: List of Subject User IDs List of Subject User IDs. + description: |- + List of Subject User IDs + List of Subject User IDs. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array autoRenew: - description: If set to true, certs will be renewed if the expiration - is within min_seconds_remaining. Default false If enabled, a - new certificate will be generated if the expiration is within - min_seconds_remaining + description: |- + If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false + If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining type: boolean backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of certificate to create CN of the certificate - to create. + description: |- + CN of certificate to create + CN of the certificate to create. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array @@ -192,44 +227,56 @@ spec: description: Specifies the default issuer of this request. type: string minSecondsRemaining: - description: Generate a new certificate when the expiration is - within this number of seconds, default is 604800 (7 days) Generate - a new certificate when the expiration is within this number - of seconds + description: |- + Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days) + Generate a new certificate when the expiration is within this number of seconds type: number name: - description: Name of the role to create the certificate against + description: |- + Name of the role to create the certificate against Name of the role to create the certificate against. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string revoke: - description: If set to true, the certificate will be revoked on - resource destruction. Revoke the certificate upon resource destruction. + description: |- + If set to true, the certificate will be revoked on resource destruction. + Revoke the certificate upon resource destruction. type: boolean ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array userIds: - description: List of Subject User IDs List of Subject User IDs. + description: |- + List of Subject User IDs + List of Subject User IDs. items: type: string type: array @@ -237,20 +284,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -263,9 +311,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -275,57 +324,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -335,17 +348,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -355,21 +370,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -384,21 +399,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -409,14 +425,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -450,45 +467,58 @@ spec: atProvider: properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array autoRenew: - description: If set to true, certs will be renewed if the expiration - is within min_seconds_remaining. Default false If enabled, a - new certificate will be generated if the expiration is within - min_seconds_remaining + description: |- + If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false + If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining type: boolean backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string caChain: - description: The CA chain The CA chain. + description: |- + The CA chain + The CA chain. type: string certificate: - description: The certificate The certicate. + description: |- + The certificate + The certicate. type: string commonName: - description: CN of certificate to create CN of the certificate - to create. + description: |- + CN of certificate to create + CN of the certificate to create. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean expiration: - description: The expiration date of the certificate in unix epoch - format The certificate expiration as a Unix-style timestamp. + description: |- + The expiration date of the certificate in unix epoch format + The certificate expiration as a Unix-style timestamp. type: number format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string id: type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array @@ -496,61 +526,76 @@ spec: description: Specifies the default issuer of this request. type: string issuingCa: - description: The issuing CA The issuing CA. + description: |- + The issuing CA + The issuing CA. type: string minSecondsRemaining: - description: Generate a new certificate when the expiration is - within this number of seconds, default is 604800 (7 days) Generate - a new certificate when the expiration is within this number - of seconds + description: |- + Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days) + Generate a new certificate when the expiration is within this number of seconds type: number name: - description: Name of the role to create the certificate against + description: |- + Name of the role to create the certificate against Name of the role to create the certificate against. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string privateKeyType: - description: The private key type The private key type. + description: |- + The private key type + The private key type. type: string renewPending: - description: true if the current time (during refresh) is after - the start of the early renewal window declared by min_seconds_remaining, - and false otherwise; if auto_renew is set to true then the provider - will plan to replace the certificate once renewal is pending. - Initially false, and then set to true during refresh once the - expiration is less than min_seconds_remaining in the future. + description: |- + true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending. + Initially false, and then set to true during refresh once the expiration is less than min_seconds_remaining in the future. type: boolean revoke: - description: If set to true, the certificate will be revoked on - resource destruction. Revoke the certificate upon resource destruction. + description: |- + If set to true, the certificate will be revoked on resource destruction. + Revoke the certificate upon resource destruction. type: boolean serialNumber: - description: The serial number The serial number. + description: |- + The serial number + The serial number. type: string ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array userIds: - description: List of Subject User IDs List of Subject User IDs. + description: |- + List of Subject User IDs + List of Subject User IDs. items: type: string type: array @@ -561,13 +606,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -578,8 +625,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -588,6 +636,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendconfigcas.yaml b/package/crds/pki.vault.upbound.io_secretbackendconfigcas.yaml index 5d7b9aaa..3f2985a7 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendconfigcas.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendconfigcas.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendconfigcas.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Submit the CA information to PKI. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,19 +74,22 @@ spec: forProvider: properties: backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pemBundleSecretRef: - description: The key and certificate PEM bundle The key and certificate - PEM bundle. + description: |- + The key and certificate PEM bundle + The key and certificate PEM bundle. properties: key: description: The key to select. @@ -98,47 +107,51 @@ spec: type: object type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -151,9 +164,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -163,57 +177,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -223,17 +201,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -243,21 +223,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -272,21 +252,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -297,14 +278,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -334,17 +316,19 @@ spec: atProvider: properties: backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -353,13 +337,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -370,8 +356,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -380,6 +367,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendconfigurls.yaml b/package/crds/pki.vault.upbound.io_secretbackendconfigurls.yaml index a910d047..c22a9b5b 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendconfigurls.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendconfigurls.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendconfigurls.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Sets the config URL's on an PKI Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -69,79 +75,84 @@ spec: forProvider: properties: backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string crlDistributionPoints: - description: Specifies the URL values for the CRL Distribution - Points field. Specifies the URL values for the CRL Distribution - Points field. + description: |- + Specifies the URL values for the CRL Distribution Points field. + Specifies the URL values for the CRL Distribution Points field. items: type: string type: array issuingCertificates: - description: Specifies the URL values for the Issuing Certificate - field. Specifies the URL values for the Issuing Certificate - field. + description: |- + Specifies the URL values for the Issuing Certificate field. + Specifies the URL values for the Issuing Certificate field. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string ocspServers: - description: Specifies the URL values for the OCSP Servers field. + description: |- + Specifies the URL values for the OCSP Servers field. Specifies the URL values for the OCSP Servers field. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string crlDistributionPoints: - description: Specifies the URL values for the CRL Distribution - Points field. Specifies the URL values for the CRL Distribution - Points field. + description: |- + Specifies the URL values for the CRL Distribution Points field. + Specifies the URL values for the CRL Distribution Points field. items: type: string type: array issuingCertificates: - description: Specifies the URL values for the Issuing Certificate - field. Specifies the URL values for the Issuing Certificate - field. + description: |- + Specifies the URL values for the Issuing Certificate field. + Specifies the URL values for the Issuing Certificate field. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string ocspServers: - description: Specifies the URL values for the OCSP Servers field. + description: |- + Specifies the URL values for the OCSP Servers field. Specifies the URL values for the OCSP Servers field. items: type: string @@ -150,20 +161,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -176,9 +188,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -188,57 +201,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -248,17 +225,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -268,21 +247,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -297,21 +276,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -322,14 +302,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -356,35 +337,37 @@ spec: atProvider: properties: backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string crlDistributionPoints: - description: Specifies the URL values for the CRL Distribution - Points field. Specifies the URL values for the CRL Distribution - Points field. + description: |- + Specifies the URL values for the CRL Distribution Points field. + Specifies the URL values for the CRL Distribution Points field. items: type: string type: array id: type: string issuingCertificates: - description: Specifies the URL values for the Issuing Certificate - field. Specifies the URL values for the Issuing Certificate - field. + description: |- + Specifies the URL values for the Issuing Certificate field. + Specifies the URL values for the Issuing Certificate field. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string ocspServers: - description: Specifies the URL values for the OCSP Servers field. + description: |- + Specifies the URL values for the OCSP Servers field. Specifies the URL values for the OCSP Servers field. items: type: string @@ -396,13 +379,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -413,8 +398,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -423,6 +409,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendcrlconfigs.yaml b/package/crds/pki.vault.upbound.io_secretbackendcrlconfigs.yaml index 6bd7142b..af1d0999 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendcrlconfigs.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendcrlconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendcrlconfigs.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Sets the CRL config on an PKI Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,167 +74,181 @@ spec: forProvider: properties: autoRebuild: - description: Enables periodic rebuilding of the CRL upon expiry. - Vault 1.12+ Enables or disables periodic rebuilding of the CRL - upon expiry. + description: |- + Enables periodic rebuilding of the CRL upon expiry. Vault 1.12+ + Enables or disables periodic rebuilding of the CRL upon expiry. type: boolean autoRebuildGracePeriod: - description: Grace period before CRL expiry to attempt rebuild - of CRL. Vault 1.12+ Grace period before CRL expiry to attempt - rebuild of CRL. + description: |- + Grace period before CRL expiry to attempt rebuild of CRL. Vault 1.12+ + Grace period before CRL expiry to attempt rebuild of CRL. type: string backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string crossClusterRevocation: - description: Enable cross-cluster revocation request queues. Vault - 1.13+ Enable cross-cluster revocation request queues. + description: |- + Enable cross-cluster revocation request queues. Vault 1.13+ + Enable cross-cluster revocation request queues. type: boolean deltaRebuildInterval: - description: Interval to check for new revocations on, to regenerate - the delta CRL. Interval to check for new revocations on, to - regenerate the delta CRL. + description: |- + Interval to check for new revocations on, to regenerate the delta CRL. + Interval to check for new revocations on, to regenerate the delta CRL. type: string disable: - description: Disables or enables CRL building. Disables or enables - CRL building + description: |- + Disables or enables CRL building. + Disables or enables CRL building type: boolean enableDelta: - description: Enables building of delta CRLs with up-to-date revocation - information, augmenting the last complete CRL. Vault 1.12+ - Enables or disables building of delta CRLs with up-to-date revocation - information, augmenting the last complete CRL. + description: |- + Enables building of delta CRLs with up-to-date revocation information, + augmenting the last complete CRL. Vault 1.12+ + Enables or disables building of delta CRLs with up-to-date revocation information, augmenting the last complete CRL. type: boolean expiry: - description: Specifies the time until expiration. Specifies the - time until expiration. + description: |- + Specifies the time until expiration. + Specifies the time until expiration. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string ocspDisable: - description: Disables the OCSP responder in Vault. Vault 1.12+ + description: |- + Disables the OCSP responder in Vault. Vault 1.12+ Disables or enables the OCSP responder in Vault. type: boolean ocspExpiry: - description: The amount of time an OCSP response can be cached - for, useful for OCSP stapling refresh durations. Vault 1.12+ - The amount of time an OCSP response can be cached for, useful - for OCSP stapling refresh durations. + description: |- + The amount of time an OCSP response can be cached for, useful for OCSP stapling + refresh durations. Vault 1.12+ + The amount of time an OCSP response can be cached for, useful for OCSP stapling refresh durations. type: string unifiedCrl: - description: Enables unified CRL and OCSP building. Vault 1.13+ + description: |- + Enables unified CRL and OCSP building. Vault 1.13+ Enables unified CRL and OCSP building. type: boolean unifiedCrlOnExistingPaths: - description: Enables serving the unified CRL and OCSP on the existing, - previously cluster-local paths. Vault 1.13+ Enables serving - the unified CRL and OCSP on the existing, previously cluster-local - paths. + description: |- + Enables serving the unified CRL and OCSP on the existing, previously + cluster-local paths. Vault 1.13+ + Enables serving the unified CRL and OCSP on the existing, previously cluster-local paths. type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: autoRebuild: - description: Enables periodic rebuilding of the CRL upon expiry. - Vault 1.12+ Enables or disables periodic rebuilding of the CRL - upon expiry. + description: |- + Enables periodic rebuilding of the CRL upon expiry. Vault 1.12+ + Enables or disables periodic rebuilding of the CRL upon expiry. type: boolean autoRebuildGracePeriod: - description: Grace period before CRL expiry to attempt rebuild - of CRL. Vault 1.12+ Grace period before CRL expiry to attempt - rebuild of CRL. + description: |- + Grace period before CRL expiry to attempt rebuild of CRL. Vault 1.12+ + Grace period before CRL expiry to attempt rebuild of CRL. type: string backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string crossClusterRevocation: - description: Enable cross-cluster revocation request queues. Vault - 1.13+ Enable cross-cluster revocation request queues. + description: |- + Enable cross-cluster revocation request queues. Vault 1.13+ + Enable cross-cluster revocation request queues. type: boolean deltaRebuildInterval: - description: Interval to check for new revocations on, to regenerate - the delta CRL. Interval to check for new revocations on, to - regenerate the delta CRL. + description: |- + Interval to check for new revocations on, to regenerate the delta CRL. + Interval to check for new revocations on, to regenerate the delta CRL. type: string disable: - description: Disables or enables CRL building. Disables or enables - CRL building + description: |- + Disables or enables CRL building. + Disables or enables CRL building type: boolean enableDelta: - description: Enables building of delta CRLs with up-to-date revocation - information, augmenting the last complete CRL. Vault 1.12+ - Enables or disables building of delta CRLs with up-to-date revocation - information, augmenting the last complete CRL. + description: |- + Enables building of delta CRLs with up-to-date revocation information, + augmenting the last complete CRL. Vault 1.12+ + Enables or disables building of delta CRLs with up-to-date revocation information, augmenting the last complete CRL. type: boolean expiry: - description: Specifies the time until expiration. Specifies the - time until expiration. + description: |- + Specifies the time until expiration. + Specifies the time until expiration. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string ocspDisable: - description: Disables the OCSP responder in Vault. Vault 1.12+ + description: |- + Disables the OCSP responder in Vault. Vault 1.12+ Disables or enables the OCSP responder in Vault. type: boolean ocspExpiry: - description: The amount of time an OCSP response can be cached - for, useful for OCSP stapling refresh durations. Vault 1.12+ - The amount of time an OCSP response can be cached for, useful - for OCSP stapling refresh durations. + description: |- + The amount of time an OCSP response can be cached for, useful for OCSP stapling + refresh durations. Vault 1.12+ + The amount of time an OCSP response can be cached for, useful for OCSP stapling refresh durations. type: string unifiedCrl: - description: Enables unified CRL and OCSP building. Vault 1.13+ + description: |- + Enables unified CRL and OCSP building. Vault 1.13+ Enables unified CRL and OCSP building. type: boolean unifiedCrlOnExistingPaths: - description: Enables serving the unified CRL and OCSP on the existing, - previously cluster-local paths. Vault 1.13+ Enables serving - the unified CRL and OCSP on the existing, previously cluster-local - paths. + description: |- + Enables serving the unified CRL and OCSP on the existing, previously + cluster-local paths. Vault 1.13+ + Enables serving the unified CRL and OCSP on the existing, previously cluster-local paths. type: boolean type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -241,9 +261,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -253,57 +274,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -313,17 +298,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -333,21 +320,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -362,21 +349,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -387,14 +375,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -421,71 +410,77 @@ spec: atProvider: properties: autoRebuild: - description: Enables periodic rebuilding of the CRL upon expiry. - Vault 1.12+ Enables or disables periodic rebuilding of the CRL - upon expiry. + description: |- + Enables periodic rebuilding of the CRL upon expiry. Vault 1.12+ + Enables or disables periodic rebuilding of the CRL upon expiry. type: boolean autoRebuildGracePeriod: - description: Grace period before CRL expiry to attempt rebuild - of CRL. Vault 1.12+ Grace period before CRL expiry to attempt - rebuild of CRL. + description: |- + Grace period before CRL expiry to attempt rebuild of CRL. Vault 1.12+ + Grace period before CRL expiry to attempt rebuild of CRL. type: string backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string crossClusterRevocation: - description: Enable cross-cluster revocation request queues. Vault - 1.13+ Enable cross-cluster revocation request queues. + description: |- + Enable cross-cluster revocation request queues. Vault 1.13+ + Enable cross-cluster revocation request queues. type: boolean deltaRebuildInterval: - description: Interval to check for new revocations on, to regenerate - the delta CRL. Interval to check for new revocations on, to - regenerate the delta CRL. + description: |- + Interval to check for new revocations on, to regenerate the delta CRL. + Interval to check for new revocations on, to regenerate the delta CRL. type: string disable: - description: Disables or enables CRL building. Disables or enables - CRL building + description: |- + Disables or enables CRL building. + Disables or enables CRL building type: boolean enableDelta: - description: Enables building of delta CRLs with up-to-date revocation - information, augmenting the last complete CRL. Vault 1.12+ - Enables or disables building of delta CRLs with up-to-date revocation - information, augmenting the last complete CRL. + description: |- + Enables building of delta CRLs with up-to-date revocation information, + augmenting the last complete CRL. Vault 1.12+ + Enables or disables building of delta CRLs with up-to-date revocation information, augmenting the last complete CRL. type: boolean expiry: - description: Specifies the time until expiration. Specifies the - time until expiration. + description: |- + Specifies the time until expiration. + Specifies the time until expiration. type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string ocspDisable: - description: Disables the OCSP responder in Vault. Vault 1.12+ + description: |- + Disables the OCSP responder in Vault. Vault 1.12+ Disables or enables the OCSP responder in Vault. type: boolean ocspExpiry: - description: The amount of time an OCSP response can be cached - for, useful for OCSP stapling refresh durations. Vault 1.12+ - The amount of time an OCSP response can be cached for, useful - for OCSP stapling refresh durations. + description: |- + The amount of time an OCSP response can be cached for, useful for OCSP stapling + refresh durations. Vault 1.12+ + The amount of time an OCSP response can be cached for, useful for OCSP stapling refresh durations. type: string unifiedCrl: - description: Enables unified CRL and OCSP building. Vault 1.13+ + description: |- + Enables unified CRL and OCSP building. Vault 1.13+ Enables unified CRL and OCSP building. type: boolean unifiedCrlOnExistingPaths: - description: Enables serving the unified CRL and OCSP on the existing, - previously cluster-local paths. Vault 1.13+ Enables serving - the unified CRL and OCSP on the existing, previously cluster-local - paths. + description: |- + Enables serving the unified CRL and OCSP on the existing, previously + cluster-local paths. Vault 1.13+ + Enables serving the unified CRL and OCSP on the existing, previously cluster-local paths. type: boolean type: object conditions: @@ -494,13 +489,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -511,8 +508,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -521,6 +519,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendintermediatecertrequests.yaml b/package/crds/pki.vault.upbound.io_secretbackendintermediatecertrequests.yaml index 521c6b8c..1e77fd05 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendintermediatecertrequests.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendintermediatecertrequests.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendintermediatecertrequests.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Generate a new private key and a CSR for signing the PKI. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -69,234 +75,305 @@ spec: forProvider: properties: addBasicConstraints: - description: 'Adds a Basic Constraints extension with ''CA: true''. - Only needed as a workaround in some compatibility scenarios - with Active Directory Certificate Services Set ''CA: true'' - in a Basic Constraints extension. Only needed as a workaround - in some compatibility scenarios with Active Directory Certificate - Services.' + description: |- + Adds a Basic Constraints extension with 'CA: true'. + Only needed as a workaround in some compatibility scenarios with Active Directory + Certificate Services + Set 'CA: true' in a Basic Constraints extension. Only needed as + a workaround in some compatibility scenarios with Active Directory Certificate Services. type: boolean altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of intermediate to create CN of intermediate to - create. + description: |- + CN of intermediate to create + CN of intermediate to create. type: string country: - description: The country The country. + description: |- + The country + The country. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array keyBits: - description: The number of bits to use The number of bits to use. + description: |- + The number of bits to use + The number of bits to use. type: number keyName: - description: When a new key is created with this request, optionally - specifies the name for this. The global ref default may not - be used as a name. When a new key is created with this request, - optionally specifies the name for this. + description: |- + When a new key is created with this request, optionally specifies + the name for this. The global ref default may not be used as a name. + When a new key is created with this request, optionally specifies the name for this. type: string keyRef: - description: Specifies the key (either default, by name, or by - identifier) to use for generating this request. Only suitable - for type=existing requests. Specifies the key to use for generating - this request. + description: |- + Specifies the key (either default, by name, or by identifier) to use + for generating this request. Only suitable for type=existing requests. + Specifies the key to use for generating this request. type: string keyType: - description: The desired key type The desired key type. + description: |- + The desired key type + The desired key type. type: string locality: - description: The locality The locality. + description: |- + The locality + The locality. type: string managedKeyId: - description: The ID of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_name The ID of the previously configured managed - key. + description: |- + The ID of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_name + The ID of the previously configured managed key. type: string managedKeyName: - description: The name of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_id The name of the previously configured managed - key. + description: |- + The name of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_id + The name of the previously configured managed key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization The organization. + description: |- + The organization + The organization. type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array ou: - description: The organization unit The organization unit. + description: |- + The organization unit + The organization unit. type: string postalCode: - description: The postal code The postal code. + description: |- + The postal code + The postal code. type: string privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string province: - description: The province The province. + description: |- + The province + The province. type: string streetAddress: - description: The street address The street address. + description: |- + The street address + The street address. type: string type: - description: Type of intermediate to create. Must be either "exported" - or "internal" or "kms" Type of intermediate to create. Must - be either "existing", "exported", "internal" or "kms" + description: |- + Type of intermediate to create. Must be either "exported" or "internal" + or "kms" + Type of intermediate to create. Must be either "existing", "exported", "internal" or "kms" type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: addBasicConstraints: - description: 'Adds a Basic Constraints extension with ''CA: true''. - Only needed as a workaround in some compatibility scenarios - with Active Directory Certificate Services Set ''CA: true'' - in a Basic Constraints extension. Only needed as a workaround - in some compatibility scenarios with Active Directory Certificate - Services.' + description: |- + Adds a Basic Constraints extension with 'CA: true'. + Only needed as a workaround in some compatibility scenarios with Active Directory + Certificate Services + Set 'CA: true' in a Basic Constraints extension. Only needed as + a workaround in some compatibility scenarios with Active Directory Certificate Services. type: boolean altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of intermediate to create CN of intermediate to - create. + description: |- + CN of intermediate to create + CN of intermediate to create. type: string country: - description: The country The country. + description: |- + The country + The country. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array keyBits: - description: The number of bits to use The number of bits to use. + description: |- + The number of bits to use + The number of bits to use. type: number keyName: - description: When a new key is created with this request, optionally - specifies the name for this. The global ref default may not - be used as a name. When a new key is created with this request, - optionally specifies the name for this. + description: |- + When a new key is created with this request, optionally specifies + the name for this. The global ref default may not be used as a name. + When a new key is created with this request, optionally specifies the name for this. type: string keyRef: - description: Specifies the key (either default, by name, or by - identifier) to use for generating this request. Only suitable - for type=existing requests. Specifies the key to use for generating - this request. + description: |- + Specifies the key (either default, by name, or by identifier) to use + for generating this request. Only suitable for type=existing requests. + Specifies the key to use for generating this request. type: string keyType: - description: The desired key type The desired key type. + description: |- + The desired key type + The desired key type. type: string locality: - description: The locality The locality. + description: |- + The locality + The locality. type: string managedKeyId: - description: The ID of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_name The ID of the previously configured managed - key. + description: |- + The ID of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_name + The ID of the previously configured managed key. type: string managedKeyName: - description: The name of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_id The name of the previously configured managed - key. + description: |- + The name of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_id + The name of the previously configured managed key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization The organization. + description: |- + The organization + The organization. type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array ou: - description: The organization unit The organization unit. + description: |- + The organization unit + The organization unit. type: string postalCode: - description: The postal code The postal code. + description: |- + The postal code + The postal code. type: string privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string province: - description: The province The province. + description: |- + The province + The province. type: string streetAddress: - description: The street address The street address. + description: |- + The street address + The street address. type: string type: - description: Type of intermediate to create. Must be either "exported" - or "internal" or "kms" Type of intermediate to create. Must - be either "existing", "exported", "internal" or "kms" + description: |- + Type of intermediate to create. Must be either "exported" or "internal" + or "kms" + Type of intermediate to create. Must be either "existing", "exported", "internal" or "kms" type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array @@ -304,20 +381,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -330,9 +408,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -342,57 +421,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -402,17 +445,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -422,21 +467,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -451,21 +496,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -476,14 +522,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -518,123 +565,163 @@ spec: atProvider: properties: addBasicConstraints: - description: 'Adds a Basic Constraints extension with ''CA: true''. - Only needed as a workaround in some compatibility scenarios - with Active Directory Certificate Services Set ''CA: true'' - in a Basic Constraints extension. Only needed as a workaround - in some compatibility scenarios with Active Directory Certificate - Services.' + description: |- + Adds a Basic Constraints extension with 'CA: true'. + Only needed as a workaround in some compatibility scenarios with Active Directory + Certificate Services + Set 'CA: true' in a Basic Constraints extension. Only needed as + a workaround in some compatibility scenarios with Active Directory Certificate Services. type: boolean altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of intermediate to create CN of intermediate to - create. + description: |- + CN of intermediate to create + CN of intermediate to create. type: string country: - description: The country The country. + description: |- + The country + The country. type: string csr: - description: The CSR The CSR. + description: |- + The CSR + The CSR. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string id: type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array keyBits: - description: The number of bits to use The number of bits to use. + description: |- + The number of bits to use + The number of bits to use. type: number keyId: - description: The ID of the generated key. The ID of the generated - key. + description: |- + The ID of the generated key. + The ID of the generated key. type: string keyName: - description: When a new key is created with this request, optionally - specifies the name for this. The global ref default may not - be used as a name. When a new key is created with this request, - optionally specifies the name for this. + description: |- + When a new key is created with this request, optionally specifies + the name for this. The global ref default may not be used as a name. + When a new key is created with this request, optionally specifies the name for this. type: string keyRef: - description: Specifies the key (either default, by name, or by - identifier) to use for generating this request. Only suitable - for type=existing requests. Specifies the key to use for generating - this request. + description: |- + Specifies the key (either default, by name, or by identifier) to use + for generating this request. Only suitable for type=existing requests. + Specifies the key to use for generating this request. type: string keyType: - description: The desired key type The desired key type. + description: |- + The desired key type + The desired key type. type: string locality: - description: The locality The locality. + description: |- + The locality + The locality. type: string managedKeyId: - description: The ID of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_name The ID of the previously configured managed - key. + description: |- + The ID of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_name + The ID of the previously configured managed key. type: string managedKeyName: - description: The name of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_id The name of the previously configured managed - key. + description: |- + The name of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_id + The name of the previously configured managed key. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization The organization. + description: |- + The organization + The organization. type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array ou: - description: The organization unit The organization unit. + description: |- + The organization unit + The organization unit. type: string postalCode: - description: The postal code The postal code. + description: |- + The postal code + The postal code. type: string privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string privateKeyType: - description: The private key type The private key type. + description: |- + The private key type + The private key type. type: string province: - description: The province The province. + description: |- + The province + The province. type: string streetAddress: - description: The street address The street address. + description: |- + The street address + The street address. type: string type: - description: Type of intermediate to create. Must be either "exported" - or "internal" or "kms" Type of intermediate to create. Must - be either "existing", "exported", "internal" or "kms" + description: |- + Type of intermediate to create. Must be either "exported" or "internal" + or "kms" + Type of intermediate to create. Must be either "existing", "exported", "internal" or "kms" type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array @@ -645,13 +732,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -662,8 +751,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -672,6 +762,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendintermediatesetsigneds.yaml b/package/crds/pki.vault.upbound.io_secretbackendintermediatesetsigneds.yaml index f1601985..1e6d547b 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendintermediatesetsigneds.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendintermediatesetsigneds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendintermediatesetsigneds.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Submit the PKI CA certificate. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -69,71 +75,79 @@ spec: forProvider: properties: backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string certificate: - description: Specifies the PEM encoded certificate. May optionally - append additional CA certificates to populate the whole chain, - which will then enable returning the full chain from issue and - sign operations. The certificate. + description: |- + Specifies the PEM encoded certificate. May optionally append additional + CA certificates to populate the whole chain, which will then enable returning the full chain from + issue and sign operations. + The certificate. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string certificate: - description: Specifies the PEM encoded certificate. May optionally - append additional CA certificates to populate the whole chain, - which will then enable returning the full chain from issue and - sign operations. The certificate. + description: |- + Specifies the PEM encoded certificate. May optionally append additional + CA certificates to populate the whole chain, which will then enable returning the full chain from + issue and sign operations. + The certificate. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -146,9 +160,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -158,57 +173,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -218,17 +197,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -238,21 +219,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -267,21 +248,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -292,14 +274,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -330,35 +313,41 @@ spec: atProvider: properties: backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string certificate: - description: Specifies the PEM encoded certificate. May optionally - append additional CA certificates to populate the whole chain, - which will then enable returning the full chain from issue and - sign operations. The certificate. + description: |- + Specifies the PEM encoded certificate. May optionally append additional + CA certificates to populate the whole chain, which will then enable returning the full chain from + issue and sign operations. + The certificate. type: string id: type: string importedIssuers: - description: The imported issuers indicating which issuers were - created as part of this request. The imported issuers. + description: |- + The imported issuers indicating which issuers were created as part of + this request. + The imported issuers. items: type: string type: array importedKeys: - description: The imported keys indicating which keys were created - as part of this request. The imported keys. + description: |- + The imported keys indicating which keys were created as part of this request. + The imported keys. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -367,13 +356,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -384,8 +375,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -394,6 +386,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendroles.yaml b/package/crds/pki.vault.upbound.io_secretbackendroles.yaml index da60b776..f208cbf8 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendroles.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendroles.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: Create a role on an PKI Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,531 +74,617 @@ spec: forProvider: properties: allowAnyName: - description: Flag to allow any name Flag to allow any name + description: |- + Flag to allow any name + Flag to allow any name type: boolean allowBareDomains: - description: Flag to allow certificates matching the actual domain + description: |- + Flag to allow certificates matching the actual domain Flag to allow certificates matching the actual domain. type: boolean allowGlobDomains: - description: Flag to allow names containing glob patterns. Flag - to allow names containing glob patterns. + description: |- + Flag to allow names containing glob patterns. + Flag to allow names containing glob patterns. type: boolean allowIpSans: - description: Flag to allow IP SANs Flag to allow IP SANs + description: |- + Flag to allow IP SANs + Flag to allow IP SANs type: boolean allowLocalhost: - description: Flag to allow certificates for localhost Flag to - allow certificates for localhost. + description: |- + Flag to allow certificates for localhost + Flag to allow certificates for localhost. type: boolean allowSubdomains: - description: Flag to allow certificates matching subdomains Flag - to allow certificates matching subdomains. + description: |- + Flag to allow certificates matching subdomains + Flag to allow certificates matching subdomains. type: boolean allowWildcardCertificates: - description: Flag to allow wildcard certificates. Flag to allow - wildcard certificates + description: |- + Flag to allow wildcard certificates. + Flag to allow wildcard certificates type: boolean allowedDomains: - description: List of allowed domains for certificates The domains - of the role. + description: |- + List of allowed domains for certificates + The domains of the role. items: type: string type: array allowedDomainsTemplate: - description: Flag, if set, allowed_domains can be specified using - identity template expressions such as {{identity.entity.aliases..name}}. Flag to indicate that `allowed_domains` specifies - a template expression (e.g. {{identity.entity.aliases..name}}) + description: |- + Flag, if set, allowed_domains can be specified using identity template expressions such as {{identity.entity.aliases..name}}. + Flag to indicate that `allowed_domains` specifies a template expression (e.g. {{identity.entity.aliases..name}}) type: boolean allowedOtherSans: - description: Defines allowed custom SANs Defines allowed custom - SANs + description: |- + Defines allowed custom SANs + Defines allowed custom SANs items: type: string type: array allowedSerialNumbers: - description: An array of allowed serial numbers to put in Subject + description: |- + An array of allowed serial numbers to put in Subject Defines allowed Subject serial numbers. items: type: string type: array allowedUriSans: - description: Defines allowed URI SANs Defines allowed URI SANs + description: |- + Defines allowed URI SANs + Defines allowed URI SANs items: type: string type: array allowedUriSansTemplate: - description: Flag, if set, allowed_uri_sans can be specified using - identity template expressions such as {{identity.entity.aliases..name}}. Flag to indicate that `allowed_uri_sans` specifies - a template expression (e.g. {{identity.entity.aliases..name}}) + description: |- + Flag, if set, allowed_uri_sans can be specified using identity template expressions such as {{identity.entity.aliases..name}}. + Flag to indicate that `allowed_uri_sans` specifies a template expression (e.g. {{identity.entity.aliases..name}}) type: boolean allowedUserIds: - description: Defines allowed User IDs The allowed User ID's. + description: |- + Defines allowed User IDs + The allowed User ID's. items: type: string type: array backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string basicConstraintsValidForNonCa: - description: Flag to mark basic constraints valid when issuing - non-CA certificates Flag to mark basic constraints valid when - issuing non-CA certificates. + description: |- + Flag to mark basic constraints valid when issuing non-CA certificates + Flag to mark basic constraints valid when issuing non-CA certificates. type: boolean clientFlag: - description: Flag to specify certificates for client use Flag - to specify certificates for client use. + description: |- + Flag to specify certificates for client use + Flag to specify certificates for client use. type: boolean codeSigningFlag: - description: Flag to specify certificates for code signing use + description: |- + Flag to specify certificates for code signing use Flag to specify certificates for code signing use. type: boolean country: - description: The country of generated certificates The country - of generated certificates. + description: |- + The country of generated certificates + The country of generated certificates. items: type: string type: array emailProtectionFlag: - description: Flag to specify certificates for email protection - use Flag to specify certificates for email protection use. + description: |- + Flag to specify certificates for email protection use + Flag to specify certificates for email protection use. type: boolean enforceHostnames: - description: Flag to allow only valid host names Flag to allow - only valid host names + description: |- + Flag to allow only valid host names + Flag to allow only valid host names type: boolean extKeyUsage: - description: Specify the allowed extended key usage constraint - on issued certificates Specify the allowed extended key usage - constraint on issued certificates. + description: |- + Specify the allowed extended key usage constraint on issued certificates + Specify the allowed extended key usage constraint on issued certificates. items: type: string type: array extKeyUsageOids: - description: Specify the allowed extended key usage OIDs constraint - on issued certificates A list of extended key usage OIDs. + description: |- + Specify the allowed extended key usage OIDs constraint on issued certificates + A list of extended key usage OIDs. items: type: string type: array generateLease: - description: Flag to generate leases with certificates Flag to - generate leases with certificates. + description: |- + Flag to generate leases with certificates + Flag to generate leases with certificates. type: boolean issuerRef: - description: Specifies the default issuer of this request. May - be the value default, a name, or an issuer ID. Use ACLs to prevent - access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths - to prevent users overriding the role's issuer_ref value. Specifies - the default issuer of this request. + description: |- + Specifies the default issuer of this request. May + be the value default, a name, or an issuer ID. Use ACLs to prevent access to + the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users + overriding the role's issuer_ref value. + Specifies the default issuer of this request. type: string keyBits: - description: The number of bits of generated keys The number of - bits of generated keys. + description: |- + The number of bits of generated keys + The number of bits of generated keys. type: number keyType: - description: 'The generated key type, choices: rsa, ec, ed25519, - any Defaults to rsa The generated key type.' + description: |- + The generated key type, choices: rsa, ec, ed25519, any + Defaults to rsa + The generated key type. type: string keyUsage: - description: Specify the allowed key usage constraint on issued - certificates. Defaults to ["DigitalSignature", "KeyAgreement", - "KeyEncipherment"]). To specify no default key usage constraints, - set this to an empty list []. Specify the allowed key usage - constraint on issued certificates. + description: |- + Specify the allowed key usage constraint on issued + certificates. Defaults to ["DigitalSignature", "KeyAgreement", "KeyEncipherment"]). + To specify no default key usage constraints, set this to an empty list []. + Specify the allowed key usage constraint on issued certificates. items: type: string type: array locality: - description: The locality of generated certificates The locality - of generated certificates. + description: |- + The locality of generated certificates + The locality of generated certificates. items: type: string type: array maxTtl: - description: The maximum lease TTL, in seconds, for the role. + description: |- + The maximum lease TTL, in seconds, for the role. The maximum TTL. type: string name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string noStore: - description: Flag to not store certificates in the storage backend + description: |- + Flag to not store certificates in the storage backend Flag to not store certificates in the storage backend. type: boolean notBeforeDuration: - description: Specifies the duration by which to backdate the NotBefore - property. Specifies the duration by which to backdate the NotBefore - property. + description: |- + Specifies the duration by which to backdate the NotBefore property. + Specifies the duration by which to backdate the NotBefore property. type: string organization: - description: The organization of generated certificates The organization - of generated certificates. + description: |- + The organization of generated certificates + The organization of generated certificates. items: type: string type: array ou: - description: The organization unit of generated certificates The - organization unit of generated certificates. + description: |- + The organization unit of generated certificates + The organization unit of generated certificates. items: type: string type: array policyIdentifier: - description: '(Vault 1.11+ only) A block for specifying policy - identifers. The policy_identifier block can be repeated, and - supports the following arguments: Policy identifier block; can - only be used with Vault 1.11+' + description: |- + (Vault 1.11+ only) A block for specifying policy identifers. The policy_identifier block can be repeated, and supports the following arguments: + Policy identifier block; can only be used with Vault 1.11+ items: properties: cps: - description: The URL of the CPS for the policy identifier + description: |- + The URL of the CPS for the policy identifier Optional CPS URL type: string notice: - description: A notice for the policy identifier Optional - notice + description: |- + A notice for the policy identifier + Optional notice type: string oid: - description: The OID for the policy identifier OID + description: |- + The OID for the policy identifier + OID type: string type: object type: array policyIdentifiers: - description: Specify the list of allowed policies OIDs. Use with - Vault 1.10 or before. For Vault 1.11+, use policy_identifier - blocks instead Specify the list of allowed policies OIDs. + description: |- + Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use policy_identifier blocks instead + Specify the list of allowed policies OIDs. items: type: string type: array postalCode: - description: The postal code of generated certificates The postal - code of generated certificates. + description: |- + The postal code of generated certificates + The postal code of generated certificates. items: type: string type: array province: - description: The province of generated certificates The province - of generated certificates. + description: |- + The province of generated certificates + The province of generated certificates. items: type: string type: array requireCn: - description: Flag to force CN usage Flag to force CN usage. + description: |- + Flag to force CN usage + Flag to force CN usage. type: boolean serverFlag: - description: Flag to specify certificates for server use Flag - to specify certificates for server use. + description: |- + Flag to specify certificates for server use + Flag to specify certificates for server use. type: boolean streetAddress: - description: The street address of generated certificates The - street address of generated certificates. + description: |- + The street address of generated certificates + The street address of generated certificates. items: type: string type: array ttl: - description: The TTL, in seconds, for any certificate issued against - this role. The TTL. + description: |- + The TTL, in seconds, for any certificate issued against this role. + The TTL. type: string useCsrCommonName: - description: Flag to use the CN in the CSR Flag to use the CN - in the CSR. + description: |- + Flag to use the CN in the CSR + Flag to use the CN in the CSR. type: boolean useCsrSans: - description: Flag to use the SANs in the CSR Flag to use the SANs - in the CSR. + description: |- + Flag to use the SANs in the CSR + Flag to use the SANs in the CSR. type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowAnyName: - description: Flag to allow any name Flag to allow any name + description: |- + Flag to allow any name + Flag to allow any name type: boolean allowBareDomains: - description: Flag to allow certificates matching the actual domain + description: |- + Flag to allow certificates matching the actual domain Flag to allow certificates matching the actual domain. type: boolean allowGlobDomains: - description: Flag to allow names containing glob patterns. Flag - to allow names containing glob patterns. + description: |- + Flag to allow names containing glob patterns. + Flag to allow names containing glob patterns. type: boolean allowIpSans: - description: Flag to allow IP SANs Flag to allow IP SANs + description: |- + Flag to allow IP SANs + Flag to allow IP SANs type: boolean allowLocalhost: - description: Flag to allow certificates for localhost Flag to - allow certificates for localhost. + description: |- + Flag to allow certificates for localhost + Flag to allow certificates for localhost. type: boolean allowSubdomains: - description: Flag to allow certificates matching subdomains Flag - to allow certificates matching subdomains. + description: |- + Flag to allow certificates matching subdomains + Flag to allow certificates matching subdomains. type: boolean allowWildcardCertificates: - description: Flag to allow wildcard certificates. Flag to allow - wildcard certificates + description: |- + Flag to allow wildcard certificates. + Flag to allow wildcard certificates type: boolean allowedDomains: - description: List of allowed domains for certificates The domains - of the role. + description: |- + List of allowed domains for certificates + The domains of the role. items: type: string type: array allowedDomainsTemplate: - description: Flag, if set, allowed_domains can be specified using - identity template expressions such as {{identity.entity.aliases..name}}. Flag to indicate that `allowed_domains` specifies - a template expression (e.g. {{identity.entity.aliases..name}}) + description: |- + Flag, if set, allowed_domains can be specified using identity template expressions such as {{identity.entity.aliases..name}}. + Flag to indicate that `allowed_domains` specifies a template expression (e.g. {{identity.entity.aliases..name}}) type: boolean allowedOtherSans: - description: Defines allowed custom SANs Defines allowed custom - SANs + description: |- + Defines allowed custom SANs + Defines allowed custom SANs items: type: string type: array allowedSerialNumbers: - description: An array of allowed serial numbers to put in Subject + description: |- + An array of allowed serial numbers to put in Subject Defines allowed Subject serial numbers. items: type: string type: array allowedUriSans: - description: Defines allowed URI SANs Defines allowed URI SANs + description: |- + Defines allowed URI SANs + Defines allowed URI SANs items: type: string type: array allowedUriSansTemplate: - description: Flag, if set, allowed_uri_sans can be specified using - identity template expressions such as {{identity.entity.aliases..name}}. Flag to indicate that `allowed_uri_sans` specifies - a template expression (e.g. {{identity.entity.aliases..name}}) + description: |- + Flag, if set, allowed_uri_sans can be specified using identity template expressions such as {{identity.entity.aliases..name}}. + Flag to indicate that `allowed_uri_sans` specifies a template expression (e.g. {{identity.entity.aliases..name}}) type: boolean allowedUserIds: - description: Defines allowed User IDs The allowed User ID's. + description: |- + Defines allowed User IDs + The allowed User ID's. items: type: string type: array backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string basicConstraintsValidForNonCa: - description: Flag to mark basic constraints valid when issuing - non-CA certificates Flag to mark basic constraints valid when - issuing non-CA certificates. + description: |- + Flag to mark basic constraints valid when issuing non-CA certificates + Flag to mark basic constraints valid when issuing non-CA certificates. type: boolean clientFlag: - description: Flag to specify certificates for client use Flag - to specify certificates for client use. + description: |- + Flag to specify certificates for client use + Flag to specify certificates for client use. type: boolean codeSigningFlag: - description: Flag to specify certificates for code signing use + description: |- + Flag to specify certificates for code signing use Flag to specify certificates for code signing use. type: boolean country: - description: The country of generated certificates The country - of generated certificates. + description: |- + The country of generated certificates + The country of generated certificates. items: type: string type: array emailProtectionFlag: - description: Flag to specify certificates for email protection - use Flag to specify certificates for email protection use. + description: |- + Flag to specify certificates for email protection use + Flag to specify certificates for email protection use. type: boolean enforceHostnames: - description: Flag to allow only valid host names Flag to allow - only valid host names + description: |- + Flag to allow only valid host names + Flag to allow only valid host names type: boolean extKeyUsage: - description: Specify the allowed extended key usage constraint - on issued certificates Specify the allowed extended key usage - constraint on issued certificates. + description: |- + Specify the allowed extended key usage constraint on issued certificates + Specify the allowed extended key usage constraint on issued certificates. items: type: string type: array extKeyUsageOids: - description: Specify the allowed extended key usage OIDs constraint - on issued certificates A list of extended key usage OIDs. + description: |- + Specify the allowed extended key usage OIDs constraint on issued certificates + A list of extended key usage OIDs. items: type: string type: array generateLease: - description: Flag to generate leases with certificates Flag to - generate leases with certificates. + description: |- + Flag to generate leases with certificates + Flag to generate leases with certificates. type: boolean issuerRef: - description: Specifies the default issuer of this request. May - be the value default, a name, or an issuer ID. Use ACLs to prevent - access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths - to prevent users overriding the role's issuer_ref value. Specifies - the default issuer of this request. + description: |- + Specifies the default issuer of this request. May + be the value default, a name, or an issuer ID. Use ACLs to prevent access to + the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users + overriding the role's issuer_ref value. + Specifies the default issuer of this request. type: string keyBits: - description: The number of bits of generated keys The number of - bits of generated keys. + description: |- + The number of bits of generated keys + The number of bits of generated keys. type: number keyType: - description: 'The generated key type, choices: rsa, ec, ed25519, - any Defaults to rsa The generated key type.' + description: |- + The generated key type, choices: rsa, ec, ed25519, any + Defaults to rsa + The generated key type. type: string keyUsage: - description: Specify the allowed key usage constraint on issued - certificates. Defaults to ["DigitalSignature", "KeyAgreement", - "KeyEncipherment"]). To specify no default key usage constraints, - set this to an empty list []. Specify the allowed key usage - constraint on issued certificates. + description: |- + Specify the allowed key usage constraint on issued + certificates. Defaults to ["DigitalSignature", "KeyAgreement", "KeyEncipherment"]). + To specify no default key usage constraints, set this to an empty list []. + Specify the allowed key usage constraint on issued certificates. items: type: string type: array locality: - description: The locality of generated certificates The locality - of generated certificates. + description: |- + The locality of generated certificates + The locality of generated certificates. items: type: string type: array maxTtl: - description: The maximum lease TTL, in seconds, for the role. + description: |- + The maximum lease TTL, in seconds, for the role. The maximum TTL. type: string name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string noStore: - description: Flag to not store certificates in the storage backend + description: |- + Flag to not store certificates in the storage backend Flag to not store certificates in the storage backend. type: boolean notBeforeDuration: - description: Specifies the duration by which to backdate the NotBefore - property. Specifies the duration by which to backdate the NotBefore - property. + description: |- + Specifies the duration by which to backdate the NotBefore property. + Specifies the duration by which to backdate the NotBefore property. type: string organization: - description: The organization of generated certificates The organization - of generated certificates. + description: |- + The organization of generated certificates + The organization of generated certificates. items: type: string type: array ou: - description: The organization unit of generated certificates The - organization unit of generated certificates. + description: |- + The organization unit of generated certificates + The organization unit of generated certificates. items: type: string type: array policyIdentifier: - description: '(Vault 1.11+ only) A block for specifying policy - identifers. The policy_identifier block can be repeated, and - supports the following arguments: Policy identifier block; can - only be used with Vault 1.11+' + description: |- + (Vault 1.11+ only) A block for specifying policy identifers. The policy_identifier block can be repeated, and supports the following arguments: + Policy identifier block; can only be used with Vault 1.11+ items: properties: cps: - description: The URL of the CPS for the policy identifier + description: |- + The URL of the CPS for the policy identifier Optional CPS URL type: string notice: - description: A notice for the policy identifier Optional - notice + description: |- + A notice for the policy identifier + Optional notice type: string oid: - description: The OID for the policy identifier OID + description: |- + The OID for the policy identifier + OID type: string type: object type: array policyIdentifiers: - description: Specify the list of allowed policies OIDs. Use with - Vault 1.10 or before. For Vault 1.11+, use policy_identifier - blocks instead Specify the list of allowed policies OIDs. + description: |- + Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use policy_identifier blocks instead + Specify the list of allowed policies OIDs. items: type: string type: array postalCode: - description: The postal code of generated certificates The postal - code of generated certificates. + description: |- + The postal code of generated certificates + The postal code of generated certificates. items: type: string type: array province: - description: The province of generated certificates The province - of generated certificates. + description: |- + The province of generated certificates + The province of generated certificates. items: type: string type: array requireCn: - description: Flag to force CN usage Flag to force CN usage. + description: |- + Flag to force CN usage + Flag to force CN usage. type: boolean serverFlag: - description: Flag to specify certificates for server use Flag - to specify certificates for server use. + description: |- + Flag to specify certificates for server use + Flag to specify certificates for server use. type: boolean streetAddress: - description: The street address of generated certificates The - street address of generated certificates. + description: |- + The street address of generated certificates + The street address of generated certificates. items: type: string type: array ttl: - description: The TTL, in seconds, for any certificate issued against - this role. The TTL. + description: |- + The TTL, in seconds, for any certificate issued against this role. + The TTL. type: string useCsrCommonName: - description: Flag to use the CN in the CSR Flag to use the CN - in the CSR. + description: |- + Flag to use the CN in the CSR + Flag to use the CN in the CSR. type: boolean useCsrSans: - description: Flag to use the SANs in the CSR Flag to use the SANs - in the CSR. + description: |- + Flag to use the SANs in the CSR + Flag to use the SANs in the CSR. type: boolean type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -605,9 +697,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -617,57 +710,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -677,17 +734,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -697,21 +756,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -726,21 +785,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -751,14 +811,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -788,253 +849,295 @@ spec: atProvider: properties: allowAnyName: - description: Flag to allow any name Flag to allow any name + description: |- + Flag to allow any name + Flag to allow any name type: boolean allowBareDomains: - description: Flag to allow certificates matching the actual domain + description: |- + Flag to allow certificates matching the actual domain Flag to allow certificates matching the actual domain. type: boolean allowGlobDomains: - description: Flag to allow names containing glob patterns. Flag - to allow names containing glob patterns. + description: |- + Flag to allow names containing glob patterns. + Flag to allow names containing glob patterns. type: boolean allowIpSans: - description: Flag to allow IP SANs Flag to allow IP SANs + description: |- + Flag to allow IP SANs + Flag to allow IP SANs type: boolean allowLocalhost: - description: Flag to allow certificates for localhost Flag to - allow certificates for localhost. + description: |- + Flag to allow certificates for localhost + Flag to allow certificates for localhost. type: boolean allowSubdomains: - description: Flag to allow certificates matching subdomains Flag - to allow certificates matching subdomains. + description: |- + Flag to allow certificates matching subdomains + Flag to allow certificates matching subdomains. type: boolean allowWildcardCertificates: - description: Flag to allow wildcard certificates. Flag to allow - wildcard certificates + description: |- + Flag to allow wildcard certificates. + Flag to allow wildcard certificates type: boolean allowedDomains: - description: List of allowed domains for certificates The domains - of the role. + description: |- + List of allowed domains for certificates + The domains of the role. items: type: string type: array allowedDomainsTemplate: - description: Flag, if set, allowed_domains can be specified using - identity template expressions such as {{identity.entity.aliases..name}}. Flag to indicate that `allowed_domains` specifies - a template expression (e.g. {{identity.entity.aliases..name}}) + description: |- + Flag, if set, allowed_domains can be specified using identity template expressions such as {{identity.entity.aliases..name}}. + Flag to indicate that `allowed_domains` specifies a template expression (e.g. {{identity.entity.aliases..name}}) type: boolean allowedOtherSans: - description: Defines allowed custom SANs Defines allowed custom - SANs + description: |- + Defines allowed custom SANs + Defines allowed custom SANs items: type: string type: array allowedSerialNumbers: - description: An array of allowed serial numbers to put in Subject + description: |- + An array of allowed serial numbers to put in Subject Defines allowed Subject serial numbers. items: type: string type: array allowedUriSans: - description: Defines allowed URI SANs Defines allowed URI SANs + description: |- + Defines allowed URI SANs + Defines allowed URI SANs items: type: string type: array allowedUriSansTemplate: - description: Flag, if set, allowed_uri_sans can be specified using - identity template expressions such as {{identity.entity.aliases..name}}. Flag to indicate that `allowed_uri_sans` specifies - a template expression (e.g. {{identity.entity.aliases..name}}) + description: |- + Flag, if set, allowed_uri_sans can be specified using identity template expressions such as {{identity.entity.aliases..name}}. + Flag to indicate that `allowed_uri_sans` specifies a template expression (e.g. {{identity.entity.aliases..name}}) type: boolean allowedUserIds: - description: Defines allowed User IDs The allowed User ID's. + description: |- + Defines allowed User IDs + The allowed User ID's. items: type: string type: array backend: - description: The path the PKI secret backend is mounted at, with - no leading or trailing /s. The path of the PKI secret backend - the resource belongs to. + description: |- + The path the PKI secret backend is mounted at, with no leading or trailing /s. + The path of the PKI secret backend the resource belongs to. type: string basicConstraintsValidForNonCa: - description: Flag to mark basic constraints valid when issuing - non-CA certificates Flag to mark basic constraints valid when - issuing non-CA certificates. + description: |- + Flag to mark basic constraints valid when issuing non-CA certificates + Flag to mark basic constraints valid when issuing non-CA certificates. type: boolean clientFlag: - description: Flag to specify certificates for client use Flag - to specify certificates for client use. + description: |- + Flag to specify certificates for client use + Flag to specify certificates for client use. type: boolean codeSigningFlag: - description: Flag to specify certificates for code signing use + description: |- + Flag to specify certificates for code signing use Flag to specify certificates for code signing use. type: boolean country: - description: The country of generated certificates The country - of generated certificates. + description: |- + The country of generated certificates + The country of generated certificates. items: type: string type: array emailProtectionFlag: - description: Flag to specify certificates for email protection - use Flag to specify certificates for email protection use. + description: |- + Flag to specify certificates for email protection use + Flag to specify certificates for email protection use. type: boolean enforceHostnames: - description: Flag to allow only valid host names Flag to allow - only valid host names + description: |- + Flag to allow only valid host names + Flag to allow only valid host names type: boolean extKeyUsage: - description: Specify the allowed extended key usage constraint - on issued certificates Specify the allowed extended key usage - constraint on issued certificates. + description: |- + Specify the allowed extended key usage constraint on issued certificates + Specify the allowed extended key usage constraint on issued certificates. items: type: string type: array extKeyUsageOids: - description: Specify the allowed extended key usage OIDs constraint - on issued certificates A list of extended key usage OIDs. + description: |- + Specify the allowed extended key usage OIDs constraint on issued certificates + A list of extended key usage OIDs. items: type: string type: array generateLease: - description: Flag to generate leases with certificates Flag to - generate leases with certificates. + description: |- + Flag to generate leases with certificates + Flag to generate leases with certificates. type: boolean id: type: string issuerRef: - description: Specifies the default issuer of this request. May - be the value default, a name, or an issuer ID. Use ACLs to prevent - access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths - to prevent users overriding the role's issuer_ref value. Specifies - the default issuer of this request. + description: |- + Specifies the default issuer of this request. May + be the value default, a name, or an issuer ID. Use ACLs to prevent access to + the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users + overriding the role's issuer_ref value. + Specifies the default issuer of this request. type: string keyBits: - description: The number of bits of generated keys The number of - bits of generated keys. + description: |- + The number of bits of generated keys + The number of bits of generated keys. type: number keyType: - description: 'The generated key type, choices: rsa, ec, ed25519, - any Defaults to rsa The generated key type.' + description: |- + The generated key type, choices: rsa, ec, ed25519, any + Defaults to rsa + The generated key type. type: string keyUsage: - description: Specify the allowed key usage constraint on issued - certificates. Defaults to ["DigitalSignature", "KeyAgreement", - "KeyEncipherment"]). To specify no default key usage constraints, - set this to an empty list []. Specify the allowed key usage - constraint on issued certificates. + description: |- + Specify the allowed key usage constraint on issued + certificates. Defaults to ["DigitalSignature", "KeyAgreement", "KeyEncipherment"]). + To specify no default key usage constraints, set this to an empty list []. + Specify the allowed key usage constraint on issued certificates. items: type: string type: array locality: - description: The locality of generated certificates The locality - of generated certificates. + description: |- + The locality of generated certificates + The locality of generated certificates. items: type: string type: array maxTtl: - description: The maximum lease TTL, in seconds, for the role. + description: |- + The maximum lease TTL, in seconds, for the role. The maximum TTL. type: string name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string noStore: - description: Flag to not store certificates in the storage backend + description: |- + Flag to not store certificates in the storage backend Flag to not store certificates in the storage backend. type: boolean notBeforeDuration: - description: Specifies the duration by which to backdate the NotBefore - property. Specifies the duration by which to backdate the NotBefore - property. + description: |- + Specifies the duration by which to backdate the NotBefore property. + Specifies the duration by which to backdate the NotBefore property. type: string organization: - description: The organization of generated certificates The organization - of generated certificates. + description: |- + The organization of generated certificates + The organization of generated certificates. items: type: string type: array ou: - description: The organization unit of generated certificates The - organization unit of generated certificates. + description: |- + The organization unit of generated certificates + The organization unit of generated certificates. items: type: string type: array policyIdentifier: - description: '(Vault 1.11+ only) A block for specifying policy - identifers. The policy_identifier block can be repeated, and - supports the following arguments: Policy identifier block; can - only be used with Vault 1.11+' + description: |- + (Vault 1.11+ only) A block for specifying policy identifers. The policy_identifier block can be repeated, and supports the following arguments: + Policy identifier block; can only be used with Vault 1.11+ items: properties: cps: - description: The URL of the CPS for the policy identifier + description: |- + The URL of the CPS for the policy identifier Optional CPS URL type: string notice: - description: A notice for the policy identifier Optional - notice + description: |- + A notice for the policy identifier + Optional notice type: string oid: - description: The OID for the policy identifier OID + description: |- + The OID for the policy identifier + OID type: string type: object type: array policyIdentifiers: - description: Specify the list of allowed policies OIDs. Use with - Vault 1.10 or before. For Vault 1.11+, use policy_identifier - blocks instead Specify the list of allowed policies OIDs. + description: |- + Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use policy_identifier blocks instead + Specify the list of allowed policies OIDs. items: type: string type: array postalCode: - description: The postal code of generated certificates The postal - code of generated certificates. + description: |- + The postal code of generated certificates + The postal code of generated certificates. items: type: string type: array province: - description: The province of generated certificates The province - of generated certificates. + description: |- + The province of generated certificates + The province of generated certificates. items: type: string type: array requireCn: - description: Flag to force CN usage Flag to force CN usage. + description: |- + Flag to force CN usage + Flag to force CN usage. type: boolean serverFlag: - description: Flag to specify certificates for server use Flag - to specify certificates for server use. + description: |- + Flag to specify certificates for server use + Flag to specify certificates for server use. type: boolean streetAddress: - description: The street address of generated certificates The - street address of generated certificates. + description: |- + The street address of generated certificates + The street address of generated certificates. items: type: string type: array ttl: - description: The TTL, in seconds, for any certificate issued against - this role. The TTL. + description: |- + The TTL, in seconds, for any certificate issued against this role. + The TTL. type: string useCsrCommonName: - description: Flag to use the CN in the CSR Flag to use the CN - in the CSR. + description: |- + Flag to use the CN in the CSR + Flag to use the CN in the CSR. type: boolean useCsrSans: - description: Flag to use the SANs in the CSR Flag to use the SANs - in the CSR. + description: |- + Flag to use the SANs in the CSR + Flag to use the SANs in the CSR. type: boolean type: object conditions: @@ -1043,13 +1146,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -1060,8 +1165,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -1070,6 +1176,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendrootcerts.yaml b/package/crds/pki.vault.upbound.io_secretbackendrootcerts.yaml index 2782170f..d275dc9d 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendrootcerts.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendrootcerts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendrootcerts.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Generate root. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,258 +74,335 @@ spec: forProvider: properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of intermediate to create CN of root to create. + description: |- + CN of intermediate to create + CN of root to create. type: string country: - description: The country The country. + description: |- + The country + The country. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array issuerName: - description: Provides a name to the specified issuer. The name - must be unique across all issuers and not be the reserved value - default Provides a name to the specified issuer. The name must - be unique across all issuers and not be the reserved value 'default'. + description: |- + Provides a name to the specified issuer. The name must be unique + across all issuers and not be the reserved value default + Provides a name to the specified issuer. The name must be unique across all issuers and not be the reserved value 'default'. type: string keyBits: - description: The number of bits to use The number of bits to use. + description: |- + The number of bits to use + The number of bits to use. type: number keyName: - description: When a new key is created with this request, optionally - specifies the name for this. The global ref default may not - be used as a name. When a new key is created with this request, - optionally specifies the name for this. + description: |- + When a new key is created with this request, optionally specifies + the name for this. The global ref default may not be used as a name. + When a new key is created with this request, optionally specifies the name for this. type: string keyRef: - description: Specifies the key (either default, by name, or by - identifier) to use for generating this request. Only suitable - for type=existing requests. Specifies the key to use for generating - this request. + description: |- + Specifies the key (either default, by name, or by identifier) to use + for generating this request. Only suitable for type=existing requests. + Specifies the key to use for generating this request. type: string keyType: - description: The desired key type The desired key type. + description: |- + The desired key type + The desired key type. type: string locality: - description: The locality The locality. + description: |- + The locality + The locality. type: string managedKeyId: - description: The ID of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_name The ID of the previously configured managed - key. + description: |- + The ID of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_name + The ID of the previously configured managed key. type: string managedKeyName: - description: The name of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_id The name of the previously configured managed - key. + description: |- + The name of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_id + The name of the previously configured managed key. type: string maxPathLength: - description: The maximum path length to encode in the generated - certificate The maximum path length to encode in the generated - certificate. + description: |- + The maximum path length to encode in the generated certificate + The maximum path length to encode in the generated certificate. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization The organization. + description: |- + The organization + The organization. type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array ou: - description: The organization unit The organization unit. + description: |- + The organization unit + The organization unit. type: string permittedDnsDomains: - description: List of domains for which certificates are allowed - to be issued List of domains for which certificates are allowed - to be issued. + description: |- + List of domains for which certificates are allowed to be issued + List of domains for which certificates are allowed to be issued. items: type: string type: array postalCode: - description: The postal code The postal code. + description: |- + The postal code + The postal code. type: string privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string province: - description: The province The province. + description: |- + The province + The province. type: string streetAddress: - description: The street address The street address. + description: |- + The street address + The street address. type: string ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string type: - description: Type of intermediate to create. Must be either "exported", - "internal" or "kms" Type of root to create. Must be either "existing", - "exported", "internal" or "kms" + description: |- + Type of intermediate to create. Must be either "exported", "internal" + or "kms" + Type of root to create. Must be either "existing", "exported", "internal" or "kms" type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of intermediate to create CN of root to create. + description: |- + CN of intermediate to create + CN of root to create. type: string country: - description: The country The country. + description: |- + The country + The country. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array issuerName: - description: Provides a name to the specified issuer. The name - must be unique across all issuers and not be the reserved value - default Provides a name to the specified issuer. The name must - be unique across all issuers and not be the reserved value 'default'. + description: |- + Provides a name to the specified issuer. The name must be unique + across all issuers and not be the reserved value default + Provides a name to the specified issuer. The name must be unique across all issuers and not be the reserved value 'default'. type: string keyBits: - description: The number of bits to use The number of bits to use. + description: |- + The number of bits to use + The number of bits to use. type: number keyName: - description: When a new key is created with this request, optionally - specifies the name for this. The global ref default may not - be used as a name. When a new key is created with this request, - optionally specifies the name for this. + description: |- + When a new key is created with this request, optionally specifies + the name for this. The global ref default may not be used as a name. + When a new key is created with this request, optionally specifies the name for this. type: string keyRef: - description: Specifies the key (either default, by name, or by - identifier) to use for generating this request. Only suitable - for type=existing requests. Specifies the key to use for generating - this request. + description: |- + Specifies the key (either default, by name, or by identifier) to use + for generating this request. Only suitable for type=existing requests. + Specifies the key to use for generating this request. type: string keyType: - description: The desired key type The desired key type. + description: |- + The desired key type + The desired key type. type: string locality: - description: The locality The locality. + description: |- + The locality + The locality. type: string managedKeyId: - description: The ID of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_name The ID of the previously configured managed - key. + description: |- + The ID of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_name + The ID of the previously configured managed key. type: string managedKeyName: - description: The name of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_id The name of the previously configured managed - key. + description: |- + The name of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_id + The name of the previously configured managed key. type: string maxPathLength: - description: The maximum path length to encode in the generated - certificate The maximum path length to encode in the generated - certificate. + description: |- + The maximum path length to encode in the generated certificate + The maximum path length to encode in the generated certificate. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization The organization. + description: |- + The organization + The organization. type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array ou: - description: The organization unit The organization unit. + description: |- + The organization unit + The organization unit. type: string permittedDnsDomains: - description: List of domains for which certificates are allowed - to be issued List of domains for which certificates are allowed - to be issued. + description: |- + List of domains for which certificates are allowed to be issued + List of domains for which certificates are allowed to be issued. items: type: string type: array postalCode: - description: The postal code The postal code. + description: |- + The postal code + The postal code. type: string privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string province: - description: The province The province. + description: |- + The province + The province. type: string streetAddress: - description: The street address The street address. + description: |- + The street address + The street address. type: string ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string type: - description: Type of intermediate to create. Must be either "exported", - "internal" or "kms" Type of root to create. Must be either "existing", - "exported", "internal" or "kms" + description: |- + Type of intermediate to create. Must be either "exported", "internal" + or "kms" + Type of root to create. Must be either "existing", "exported", "internal" or "kms" type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array @@ -327,20 +410,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -353,9 +437,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -365,57 +450,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -425,17 +474,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -445,21 +496,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -474,21 +525,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -499,14 +551,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -541,147 +594,193 @@ spec: atProvider: properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string certificate: - description: The certificate. The certificate. + description: |- + The certificate. + The certificate. type: string commonName: - description: CN of intermediate to create CN of root to create. + description: |- + CN of intermediate to create + CN of root to create. type: string country: - description: The country The country. + description: |- + The country + The country. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string id: type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array issuerId: - description: The ID of the generated issuer. The ID of the generated - issuer. + description: |- + The ID of the generated issuer. + The ID of the generated issuer. type: string issuerName: - description: Provides a name to the specified issuer. The name - must be unique across all issuers and not be the reserved value - default Provides a name to the specified issuer. The name must - be unique across all issuers and not be the reserved value 'default'. + description: |- + Provides a name to the specified issuer. The name must be unique + across all issuers and not be the reserved value default + Provides a name to the specified issuer. The name must be unique across all issuers and not be the reserved value 'default'. type: string issuingCa: - description: The issuing CA certificate. The issuing CA. + description: |- + The issuing CA certificate. + The issuing CA. type: string keyBits: - description: The number of bits to use The number of bits to use. + description: |- + The number of bits to use + The number of bits to use. type: number keyId: - description: The ID of the generated key. The ID of the generated - key. + description: |- + The ID of the generated key. + The ID of the generated key. type: string keyName: - description: When a new key is created with this request, optionally - specifies the name for this. The global ref default may not - be used as a name. When a new key is created with this request, - optionally specifies the name for this. + description: |- + When a new key is created with this request, optionally specifies + the name for this. The global ref default may not be used as a name. + When a new key is created with this request, optionally specifies the name for this. type: string keyRef: - description: Specifies the key (either default, by name, or by - identifier) to use for generating this request. Only suitable - for type=existing requests. Specifies the key to use for generating - this request. + description: |- + Specifies the key (either default, by name, or by identifier) to use + for generating this request. Only suitable for type=existing requests. + Specifies the key to use for generating this request. type: string keyType: - description: The desired key type The desired key type. + description: |- + The desired key type + The desired key type. type: string locality: - description: The locality The locality. + description: |- + The locality + The locality. type: string managedKeyId: - description: The ID of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_name The ID of the previously configured managed - key. + description: |- + The ID of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_name + The ID of the previously configured managed key. type: string managedKeyName: - description: The name of the previously configured managed key. - This field is required if type is kms and it conflicts with - managed_key_id The name of the previously configured managed - key. + description: |- + The name of the previously configured managed key. This field is + required if type is kms and it conflicts with managed_key_id + The name of the previously configured managed key. type: string maxPathLength: - description: The maximum path length to encode in the generated - certificate The maximum path length to encode in the generated - certificate. + description: |- + The maximum path length to encode in the generated certificate + The maximum path length to encode in the generated certificate. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: The organization The organization. + description: |- + The organization + The organization. type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array ou: - description: The organization unit The organization unit. + description: |- + The organization unit + The organization unit. type: string permittedDnsDomains: - description: List of domains for which certificates are allowed - to be issued List of domains for which certificates are allowed - to be issued. + description: |- + List of domains for which certificates are allowed to be issued + List of domains for which certificates are allowed to be issued. items: type: string type: array postalCode: - description: The postal code The postal code. + description: |- + The postal code + The postal code. type: string privateKeyFormat: - description: The private key format The private key format. + description: |- + The private key format + The private key format. type: string province: - description: The province The province. + description: |- + The province + The province. type: string serial: - description: Deprecated, use serial_number instead. The serial - number. + description: |- + Deprecated, use serial_number instead. + The serial number. type: string serialNumber: - description: The certificate's serial number, hex formatted. The - certificate's serial number, hex formatted. + description: |- + The certificate's serial number, hex formatted. + The certificate's serial number, hex formatted. type: string streetAddress: - description: The street address The street address. + description: |- + The street address + The street address. type: string ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string type: - description: Type of intermediate to create. Must be either "exported", - "internal" or "kms" Type of root to create. Must be either "existing", - "exported", "internal" or "kms" + description: |- + Type of intermediate to create. Must be either "exported", "internal" + or "kms" + Type of root to create. Must be either "existing", "exported", "internal" or "kms" type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array @@ -692,13 +791,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -709,8 +810,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -719,6 +821,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendrootsignintermediates.yaml b/package/crds/pki.vault.upbound.io_secretbackendrootsignintermediates.yaml index 7c6ca8a4..c531c753 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendrootsignintermediates.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendrootsignintermediates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendrootsignintermediates.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -55,13 +60,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -151,17 +157,18 @@ spec: type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: altNames: description: List of alternative names. @@ -248,20 +255,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -274,9 +282,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -286,57 +295,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -346,17 +319,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -366,21 +341,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -395,21 +370,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -420,14 +396,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -574,13 +551,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -591,8 +570,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -601,6 +581,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/pki.vault.upbound.io_secretbackendsigns.yaml b/package/crds/pki.vault.upbound.io_secretbackendsigns.yaml index 60fe6a69..49addc74 100644 --- a/package/crds/pki.vault.upbound.io_secretbackendsigns.yaml +++ b/package/crds/pki.vault.upbound.io_secretbackendsigns.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendsigns.pki.vault.upbound.io spec: group: pki.vault.upbound.io @@ -38,14 +38,19 @@ spec: Sign a new certificate based on the CSR by the PKI. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,158 +74,195 @@ spec: forProvider: properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array autoRenew: - description: If set to true, certs will be renewed if the expiration - is within min_seconds_remaining. Default false If enabled, a - new certificate will be generated if the expiration is within - min_seconds_remaining + description: |- + If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false + If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining type: boolean backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of certificate to create CN of intermediate to - create. + description: |- + CN of certificate to create + CN of intermediate to create. type: string csr: - description: The CSR The CSR. + description: |- + The CSR + The CSR. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array issuerRef: - description: Specifies the default issuer of this request. Can - be the value default, a name, or an issuer ID. Use ACLs to prevent - access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths - to prevent users overriding the role's issuer_ref value. Specifies - the default issuer of this request. + description: |- + Specifies the default issuer of this request. Can + be the value default, a name, or an issuer ID. Use ACLs to prevent access to + the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users + overriding the role's issuer_ref value. + Specifies the default issuer of this request. type: string minSecondsRemaining: - description: Generate a new certificate when the expiration is - within this number of seconds, default is 604800 (7 days) Generate - a new certificate when the expiration is within this number - of seconds + description: |- + Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days) + Generate a new certificate when the expiration is within this number of seconds type: number name: - description: Name of the role to create the certificate against + description: |- + Name of the role to create the certificate against Name of the role to create the certificate against. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array autoRenew: - description: If set to true, certs will be renewed if the expiration - is within min_seconds_remaining. Default false If enabled, a - new certificate will be generated if the expiration is within - min_seconds_remaining + description: |- + If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false + If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining type: boolean backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string commonName: - description: CN of certificate to create CN of intermediate to - create. + description: |- + CN of certificate to create + CN of intermediate to create. type: string csr: - description: The CSR The CSR. + description: |- + The CSR + The CSR. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array issuerRef: - description: Specifies the default issuer of this request. Can - be the value default, a name, or an issuer ID. Use ACLs to prevent - access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths - to prevent users overriding the role's issuer_ref value. Specifies - the default issuer of this request. + description: |- + Specifies the default issuer of this request. Can + be the value default, a name, or an issuer ID. Use ACLs to prevent access to + the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users + overriding the role's issuer_ref value. + Specifies the default issuer of this request. type: string minSecondsRemaining: - description: Generate a new certificate when the expiration is - within this number of seconds, default is 604800 (7 days) Generate - a new certificate when the expiration is within this number - of seconds + description: |- + Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days) + Generate a new certificate when the expiration is within this number of seconds type: number name: - description: Name of the role to create the certificate against + description: |- + Name of the role to create the certificate against Name of the role to create the certificate against. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array @@ -227,20 +270,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -253,9 +297,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -265,57 +310,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -325,17 +334,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -345,21 +356,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -374,21 +385,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -399,14 +411,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -444,105 +457,130 @@ spec: atProvider: properties: altNames: - description: List of alternative names List of alternative names. + description: |- + List of alternative names + List of alternative names. items: type: string type: array autoRenew: - description: If set to true, certs will be renewed if the expiration - is within min_seconds_remaining. Default false If enabled, a - new certificate will be generated if the expiration is within - min_seconds_remaining + description: |- + If set to true, certs will be renewed if the expiration is within min_seconds_remaining. Default false + If enabled, a new certificate will be generated if the expiration is within min_seconds_remaining type: boolean backend: - description: The PKI secret backend the resource belongs to. The - PKI secret backend the resource belongs to. + description: |- + The PKI secret backend the resource belongs to. + The PKI secret backend the resource belongs to. type: string caChain: - description: The CA chain The CA chain. + description: |- + The CA chain + The CA chain. items: type: string type: array certificate: - description: The certificate The certicate. + description: |- + The certificate + The certicate. type: string commonName: - description: CN of certificate to create CN of intermediate to - create. + description: |- + CN of certificate to create + CN of intermediate to create. type: string csr: - description: The CSR The CSR. + description: |- + The CSR + The CSR. type: string excludeCnFromSans: - description: Flag to exclude CN from SANs Flag to exclude CN from - SANs. + description: |- + Flag to exclude CN from SANs + Flag to exclude CN from SANs. type: boolean expiration: - description: The expiration date of the certificate in unix epoch - format The certificate expiration as a Unix-style timestamp. + description: |- + The expiration date of the certificate in unix epoch format + The certificate expiration as a Unix-style timestamp. type: number format: - description: The format of data The format of data. + description: |- + The format of data + The format of data. type: string id: type: string ipSans: - description: List of alternative IPs List of alternative IPs. + description: |- + List of alternative IPs + List of alternative IPs. items: type: string type: array issuerRef: - description: Specifies the default issuer of this request. Can - be the value default, a name, or an issuer ID. Use ACLs to prevent - access to the /pki/issuer/:issuer_ref/{issue,sign}/:name paths - to prevent users overriding the role's issuer_ref value. Specifies - the default issuer of this request. + description: |- + Specifies the default issuer of this request. Can + be the value default, a name, or an issuer ID. Use ACLs to prevent access to + the /pki/issuer/:issuer_ref/{issue,sign}/:name paths to prevent users + overriding the role's issuer_ref value. + Specifies the default issuer of this request. type: string issuingCa: - description: The issuing CA The issuing CA. + description: |- + The issuing CA + The issuing CA. type: string minSecondsRemaining: - description: Generate a new certificate when the expiration is - within this number of seconds, default is 604800 (7 days) Generate - a new certificate when the expiration is within this number - of seconds + description: |- + Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days) + Generate a new certificate when the expiration is within this number of seconds type: number name: - description: Name of the role to create the certificate against + description: |- + Name of the role to create the certificate against Name of the role to create the certificate against. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string otherSans: - description: List of other SANs List of other SANs. + description: |- + List of other SANs + List of other SANs. items: type: string type: array renewPending: - description: true if the current time (during refresh) is after - the start of the early renewal window declared by min_seconds_remaining, - and false otherwise; if auto_renew is set to true then the provider - will plan to replace the certificate once renewal is pending. - Initially false, and then set to true during refresh once the - expiration is less than min_seconds_remaining in the future. + description: |- + true if the current time (during refresh) is after the start of the early renewal window declared by min_seconds_remaining, and false otherwise; if auto_renew is set to true then the provider will plan to replace the certificate once renewal is pending. + Initially false, and then set to true during refresh once the expiration is less than min_seconds_remaining in the future. type: boolean serial: - description: Use serial_number instead. The serial number. + description: |- + Use serial_number instead. + The serial number. type: string serialNumber: - description: The certificate's serial number, hex formatted. The - certificate's serial number, hex formatted. + description: |- + The certificate's serial number, hex formatted. + The certificate's serial number, hex formatted. type: string ttl: - description: Time to live Time to live. + description: |- + Time to live + Time to live. type: string uriSans: - description: List of alternative URIs List of alternative URIs. + description: |- + List of alternative URIs + List of alternative URIs. items: type: string type: array @@ -553,13 +591,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -570,8 +610,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -580,6 +621,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/quota.vault.upbound.io_leasecounts.yaml b/package/crds/quota.vault.upbound.io_leasecounts.yaml index bf7615e2..e1232b34 100644 --- a/package/crds/quota.vault.upbound.io_leasecounts.yaml +++ b/package/crds/quota.vault.upbound.io_leasecounts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: leasecounts.quota.vault.upbound.io spec: group: quota.vault.upbound.io @@ -38,14 +38,19 @@ spec: Count Quota properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,111 +74,107 @@ spec: forProvider: properties: maxLeases: - description: The maximum number of leases to be allowed by the - quota rule. The max_leases must be positive. The maximum number - of leases to be allowed by the quota rule. The max_leases must - be positive. + description: |- + The maximum number of leases to be allowed by the quota + rule. The max_leases must be positive. + The maximum number of leases to be allowed by the quota rule. The max_leases must be positive. type: number name: - description: Name of the rate limit quota The name of the quota. + description: |- + Name of the rate limit quota + The name of the quota. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path of the mount or namespace to apply the quota. - A blank path configures a global rate limit quota. For example - namespace1/ adds a quota to a full namespace, namespace1/auth/userpass - adds a quota to userpass in namespace1. Updating this field - on an existing quota can have "moving" effects. For example, - updating auth/userpass to namespace1/auth/userpass moves this - quota from being a global mount quota to a namespace specific - mount quota. Note, namespaces are supported in Enterprise only. - Path of the mount or namespace to apply the quota. A blank path - configures a global lease count quota. + description: |- + Path of the mount or namespace to apply the quota. A blank path configures a + global rate limit quota. For example namespace1/ adds a quota to a full namespace, + namespace1/auth/userpass adds a quota to userpass in namespace1. + Updating this field on an existing quota can have "moving" effects. For example, updating + auth/userpass to namespace1/auth/userpass moves this quota from being a global mount quota to + a namespace specific mount quota. Note, namespaces are supported in Enterprise only. + Path of the mount or namespace to apply the quota. A blank path configures a global lease count quota. type: string role: - description: If set on a quota where path is set to an auth mount - with a concept of roles (such as /auth/approle/), this will - make the quota restrict login requests to that mount that are - made with the specified role. If set on a quota where path is - set to an auth mount with a concept of roles (such as /auth/approle/), - this will make the quota restrict login requests to that mount - that are made with the specified role. + description: |- + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: maxLeases: - description: The maximum number of leases to be allowed by the - quota rule. The max_leases must be positive. The maximum number - of leases to be allowed by the quota rule. The max_leases must - be positive. + description: |- + The maximum number of leases to be allowed by the quota + rule. The max_leases must be positive. + The maximum number of leases to be allowed by the quota rule. The max_leases must be positive. type: number name: - description: Name of the rate limit quota The name of the quota. + description: |- + Name of the rate limit quota + The name of the quota. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path of the mount or namespace to apply the quota. - A blank path configures a global rate limit quota. For example - namespace1/ adds a quota to a full namespace, namespace1/auth/userpass - adds a quota to userpass in namespace1. Updating this field - on an existing quota can have "moving" effects. For example, - updating auth/userpass to namespace1/auth/userpass moves this - quota from being a global mount quota to a namespace specific - mount quota. Note, namespaces are supported in Enterprise only. - Path of the mount or namespace to apply the quota. A blank path - configures a global lease count quota. + description: |- + Path of the mount or namespace to apply the quota. A blank path configures a + global rate limit quota. For example namespace1/ adds a quota to a full namespace, + namespace1/auth/userpass adds a quota to userpass in namespace1. + Updating this field on an existing quota can have "moving" effects. For example, updating + auth/userpass to namespace1/auth/userpass moves this quota from being a global mount quota to + a namespace specific mount quota. Note, namespaces are supported in Enterprise only. + Path of the mount or namespace to apply the quota. A blank path configures a global lease count quota. type: string role: - description: If set on a quota where path is set to an auth mount - with a concept of roles (such as /auth/approle/), this will - make the quota restrict login requests to that mount that are - made with the specified role. If set on a quota where path is - set to an auth mount with a concept of roles (such as /auth/approle/), - this will make the quota restrict login requests to that mount - that are made with the specified role. + description: |- + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -185,9 +187,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -197,57 +200,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -257,17 +224,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -277,21 +246,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -306,21 +275,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -331,14 +301,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -370,41 +341,38 @@ spec: id: type: string maxLeases: - description: The maximum number of leases to be allowed by the - quota rule. The max_leases must be positive. The maximum number - of leases to be allowed by the quota rule. The max_leases must - be positive. + description: |- + The maximum number of leases to be allowed by the quota + rule. The max_leases must be positive. + The maximum number of leases to be allowed by the quota rule. The max_leases must be positive. type: number name: - description: Name of the rate limit quota The name of the quota. + description: |- + Name of the rate limit quota + The name of the quota. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path of the mount or namespace to apply the quota. - A blank path configures a global rate limit quota. For example - namespace1/ adds a quota to a full namespace, namespace1/auth/userpass - adds a quota to userpass in namespace1. Updating this field - on an existing quota can have "moving" effects. For example, - updating auth/userpass to namespace1/auth/userpass moves this - quota from being a global mount quota to a namespace specific - mount quota. Note, namespaces are supported in Enterprise only. - Path of the mount or namespace to apply the quota. A blank path - configures a global lease count quota. + description: |- + Path of the mount or namespace to apply the quota. A blank path configures a + global rate limit quota. For example namespace1/ adds a quota to a full namespace, + namespace1/auth/userpass adds a quota to userpass in namespace1. + Updating this field on an existing quota can have "moving" effects. For example, updating + auth/userpass to namespace1/auth/userpass moves this quota from being a global mount quota to + a namespace specific mount quota. Note, namespaces are supported in Enterprise only. + Path of the mount or namespace to apply the quota. A blank path configures a global lease count quota. type: string role: - description: If set on a quota where path is set to an auth mount - with a concept of roles (such as /auth/approle/), this will - make the quota restrict login requests to that mount that are - made with the specified role. If set on a quota where path is - set to an auth mount with a concept of roles (such as /auth/approle/), - this will make the quota restrict login requests to that mount - that are made with the specified role. + description: |- + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. type: string type: object conditions: @@ -413,13 +381,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -430,8 +400,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -440,6 +411,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/quota.vault.upbound.io_ratelimits.yaml b/package/crds/quota.vault.upbound.io_ratelimits.yaml index c6d36a02..b33fec71 100644 --- a/package/crds/quota.vault.upbound.io_ratelimits.yaml +++ b/package/crds/quota.vault.upbound.io_ratelimits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: ratelimits.quota.vault.upbound.io spec: group: quota.vault.upbound.io @@ -38,14 +38,19 @@ spec: Quota properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,135 +74,129 @@ spec: forProvider: properties: blockInterval: - description: If set, when a client reaches a rate limit threshold, - the client will be prohibited from any further requests until - after the 'block_interval' in seconds has elapsed. If set, when - a client reaches a rate limit threshold, the client will be - prohibited from any further requests until after the 'block_interval' - in seconds has elapsed. + description: |- + If set, when a client reaches a rate limit threshold, the client will + be prohibited from any further requests until after the 'block_interval' in seconds has elapsed. + If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' in seconds has elapsed. type: number interval: - description: The duration in seconds to enforce rate limiting - for. The duration in seconds to enforce rate limiting for. + description: |- + The duration in seconds to enforce rate limiting for. + The duration in seconds to enforce rate limiting for. type: number name: - description: Name of the rate limit quota The name of the quota. + description: |- + Name of the rate limit quota + The name of the quota. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path of the mount or namespace to apply the quota. - A blank path configures a global rate limit quota. For example - namespace1/ adds a quota to a full namespace, namespace1/auth/userpass - adds a quota to userpass in namespace1. Updating this field - on an existing quota can have "moving" effects. For example, - updating auth/userpass to namespace1/auth/userpass moves this - quota from being a global mount quota to a namespace specific - mount quota. Note, namespaces are supported in Enterprise only. - Path of the mount or namespace to apply the quota. A blank path - configures a global rate limit quota. + description: |- + Path of the mount or namespace to apply the quota. A blank path configures a + global rate limit quota. For example namespace1/ adds a quota to a full namespace, + namespace1/auth/userpass adds a quota to userpass in namespace1. + Updating this field on an existing quota can have "moving" effects. For example, updating + auth/userpass to namespace1/auth/userpass moves this quota from being a global mount quota to + a namespace specific mount quota. Note, namespaces are supported in Enterprise only. + Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. type: string rate: - description: The maximum number of requests at any given second - to be allowed by the quota rule. The rate must be positive. - The maximum number of requests at any given second to be allowed - by the quota rule. The rate must be positive. + description: |- + The maximum number of requests at any given second to be allowed by the quota + rule. The rate must be positive. + The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. type: number role: - description: If set on a quota where path is set to an auth mount - with a concept of roles (such as /auth/approle/), this will - make the quota restrict login requests to that mount that are - made with the specified role. If set on a quota where path is - set to an auth mount with a concept of roles (such as /auth/approle/), - this will make the quota restrict login requests to that mount - that are made with the specified role. + description: |- + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: blockInterval: - description: If set, when a client reaches a rate limit threshold, - the client will be prohibited from any further requests until - after the 'block_interval' in seconds has elapsed. If set, when - a client reaches a rate limit threshold, the client will be - prohibited from any further requests until after the 'block_interval' - in seconds has elapsed. + description: |- + If set, when a client reaches a rate limit threshold, the client will + be prohibited from any further requests until after the 'block_interval' in seconds has elapsed. + If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' in seconds has elapsed. type: number interval: - description: The duration in seconds to enforce rate limiting - for. The duration in seconds to enforce rate limiting for. + description: |- + The duration in seconds to enforce rate limiting for. + The duration in seconds to enforce rate limiting for. type: number name: - description: Name of the rate limit quota The name of the quota. + description: |- + Name of the rate limit quota + The name of the quota. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path of the mount or namespace to apply the quota. - A blank path configures a global rate limit quota. For example - namespace1/ adds a quota to a full namespace, namespace1/auth/userpass - adds a quota to userpass in namespace1. Updating this field - on an existing quota can have "moving" effects. For example, - updating auth/userpass to namespace1/auth/userpass moves this - quota from being a global mount quota to a namespace specific - mount quota. Note, namespaces are supported in Enterprise only. - Path of the mount or namespace to apply the quota. A blank path - configures a global rate limit quota. + description: |- + Path of the mount or namespace to apply the quota. A blank path configures a + global rate limit quota. For example namespace1/ adds a quota to a full namespace, + namespace1/auth/userpass adds a quota to userpass in namespace1. + Updating this field on an existing quota can have "moving" effects. For example, updating + auth/userpass to namespace1/auth/userpass moves this quota from being a global mount quota to + a namespace specific mount quota. Note, namespaces are supported in Enterprise only. + Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. type: string rate: - description: The maximum number of requests at any given second - to be allowed by the quota rule. The rate must be positive. - The maximum number of requests at any given second to be allowed - by the quota rule. The rate must be positive. + description: |- + The maximum number of requests at any given second to be allowed by the quota + rule. The rate must be positive. + The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. type: number role: - description: If set on a quota where path is set to an auth mount - with a concept of roles (such as /auth/approle/), this will - make the quota restrict login requests to that mount that are - made with the specified role. If set on a quota where path is - set to an auth mount with a concept of roles (such as /auth/approle/), - this will make the quota restrict login requests to that mount - that are made with the specified role. + description: |- + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -209,9 +209,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -221,57 +222,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -281,17 +246,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -301,21 +268,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -330,21 +297,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -355,14 +323,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -392,55 +361,51 @@ spec: atProvider: properties: blockInterval: - description: If set, when a client reaches a rate limit threshold, - the client will be prohibited from any further requests until - after the 'block_interval' in seconds has elapsed. If set, when - a client reaches a rate limit threshold, the client will be - prohibited from any further requests until after the 'block_interval' - in seconds has elapsed. + description: |- + If set, when a client reaches a rate limit threshold, the client will + be prohibited from any further requests until after the 'block_interval' in seconds has elapsed. + If set, when a client reaches a rate limit threshold, the client will be prohibited from any further requests until after the 'block_interval' in seconds has elapsed. type: number id: type: string interval: - description: The duration in seconds to enforce rate limiting - for. The duration in seconds to enforce rate limiting for. + description: |- + The duration in seconds to enforce rate limiting for. + The duration in seconds to enforce rate limiting for. type: number name: - description: Name of the rate limit quota The name of the quota. + description: |- + Name of the rate limit quota + The name of the quota. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path of the mount or namespace to apply the quota. - A blank path configures a global rate limit quota. For example - namespace1/ adds a quota to a full namespace, namespace1/auth/userpass - adds a quota to userpass in namespace1. Updating this field - on an existing quota can have "moving" effects. For example, - updating auth/userpass to namespace1/auth/userpass moves this - quota from being a global mount quota to a namespace specific - mount quota. Note, namespaces are supported in Enterprise only. - Path of the mount or namespace to apply the quota. A blank path - configures a global rate limit quota. + description: |- + Path of the mount or namespace to apply the quota. A blank path configures a + global rate limit quota. For example namespace1/ adds a quota to a full namespace, + namespace1/auth/userpass adds a quota to userpass in namespace1. + Updating this field on an existing quota can have "moving" effects. For example, updating + auth/userpass to namespace1/auth/userpass moves this quota from being a global mount quota to + a namespace specific mount quota. Note, namespaces are supported in Enterprise only. + Path of the mount or namespace to apply the quota. A blank path configures a global rate limit quota. type: string rate: - description: The maximum number of requests at any given second - to be allowed by the quota rule. The rate must be positive. - The maximum number of requests at any given second to be allowed - by the quota rule. The rate must be positive. + description: |- + The maximum number of requests at any given second to be allowed by the quota + rule. The rate must be positive. + The maximum number of requests at any given second to be allowed by the quota rule. The rate must be positive. type: number role: - description: If set on a quota where path is set to an auth mount - with a concept of roles (such as /auth/approle/), this will - make the quota restrict login requests to that mount that are - made with the specified role. If set on a quota where path is - set to an auth mount with a concept of roles (such as /auth/approle/), - this will make the quota restrict login requests to that mount - that are made with the specified role. + description: |- + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. + If set on a quota where path is set to an auth mount with a concept of roles (such as /auth/approle/), this will make the quota restrict login requests to that mount that are made with the specified role. type: string type: object conditions: @@ -449,13 +414,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -466,8 +433,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -476,6 +444,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/rabbitmq.vault.upbound.io_secretbackendroles.yaml b/package/crds/rabbitmq.vault.upbound.io_secretbackendroles.yaml index 0e52eec5..4c4d37dd 100644 --- a/package/crds/rabbitmq.vault.upbound.io_secretbackendroles.yaml +++ b/package/crds/rabbitmq.vault.upbound.io_secretbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendroles.rabbitmq.vault.upbound.io spec: group: rabbitmq.vault.upbound.io @@ -38,14 +38,19 @@ spec: Creates a role on an RabbitMQ Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,27 +74,33 @@ spec: forProvider: properties: backend: - description: The path the RabbitMQ secret backend is mounted at, - with no leading or trailing /s. The path of the Rabbitmq Secret - Backend the role belongs to. + description: |- + The path the RabbitMQ secret backend is mounted at, + with no leading or trailing /s. + The path of the Rabbitmq Secret Backend the role belongs to. type: string name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string tags: - description: Specifies a comma-separated RabbitMQ management tags. + description: |- + Specifies a comma-separated RabbitMQ management tags. Specifies a comma-separated RabbitMQ management tags. type: string vhost: - description: Specifies a map of virtual hosts to permissions. + description: |- + Specifies a map of virtual hosts to permissions. Specifies a map of virtual hosts to permissions. items: properties: @@ -107,17 +119,17 @@ spec: type: object type: array vhostTopic: - description: Specifies a map of virtual hosts and exchanges to - topic permissions. This option requires RabbitMQ 3.7.0 or later. - Specifies a map of virtual hosts and exchanges to topic permissions. - This option requires RabbitMQ 3.7.0 or later. + description: |- + Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later. + Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later. items: properties: host: description: The vhost to set permissions for. type: string vhost: - description: Specifies a map of virtual hosts to permissions. + description: |- + Specifies a map of virtual hosts to permissions. Specifies a map of virtual hosts to permissions. items: properties: @@ -136,40 +148,47 @@ spec: type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path the RabbitMQ secret backend is mounted at, - with no leading or trailing /s. The path of the Rabbitmq Secret - Backend the role belongs to. + description: |- + The path the RabbitMQ secret backend is mounted at, + with no leading or trailing /s. + The path of the Rabbitmq Secret Backend the role belongs to. type: string name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string tags: - description: Specifies a comma-separated RabbitMQ management tags. + description: |- + Specifies a comma-separated RabbitMQ management tags. Specifies a comma-separated RabbitMQ management tags. type: string vhost: - description: Specifies a map of virtual hosts to permissions. + description: |- + Specifies a map of virtual hosts to permissions. Specifies a map of virtual hosts to permissions. items: properties: @@ -188,17 +207,17 @@ spec: type: object type: array vhostTopic: - description: Specifies a map of virtual hosts and exchanges to - topic permissions. This option requires RabbitMQ 3.7.0 or later. - Specifies a map of virtual hosts and exchanges to topic permissions. - This option requires RabbitMQ 3.7.0 or later. + description: |- + Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later. + Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later. items: properties: host: description: The vhost to set permissions for. type: string vhost: - description: Specifies a map of virtual hosts to permissions. + description: |- + Specifies a map of virtual hosts to permissions. Specifies a map of virtual hosts to permissions. items: properties: @@ -219,20 +238,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -245,9 +265,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -257,57 +278,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -317,17 +302,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -337,21 +324,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -366,21 +353,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -391,14 +379,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -428,29 +417,35 @@ spec: atProvider: properties: backend: - description: The path the RabbitMQ secret backend is mounted at, - with no leading or trailing /s. The path of the Rabbitmq Secret - Backend the role belongs to. + description: |- + The path the RabbitMQ secret backend is mounted at, + with no leading or trailing /s. + The path of the Rabbitmq Secret Backend the role belongs to. type: string id: type: string name: - description: The name to identify this role within the backend. - Must be unique within the backend. Unique name for the role. + description: |- + The name to identify this role within the backend. + Must be unique within the backend. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string tags: - description: Specifies a comma-separated RabbitMQ management tags. + description: |- + Specifies a comma-separated RabbitMQ management tags. Specifies a comma-separated RabbitMQ management tags. type: string vhost: - description: Specifies a map of virtual hosts to permissions. + description: |- + Specifies a map of virtual hosts to permissions. Specifies a map of virtual hosts to permissions. items: properties: @@ -469,17 +464,17 @@ spec: type: object type: array vhostTopic: - description: Specifies a map of virtual hosts and exchanges to - topic permissions. This option requires RabbitMQ 3.7.0 or later. - Specifies a map of virtual hosts and exchanges to topic permissions. - This option requires RabbitMQ 3.7.0 or later. + description: |- + Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later. + Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later. items: properties: host: description: The vhost to set permissions for. type: string vhost: - description: Specifies a map of virtual hosts to permissions. + description: |- + Specifies a map of virtual hosts to permissions. Specifies a map of virtual hosts to permissions. items: properties: @@ -503,13 +498,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -520,8 +517,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -530,6 +528,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/rabbitmq.vault.upbound.io_secretbackends.yaml b/package/crds/rabbitmq.vault.upbound.io_secretbackends.yaml index 5f39ca71..7c4e036e 100644 --- a/package/crds/rabbitmq.vault.upbound.io_secretbackends.yaml +++ b/package/crds/rabbitmq.vault.upbound.io_secretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackends.rabbitmq.vault.upbound.io spec: group: rabbitmq.vault.upbound.io @@ -38,14 +38,19 @@ spec: an RabbitMQ secret backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,43 +74,49 @@ spec: forProvider: properties: connectionUri: - description: Specifies the RabbitMQ connection URI. Specifies - the RabbitMQ connection URI. + description: |- + Specifies the RabbitMQ connection URI. + Specifies the RabbitMQ connection URI. type: string defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials + issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string passwordPolicy: - description: Specifies a password policy to use when creating - dynamic credentials. Defaults to generating an alphanumeric - password if not set. Specifies a password policy to use when - creating dynamic credentials. Defaults to generating an alphanumeric - password if not set. + description: |- + Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set. + Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set. type: string passwordSecretRef: - description: Specifies the RabbitMQ management administrator password. + description: |- + Specifies the RabbitMQ management administrator password. Specifies the RabbitMQ management administrator password properties: key: @@ -122,13 +134,14 @@ spec: - namespace type: object path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to rabbitmq. The path - of the RabbitMQ Secret Backend where the connection should be - configured + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to rabbitmq. + The path of the RabbitMQ Secret Backend where the connection should be configured type: string usernameSecretRef: - description: Specifies the RabbitMQ management administrator username. + description: |- + Specifies the RabbitMQ management administrator username. Specifies the RabbitMQ management administrator username properties: key: @@ -146,97 +159,108 @@ spec: - namespace type: object usernameTemplate: - description: Template describing how dynamic usernames are generated. + description: |- + Template describing how dynamic usernames are generated. Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Specifies whether to verify connection URI, username, - and password. Defaults to true. Specifies whether to verify - connection URI, username, and password. + description: |- + Specifies whether to verify connection URI, username, and password. + Defaults to true. + Specifies whether to verify connection URI, username, and password. type: boolean type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: connectionUri: - description: Specifies the RabbitMQ connection URI. Specifies - the RabbitMQ connection URI. + description: |- + Specifies the RabbitMQ connection URI. + Specifies the RabbitMQ connection URI. type: string defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials + issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string passwordPolicy: - description: Specifies a password policy to use when creating - dynamic credentials. Defaults to generating an alphanumeric - password if not set. Specifies a password policy to use when - creating dynamic credentials. Defaults to generating an alphanumeric - password if not set. + description: |- + Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set. + Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set. type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to rabbitmq. The path - of the RabbitMQ Secret Backend where the connection should be - configured + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to rabbitmq. + The path of the RabbitMQ Secret Backend where the connection should be configured type: string usernameTemplate: - description: Template describing how dynamic usernames are generated. + description: |- + Template describing how dynamic usernames are generated. Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Specifies whether to verify connection URI, username, - and password. Defaults to true. Specifies whether to verify - connection URI, username, and password. + description: |- + Specifies whether to verify connection URI, username, and password. + Defaults to true. + Specifies whether to verify connection URI, username, and password. type: boolean type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -249,9 +273,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -261,57 +286,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -321,17 +310,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -341,21 +332,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -370,21 +361,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -395,14 +387,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -434,57 +427,64 @@ spec: atProvider: properties: connectionUri: - description: Specifies the RabbitMQ connection URI. Specifies - the RabbitMQ connection URI. + description: |- + Specifies the RabbitMQ connection URI. + Specifies the RabbitMQ connection URI. type: string defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials + issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean id: type: string maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string passwordPolicy: - description: Specifies a password policy to use when creating - dynamic credentials. Defaults to generating an alphanumeric - password if not set. Specifies a password policy to use when - creating dynamic credentials. Defaults to generating an alphanumeric - password if not set. + description: |- + Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set. + Specifies a password policy to use when creating dynamic credentials. Defaults to generating an alphanumeric password if not set. type: string path: - description: The unique path this backend should be mounted at. - Must not begin or end with a /. Defaults to rabbitmq. The path - of the RabbitMQ Secret Backend where the connection should be - configured + description: |- + The unique path this backend should be mounted at. Must + not begin or end with a /. Defaults to rabbitmq. + The path of the RabbitMQ Secret Backend where the connection should be configured type: string usernameTemplate: - description: Template describing how dynamic usernames are generated. + description: |- + Template describing how dynamic usernames are generated. Template describing how dynamic usernames are generated. type: string verifyConnection: - description: Specifies whether to verify connection URI, username, - and password. Defaults to true. Specifies whether to verify - connection URI, username, and password. + description: |- + Specifies whether to verify connection URI, username, and password. + Defaults to true. + Specifies whether to verify connection URI, username, and password. type: boolean type: object conditions: @@ -493,13 +493,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -510,8 +512,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -520,6 +523,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/raft.vault.upbound.io_autopilots.yaml b/package/crds/raft.vault.upbound.io_autopilots.yaml index 2cbca0c5..51960549 100644 --- a/package/crds/raft.vault.upbound.io_autopilots.yaml +++ b/package/crds/raft.vault.upbound.io_autopilots.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: autopilots.raft.vault.upbound.io spec: group: raft.vault.upbound.io @@ -38,14 +38,19 @@ spec: Autopilot capabilities. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,135 +74,139 @@ spec: forProvider: properties: cleanupDeadServers: - description: quorum is also set. Specifies whether to remove dead - server nodes periodically or when a new server joins. This requires - that min-quorum is also set. + description: |- + quorum is also set. + Specifies whether to remove dead server nodes periodically or when a new server joins. This requires that min-quorum is also set. type: boolean deadServerLastContactThreshold: - description: Limit the amount of time a server can go without - leader contact before being considered failed. This only takes - effect when cleanup_dead_servers is set. Limit the amount of - time a server can go without leader contact before being considered - failed. This only takes effect when cleanup_dead_servers is - set. + description: |- + Limit the amount of time a + server can go without leader contact before being considered failed. This only takes + effect when cleanup_dead_servers is set. + Limit the amount of time a server can go without leader contact before being considered failed. This only takes effect when cleanup_dead_servers is set. type: string disableUpgradeMigration: - description: only) Disables automatically upgrading Vault using - autopilot. (Enterprise-only) + description: |- + only) + Disables automatically upgrading Vault using autopilot. (Enterprise-only) type: boolean lastContactThreshold: - description: Limit the amount of time a server can go without - leader contact before being considered unhealthy. Limit the - amount of time a server can go without leader contact before - being considered unhealthy. + description: |- + Limit the amount of time a server can go + without leader contact before being considered unhealthy. + Limit the amount of time a server can go without leader contact before being considered unhealthy. type: string maxTrailingLogs: - description: Maximum number of log entries in the Raft log that - a server can be behind its leader before being considered unhealthy. - Maximum number of log entries in the Raft log that a server - can be behind its leader before being considered unhealthy. + description: |- + Maximum number of log entries in the Raft log + that a server can be behind its leader before being considered unhealthy. + Maximum number of log entries in the Raft log that a server can be behind its leader before being considered unhealthy. type: number minQuorum: - description: Minimum number of servers allowed in a cluster before - autopilot can prune dead servers. This should at least be 3. - Applicable only for voting nodes. Minimum number of servers - allowed in a cluster before autopilot can prune dead servers. - This should at least be 3. Applicable only for voting nodes. + description: |- + Minimum number of servers allowed in a cluster before + autopilot can prune dead servers. This should at least be 3. Applicable only for + voting nodes. + Minimum number of servers allowed in a cluster before autopilot can prune dead servers. This should at least be 3. Applicable only for voting nodes. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string serverStabilizationTime: - description: Minimum amount of time a server must be stable in - the 'healthy' state before being added to the cluster. Minimum - amount of time a server must be stable in the 'healthy' state - before being added to the cluster. + description: |- + Minimum amount of time a server must be + stable in the 'healthy' state before being added to the cluster. + Minimum amount of time a server must be stable in the 'healthy' state before being added to the cluster. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: cleanupDeadServers: - description: quorum is also set. Specifies whether to remove dead - server nodes periodically or when a new server joins. This requires - that min-quorum is also set. + description: |- + quorum is also set. + Specifies whether to remove dead server nodes periodically or when a new server joins. This requires that min-quorum is also set. type: boolean deadServerLastContactThreshold: - description: Limit the amount of time a server can go without - leader contact before being considered failed. This only takes - effect when cleanup_dead_servers is set. Limit the amount of - time a server can go without leader contact before being considered - failed. This only takes effect when cleanup_dead_servers is - set. + description: |- + Limit the amount of time a + server can go without leader contact before being considered failed. This only takes + effect when cleanup_dead_servers is set. + Limit the amount of time a server can go without leader contact before being considered failed. This only takes effect when cleanup_dead_servers is set. type: string disableUpgradeMigration: - description: only) Disables automatically upgrading Vault using - autopilot. (Enterprise-only) + description: |- + only) + Disables automatically upgrading Vault using autopilot. (Enterprise-only) type: boolean lastContactThreshold: - description: Limit the amount of time a server can go without - leader contact before being considered unhealthy. Limit the - amount of time a server can go without leader contact before - being considered unhealthy. + description: |- + Limit the amount of time a server can go + without leader contact before being considered unhealthy. + Limit the amount of time a server can go without leader contact before being considered unhealthy. type: string maxTrailingLogs: - description: Maximum number of log entries in the Raft log that - a server can be behind its leader before being considered unhealthy. - Maximum number of log entries in the Raft log that a server - can be behind its leader before being considered unhealthy. + description: |- + Maximum number of log entries in the Raft log + that a server can be behind its leader before being considered unhealthy. + Maximum number of log entries in the Raft log that a server can be behind its leader before being considered unhealthy. type: number minQuorum: - description: Minimum number of servers allowed in a cluster before - autopilot can prune dead servers. This should at least be 3. - Applicable only for voting nodes. Minimum number of servers - allowed in a cluster before autopilot can prune dead servers. - This should at least be 3. Applicable only for voting nodes. + description: |- + Minimum number of servers allowed in a cluster before + autopilot can prune dead servers. This should at least be 3. Applicable only for + voting nodes. + Minimum number of servers allowed in a cluster before autopilot can prune dead servers. This should at least be 3. Applicable only for voting nodes. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string serverStabilizationTime: - description: Minimum amount of time a server must be stable in - the 'healthy' state before being added to the cluster. Minimum - amount of time a server must be stable in the 'healthy' state - before being added to the cluster. + description: |- + Minimum amount of time a server must be + stable in the 'healthy' state before being added to the cluster. + Minimum amount of time a server must be stable in the 'healthy' state before being added to the cluster. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -209,9 +219,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -221,57 +232,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -281,17 +256,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -301,21 +278,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -330,21 +307,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -355,14 +333,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -383,55 +362,56 @@ spec: atProvider: properties: cleanupDeadServers: - description: quorum is also set. Specifies whether to remove dead - server nodes periodically or when a new server joins. This requires - that min-quorum is also set. + description: |- + quorum is also set. + Specifies whether to remove dead server nodes periodically or when a new server joins. This requires that min-quorum is also set. type: boolean deadServerLastContactThreshold: - description: Limit the amount of time a server can go without - leader contact before being considered failed. This only takes - effect when cleanup_dead_servers is set. Limit the amount of - time a server can go without leader contact before being considered - failed. This only takes effect when cleanup_dead_servers is - set. + description: |- + Limit the amount of time a + server can go without leader contact before being considered failed. This only takes + effect when cleanup_dead_servers is set. + Limit the amount of time a server can go without leader contact before being considered failed. This only takes effect when cleanup_dead_servers is set. type: string disableUpgradeMigration: - description: only) Disables automatically upgrading Vault using - autopilot. (Enterprise-only) + description: |- + only) + Disables automatically upgrading Vault using autopilot. (Enterprise-only) type: boolean id: type: string lastContactThreshold: - description: Limit the amount of time a server can go without - leader contact before being considered unhealthy. Limit the - amount of time a server can go without leader contact before - being considered unhealthy. + description: |- + Limit the amount of time a server can go + without leader contact before being considered unhealthy. + Limit the amount of time a server can go without leader contact before being considered unhealthy. type: string maxTrailingLogs: - description: Maximum number of log entries in the Raft log that - a server can be behind its leader before being considered unhealthy. - Maximum number of log entries in the Raft log that a server - can be behind its leader before being considered unhealthy. + description: |- + Maximum number of log entries in the Raft log + that a server can be behind its leader before being considered unhealthy. + Maximum number of log entries in the Raft log that a server can be behind its leader before being considered unhealthy. type: number minQuorum: - description: Minimum number of servers allowed in a cluster before - autopilot can prune dead servers. This should at least be 3. - Applicable only for voting nodes. Minimum number of servers - allowed in a cluster before autopilot can prune dead servers. - This should at least be 3. Applicable only for voting nodes. + description: |- + Minimum number of servers allowed in a cluster before + autopilot can prune dead servers. This should at least be 3. Applicable only for + voting nodes. + Minimum number of servers allowed in a cluster before autopilot can prune dead servers. This should at least be 3. Applicable only for voting nodes. type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string serverStabilizationTime: - description: Minimum amount of time a server must be stable in - the 'healthy' state before being added to the cluster. Minimum - amount of time a server must be stable in the 'healthy' state - before being added to the cluster. + description: |- + Minimum amount of time a server must be + stable in the 'healthy' state before being added to the cluster. + Minimum amount of time a server must be stable in the 'healthy' state before being added to the cluster. type: string type: object conditions: @@ -440,13 +420,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -457,8 +439,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -467,6 +450,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/raft.vault.upbound.io_snapshotagentconfigs.yaml b/package/crds/raft.vault.upbound.io_snapshotagentconfigs.yaml index 7a868fb1..090392a6 100644 --- a/package/crds/raft.vault.upbound.io_snapshotagentconfigs.yaml +++ b/package/crds/raft.vault.upbound.io_snapshotagentconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: snapshotagentconfigs.raft.vault.upbound.io spec: group: raft.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. Creates a Raft Snapshot Agent Configuration for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,297 +74,367 @@ spec: forProvider: properties: awsAccessKeyId: - description: AWS access key ID. AWS access key ID. + description: |- + AWS access key ID. + AWS access key ID. type: string awsS3Bucket: - description: S3 bucket to write snapshots to. S3 bucket to write - snapshots to. + description: |- + S3 bucket to write snapshots to. + S3 bucket to write snapshots to. type: string awsS3DisableTls: - description: Disable TLS for the S3 endpoint. This should only - be used for testing purposes, typically in conjunction with - aws_s3_endpoint. Disable TLS for the S3 endpoint. This should - only be used for testing purposes. + description: |- + Disable TLS for the S3 endpoint. This + should only be used for testing purposes, typically in conjunction with + aws_s3_endpoint. + Disable TLS for the S3 endpoint. This should only be used for testing purposes. type: boolean awsS3EnableKms: - description: Use KMS to encrypt bucket contents. Use KMS to encrypt - bucket contents. + description: |- + Use KMS to encrypt bucket contents. + Use KMS to encrypt bucket contents. type: boolean awsS3Endpoint: - description: AWS endpoint. This is typically only set when using - a non-AWS S3 implementation like Minio. AWS endpoint. This is - typically only set when using a non-AWS S3 implementation like - Minio. + description: |- + AWS endpoint. This is typically only set when + using a non-AWS S3 implementation like Minio. + AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio. type: string awsS3ForcePathStyle: - description: Use the endpoint/bucket URL style instead of bucket.endpoint. - May be needed when setting aws_s3_endpoint. Use the endpoint/bucket - URL style instead of bucket.endpoint. + description: |- + Use the endpoint/bucket URL style + instead of bucket.endpoint. May be needed when setting aws_s3_endpoint. + Use the endpoint/bucket URL style instead of bucket.endpoint. type: boolean awsS3KmsKey: - description: Use named KMS key, when aws_s3_enable_kms = true + description: |- + Use named KMS key, when aws_s3_enable_kms = true Use named KMS key, when aws_s3_enable_kms=true type: string awsS3Region: - description: AWS region bucket is in. AWS region bucket is in. + description: |- + AWS region bucket is in. + AWS region bucket is in. type: string awsS3ServerSideEncryption: - description: Use AES256 to encrypt bucket contents. Use AES256 - to encrypt bucket contents. + description: |- + Use AES256 to encrypt bucket contents. + Use AES256 to encrypt bucket contents. type: boolean awsSecretAccessKey: - description: AWS secret access key. AWS secret access key. + description: |- + AWS secret access key. + AWS secret access key. type: string awsSessionToken: - description: AWS session token. AWS session token. + description: |- + AWS session token. + AWS session token. type: string azureAccountKey: - description: Azure account key. Azure account key. + description: |- + Azure account key. + Azure account key. type: string azureAccountName: - description: Azure account name. Azure account name. + description: |- + Azure account name. + Azure account name. type: string azureBlobEnvironment: - description: Azure blob environment. Azure blob environment. + description: |- + Azure blob environment. + Azure blob environment. type: string azureContainerName: - description: Azure container name to write snapshots to. Azure - container name to write snapshots to. + description: |- + Azure container name to write + snapshots to. + Azure container name to write snapshots to. type: string azureEndpoint: - description: Azure blob storage endpoint. This is typically only - set when using a non-Azure implementation like Azurite. Azure - blob storage endpoint. This is typically only set when using - a non-Azure implementation like Azurite. + description: |- + Azure blob storage endpoint. This is typically + only set when using a non-Azure implementation like Azurite. + Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite. type: string filePrefix: - description: Within the directory or bucket prefix given by path_prefix, - the file or object name of snapshot files will start with this - string. The file or object name of snapshot files will start - with this string. + description: |- + Within the directory or bucket + prefix given by path_prefix, the file or object name of snapshot files + will start with this string. + The file or object name of snapshot files will start with this string. type: string googleDisableTls: - description: Disable TLS for the GCS endpoint. This should only - be used for testing purposes, typically in conjunction with - google_endpoint. Disable TLS for the GCS endpoint. + description: |- + Disable TLS for the GCS endpoint. This + should only be used for testing purposes, typically in conjunction with + google_endpoint. + Disable TLS for the GCS endpoint. type: boolean googleEndpoint: - description: GCS endpoint. This is typically only set when using - a non-Google GCS implementation like fake-gcs-server. GCS endpoint. - This is typically only set when using a non-Google GCS implementation - like fake-gcs-server. + description: |- + GCS endpoint. This is typically only set when + using a non-Google GCS implementation like fake-gcs-server. + GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server. type: string googleGcsBucket: - description: GCS bucket to write snapshots to. GCS bucket to write - snapshots to. + description: |- + GCS bucket to write snapshots to. + GCS bucket to write snapshots to. type: string googleServiceAccountKey: - description: 'Google service account key in JSON format. The raw - value looks like this: Google service account key in JSON format.' + description: |- + Google service account key in JSON format. + The raw value looks like this: + Google service account key in JSON format. type: string intervalSeconds: - description: Time (in seconds) between snapshots. Number of seconds - between snapshots. + description: |- + Time (in seconds) between snapshots. + Number of seconds between snapshots. type: number localMaxSpace: - description: For storage_type = local, the maximum space, in bytes, - to use for snapshots. Snapshot attempts will fail if there is - not enough space left in this allowance. The maximum space, - in bytes, to use for snapshots. + description: |- + For storage_type = local, the maximum + space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough + space left in this allowance. + The maximum space, in bytes, to use for snapshots. type: number name: - description: – Name of the configuration to modify. + description: |- + – Name of the configuration to modify. Name of the snapshot agent configuration. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pathPrefix: - description: For storage_type = "local", the directory to write - the snapshots in. For cloud storage types, the bucket prefix - to use. Types azure-s3 and google-gcs require a trailing / (slash). - Types local and aws-s3 the trailing / is optional. The directory - or bucket prefix to to use. + description: |- + For storage_type = "local", the directory to + write the snapshots in. For cloud storage types, the bucket prefix to use. + Types azure-s3 and google-gcs require a trailing / (slash). + Types local and aws-s3 the trailing / is optional. + The directory or bucket prefix to to use. type: string retain: - description: How many snapshots are to be kept; when writing a - snapshot, if there are more snapshots already stored than this - number, the oldest ones will be deleted. How many snapshots - are to be kept. + description: |- + How many snapshots are to be kept; when writing a + snapshot, if there are more snapshots already stored than this number, the + oldest ones will be deleted. + How many snapshots are to be kept. type: number storageType: - description: One of "local", "azure-blob", "aws-s3", or "google-gcs". - The remaining parameters described below are all specific to - the selected storage_type and prefixed accordingly. What storage - service to send snapshots to. One of "local", "azure-blob", - "aws-s3", or "google-gcs". + description: |- + One of "local", "azure-blob", "aws-s3", + or "google-gcs". The remaining parameters described below are all specific to + the selected storage_type and prefixed accordingly. + What storage service to send snapshots to. One of "local", "azure-blob", "aws-s3", or "google-gcs". type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: awsAccessKeyId: - description: AWS access key ID. AWS access key ID. + description: |- + AWS access key ID. + AWS access key ID. type: string awsS3Bucket: - description: S3 bucket to write snapshots to. S3 bucket to write - snapshots to. + description: |- + S3 bucket to write snapshots to. + S3 bucket to write snapshots to. type: string awsS3DisableTls: - description: Disable TLS for the S3 endpoint. This should only - be used for testing purposes, typically in conjunction with - aws_s3_endpoint. Disable TLS for the S3 endpoint. This should - only be used for testing purposes. + description: |- + Disable TLS for the S3 endpoint. This + should only be used for testing purposes, typically in conjunction with + aws_s3_endpoint. + Disable TLS for the S3 endpoint. This should only be used for testing purposes. type: boolean awsS3EnableKms: - description: Use KMS to encrypt bucket contents. Use KMS to encrypt - bucket contents. + description: |- + Use KMS to encrypt bucket contents. + Use KMS to encrypt bucket contents. type: boolean awsS3Endpoint: - description: AWS endpoint. This is typically only set when using - a non-AWS S3 implementation like Minio. AWS endpoint. This is - typically only set when using a non-AWS S3 implementation like - Minio. + description: |- + AWS endpoint. This is typically only set when + using a non-AWS S3 implementation like Minio. + AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio. type: string awsS3ForcePathStyle: - description: Use the endpoint/bucket URL style instead of bucket.endpoint. - May be needed when setting aws_s3_endpoint. Use the endpoint/bucket - URL style instead of bucket.endpoint. + description: |- + Use the endpoint/bucket URL style + instead of bucket.endpoint. May be needed when setting aws_s3_endpoint. + Use the endpoint/bucket URL style instead of bucket.endpoint. type: boolean awsS3KmsKey: - description: Use named KMS key, when aws_s3_enable_kms = true + description: |- + Use named KMS key, when aws_s3_enable_kms = true Use named KMS key, when aws_s3_enable_kms=true type: string awsS3Region: - description: AWS region bucket is in. AWS region bucket is in. + description: |- + AWS region bucket is in. + AWS region bucket is in. type: string awsS3ServerSideEncryption: - description: Use AES256 to encrypt bucket contents. Use AES256 - to encrypt bucket contents. + description: |- + Use AES256 to encrypt bucket contents. + Use AES256 to encrypt bucket contents. type: boolean awsSecretAccessKey: - description: AWS secret access key. AWS secret access key. + description: |- + AWS secret access key. + AWS secret access key. type: string awsSessionToken: - description: AWS session token. AWS session token. + description: |- + AWS session token. + AWS session token. type: string azureAccountKey: - description: Azure account key. Azure account key. + description: |- + Azure account key. + Azure account key. type: string azureAccountName: - description: Azure account name. Azure account name. + description: |- + Azure account name. + Azure account name. type: string azureBlobEnvironment: - description: Azure blob environment. Azure blob environment. + description: |- + Azure blob environment. + Azure blob environment. type: string azureContainerName: - description: Azure container name to write snapshots to. Azure - container name to write snapshots to. + description: |- + Azure container name to write + snapshots to. + Azure container name to write snapshots to. type: string azureEndpoint: - description: Azure blob storage endpoint. This is typically only - set when using a non-Azure implementation like Azurite. Azure - blob storage endpoint. This is typically only set when using - a non-Azure implementation like Azurite. + description: |- + Azure blob storage endpoint. This is typically + only set when using a non-Azure implementation like Azurite. + Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite. type: string filePrefix: - description: Within the directory or bucket prefix given by path_prefix, - the file or object name of snapshot files will start with this - string. The file or object name of snapshot files will start - with this string. + description: |- + Within the directory or bucket + prefix given by path_prefix, the file or object name of snapshot files + will start with this string. + The file or object name of snapshot files will start with this string. type: string googleDisableTls: - description: Disable TLS for the GCS endpoint. This should only - be used for testing purposes, typically in conjunction with - google_endpoint. Disable TLS for the GCS endpoint. + description: |- + Disable TLS for the GCS endpoint. This + should only be used for testing purposes, typically in conjunction with + google_endpoint. + Disable TLS for the GCS endpoint. type: boolean googleEndpoint: - description: GCS endpoint. This is typically only set when using - a non-Google GCS implementation like fake-gcs-server. GCS endpoint. - This is typically only set when using a non-Google GCS implementation - like fake-gcs-server. + description: |- + GCS endpoint. This is typically only set when + using a non-Google GCS implementation like fake-gcs-server. + GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server. type: string googleGcsBucket: - description: GCS bucket to write snapshots to. GCS bucket to write - snapshots to. + description: |- + GCS bucket to write snapshots to. + GCS bucket to write snapshots to. type: string googleServiceAccountKey: - description: 'Google service account key in JSON format. The raw - value looks like this: Google service account key in JSON format.' + description: |- + Google service account key in JSON format. + The raw value looks like this: + Google service account key in JSON format. type: string intervalSeconds: - description: Time (in seconds) between snapshots. Number of seconds - between snapshots. + description: |- + Time (in seconds) between snapshots. + Number of seconds between snapshots. type: number localMaxSpace: - description: For storage_type = local, the maximum space, in bytes, - to use for snapshots. Snapshot attempts will fail if there is - not enough space left in this allowance. The maximum space, - in bytes, to use for snapshots. + description: |- + For storage_type = local, the maximum + space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough + space left in this allowance. + The maximum space, in bytes, to use for snapshots. type: number name: - description: – Name of the configuration to modify. + description: |- + – Name of the configuration to modify. Name of the snapshot agent configuration. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pathPrefix: - description: For storage_type = "local", the directory to write - the snapshots in. For cloud storage types, the bucket prefix - to use. Types azure-s3 and google-gcs require a trailing / (slash). - Types local and aws-s3 the trailing / is optional. The directory - or bucket prefix to to use. + description: |- + For storage_type = "local", the directory to + write the snapshots in. For cloud storage types, the bucket prefix to use. + Types azure-s3 and google-gcs require a trailing / (slash). + Types local and aws-s3 the trailing / is optional. + The directory or bucket prefix to to use. type: string retain: - description: How many snapshots are to be kept; when writing a - snapshot, if there are more snapshots already stored than this - number, the oldest ones will be deleted. How many snapshots - are to be kept. + description: |- + How many snapshots are to be kept; when writing a + snapshot, if there are more snapshots already stored than this number, the + oldest ones will be deleted. + How many snapshots are to be kept. type: number storageType: - description: One of "local", "azure-blob", "aws-s3", or "google-gcs". - The remaining parameters described below are all specific to - the selected storage_type and prefixed accordingly. What storage - service to send snapshots to. One of "local", "azure-blob", - "aws-s3", or "google-gcs". + description: |- + One of "local", "azure-blob", "aws-s3", + or "google-gcs". The remaining parameters described below are all specific to + the selected storage_type and prefixed accordingly. + What storage service to send snapshots to. One of "local", "azure-blob", "aws-s3", or "google-gcs". type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -371,9 +447,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -383,57 +460,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -443,17 +484,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -463,21 +506,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -492,21 +535,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -517,14 +561,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -562,136 +607,170 @@ spec: atProvider: properties: awsAccessKeyId: - description: AWS access key ID. AWS access key ID. + description: |- + AWS access key ID. + AWS access key ID. type: string awsS3Bucket: - description: S3 bucket to write snapshots to. S3 bucket to write - snapshots to. + description: |- + S3 bucket to write snapshots to. + S3 bucket to write snapshots to. type: string awsS3DisableTls: - description: Disable TLS for the S3 endpoint. This should only - be used for testing purposes, typically in conjunction with - aws_s3_endpoint. Disable TLS for the S3 endpoint. This should - only be used for testing purposes. + description: |- + Disable TLS for the S3 endpoint. This + should only be used for testing purposes, typically in conjunction with + aws_s3_endpoint. + Disable TLS for the S3 endpoint. This should only be used for testing purposes. type: boolean awsS3EnableKms: - description: Use KMS to encrypt bucket contents. Use KMS to encrypt - bucket contents. + description: |- + Use KMS to encrypt bucket contents. + Use KMS to encrypt bucket contents. type: boolean awsS3Endpoint: - description: AWS endpoint. This is typically only set when using - a non-AWS S3 implementation like Minio. AWS endpoint. This is - typically only set when using a non-AWS S3 implementation like - Minio. + description: |- + AWS endpoint. This is typically only set when + using a non-AWS S3 implementation like Minio. + AWS endpoint. This is typically only set when using a non-AWS S3 implementation like Minio. type: string awsS3ForcePathStyle: - description: Use the endpoint/bucket URL style instead of bucket.endpoint. - May be needed when setting aws_s3_endpoint. Use the endpoint/bucket - URL style instead of bucket.endpoint. + description: |- + Use the endpoint/bucket URL style + instead of bucket.endpoint. May be needed when setting aws_s3_endpoint. + Use the endpoint/bucket URL style instead of bucket.endpoint. type: boolean awsS3KmsKey: - description: Use named KMS key, when aws_s3_enable_kms = true + description: |- + Use named KMS key, when aws_s3_enable_kms = true Use named KMS key, when aws_s3_enable_kms=true type: string awsS3Region: - description: AWS region bucket is in. AWS region bucket is in. + description: |- + AWS region bucket is in. + AWS region bucket is in. type: string awsS3ServerSideEncryption: - description: Use AES256 to encrypt bucket contents. Use AES256 - to encrypt bucket contents. + description: |- + Use AES256 to encrypt bucket contents. + Use AES256 to encrypt bucket contents. type: boolean awsSecretAccessKey: - description: AWS secret access key. AWS secret access key. + description: |- + AWS secret access key. + AWS secret access key. type: string awsSessionToken: - description: AWS session token. AWS session token. + description: |- + AWS session token. + AWS session token. type: string azureAccountKey: - description: Azure account key. Azure account key. + description: |- + Azure account key. + Azure account key. type: string azureAccountName: - description: Azure account name. Azure account name. + description: |- + Azure account name. + Azure account name. type: string azureBlobEnvironment: - description: Azure blob environment. Azure blob environment. + description: |- + Azure blob environment. + Azure blob environment. type: string azureContainerName: - description: Azure container name to write snapshots to. Azure - container name to write snapshots to. + description: |- + Azure container name to write + snapshots to. + Azure container name to write snapshots to. type: string azureEndpoint: - description: Azure blob storage endpoint. This is typically only - set when using a non-Azure implementation like Azurite. Azure - blob storage endpoint. This is typically only set when using - a non-Azure implementation like Azurite. + description: |- + Azure blob storage endpoint. This is typically + only set when using a non-Azure implementation like Azurite. + Azure blob storage endpoint. This is typically only set when using a non-Azure implementation like Azurite. type: string filePrefix: - description: Within the directory or bucket prefix given by path_prefix, - the file or object name of snapshot files will start with this - string. The file or object name of snapshot files will start - with this string. + description: |- + Within the directory or bucket + prefix given by path_prefix, the file or object name of snapshot files + will start with this string. + The file or object name of snapshot files will start with this string. type: string googleDisableTls: - description: Disable TLS for the GCS endpoint. This should only - be used for testing purposes, typically in conjunction with - google_endpoint. Disable TLS for the GCS endpoint. + description: |- + Disable TLS for the GCS endpoint. This + should only be used for testing purposes, typically in conjunction with + google_endpoint. + Disable TLS for the GCS endpoint. type: boolean googleEndpoint: - description: GCS endpoint. This is typically only set when using - a non-Google GCS implementation like fake-gcs-server. GCS endpoint. - This is typically only set when using a non-Google GCS implementation - like fake-gcs-server. + description: |- + GCS endpoint. This is typically only set when + using a non-Google GCS implementation like fake-gcs-server. + GCS endpoint. This is typically only set when using a non-Google GCS implementation like fake-gcs-server. type: string googleGcsBucket: - description: GCS bucket to write snapshots to. GCS bucket to write - snapshots to. + description: |- + GCS bucket to write snapshots to. + GCS bucket to write snapshots to. type: string googleServiceAccountKey: - description: 'Google service account key in JSON format. The raw - value looks like this: Google service account key in JSON format.' + description: |- + Google service account key in JSON format. + The raw value looks like this: + Google service account key in JSON format. type: string id: type: string intervalSeconds: - description: Time (in seconds) between snapshots. Number of seconds - between snapshots. + description: |- + Time (in seconds) between snapshots. + Number of seconds between snapshots. type: number localMaxSpace: - description: For storage_type = local, the maximum space, in bytes, - to use for snapshots. Snapshot attempts will fail if there is - not enough space left in this allowance. The maximum space, - in bytes, to use for snapshots. + description: |- + For storage_type = local, the maximum + space, in bytes, to use for snapshots. Snapshot attempts will fail if there is not enough + space left in this allowance. + The maximum space, in bytes, to use for snapshots. type: number name: - description: – Name of the configuration to modify. + description: |- + – Name of the configuration to modify. Name of the snapshot agent configuration. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string pathPrefix: - description: For storage_type = "local", the directory to write - the snapshots in. For cloud storage types, the bucket prefix - to use. Types azure-s3 and google-gcs require a trailing / (slash). - Types local and aws-s3 the trailing / is optional. The directory - or bucket prefix to to use. + description: |- + For storage_type = "local", the directory to + write the snapshots in. For cloud storage types, the bucket prefix to use. + Types azure-s3 and google-gcs require a trailing / (slash). + Types local and aws-s3 the trailing / is optional. + The directory or bucket prefix to to use. type: string retain: - description: How many snapshots are to be kept; when writing a - snapshot, if there are more snapshots already stored than this - number, the oldest ones will be deleted. How many snapshots - are to be kept. + description: |- + How many snapshots are to be kept; when writing a + snapshot, if there are more snapshots already stored than this number, the + oldest ones will be deleted. + How many snapshots are to be kept. type: number storageType: - description: One of "local", "azure-blob", "aws-s3", or "google-gcs". - The remaining parameters described below are all specific to - the selected storage_type and prefixed accordingly. What storage - service to send snapshots to. One of "local", "azure-blob", - "aws-s3", or "google-gcs". + description: |- + One of "local", "azure-blob", "aws-s3", + or "google-gcs". The remaining parameters described below are all specific to + the selected storage_type and prefixed accordingly. + What storage service to send snapshots to. One of "local", "azure-blob", "aws-s3", or "google-gcs". type: string type: object conditions: @@ -700,13 +779,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -717,8 +798,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -727,6 +809,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/rgp.vault.upbound.io_policies.yaml b/package/crds/rgp.vault.upbound.io_policies.yaml index 703c5d37..d056c00e 100644 --- a/package/crds/rgp.vault.upbound.io_policies.yaml +++ b/package/crds/rgp.vault.upbound.io_policies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: policies.rgp.vault.upbound.io spec: group: rgp.vault.upbound.io @@ -38,14 +38,19 @@ spec: governing policies for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,75 +74,85 @@ spec: forProvider: properties: enforcementLevel: - description: 'Enforcement level of Sentinel policy. Can be either - advisory or soft-mandatory or hard-mandatory Enforcement level - of Sentinel policy. Can be one of: ''advisory'', ''soft-mandatory'' - or ''hard-mandatory''' + description: |- + Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory + Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory' type: string name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a Sentinel policy The policy document + description: |- + String containing a Sentinel policy + The policy document type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: enforcementLevel: - description: 'Enforcement level of Sentinel policy. Can be either - advisory or soft-mandatory or hard-mandatory Enforcement level - of Sentinel policy. Can be one of: ''advisory'', ''soft-mandatory'' - or ''hard-mandatory''' + description: |- + Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory + Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory' type: string name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a Sentinel policy The policy document + description: |- + String containing a Sentinel policy + The policy document type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -149,9 +165,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -161,57 +178,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -221,17 +202,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -241,21 +224,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -270,21 +253,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -295,14 +279,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -336,25 +321,29 @@ spec: atProvider: properties: enforcementLevel: - description: 'Enforcement level of Sentinel policy. Can be either - advisory or soft-mandatory or hard-mandatory Enforcement level - of Sentinel policy. Can be one of: ''advisory'', ''soft-mandatory'' - or ''hard-mandatory''' + description: |- + Enforcement level of Sentinel policy. Can be either advisory or soft-mandatory or hard-mandatory + Enforcement level of Sentinel policy. Can be one of: 'advisory', 'soft-mandatory' or 'hard-mandatory' type: string id: type: string name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a Sentinel policy The policy document + description: |- + String containing a Sentinel policy + The policy document type: string type: object conditions: @@ -363,13 +352,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -380,8 +371,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -390,6 +382,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/ssh.vault.upbound.io_secretbackendcas.yaml b/package/crds/ssh.vault.upbound.io_secretbackendcas.yaml index 9108a981..1477209c 100644 --- a/package/crds/ssh.vault.upbound.io_secretbackendcas.yaml +++ b/package/crds/ssh.vault.upbound.io_secretbackendcas.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendcas.ssh.vault.upbound.io spec: group: ssh.vault.upbound.io @@ -38,14 +38,19 @@ spec: CA information in an SSH secret backend in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,26 +74,27 @@ spec: forProvider: properties: backend: - description: The path where the SSH secret backend is mounted. - Defaults to 'ssh' The path of the SSH Secret Backend where the - CA should be configured + description: |- + The path where the SSH secret backend is mounted. Defaults to 'ssh' + The path of the SSH Secret Backend where the CA should be configured type: string generateSigningKey: - description: Whether Vault should generate the signing key pair - internally. Defaults to true Whether Vault should generate the - signing key pair internally. + description: |- + Whether Vault should generate the signing key pair internally. Defaults to true + Whether Vault should generate the signing key pair internally. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string privateKeySecretRef: - description: The private key part the SSH CA key pair; required - if generate_signing_key is false. Private key part the SSH CA - key pair; required if generate_signing_key is false. + description: |- + The private key part the SSH CA key pair; required if generate_signing_key is false. + Private key part the SSH CA key pair; required if generate_signing_key is false. properties: key: description: The key to select. @@ -104,64 +111,67 @@ spec: - namespace type: object publicKey: - description: The public key part the SSH CA key pair; required - if generate_signing_key is false. Public key part the SSH CA - key pair; required if generate_signing_key is false. + description: |- + The public key part the SSH CA key pair; required if generate_signing_key is false. + Public key part the SSH CA key pair; required if generate_signing_key is false. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: The path where the SSH secret backend is mounted. - Defaults to 'ssh' The path of the SSH Secret Backend where the - CA should be configured + description: |- + The path where the SSH secret backend is mounted. Defaults to 'ssh' + The path of the SSH Secret Backend where the CA should be configured type: string generateSigningKey: - description: Whether Vault should generate the signing key pair - internally. Defaults to true Whether Vault should generate the - signing key pair internally. + description: |- + Whether Vault should generate the signing key pair internally. Defaults to true + Whether Vault should generate the signing key pair internally. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string publicKey: - description: The public key part the SSH CA key pair; required - if generate_signing_key is false. Public key part the SSH CA - key pair; required if generate_signing_key is false. + description: |- + The public key part the SSH CA key pair; required if generate_signing_key is false. + Public key part the SSH CA key pair; required if generate_signing_key is false. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -174,9 +184,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -186,57 +197,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -246,17 +221,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -266,21 +243,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -295,21 +272,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -320,14 +298,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -348,28 +327,29 @@ spec: atProvider: properties: backend: - description: The path where the SSH secret backend is mounted. - Defaults to 'ssh' The path of the SSH Secret Backend where the - CA should be configured + description: |- + The path where the SSH secret backend is mounted. Defaults to 'ssh' + The path of the SSH Secret Backend where the CA should be configured type: string generateSigningKey: - description: Whether Vault should generate the signing key pair - internally. Defaults to true Whether Vault should generate the - signing key pair internally. + description: |- + Whether Vault should generate the signing key pair internally. Defaults to true + Whether Vault should generate the signing key pair internally. type: boolean id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string publicKey: - description: The public key part the SSH CA key pair; required - if generate_signing_key is false. Public key part the SSH CA - key pair; required if generate_signing_key is false. + description: |- + The public key part the SSH CA key pair; required if generate_signing_key is false. + Public key part the SSH CA key pair; required if generate_signing_key is false. type: string type: object conditions: @@ -378,13 +358,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -395,8 +377,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -405,6 +388,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/ssh.vault.upbound.io_secretbackendroles.yaml b/package/crds/ssh.vault.upbound.io_secretbackendroles.yaml index 2391d922..f93db319 100644 --- a/package/crds/ssh.vault.upbound.io_secretbackendroles.yaml +++ b/package/crds/ssh.vault.upbound.io_secretbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendroles.ssh.vault.upbound.io spec: group: ssh.vault.upbound.io @@ -38,14 +38,19 @@ spec: Managing roles in an SSH secret backend in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -100,7 +106,8 @@ spec: a host certificate. type: string allowedDomainsTemplate: - description: Specifies if allowed_domains can be declared using + description: |- + Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted. type: boolean allowedExtensions: @@ -108,38 +115,41 @@ spec: certificates can have when signed. type: string allowedUserKeyConfig: - description: Set of configuration blocks to define allowed user - key configuration, like key type and their lengths. Can be specified - multiple times. See Set of allowed public key types and their - relevant configuration + description: |- + Set of configuration blocks to define allowed + user key configuration, like key type and their lengths. Can be specified multiple times. + See + Set of allowed public key types and their relevant configuration items: properties: lengths: - description: A list of allowed key lengths as integers. - For key types that do not support setting the length a - value of [0] should be used. Setting multiple lengths - is only supported on Vault 1.10+. For prior releases length - must be set to a single element list. List of allowed - key lengths, vault-1.10 and above + description: |- + A list of allowed key lengths as integers. + For key types that do not support setting the length a value of [0] should be used. + Setting multiple lengths is only supported on Vault 1.10+. For prior releases length + must be set to a single element list. + List of allowed key lengths, vault-1.10 and above items: type: number type: array type: - description: 'The SSH public key type. Supported key types - are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, + description: |- + The SSH public key type. + Supported key types are: + rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 - Key type, choices: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, - ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, - ecdsa-sha2-nistp521' + Key type, choices: + rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 type: string type: object type: array allowedUserKeyLengths: additionalProperties: type: number - description: 'Specifies a map of ssh key types and their expected - sizes which are allowed to be signed by the CA type. Deprecated: - use allowed_user_key_config instead' + description: |- + Specifies a map of ssh key types and their expected sizes which + are allowed to be signed by the CA type. + Deprecated: use allowed_user_key_config instead type: object allowedUsers: description: Specifies a comma-separated list of usernames that @@ -188,38 +198,41 @@ spec: description: Specifies the maximum Time To Live value. type: string name: - description: Specifies the name of the role to create. Unique - name for the role. + description: |- + Specifies the name of the role to create. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string notBeforeDuration: - description: Specifies the duration by which to backdate the ValidAfter - property. Uses duration format strings. Specifies the duration - by which to backdate the ValidAfter property. Uses duration - format strings. + description: |- + Specifies the duration by which to backdate the ValidAfter property. + Uses duration format strings. + Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings. type: string ttl: description: Specifies the Time To Live value. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: algorithmSigner: description: 'When supplied, this value specifies a signing algorithm @@ -254,7 +267,8 @@ spec: a host certificate. type: string allowedDomainsTemplate: - description: Specifies if allowed_domains can be declared using + description: |- + Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted. type: boolean allowedExtensions: @@ -262,38 +276,41 @@ spec: certificates can have when signed. type: string allowedUserKeyConfig: - description: Set of configuration blocks to define allowed user - key configuration, like key type and their lengths. Can be specified - multiple times. See Set of allowed public key types and their - relevant configuration + description: |- + Set of configuration blocks to define allowed + user key configuration, like key type and their lengths. Can be specified multiple times. + See + Set of allowed public key types and their relevant configuration items: properties: lengths: - description: A list of allowed key lengths as integers. - For key types that do not support setting the length a - value of [0] should be used. Setting multiple lengths - is only supported on Vault 1.10+. For prior releases length - must be set to a single element list. List of allowed - key lengths, vault-1.10 and above + description: |- + A list of allowed key lengths as integers. + For key types that do not support setting the length a value of [0] should be used. + Setting multiple lengths is only supported on Vault 1.10+. For prior releases length + must be set to a single element list. + List of allowed key lengths, vault-1.10 and above items: type: number type: array type: - description: 'The SSH public key type. Supported key types - are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, + description: |- + The SSH public key type. + Supported key types are: + rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 - Key type, choices: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, - ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, - ecdsa-sha2-nistp521' + Key type, choices: + rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 type: string type: object type: array allowedUserKeyLengths: additionalProperties: type: number - description: 'Specifies a map of ssh key types and their expected - sizes which are allowed to be signed by the CA type. Deprecated: - use allowed_user_key_config instead' + description: |- + Specifies a map of ssh key types and their expected sizes which + are allowed to be signed by the CA type. + Deprecated: use allowed_user_key_config instead type: object allowedUsers: description: Specifies a comma-separated list of usernames that @@ -342,21 +359,23 @@ spec: description: Specifies the maximum Time To Live value. type: string name: - description: Specifies the name of the role to create. Unique - name for the role. + description: |- + Specifies the name of the role to create. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string notBeforeDuration: - description: Specifies the duration by which to backdate the ValidAfter - property. Uses duration format strings. Specifies the duration - by which to backdate the ValidAfter property. Uses duration - format strings. + description: |- + Specifies the duration by which to backdate the ValidAfter property. + Uses duration format strings. + Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings. type: string ttl: description: Specifies the Time To Live value. @@ -365,20 +384,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -391,9 +411,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -403,57 +424,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -463,17 +448,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -483,21 +470,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -512,21 +499,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -537,14 +525,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -610,7 +599,8 @@ spec: a host certificate. type: string allowedDomainsTemplate: - description: Specifies if allowed_domains can be declared using + description: |- + Specifies if allowed_domains can be declared using identity template policies. Non-templated domains are also permitted. type: boolean allowedExtensions: @@ -618,38 +608,41 @@ spec: certificates can have when signed. type: string allowedUserKeyConfig: - description: Set of configuration blocks to define allowed user - key configuration, like key type and their lengths. Can be specified - multiple times. See Set of allowed public key types and their - relevant configuration + description: |- + Set of configuration blocks to define allowed + user key configuration, like key type and their lengths. Can be specified multiple times. + See + Set of allowed public key types and their relevant configuration items: properties: lengths: - description: A list of allowed key lengths as integers. - For key types that do not support setting the length a - value of [0] should be used. Setting multiple lengths - is only supported on Vault 1.10+. For prior releases length - must be set to a single element list. List of allowed - key lengths, vault-1.10 and above + description: |- + A list of allowed key lengths as integers. + For key types that do not support setting the length a value of [0] should be used. + Setting multiple lengths is only supported on Vault 1.10+. For prior releases length + must be set to a single element list. + List of allowed key lengths, vault-1.10 and above items: type: number type: array type: - description: 'The SSH public key type. Supported key types - are: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, + description: |- + The SSH public key type. + Supported key types are: + rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 - Key type, choices: rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, - ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, - ecdsa-sha2-nistp521' + Key type, choices: + rsa, ecdsa, ec, dsa, ed25519, ssh-rsa, ssh-dss, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 type: string type: object type: array allowedUserKeyLengths: additionalProperties: type: number - description: 'Specifies a map of ssh key types and their expected - sizes which are allowed to be signed by the CA type. Deprecated: - use allowed_user_key_config instead' + description: |- + Specifies a map of ssh key types and their expected sizes which + are allowed to be signed by the CA type. + Deprecated: use allowed_user_key_config instead type: object allowedUsers: description: Specifies a comma-separated list of usernames that @@ -700,21 +693,23 @@ spec: description: Specifies the maximum Time To Live value. type: string name: - description: Specifies the name of the role to create. Unique - name for the role. + description: |- + Specifies the name of the role to create. + Unique name for the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string notBeforeDuration: - description: Specifies the duration by which to backdate the ValidAfter - property. Uses duration format strings. Specifies the duration - by which to backdate the ValidAfter property. Uses duration - format strings. + description: |- + Specifies the duration by which to backdate the ValidAfter property. + Uses duration format strings. + Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings. type: string ttl: description: Specifies the Time To Live value. @@ -726,13 +721,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -743,8 +740,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -753,6 +751,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/terraform.vault.upbound.io_cloudsecretbackends.yaml b/package/crds/terraform.vault.upbound.io_cloudsecretbackends.yaml index efac628e..973f5262 100644 --- a/package/crds/terraform.vault.upbound.io_cloudsecretbackends.yaml +++ b/package/crds/terraform.vault.upbound.io_cloudsecretbackends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: cloudsecretbackends.terraform.vault.upbound.io spec: group: terraform.vault.upbound.io @@ -38,14 +38,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -77,29 +83,34 @@ spec: basePath: type: string defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string tokenSecretRef: description: A SecretKeySelector is a reference to a secret key @@ -121,17 +132,18 @@ spec: type: object type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: address: description: 0.0.1:8500". @@ -143,48 +155,54 @@ spec: basePath: type: string defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -197,9 +215,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -209,57 +228,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -269,17 +252,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -289,21 +274,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -318,21 +303,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -343,14 +329,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -380,31 +367,36 @@ spec: basePath: type: string defaultLeaseTtlSeconds: - description: The default TTL for credentials issued by this backend. + description: |- + The default TTL for credentials issued by this backend. Default lease duration for secrets in seconds type: number description: - description: A human-friendly description for this backend. Human-friendly - description of the mount for the backend. + description: |- + A human-friendly description for this backend. + Human-friendly description of the mount for the backend. type: string disableRemount: - description: If set, opts out of mount migration on path updates. - See here for more info on Mount Migration If set, opts out of - mount migration on path updates. + description: |- + If set, opts out of mount migration on path updates. + See here for more info on Mount Migration + If set, opts out of mount migration on path updates. type: boolean id: type: string maxLeaseTtlSeconds: - description: The maximum TTL that can be requested for credentials - issued by this backend. Maximum possible lease duration for - secrets in seconds + description: |- + The maximum TTL that can be requested + for credentials issued by this backend. + Maximum possible lease duration for secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: object conditions: @@ -413,13 +405,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -430,8 +424,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -440,6 +435,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/terraform.vault.upbound.io_cloudsecretcreds.yaml b/package/crds/terraform.vault.upbound.io_cloudsecretcreds.yaml index e9cf486f..a151bb02 100644 --- a/package/crds/terraform.vault.upbound.io_cloudsecretcreds.yaml +++ b/package/crds/terraform.vault.upbound.io_cloudsecretcreds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: cloudsecretcreds.terraform.vault.upbound.io spec: group: terraform.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: CloudSecretCreds is the Schema for the CloudSecretCredss API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -67,47 +73,50 @@ spec: forProvider: properties: backend: - description: the path to the Upbound official provider cloud secret - backend to read credentials from, with no leading or trailing - /s. Upbound official provider cloud secret backend to generate - tokens from + description: |- + the path to the Upbound official provider cloud secret backend to + read credentials from, with no leading or trailing /s. + Upbound official provider cloud secret backend to generate tokens from type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: description: Name of the role. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: - description: the path to the Upbound official provider cloud secret - backend to read credentials from, with no leading or trailing - /s. Upbound official provider cloud secret backend to generate - tokens from + description: |- + the path to the Upbound official provider cloud secret backend to + read credentials from, with no leading or trailing /s. + Upbound official provider cloud secret backend to generate tokens from type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string role: description: Name of the role. @@ -116,20 +125,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -142,9 +152,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -154,57 +165,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -214,17 +189,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -234,21 +211,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -263,21 +240,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -288,14 +266,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -325,19 +304,20 @@ spec: atProvider: properties: backend: - description: the path to the Upbound official provider cloud secret - backend to read credentials from, with no leading or trailing - /s. Upbound official provider cloud secret backend to generate - tokens from + description: |- + the path to the Upbound official provider cloud secret backend to + read credentials from, with no leading or trailing /s. + Upbound official provider cloud secret backend to generate tokens from type: string id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: description: The organization associated with the token provided @@ -350,9 +330,9 @@ spec: settings/teams/team-xxxxxxxxxxxxx) type: string tokenId: - description: The public identifier for a specific token. It can - be used to look up information about a token or to revoke a - token + description: |- + The public identifier for a specific token. It can be used + to look up information about a token or to revoke a token type: string type: object conditions: @@ -361,13 +341,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -378,8 +360,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -388,6 +371,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/terraform.vault.upbound.io_cloudsecretroles.yaml b/package/crds/terraform.vault.upbound.io_cloudsecretroles.yaml index f7656795..77a06a47 100644 --- a/package/crds/terraform.vault.upbound.io_cloudsecretroles.yaml +++ b/package/crds/terraform.vault.upbound.io_cloudsecretroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: cloudsecretroles.terraform.vault.upbound.io spec: group: terraform.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: CloudSecretRole is the Schema for the CloudSecretRoles API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -70,84 +76,87 @@ spec: description: Must not begin or end with a /. type: string maxTtl: - description: Maximum TTL for leases associated with this role, - in seconds. Maximum allowed lease for generated credentials. - If not set or set to 0, will use system default. + description: |- + Maximum TTL for leases associated with this role, in seconds. + Maximum allowed lease for generated credentials. If not set or set to 0, will use system default. type: number name: - description: the name of the Upbound official provider cloud secrets - engine role to create. the name of an existing role against - which to create this Upbound official provider cloud credential + description: |- + the name of the Upbound official provider cloud secrets engine role to create. + the name of an existing role against which to create this Upbound official provider cloud credential type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: the organization name managing your Upbound official - provider cloud instance. name of the Upbound official provider - cloud or enterprise organization + description: |- + the organization name managing your Upbound official provider cloud instance. + name of the Upbound official provider cloud or enterprise organization type: string teamId: description: g., settings/teams/team-xxxxxxxxxxxxx) type: string ttl: - description: Specifies the TTL for this role. Default lease for - generated credentials. If not set or set to 0, will use system - default. + description: |- + Specifies the TTL for this role. + Default lease for generated credentials. If not set or set to 0, will use system default. type: number userId: description: g., user-xxxxxxxxxxxxxxxx) type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: backend: description: Must not begin or end with a /. type: string maxTtl: - description: Maximum TTL for leases associated with this role, - in seconds. Maximum allowed lease for generated credentials. - If not set or set to 0, will use system default. + description: |- + Maximum TTL for leases associated with this role, in seconds. + Maximum allowed lease for generated credentials. If not set or set to 0, will use system default. type: number name: - description: the name of the Upbound official provider cloud secrets - engine role to create. the name of an existing role against - which to create this Upbound official provider cloud credential + description: |- + the name of the Upbound official provider cloud secrets engine role to create. + the name of an existing role against which to create this Upbound official provider cloud credential type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: the organization name managing your Upbound official - provider cloud instance. name of the Upbound official provider - cloud or enterprise organization + description: |- + the organization name managing your Upbound official provider cloud instance. + name of the Upbound official provider cloud or enterprise organization type: string teamId: description: g., settings/teams/team-xxxxxxxxxxxxx) type: string ttl: - description: Specifies the TTL for this role. Default lease for - generated credentials. If not set or set to 0, will use system - default. + description: |- + Specifies the TTL for this role. + Default lease for generated credentials. If not set or set to 0, will use system default. type: number userId: description: g., user-xxxxxxxxxxxxxxxx) @@ -156,20 +165,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -182,9 +192,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -194,57 +205,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -254,17 +229,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -274,21 +251,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -303,21 +280,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -328,14 +306,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -366,34 +345,35 @@ spec: id: type: string maxTtl: - description: Maximum TTL for leases associated with this role, - in seconds. Maximum allowed lease for generated credentials. - If not set or set to 0, will use system default. + description: |- + Maximum TTL for leases associated with this role, in seconds. + Maximum allowed lease for generated credentials. If not set or set to 0, will use system default. type: number name: - description: the name of the Upbound official provider cloud secrets - engine role to create. the name of an existing role against - which to create this Upbound official provider cloud credential + description: |- + the name of the Upbound official provider cloud secrets engine role to create. + the name of an existing role against which to create this Upbound official provider cloud credential type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string organization: - description: the organization name managing your Upbound official - provider cloud instance. name of the Upbound official provider - cloud or enterprise organization + description: |- + the organization name managing your Upbound official provider cloud instance. + name of the Upbound official provider cloud or enterprise organization type: string teamId: description: g., settings/teams/team-xxxxxxxxxxxxx) type: string ttl: - description: Specifies the TTL for this role. Default lease for - generated credentials. If not set or set to 0, will use system - default. + description: |- + Specifies the TTL for this role. + Default lease for generated credentials. If not set or set to 0, will use system default. type: number userId: description: g., user-xxxxxxxxxxxxxxxx) @@ -405,13 +385,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -422,8 +404,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -432,6 +415,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/token.vault.upbound.io_authbackendroles.yaml b/package/crds/token.vault.upbound.io_authbackendroles.yaml index cdb25e77..9a1d7cea 100644 --- a/package/crds/token.vault.upbound.io_authbackendroles.yaml +++ b/package/crds/token.vault.upbound.io_authbackendroles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: authbackendroles.token.vault.upbound.io spec: group: token.vault.upbound.io @@ -38,14 +38,19 @@ spec: Token auth backend roles in Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,96 +74,109 @@ spec: forProvider: properties: allowedEntityAliases: - description: List of allowed entity aliases. Set of allowed entity - aliases for this role. + description: |- + List of allowed entity aliases. + Set of allowed entity aliases for this role. items: type: string type: array allowedPolicies: - description: List of allowed policies for given role. List of - allowed policies for given role. + description: |- + List of allowed policies for given role. + List of allowed policies for given role. items: type: string type: array allowedPoliciesGlob: - description: Set of allowed policies with glob match for given - role. Set of allowed policies with glob match for given role. + description: |- + Set of allowed policies with glob match for given role. + Set of allowed policies with glob match for given role. items: type: string type: array disallowedPolicies: - description: List of disallowed policies for given role. List - of disallowed policies for given role. + description: |- + List of disallowed policies for given role. + List of disallowed policies for given role. items: type: string type: array disallowedPoliciesGlob: - description: Set of disallowed policies with glob match for given - role. Set of disallowed policies with glob match for given role. + description: |- + Set of disallowed policies with glob match for given role. + Set of disallowed policies with glob match for given role. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string orphan: - description: If true, tokens created against this policy will - be orphan tokens. If true, tokens created against this policy - will be orphan tokens. + description: |- + If true, tokens created against this policy will be orphan tokens. + If true, tokens created against this policy will be orphan tokens. type: boolean pathSuffix: - description: Tokens created against this role will have the given - suffix as part of their path in addition to the role name. Tokens - created against this role will have the given suffix as part - of their path in addition to the role name. + description: |- + Tokens created against this role will have the given suffix as part of their path in addition to the role name. + Tokens created against this role will have the given suffix as part of their path in addition to the role name. type: string renewable: - description: Whether to disable the ability of the token to be - renewed past its initial TTL. Whether to disable the ability - of the token to be renewed past its initial TTL. + description: |- + Whether to disable the ability of the token to be renewed past its initial TTL. + Whether to disable the ability of the token to be renewed past its initial TTL. type: boolean roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: @@ -166,124 +185,139 @@ spec: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedEntityAliases: - description: List of allowed entity aliases. Set of allowed entity - aliases for this role. + description: |- + List of allowed entity aliases. + Set of allowed entity aliases for this role. items: type: string type: array allowedPolicies: - description: List of allowed policies for given role. List of - allowed policies for given role. + description: |- + List of allowed policies for given role. + List of allowed policies for given role. items: type: string type: array allowedPoliciesGlob: - description: Set of allowed policies with glob match for given - role. Set of allowed policies with glob match for given role. + description: |- + Set of allowed policies with glob match for given role. + Set of allowed policies with glob match for given role. items: type: string type: array disallowedPolicies: - description: List of disallowed policies for given role. List - of disallowed policies for given role. + description: |- + List of disallowed policies for given role. + List of disallowed policies for given role. items: type: string type: array disallowedPoliciesGlob: - description: Set of disallowed policies with glob match for given - role. Set of disallowed policies with glob match for given role. + description: |- + Set of disallowed policies with glob match for given role. + Set of disallowed policies with glob match for given role. items: type: string type: array namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string orphan: - description: If true, tokens created against this policy will - be orphan tokens. If true, tokens created against this policy - will be orphan tokens. + description: |- + If true, tokens created against this policy will be orphan tokens. + If true, tokens created against this policy will be orphan tokens. type: boolean pathSuffix: - description: Tokens created against this role will have the given - suffix as part of their path in addition to the role name. Tokens - created against this role will have the given suffix as part - of their path in addition to the role name. + description: |- + Tokens created against this role will have the given suffix as part of their path in addition to the role name. + Tokens created against this role will have the given suffix as part of their path in addition to the role name. type: string renewable: - description: Whether to disable the ability of the token to be - renewed past its initial TTL. Whether to disable the ability - of the token to be renewed past its initial TTL. + description: |- + Whether to disable the ability of the token to be renewed past its initial TTL. + Whether to disable the ability of the token to be renewed past its initial TTL. type: boolean roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: @@ -292,37 +326,39 @@ spec: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -335,9 +371,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -347,57 +384,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -407,17 +408,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -427,21 +430,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -456,21 +459,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -481,14 +485,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -514,98 +519,111 @@ spec: atProvider: properties: allowedEntityAliases: - description: List of allowed entity aliases. Set of allowed entity - aliases for this role. + description: |- + List of allowed entity aliases. + Set of allowed entity aliases for this role. items: type: string type: array allowedPolicies: - description: List of allowed policies for given role. List of - allowed policies for given role. + description: |- + List of allowed policies for given role. + List of allowed policies for given role. items: type: string type: array allowedPoliciesGlob: - description: Set of allowed policies with glob match for given - role. Set of allowed policies with glob match for given role. + description: |- + Set of allowed policies with glob match for given role. + Set of allowed policies with glob match for given role. items: type: string type: array disallowedPolicies: - description: List of disallowed policies for given role. List - of disallowed policies for given role. + description: |- + List of disallowed policies for given role. + List of disallowed policies for given role. items: type: string type: array disallowedPoliciesGlob: - description: Set of disallowed policies with glob match for given - role. Set of disallowed policies with glob match for given role. + description: |- + Set of disallowed policies with glob match for given role. + Set of disallowed policies with glob match for given role. items: type: string type: array id: type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string orphan: - description: If true, tokens created against this policy will - be orphan tokens. If true, tokens created against this policy - will be orphan tokens. + description: |- + If true, tokens created against this policy will be orphan tokens. + If true, tokens created against this policy will be orphan tokens. type: boolean pathSuffix: - description: Tokens created against this role will have the given - suffix as part of their path in addition to the role name. Tokens - created against this role will have the given suffix as part - of their path in addition to the role name. + description: |- + Tokens created against this role will have the given suffix as part of their path in addition to the role name. + Tokens created against this role will have the given suffix as part of their path in addition to the role name. type: string renewable: - description: Whether to disable the ability of the token to be - renewed past its initial TTL. Whether to disable the ability - of the token to be renewed past its initial TTL. + description: |- + Whether to disable the ability of the token to be renewed past its initial TTL. + Whether to disable the ability of the token to be renewed past its initial TTL. type: boolean roleName: - description: The name of the role. Name of the role. + description: |- + The name of the role. + Name of the role. type: string tokenBoundCidrs: - description: List of CIDR blocks; if set, specifies blocks of - IP addresses which can authenticate successfully, and ties the - resulting token to these blocks as well. Specifies the blocks - of IP addresses which are allowed to use the generated token + description: |- + List of CIDR blocks; if set, specifies blocks of IP + addresses which can authenticate successfully, and ties the resulting token to these blocks + as well. + Specifies the blocks of IP addresses which are allowed to use the generated token items: type: string type: array tokenExplicitMaxTtl: - description: If set, will encode an explicit max TTL onto the - token in number of seconds. This is a hard cap even if token_ttl - and token_max_ttl would otherwise allow a renewal. Generated - Token's Explicit Maximum TTL in seconds + description: |- + If set, will encode an + explicit max TTL + onto the token in number of seconds. This is a hard cap even if token_ttl and + token_max_ttl would otherwise allow a renewal. + Generated Token's Explicit Maximum TTL in seconds type: number tokenMaxTtl: - description: The maximum lifetime for generated tokens in number - of seconds. Its current value will be referenced at renewal - time. The maximum lifetime of the generated token + description: |- + The maximum lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The maximum lifetime of the generated token type: number tokenNoDefaultPolicy: - description: If set, the default policy will not be set on generated - tokens; otherwise it will be added to the policies set in token_policies. - If true, the 'default' policy will not automatically be added - to generated tokens + description: |- + If set, the default policy will not be set on + generated tokens; otherwise it will be added to the policies set in token_policies. + If true, the 'default' policy will not automatically be added to generated tokens type: boolean tokenNumUses: - description: The maximum number of times a generated token may - be used (within its lifetime); 0 means unlimited. The maximum - number of times a token may be used, a value of zero means unlimited + description: |- + The maximum number + of times a generated token may be used (within its lifetime); 0 means unlimited. + The maximum number of times a token may be used, a value of zero means unlimited type: number tokenPeriod: - description: If set, indicates that the token generated using - this role should never expire. The token should be renewed within - the duration specified by this value. At each renewal, the token's - TTL will be set to the value of this field. Specified in seconds. + description: |- + If set, indicates that the + token generated using this role should never expire. The token should be renewed within the + duration specified by this value. At each renewal, the token's TTL will be set to the + value of this field. Specified in seconds. Generated Token's Period type: number tokenPolicies: @@ -614,18 +632,19 @@ spec: type: string type: array tokenTtl: - description: The incremental lifetime for generated tokens in - number of seconds. Its current value will be referenced at renewal - time. The initial ttl of the token to generate in seconds + description: |- + The incremental lifetime for generated tokens in number of seconds. + Its current value will be referenced at renewal time. + The initial ttl of the token to generate in seconds type: number tokenType: - description: 'The type of token that should be generated. Can - be service, batch, or default to use the mount''s tuned default - (which unless changed will be service tokens). For token store - roles, there are two additional possibilities: default-service - and default-batch which specify the type to return unless the - client requests a different type at generation time. The type - of token to generate, service or batch' + description: |- + The type of token that should be generated. Can be service, + batch, or default to use the mount's tuned default (which unless changed will be + service tokens). For token store roles, there are two additional possibilities: + default-service and default-batch which specify the type to return unless the client + requests a different type at generation time. + The type of token to generate, service or batch type: string type: object conditions: @@ -634,13 +653,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -651,8 +672,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -661,6 +683,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/transform.vault.upbound.io_alphabets.yaml b/package/crds/transform.vault.upbound.io_alphabets.yaml index 45b3a206..11b21085 100644 --- a/package/crds/transform.vault.upbound.io_alphabets.yaml +++ b/package/crds/transform.vault.upbound.io_alphabets.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: alphabets.transform.vault.upbound.io spec: group: transform.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: Alphabet is the Schema for the Alphabets API. "/transform/alphabet/{name}" properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -67,75 +73,85 @@ spec: forProvider: properties: alphabet: - description: A string of characters that contains the alphabet - set. A string of characters that contains the alphabet set. + description: |- + A string of characters that contains the alphabet set. + A string of characters that contains the alphabet set. type: string name: - description: The name of the alphabet. The name of the alphabet. + description: |- + The name of the alphabet. + The name of the alphabet. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: alphabet: - description: A string of characters that contains the alphabet - set. A string of characters that contains the alphabet set. + description: |- + A string of characters that contains the alphabet set. + A string of characters that contains the alphabet set. type: string name: - description: The name of the alphabet. The name of the alphabet. + description: |- + The name of the alphabet. + The name of the alphabet. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -148,9 +164,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -160,57 +177,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -220,17 +201,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -240,21 +223,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -269,21 +252,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -294,14 +278,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -331,25 +316,29 @@ spec: atProvider: properties: alphabet: - description: A string of characters that contains the alphabet - set. A string of characters that contains the alphabet set. + description: |- + A string of characters that contains the alphabet set. + A string of characters that contains the alphabet set. type: string id: type: string name: - description: The name of the alphabet. The name of the alphabet. + description: |- + The name of the alphabet. + The name of the alphabet. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string type: object conditions: @@ -358,13 +347,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -375,8 +366,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -385,6 +377,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/transform.vault.upbound.io_roles.yaml b/package/crds/transform.vault.upbound.io_roles.yaml index 1b663c70..8f112b28 100644 --- a/package/crds/transform.vault.upbound.io_roles.yaml +++ b/package/crds/transform.vault.upbound.io_roles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: roles.transform.vault.upbound.io spec: group: transform.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: Role is the Schema for the Roles API. "/transform/role/{name}" properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -67,60 +73,67 @@ spec: forProvider: properties: name: - description: The name of the role. The name of the role. + description: |- + The name of the role. + The name of the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string transformations: - description: A comma separated string or slice of transformations - to use. A comma separated string or slice of transformations - to use. + description: |- + A comma separated string or slice of transformations to use. + A comma separated string or slice of transformations to use. items: type: string type: array type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: name: - description: The name of the role. The name of the role. + description: |- + The name of the role. + The name of the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string transformations: - description: A comma separated string or slice of transformations - to use. A comma separated string or slice of transformations - to use. + description: |- + A comma separated string or slice of transformations to use. + A comma separated string or slice of transformations to use. items: type: string type: array @@ -128,20 +141,21 @@ spec: managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -154,9 +168,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -166,57 +181,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -226,17 +205,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -246,21 +227,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -275,21 +256,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -300,14 +282,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -339,24 +322,27 @@ spec: id: type: string name: - description: The name of the role. The name of the role. + description: |- + The name of the role. + The name of the role. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string transformations: - description: A comma separated string or slice of transformations - to use. A comma separated string or slice of transformations - to use. + description: |- + A comma separated string or slice of transformations to use. + A comma separated string or slice of transformations to use. items: type: string type: array @@ -367,13 +353,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -384,8 +372,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -394,6 +383,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/transform.vault.upbound.io_templates.yaml b/package/crds/transform.vault.upbound.io_templates.yaml index 978c60ac..a03ae13d 100644 --- a/package/crds/transform.vault.upbound.io_templates.yaml +++ b/package/crds/transform.vault.upbound.io_templates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: templates.transform.vault.upbound.io spec: group: transform.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: Template is the Schema for the Templates API. "/transform/template/{name}" properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -67,125 +73,137 @@ spec: forProvider: properties: alphabet: - description: The alphabet to use for this template. This is only - used during FPE transformations. The alphabet to use for this - template. This is only used during FPE transformations. + description: |- + The alphabet to use for this template. This is only used during FPE transformations. + The alphabet to use for this template. This is only used during FPE transformations. type: string decodeFormats: additionalProperties: type: string - description: '- Optional mapping of name to regular expression - template, used to customize the decoded output. (requires Vault - Enterprise 1.9+) The map of regular expression templates used - to customize decoded outputs. Only applicable to FPE transformations.' + description: |- + - Optional mapping of name to regular expression template, used to customize + the decoded output. (requires Vault Enterprise 1.9+) + The map of regular expression templates used to customize decoded outputs. + Only applicable to FPE transformations. type: object encodeFormat: - description: '- The regular expression template used to format - encoded values. (requires Vault Enterprise 1.9+) The regular - expression template used for encoding values. Only applicable - to FPE transformations.' + description: |- + - The regular expression template used to format encoded values. + (requires Vault Enterprise 1.9+) + The regular expression template used for encoding values. + Only applicable to FPE transformations. type: string name: - description: The name of the template. The name of the template. + description: |- + The name of the template. + The name of the template. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string pattern: - description: The pattern used for matching. Currently, only regular - expression pattern is supported. The pattern used for matching. - Currently, only regular expression pattern is supported. + description: |- + The pattern used for matching. Currently, only regular expression pattern is supported. + The pattern used for matching. Currently, only regular expression pattern is supported. type: string type: - description: The pattern type to use for match detection. Currently, - only regex is supported. The pattern type to use for match detection. - Currently, only regex is supported. + description: |- + The pattern type to use for match detection. Currently, only regex is supported. + The pattern type to use for match detection. Currently, only regex is supported. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: alphabet: - description: The alphabet to use for this template. This is only - used during FPE transformations. The alphabet to use for this - template. This is only used during FPE transformations. + description: |- + The alphabet to use for this template. This is only used during FPE transformations. + The alphabet to use for this template. This is only used during FPE transformations. type: string decodeFormats: additionalProperties: type: string - description: '- Optional mapping of name to regular expression - template, used to customize the decoded output. (requires Vault - Enterprise 1.9+) The map of regular expression templates used - to customize decoded outputs. Only applicable to FPE transformations.' + description: |- + - Optional mapping of name to regular expression template, used to customize + the decoded output. (requires Vault Enterprise 1.9+) + The map of regular expression templates used to customize decoded outputs. + Only applicable to FPE transformations. type: object encodeFormat: - description: '- The regular expression template used to format - encoded values. (requires Vault Enterprise 1.9+) The regular - expression template used for encoding values. Only applicable - to FPE transformations.' + description: |- + - The regular expression template used to format encoded values. + (requires Vault Enterprise 1.9+) + The regular expression template used for encoding values. + Only applicable to FPE transformations. type: string name: - description: The name of the template. The name of the template. + description: |- + The name of the template. + The name of the template. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string pattern: - description: The pattern used for matching. Currently, only regular - expression pattern is supported. The pattern used for matching. - Currently, only regular expression pattern is supported. + description: |- + The pattern used for matching. Currently, only regular expression pattern is supported. + The pattern used for matching. Currently, only regular expression pattern is supported. type: string type: - description: The pattern type to use for match detection. Currently, - only regex is supported. The pattern type to use for match detection. - Currently, only regex is supported. + description: |- + The pattern type to use for match detection. Currently, only regex is supported. + The pattern type to use for match detection. Currently, only regex is supported. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -198,9 +216,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -210,57 +229,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -270,17 +253,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -290,21 +275,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -319,21 +304,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -344,14 +330,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -381,50 +368,55 @@ spec: atProvider: properties: alphabet: - description: The alphabet to use for this template. This is only - used during FPE transformations. The alphabet to use for this - template. This is only used during FPE transformations. + description: |- + The alphabet to use for this template. This is only used during FPE transformations. + The alphabet to use for this template. This is only used during FPE transformations. type: string decodeFormats: additionalProperties: type: string - description: '- Optional mapping of name to regular expression - template, used to customize the decoded output. (requires Vault - Enterprise 1.9+) The map of regular expression templates used - to customize decoded outputs. Only applicable to FPE transformations.' + description: |- + - Optional mapping of name to regular expression template, used to customize + the decoded output. (requires Vault Enterprise 1.9+) + The map of regular expression templates used to customize decoded outputs. + Only applicable to FPE transformations. type: object encodeFormat: - description: '- The regular expression template used to format - encoded values. (requires Vault Enterprise 1.9+) The regular - expression template used for encoding values. Only applicable - to FPE transformations.' + description: |- + - The regular expression template used to format encoded values. + (requires Vault Enterprise 1.9+) + The regular expression template used for encoding values. + Only applicable to FPE transformations. type: string id: type: string name: - description: The name of the template. The name of the template. + description: |- + The name of the template. + The name of the template. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string pattern: - description: The pattern used for matching. Currently, only regular - expression pattern is supported. The pattern used for matching. - Currently, only regular expression pattern is supported. + description: |- + The pattern used for matching. Currently, only regular expression pattern is supported. + The pattern used for matching. Currently, only regular expression pattern is supported. type: string type: - description: The pattern type to use for match detection. Currently, - only regex is supported. The pattern type to use for match detection. - Currently, only regex is supported. + description: |- + The pattern type to use for match detection. Currently, only regex is supported. + The pattern type to use for match detection. Currently, only regex is supported. type: string type: object conditions: @@ -433,13 +425,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -450,8 +444,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -460,6 +455,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/transform.vault.upbound.io_transformations.yaml b/package/crds/transform.vault.upbound.io_transformations.yaml index 9c4fdec7..df88a03c 100644 --- a/package/crds/transform.vault.upbound.io_transformations.yaml +++ b/package/crds/transform.vault.upbound.io_transformations.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: transformations.transform.vault.upbound.io spec: group: transform.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: Transformation is the Schema for the Transformations API. "/transform/transformation/{name}" properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -67,139 +73,157 @@ spec: forProvider: properties: allowedRoles: - description: The set of roles allowed to perform this transformation. + description: |- + The set of roles allowed to perform this transformation. The set of roles allowed to perform this transformation. items: type: string type: array deletionAllowed: - description: 'If true, this transform can be deleted. Otherwise, - deletion is blocked while this value remains false. Default: - false Only supported on vault-1.12+ If true, this transform - can be deleted. Otherwise deletion is blocked while this value - remains false.' + description: |- + If true, this transform can be deleted. + Otherwise, deletion is blocked while this value remains false. Default: false + Only supported on vault-1.12+ + If true, this transform can be deleted. Otherwise deletion is blocked while this value remains false. type: boolean maskingCharacter: - description: The character used to replace data when in masking - mode The character used to replace data when in masking mode + description: |- + The character used to replace data when in masking mode + The character used to replace data when in masking mode type: string name: - description: The name of the transformation. The name of the transformation. + description: |- + The name of the transformation. + The name of the transformation. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string template: - description: The name of the template to use. The name of the - template to use. + description: |- + The name of the template to use. + The name of the template to use. type: string templates: - description: Templates configured for transformation. Templates - configured for transformation. + description: |- + Templates configured for transformation. + Templates configured for transformation. items: type: string type: array tweakSource: - description: The source of where the tweak value comes from. Only - valid when in FPE mode. The source of where the tweak value - comes from. Only valid when in FPE mode. + description: |- + The source of where the tweak value comes from. Only valid when in FPE mode. + The source of where the tweak value comes from. Only valid when in FPE mode. type: string type: - description: The type of transformation to perform. The type of - transformation to perform. + description: |- + The type of transformation to perform. + The type of transformation to perform. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedRoles: - description: The set of roles allowed to perform this transformation. + description: |- + The set of roles allowed to perform this transformation. The set of roles allowed to perform this transformation. items: type: string type: array deletionAllowed: - description: 'If true, this transform can be deleted. Otherwise, - deletion is blocked while this value remains false. Default: - false Only supported on vault-1.12+ If true, this transform - can be deleted. Otherwise deletion is blocked while this value - remains false.' + description: |- + If true, this transform can be deleted. + Otherwise, deletion is blocked while this value remains false. Default: false + Only supported on vault-1.12+ + If true, this transform can be deleted. Otherwise deletion is blocked while this value remains false. type: boolean maskingCharacter: - description: The character used to replace data when in masking - mode The character used to replace data when in masking mode + description: |- + The character used to replace data when in masking mode + The character used to replace data when in masking mode type: string name: - description: The name of the transformation. The name of the transformation. + description: |- + The name of the transformation. + The name of the transformation. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string template: - description: The name of the template to use. The name of the - template to use. + description: |- + The name of the template to use. + The name of the template to use. type: string templates: - description: Templates configured for transformation. Templates - configured for transformation. + description: |- + Templates configured for transformation. + Templates configured for transformation. items: type: string type: array tweakSource: - description: The source of where the tweak value comes from. Only - valid when in FPE mode. The source of where the tweak value - comes from. Only valid when in FPE mode. + description: |- + The source of where the tweak value comes from. Only valid when in FPE mode. + The source of where the tweak value comes from. Only valid when in FPE mode. type: string type: - description: The type of transformation to perform. The type of - transformation to perform. + description: |- + The type of transformation to perform. + The type of transformation to perform. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -212,9 +236,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -224,57 +249,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -284,17 +273,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -304,21 +295,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -333,21 +324,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -358,14 +350,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -395,57 +388,65 @@ spec: atProvider: properties: allowedRoles: - description: The set of roles allowed to perform this transformation. + description: |- + The set of roles allowed to perform this transformation. The set of roles allowed to perform this transformation. items: type: string type: array deletionAllowed: - description: 'If true, this transform can be deleted. Otherwise, - deletion is blocked while this value remains false. Default: - false Only supported on vault-1.12+ If true, this transform - can be deleted. Otherwise deletion is blocked while this value - remains false.' + description: |- + If true, this transform can be deleted. + Otherwise, deletion is blocked while this value remains false. Default: false + Only supported on vault-1.12+ + If true, this transform can be deleted. Otherwise deletion is blocked while this value remains false. type: boolean id: type: string maskingCharacter: - description: The character used to replace data when in masking - mode The character used to replace data when in masking mode + description: |- + The character used to replace data when in masking mode + The character used to replace data when in masking mode type: string name: - description: The name of the transformation. The name of the transformation. + description: |- + The name of the transformation. + The name of the transformation. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: Path to where the back-end is mounted within Vault. - The mount path for a back-end, for example, the path given in - "$ vault auth enable -path=my-aws aws". + description: |- + Path to where the back-end is mounted within Vault. + The mount path for a back-end, for example, the path given in "$ vault auth enable -path=my-aws aws". type: string template: - description: The name of the template to use. The name of the - template to use. + description: |- + The name of the template to use. + The name of the template to use. type: string templates: - description: Templates configured for transformation. Templates - configured for transformation. + description: |- + Templates configured for transformation. + Templates configured for transformation. items: type: string type: array tweakSource: - description: The source of where the tweak value comes from. Only - valid when in FPE mode. The source of where the tweak value - comes from. Only valid when in FPE mode. + description: |- + The source of where the tweak value comes from. Only valid when in FPE mode. + The source of where the tweak value comes from. Only valid when in FPE mode. type: string type: - description: The type of transformation to perform. The type of - transformation to perform. + description: |- + The type of transformation to perform. + The type of transformation to perform. type: string type: object conditions: @@ -454,13 +455,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -471,8 +474,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -481,6 +485,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/transit.vault.upbound.io_secretbackendkeys.yaml b/package/crds/transit.vault.upbound.io_secretbackendkeys.yaml index 5f1c7a61..cab28510 100644 --- a/package/crds/transit.vault.upbound.io_secretbackendkeys.yaml +++ b/package/crds/transit.vault.upbound.io_secretbackendkeys.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: secretbackendkeys.transit.vault.upbound.io spec: group: transit.vault.upbound.io @@ -38,14 +38,19 @@ spec: Create an Encryption Keyring on a Transit Secret Backend for Vault. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,205 +74,187 @@ spec: forProvider: properties: allowPlaintextBackup: - description: Enables taking backup of entire keyring in the plaintext - format. Once set, this cannot be disabled. If set, enables taking - backup of named key in the plaintext format. Once set, this - cannot be disabled. + description: |- + Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled. + If set, enables taking backup of named key in the plaintext format. Once set, this cannot be disabled. type: boolean autoRotateInterval: - description: Replaced by auto_rotate_period. Amount of time the - key should live before being automatically rotated. A value - of 0 disables automatic rotation for the key. + description: |- + Replaced by auto_rotate_period. + Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key. type: number autoRotatePeriod: - description: Amount of seconds the key should live before being - automatically rotated. A value of 0 disables automatic rotation - for the key. Amount of seconds the key should live before being - automatically rotated. A value of 0 disables automatic rotation - for the key. + description: |- + Amount of seconds the key should live before being automatically rotated. + A value of 0 disables automatic rotation for the key. + Amount of seconds the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key. type: number backend: - description: The path the transit secret backend is mounted at, - with no leading or trailing /s. The Transit secret backend the - resource belongs to. + description: |- + The path the transit secret backend is mounted at, with no leading or trailing /s. + The Transit secret backend the resource belongs to. type: string convergentEncryption: - description: Whether or not to support convergent encryption, - where the same plaintext creates the same ciphertext. This requires - derived to be set to true. Whether or not to support convergent - encryption, where the same plaintext creates the same ciphertext. - This requires derived to be set to true. + description: |- + Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true. + Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true. type: boolean deletionAllowed: - description: Specifies if the keyring is allowed to be deleted. + description: |- + Specifies if the keyring is allowed to be deleted. Specifies if the key is allowed to be deleted. type: boolean derived: - description: Specifies if key derivation is to be used. If enabled, - all encrypt/decrypt requests to this key must provide a context - which is used for key derivation. Specifies if key derivation - is to be used. If enabled, all encrypt/decrypt requests to this - key must provide a context which is used for key derivation. + description: |- + Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. + Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. type: boolean exportable: - description: Enables keys to be exportable. This allows for all - valid private keys in the keyring to be exported. Once set, - this cannot be disabled. Enables keys to be exportable. This - allows for all the valid keys in the key ring to be exported. - Once set, this cannot be disabled. + description: |- + Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled. + Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported. Once set, this cannot be disabled. type: boolean keySize: - description: The key size in bytes for algorithms that allow variable - key sizes. Currently only applicable to HMAC, where it must - be between 32 and 512 bytes. The key size in bytes for algorithms - that allow variable key sizes. Currently only applicable to - HMAC; this value must be between 32 and 512. + description: |- + The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes. + The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC; this value must be between 32 and 512. type: number minDecryptionVersion: - description: Minimum key version to use for decryption. Minimum - key version to use for decryption. + description: |- + Minimum key version to use for decryption. + Minimum key version to use for decryption. type: number minEncryptionVersion: - description: Minimum key version to use for encryption Minimum - key version to use for encryption + description: |- + Minimum key version to use for encryption + Minimum key version to use for encryption type: number name: - description: The name to identify this key within the backend. - Must be unique within the backend. Name of the encryption key - to create. + description: |- + The name to identify this key within the backend. Must be unique within the backend. + Name of the encryption key to create. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: - description: 'Specifies the type of key to create. The currently-supported - types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, - ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, - rsa-3072 and rsa-4096. Specifies the type of key to create. - The currently-supported types are: aes128-gcm96, aes256-gcm96, - chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, - hmac, rsa-2048, rsa-3072, rsa-4096' + description: |- + Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, rsa-3072 and rsa-4096. + Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96, chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, rsa-3072, rsa-4096 type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowPlaintextBackup: - description: Enables taking backup of entire keyring in the plaintext - format. Once set, this cannot be disabled. If set, enables taking - backup of named key in the plaintext format. Once set, this - cannot be disabled. + description: |- + Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled. + If set, enables taking backup of named key in the plaintext format. Once set, this cannot be disabled. type: boolean autoRotateInterval: - description: Replaced by auto_rotate_period. Amount of time the - key should live before being automatically rotated. A value - of 0 disables automatic rotation for the key. + description: |- + Replaced by auto_rotate_period. + Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key. type: number autoRotatePeriod: - description: Amount of seconds the key should live before being - automatically rotated. A value of 0 disables automatic rotation - for the key. Amount of seconds the key should live before being - automatically rotated. A value of 0 disables automatic rotation - for the key. + description: |- + Amount of seconds the key should live before being automatically rotated. + A value of 0 disables automatic rotation for the key. + Amount of seconds the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key. type: number backend: - description: The path the transit secret backend is mounted at, - with no leading or trailing /s. The Transit secret backend the - resource belongs to. + description: |- + The path the transit secret backend is mounted at, with no leading or trailing /s. + The Transit secret backend the resource belongs to. type: string convergentEncryption: - description: Whether or not to support convergent encryption, - where the same plaintext creates the same ciphertext. This requires - derived to be set to true. Whether or not to support convergent - encryption, where the same plaintext creates the same ciphertext. - This requires derived to be set to true. + description: |- + Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true. + Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true. type: boolean deletionAllowed: - description: Specifies if the keyring is allowed to be deleted. + description: |- + Specifies if the keyring is allowed to be deleted. Specifies if the key is allowed to be deleted. type: boolean derived: - description: Specifies if key derivation is to be used. If enabled, - all encrypt/decrypt requests to this key must provide a context - which is used for key derivation. Specifies if key derivation - is to be used. If enabled, all encrypt/decrypt requests to this - key must provide a context which is used for key derivation. + description: |- + Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. + Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. type: boolean exportable: - description: Enables keys to be exportable. This allows for all - valid private keys in the keyring to be exported. Once set, - this cannot be disabled. Enables keys to be exportable. This - allows for all the valid keys in the key ring to be exported. - Once set, this cannot be disabled. + description: |- + Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled. + Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported. Once set, this cannot be disabled. type: boolean keySize: - description: The key size in bytes for algorithms that allow variable - key sizes. Currently only applicable to HMAC, where it must - be between 32 and 512 bytes. The key size in bytes for algorithms - that allow variable key sizes. Currently only applicable to - HMAC; this value must be between 32 and 512. + description: |- + The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes. + The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC; this value must be between 32 and 512. type: number minDecryptionVersion: - description: Minimum key version to use for decryption. Minimum - key version to use for decryption. + description: |- + Minimum key version to use for decryption. + Minimum key version to use for decryption. type: number minEncryptionVersion: - description: Minimum key version to use for encryption Minimum - key version to use for encryption + description: |- + Minimum key version to use for encryption + Minimum key version to use for encryption type: number name: - description: The name to identify this key within the backend. - Must be unique within the backend. Name of the encryption key - to create. + description: |- + The name to identify this key within the backend. Must be unique within the backend. + Name of the encryption key to create. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string type: - description: 'Specifies the type of key to create. The currently-supported - types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, - ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, - rsa-3072 and rsa-4096. Specifies the type of key to create. - The currently-supported types are: aes128-gcm96, aes256-gcm96, - chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, - hmac, rsa-2048, rsa-3072, rsa-4096' + description: |- + Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, rsa-3072 and rsa-4096. + Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96, chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, rsa-3072, rsa-4096 type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -279,9 +267,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -291,57 +280,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -351,17 +304,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -371,21 +326,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -400,21 +355,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -425,14 +381,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -462,132 +419,119 @@ spec: atProvider: properties: allowPlaintextBackup: - description: Enables taking backup of entire keyring in the plaintext - format. Once set, this cannot be disabled. If set, enables taking - backup of named key in the plaintext format. Once set, this - cannot be disabled. + description: |- + Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled. + If set, enables taking backup of named key in the plaintext format. Once set, this cannot be disabled. type: boolean autoRotateInterval: - description: Replaced by auto_rotate_period. Amount of time the - key should live before being automatically rotated. A value - of 0 disables automatic rotation for the key. + description: |- + Replaced by auto_rotate_period. + Amount of time the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key. type: number autoRotatePeriod: - description: Amount of seconds the key should live before being - automatically rotated. A value of 0 disables automatic rotation - for the key. Amount of seconds the key should live before being - automatically rotated. A value of 0 disables automatic rotation - for the key. + description: |- + Amount of seconds the key should live before being automatically rotated. + A value of 0 disables automatic rotation for the key. + Amount of seconds the key should live before being automatically rotated. A value of 0 disables automatic rotation for the key. type: number backend: - description: The path the transit secret backend is mounted at, - with no leading or trailing /s. The Transit secret backend the - resource belongs to. + description: |- + The path the transit secret backend is mounted at, with no leading or trailing /s. + The Transit secret backend the resource belongs to. type: string convergentEncryption: - description: Whether or not to support convergent encryption, - where the same plaintext creates the same ciphertext. This requires - derived to be set to true. Whether or not to support convergent - encryption, where the same plaintext creates the same ciphertext. - This requires derived to be set to true. + description: |- + Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true. + Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true. type: boolean deletionAllowed: - description: Specifies if the keyring is allowed to be deleted. + description: |- + Specifies if the keyring is allowed to be deleted. Specifies if the key is allowed to be deleted. type: boolean derived: - description: Specifies if key derivation is to be used. If enabled, - all encrypt/decrypt requests to this key must provide a context - which is used for key derivation. Specifies if key derivation - is to be used. If enabled, all encrypt/decrypt requests to this - key must provide a context which is used for key derivation. + description: |- + Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. + Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation. type: boolean exportable: - description: Enables keys to be exportable. This allows for all - valid private keys in the keyring to be exported. Once set, - this cannot be disabled. Enables keys to be exportable. This - allows for all the valid keys in the key ring to be exported. - Once set, this cannot be disabled. + description: |- + Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled. + Enables keys to be exportable. This allows for all the valid keys in the key ring to be exported. Once set, this cannot be disabled. type: boolean id: type: string keySize: - description: The key size in bytes for algorithms that allow variable - key sizes. Currently only applicable to HMAC, where it must - be between 32 and 512 bytes. The key size in bytes for algorithms - that allow variable key sizes. Currently only applicable to - HMAC; this value must be between 32 and 512. + description: |- + The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes. + The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC; this value must be between 32 and 512. type: number keys: - description: List of key versions in the keyring. This attribute - is zero-indexed and will contain a map of values depending on - the type of the encryption key. List of key versions in the - keyring. + description: |- + List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key. + List of key versions in the keyring. items: additionalProperties: type: string type: object type: array latestVersion: - description: Latest key version available. This value is 1-indexed, - so if latest_version is 1, then the key's information can be - referenced from keys by selecting element 0 Latest key version - in use in the keyring + description: |- + Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key's information can be referenced from keys by selecting element 0 + Latest key version in use in the keyring type: number minAvailableVersion: - description: Minimum key version available for use. If keys have - been archived by increasing min_decryption_version, this attribute - will reflect that change. Minimum key version available for - use. + description: |- + Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change. + Minimum key version available for use. type: number minDecryptionVersion: - description: Minimum key version to use for decryption. Minimum - key version to use for decryption. + description: |- + Minimum key version to use for decryption. + Minimum key version to use for decryption. type: number minEncryptionVersion: - description: Minimum key version to use for encryption Minimum - key version to use for encryption + description: |- + Minimum key version to use for encryption + Minimum key version to use for encryption type: number name: - description: The name to identify this key within the backend. - Must be unique within the backend. Name of the encryption key - to create. + description: |- + The name to identify this key within the backend. Must be unique within the backend. + Name of the encryption key to create. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string supportsDecryption: - description: Whether or not the key supports decryption, based - on key type. Whether or not the key supports decryption, based - on key type. + description: |- + Whether or not the key supports decryption, based on key type. + Whether or not the key supports decryption, based on key type. type: boolean supportsDerivation: - description: Whether or not the key supports derivation, based - on key type. Whether or not the key supports derivation, based - on key type. + description: |- + Whether or not the key supports derivation, based on key type. + Whether or not the key supports derivation, based on key type. type: boolean supportsEncryption: - description: Whether or not the key supports encryption, based - on key type. Whether or not the key supports encryption, based - on key type. + description: |- + Whether or not the key supports encryption, based on key type. + Whether or not the key supports encryption, based on key type. type: boolean supportsSigning: - description: Whether or not the key supports signing, based on - key type. Whether or not the key supports signing, based on - key type. + description: |- + Whether or not the key supports signing, based on key type. + Whether or not the key supports signing, based on key type. type: boolean type: - description: 'Specifies the type of key to create. The currently-supported - types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, - ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, - rsa-3072 and rsa-4096. Specifies the type of key to create. - The currently-supported types are: aes128-gcm96, aes256-gcm96, - chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, - hmac, rsa-2048, rsa-3072, rsa-4096' + description: |- + Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, rsa-3072 and rsa-4096. + Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96, chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, hmac, rsa-2048, rsa-3072, rsa-4096 type: string type: object conditions: @@ -596,13 +540,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -613,8 +559,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -623,6 +570,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/vault.upbound.io_providerconfigs.yaml b/package/crds/vault.upbound.io_providerconfigs.yaml index 8f08b063..06bc28d2 100644 --- a/package/crds/vault.upbound.io_providerconfigs.yaml +++ b/package/crds/vault.upbound.io_providerconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: providerconfigs.vault.upbound.io spec: group: vault.upbound.io @@ -32,14 +32,19 @@ spec: description: A ProviderConfig configures a Vault provider. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -47,32 +52,41 @@ spec: description: A ProviderConfigSpec defines the desired state of a ProviderConfig. properties: add_address_to_env: - description: If true the environment variable VAULT_ADDR in the Terraform - process environment will be set to the value of the address argument + description: |- + If true the environment variable + VAULT_ADDR in the Terraform process environment + will be set to the value of the address argument from this provider. By default, this is false. type: boolean address: - description: Required origin URL of the Vault server. This is a URL - with a scheme, a hostname and a port but with no path. + description: |- + Required origin URL of the Vault server. + This is a URL with a scheme, a hostname + and a port but with no path. type: string credentials: - description: Credentials required to authenticate to this provider. - There are many options to authenticate. They include - token - (Optional) - Vault token that will be used by Terraform to authenticate. May - be set via the VAULT_TOKEN environment variable. If none is otherwise - supplied, Terraform will attempt to read it from ~/.vault-token - (where the vault command stores its current token). Terraform will - issue itself a new token that is a child of the one given, with - a short TTL to limit the exposure of any requested secrets, unless - skip_child_token is set to true (see below). Note that the given - token must have the update capability on the auth/token/create path - in Vault in order to create child tokens. A token is required for - the provider. A token can explicitly set via token argument, alternatively + description: |- + Credentials required to authenticate to this provider. + There are many options to authenticate. They include + - token - (Optional) Vault token that will be used + by Terraform to authenticate. May be set via the + VAULT_TOKEN environment variable. If none is otherwise + supplied, Terraform will attempt to read it from + ~/.vault-token (where the vault command stores its + current token). Terraform will issue itself a new token + that is a child of the one given, with a short TTL to + limit the exposure of any requested secrets, unless + skip_child_token is set to true (see below). Note + that the given token must have the update capability + on the auth/token/create path in Vault in order to create + child tokens. A token is required for the provider. A + token can explicitly set via token argument, alternatively a token can be dynamically set via an auth_login* block. properties: env: - description: Env is a reference to an environment variable that - contains credentials that must be used to connect to the provider. + description: |- + Env is a reference to an environment variable that contains credentials + that must be used to connect to the provider. properties: name: description: Name is the name of an environment variable. @@ -81,8 +95,9 @@ spec: - name type: object fs: - description: Fs is a reference to a filesystem location that contains - credentials that must be used to connect to the provider. + description: |- + Fs is a reference to a filesystem location that contains credentials that + must be used to connect to the provider. properties: path: description: Path is a filesystem path. @@ -91,8 +106,9 @@ spec: - path type: object secretRef: - description: A SecretRef is a reference to a secret key that contains - the credentials that must be used to connect to the provider. + description: |- + A SecretRef is a reference to a secret key that contains the credentials + that must be used to connect to the provider. properties: key: description: The key to select. @@ -121,9 +137,11 @@ spec: - source type: object headers: - description: A configuration block, described below, that provides - headers to be sent along with all requests to the Vault server. - This block can be specified multiple times. + description: |- + A configuration block, described below, + that provides headers to be sent along with all + requests to the Vault server. This block can be + specified multiple times. properties: name: description: Required header name @@ -136,47 +154,61 @@ spec: - value type: object max_lease_ttl_seconds: - description: Used as the duration for the intermediate Vault token - Terraform issues itself, which in turn limits the duration of secret - leases issued by Vault. Defaults to 20 minutes. + description: |- + Used as the duration for the intermediate Vault + token Terraform issues itself, which in turn limits the + duration of secret leases issued by Vault. Defaults to + 20 minutes. type: integer max_retries: - description: Used as the maximum number of retries when a 5xx error - code is encountered. Defaults to 2 retries. + description: |- + Used as the maximum number of retries when a + 5xx error code is encountered. Defaults to 2 retries. type: integer max_retries_ccc: - description: Maximum number of retries for Client Controlled Consistency - related operations. Defaults to 10 retries. + description: |- + Maximum number of retries for Client Controlled + Consistency related operations. Defaults to 10 retries. type: integer namespace: description: Set the namespace to use. type: string skip_child_token: - description: Set this to true to disable creation of an intermediate - ephemeral Vault token for Terraform to use. Enabling this is strongly - discouraged since it increases the potential for a renewable Vault - token being exposed in clear text. Only change this setting when - the provided token cannot be permitted to create child tokens and - there is no risk of exposure from the output of Terraform. + description: |- + Set this to true to disable creation of an + intermediate ephemeral Vault token for Terraform to use. + Enabling this is strongly discouraged since it increases + the potential for a renewable Vault token being exposed + in clear text. Only change this setting when the provided + token cannot be permitted to create child tokens and there + is no risk of exposure from the output of Terraform. type: boolean skip_get_vault_version: - description: Skip the dynamic fetching of the Vault server version. - Set to true when the /sys/seal-status API endpoint is not available. + description: |- + Skip the dynamic fetching of the Vault server + version. Set to true when the /sys/seal-status API + endpoint is not available. type: boolean skip_tls_verify: - description: Set this to true to disable verification of the Vault - server's TLS certificate. This is strongly discouraged except in - prototype or development environments, since it exposes the possibility - that Terraform can be tricked into writing secrets to a server controlled - by an intruder. + description: |- + Set this to true to disable verification + of the Vault server's TLS certificate. This is + strongly discouraged except in prototype or + development environments, since it exposes the + possibility that Terraform can be tricked into + writing secrets to a server controlled by an intruder. type: boolean tls_server_name: - description: Name to use as the SNI host when connecting via TLS. + description: |- + Name to use as the SNI host when connecting + via TLS. type: string vault_version_override: - description: Override the target Vault server semantic version. Normally - the version is dynamically set from the /sys/seal-status API endpoint. - In the case where this endpoint is not available an override can + description: |- + Override the target Vault server semantic + version. Normally the version is dynamically set + from the /sys/seal-status API endpoint. In the case + where this endpoint is not available an override can be specified here. type: string required: @@ -191,13 +223,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -208,8 +242,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -218,6 +253,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map users: description: Users of this provider configuration. format: int64 diff --git a/package/crds/vault.upbound.io_providerconfigusages.yaml b/package/crds/vault.upbound.io_providerconfigusages.yaml index dd8d70e3..50270414 100644 --- a/package/crds/vault.upbound.io_providerconfigusages.yaml +++ b/package/crds/vault.upbound.io_providerconfigusages.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: providerconfigusages.vault.upbound.io spec: group: vault.upbound.io @@ -37,14 +37,19 @@ spec: description: A ProviderConfigUsage indicates that a resource is using a ProviderConfig. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -59,19 +64,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this reference - is required. The default is 'Required', which means the reconcile - will fail if the reference cannot be resolved. 'Optional' means - this reference will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should be resolved. - The default is 'IfNotPresent', which will attempt to resolve - the reference only when the corresponding field is not present. - Use 'Always' to resolve the reference on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent diff --git a/package/crds/vault.upbound.io_storeconfigs.yaml b/package/crds/vault.upbound.io_storeconfigs.yaml index 171ccbd5..46dc53d4 100644 --- a/package/crds/vault.upbound.io_storeconfigs.yaml +++ b/package/crds/vault.upbound.io_storeconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: storeconfigs.vault.upbound.io spec: group: vault.upbound.io @@ -35,14 +35,19 @@ spec: details. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -50,24 +55,26 @@ spec: description: A StoreConfigSpec defines the desired state of a ProviderConfig. properties: defaultScope: - description: DefaultScope used for scoping secrets for "cluster-scoped" - resources. If store type is "Kubernetes", this would mean the default - namespace to store connection secrets for cluster scoped resources. + description: |- + DefaultScope used for scoping secrets for "cluster-scoped" resources. + If store type is "Kubernetes", this would mean the default namespace to + store connection secrets for cluster scoped resources. In case of "Vault", this would be used as the default parent path. Typically, should be set as Crossplane installation namespace. type: string kubernetes: - description: Kubernetes configures a Kubernetes secret store. If the - "type" is "Kubernetes" but no config provided, in cluster config + description: |- + Kubernetes configures a Kubernetes secret store. + If the "type" is "Kubernetes" but no config provided, in cluster config will be used. properties: auth: description: Credentials used to connect to the Kubernetes API. properties: env: - description: Env is a reference to an environment variable - that contains credentials that must be used to connect to - the provider. + description: |- + Env is a reference to an environment variable that contains credentials + that must be used to connect to the provider. properties: name: description: Name is the name of an environment variable. @@ -76,9 +83,9 @@ spec: - name type: object fs: - description: Fs is a reference to a filesystem location that - contains credentials that must be used to connect to the - provider. + description: |- + Fs is a reference to a filesystem location that contains credentials that + must be used to connect to the provider. properties: path: description: Path is a filesystem path. @@ -87,9 +94,9 @@ spec: - path type: object secretRef: - description: A SecretRef is a reference to a secret key that - contains the credentials that must be used to connect to - the provider. + description: |- + A SecretRef is a reference to a secret key that contains the credentials + that must be used to connect to the provider. properties: key: description: The key to select. @@ -145,154 +152,15 @@ spec: type: object type: default: Kubernetes - description: Type configures which secret store to be used. Only the - configuration block for this store will be used and others will - be ignored if provided. Default is Kubernetes. + description: |- + Type configures which secret store to be used. Only the configuration + block for this store will be used and others will be ignored if provided. + Default is Kubernetes. enum: - Kubernetes - Vault - Plugin type: string - vault: - description: 'Vault configures a Vault secret store. Deprecated: This - API is scheduled to be removed in a future release. Vault should - be used as a plugin going forward. See https://github.com/crossplane-contrib/ess-plugin-vault - for more information.' - properties: - auth: - description: Auth configures an authentication method for Vault. - properties: - method: - description: Method configures which auth method will be used. - type: string - token: - description: Token configures Token Auth for Vault. - properties: - env: - description: Env is a reference to an environment variable - that contains credentials that must be used to connect - to the provider. - properties: - name: - description: Name is the name of an environment variable. - type: string - required: - - name - type: object - fs: - description: Fs is a reference to a filesystem location - that contains credentials that must be used to connect - to the provider. - properties: - path: - description: Path is a filesystem path. - type: string - required: - - path - type: object - secretRef: - description: A SecretRef is a reference to a secret key - that contains the credentials that must be used to connect - to the provider. - properties: - key: - description: The key to select. - type: string - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - key - - name - - namespace - type: object - source: - description: Source of the credentials. - enum: - - None - - Secret - - Environment - - Filesystem - type: string - required: - - source - type: object - required: - - method - type: object - caBundle: - description: CABundle configures CA bundle for Vault Server. - properties: - env: - description: Env is a reference to an environment variable - that contains credentials that must be used to connect to - the provider. - properties: - name: - description: Name is the name of an environment variable. - type: string - required: - - name - type: object - fs: - description: Fs is a reference to a filesystem location that - contains credentials that must be used to connect to the - provider. - properties: - path: - description: Path is a filesystem path. - type: string - required: - - path - type: object - secretRef: - description: A SecretRef is a reference to a secret key that - contains the credentials that must be used to connect to - the provider. - properties: - key: - description: The key to select. - type: string - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - key - - name - - namespace - type: object - source: - description: Source of the credentials. - enum: - - None - - Secret - - Environment - - Filesystem - type: string - required: - - source - type: object - mountPath: - description: MountPath is the mount path of the KV secrets engine. - type: string - server: - description: Server is the url of the Vault server, e.g. "https://vault.acme.org" - type: string - version: - default: v2 - description: Version of the KV Secrets engine of Vault. https://www.vaultproject.io/docs/secrets/kv - type: string - required: - - auth - - mountPath - - server - type: object required: - defaultScope type: object @@ -305,13 +173,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -322,8 +192,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -332,6 +203,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/vault.vault.upbound.io_audits.yaml b/package/crds/vault.vault.upbound.io_audits.yaml index e42dd6cc..e71d8eb3 100644 --- a/package/crds/vault.vault.upbound.io_audits.yaml +++ b/package/crds/vault.vault.upbound.io_audits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: audits.vault.vault.upbound.io spec: group: vault.vault.upbound.io @@ -38,14 +38,19 @@ spec: for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,101 +74,109 @@ spec: forProvider: properties: description: - description: Human-friendly description of the audit device. Human-friendly - description of the audit device. + description: |- + Human-friendly description of the audit device. + Human-friendly description of the audit device. type: string local: - description: Specifies if the audit device is a local only. Local - audit devices are not replicated nor (if a secondary) removed - by replication. Specifies if the audit device is a local only. - Local audit devices are not replicated nor (if a secondary) - removed by replication. + description: |- + Specifies if the audit device is a local only. Local audit devices are not replicated nor (if a secondary) removed by replication. + Specifies if the audit device is a local only. Local audit devices are not replicated nor (if a secondary) removed by replication. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: Configuration options to pass to the audit device - itself. Configuration options to pass to the audit device itself. + description: |- + Configuration options to pass to the audit device itself. + Configuration options to pass to the audit device itself. type: object path: - description: The path to mount the audit device. This defaults - to the type. Path in which to enable the audit device. + description: |- + The path to mount the audit device. This defaults to the type. + Path in which to enable the audit device. type: string type: - description: Type of the audit device, such as 'file'. Type of - the audit device, such as 'file'. + description: |- + Type of the audit device, such as 'file'. + Type of the audit device, such as 'file'. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: description: - description: Human-friendly description of the audit device. Human-friendly - description of the audit device. + description: |- + Human-friendly description of the audit device. + Human-friendly description of the audit device. type: string local: - description: Specifies if the audit device is a local only. Local - audit devices are not replicated nor (if a secondary) removed - by replication. Specifies if the audit device is a local only. - Local audit devices are not replicated nor (if a secondary) - removed by replication. + description: |- + Specifies if the audit device is a local only. Local audit devices are not replicated nor (if a secondary) removed by replication. + Specifies if the audit device is a local only. Local audit devices are not replicated nor (if a secondary) removed by replication. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: Configuration options to pass to the audit device - itself. Configuration options to pass to the audit device itself. + description: |- + Configuration options to pass to the audit device itself. + Configuration options to pass to the audit device itself. type: object path: - description: The path to mount the audit device. This defaults - to the type. Path in which to enable the audit device. + description: |- + The path to mount the audit device. This defaults to the type. + Path in which to enable the audit device. type: string type: - description: Type of the audit device, such as 'file'. Type of - the audit device, such as 'file'. + description: |- + Type of the audit device, such as 'file'. + Type of the audit device, such as 'file'. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -175,9 +189,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -187,57 +202,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -247,17 +226,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -267,21 +248,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -296,21 +277,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -321,14 +303,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -358,38 +341,41 @@ spec: atProvider: properties: description: - description: Human-friendly description of the audit device. Human-friendly - description of the audit device. + description: |- + Human-friendly description of the audit device. + Human-friendly description of the audit device. type: string id: type: string local: - description: Specifies if the audit device is a local only. Local - audit devices are not replicated nor (if a secondary) removed - by replication. Specifies if the audit device is a local only. - Local audit devices are not replicated nor (if a secondary) - removed by replication. + description: |- + Specifies if the audit device is a local only. Local audit devices are not replicated nor (if a secondary) removed by replication. + Specifies if the audit device is a local only. Local audit devices are not replicated nor (if a secondary) removed by replication. type: boolean namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: Configuration options to pass to the audit device - itself. Configuration options to pass to the audit device itself. + description: |- + Configuration options to pass to the audit device itself. + Configuration options to pass to the audit device itself. type: object path: - description: The path to mount the audit device. This defaults - to the type. Path in which to enable the audit device. + description: |- + The path to mount the audit device. This defaults to the type. + Path in which to enable the audit device. type: string type: - description: Type of the audit device, such as 'file'. Type of - the audit device, such as 'file'. + description: |- + Type of the audit device, such as 'file'. + Type of the audit device, such as 'file'. type: string type: object conditions: @@ -398,13 +384,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -415,8 +403,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -425,6 +414,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/vault.vault.upbound.io_mounts.yaml b/package/crds/vault.vault.upbound.io_mounts.yaml index d5b79208..9bb55fe8 100644 --- a/package/crds/vault.vault.upbound.io_mounts.yaml +++ b/package/crds/vault.vault.upbound.io_mounts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: mounts.vault.vault.upbound.io spec: group: vault.vault.upbound.io @@ -38,14 +38,19 @@ spec: of secret backends in Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,189 +74,191 @@ spec: forProvider: properties: allowedManagedKeys: - description: Set of managed key registry entry names that the - mount in question is allowed to access List of managed key registry - entry names that the mount in question is allowed to access + description: |- + Set of managed key registry entry names that the mount in question is allowed to access + List of managed key registry entry names that the mount in question is allowed to access items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the request data object. Specifies the list - of keys that will not be HMAC'd by audit devices in the request - data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the response data object. Specifies the - list of keys that will not be HMAC'd by audit devices in the - response data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtlSeconds: - description: Default lease duration for tokens and secrets in - seconds Default lease duration for tokens and secrets in seconds + description: |- + Default lease duration for tokens and secrets in seconds + Default lease duration for tokens and secrets in seconds type: number description: - description: Human-friendly description of the mount Human-friendly - description of the mount + description: |- + Human-friendly description of the mount + Human-friendly description of the mount type: string externalEntropyAccess: - description: Boolean flag that can be explicitly set to true to - enable the secrets engine to access Vault's external entropy - source Enable the secrets engine to access Vault's external - entropy source + description: |- + Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source + Enable the secrets engine to access Vault's external entropy source type: boolean local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for tokens and secrets - in seconds Maximum possible lease duration for tokens and secrets - in seconds + description: |- + Maximum possible lease duration for tokens and secrets in seconds + Maximum possible lease duration for tokens and secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: Specifies mount type specific options that are passed - to the backend Specifies mount type specific options that are - passed to the backend + description: |- + Specifies mount type specific options that are passed to the backend + Specifies mount type specific options that are passed to the backend type: object path: - description: Where the secret backend will be mounted Where the - secret backend will be mounted + description: |- + Where the secret backend will be mounted + Where the secret backend will be mounted type: string sealWrap: - description: Boolean flag that can be explicitly set to true to - enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability - Enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability + description: |- + Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability + Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability type: boolean type: - description: Type of the backend, such as "aws" Type of the backend, - such as 'aws' + description: |- + Type of the backend, such as "aws" + Type of the backend, such as 'aws' type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: allowedManagedKeys: - description: Set of managed key registry entry names that the - mount in question is allowed to access List of managed key registry - entry names that the mount in question is allowed to access + description: |- + Set of managed key registry entry names that the mount in question is allowed to access + List of managed key registry entry names that the mount in question is allowed to access items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the request data object. Specifies the list - of keys that will not be HMAC'd by audit devices in the request - data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the response data object. Specifies the - list of keys that will not be HMAC'd by audit devices in the - response data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtlSeconds: - description: Default lease duration for tokens and secrets in - seconds Default lease duration for tokens and secrets in seconds + description: |- + Default lease duration for tokens and secrets in seconds + Default lease duration for tokens and secrets in seconds type: number description: - description: Human-friendly description of the mount Human-friendly - description of the mount + description: |- + Human-friendly description of the mount + Human-friendly description of the mount type: string externalEntropyAccess: - description: Boolean flag that can be explicitly set to true to - enable the secrets engine to access Vault's external entropy - source Enable the secrets engine to access Vault's external - entropy source + description: |- + Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source + Enable the secrets engine to access Vault's external entropy source type: boolean local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for tokens and secrets - in seconds Maximum possible lease duration for tokens and secrets - in seconds + description: |- + Maximum possible lease duration for tokens and secrets in seconds + Maximum possible lease duration for tokens and secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: Specifies mount type specific options that are passed - to the backend Specifies mount type specific options that are - passed to the backend + description: |- + Specifies mount type specific options that are passed to the backend + Specifies mount type specific options that are passed to the backend type: object path: - description: Where the secret backend will be mounted Where the - secret backend will be mounted + description: |- + Where the secret backend will be mounted + Where the secret backend will be mounted type: string sealWrap: - description: Boolean flag that can be explicitly set to true to - enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability - Enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability + description: |- + Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability + Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability type: boolean type: - description: Type of the backend, such as "aws" Type of the backend, - such as 'aws' + description: |- + Type of the backend, such as "aws" + Type of the backend, such as 'aws' type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -263,9 +271,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -275,57 +284,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -335,17 +308,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -355,21 +330,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -384,21 +359,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -409,14 +385,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -446,85 +423,87 @@ spec: atProvider: properties: accessor: - description: The accessor for this mount. Accessor of the mount + description: |- + The accessor for this mount. + Accessor of the mount type: string allowedManagedKeys: - description: Set of managed key registry entry names that the - mount in question is allowed to access List of managed key registry - entry names that the mount in question is allowed to access + description: |- + Set of managed key registry entry names that the mount in question is allowed to access + List of managed key registry entry names that the mount in question is allowed to access items: type: string type: array auditNonHmacRequestKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the request data object. Specifies the list - of keys that will not be HMAC'd by audit devices in the request - data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the request data object. items: type: string type: array auditNonHmacResponseKeys: - description: Specifies the list of keys that will not be HMAC'd - by audit devices in the response data object. Specifies the - list of keys that will not be HMAC'd by audit devices in the - response data object. + description: |- + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. + Specifies the list of keys that will not be HMAC'd by audit devices in the response data object. items: type: string type: array defaultLeaseTtlSeconds: - description: Default lease duration for tokens and secrets in - seconds Default lease duration for tokens and secrets in seconds + description: |- + Default lease duration for tokens and secrets in seconds + Default lease duration for tokens and secrets in seconds type: number description: - description: Human-friendly description of the mount Human-friendly - description of the mount + description: |- + Human-friendly description of the mount + Human-friendly description of the mount type: string externalEntropyAccess: - description: Boolean flag that can be explicitly set to true to - enable the secrets engine to access Vault's external entropy - source Enable the secrets engine to access Vault's external - entropy source + description: |- + Boolean flag that can be explicitly set to true to enable the secrets engine to access Vault's external entropy source + Enable the secrets engine to access Vault's external entropy source type: boolean id: type: string local: - description: Boolean flag that can be explicitly set to true to - enforce local mount in HA environment Local mount flag that - can be explicitly set to true to enforce local mount in HA environment + description: |- + Boolean flag that can be explicitly set to true to enforce local mount in HA environment + Local mount flag that can be explicitly set to true to enforce local mount in HA environment type: boolean maxLeaseTtlSeconds: - description: Maximum possible lease duration for tokens and secrets - in seconds Maximum possible lease duration for tokens and secrets - in seconds + description: |- + Maximum possible lease duration for tokens and secrets in seconds + Maximum possible lease duration for tokens and secrets in seconds type: number namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string options: additionalProperties: type: string - description: Specifies mount type specific options that are passed - to the backend Specifies mount type specific options that are - passed to the backend + description: |- + Specifies mount type specific options that are passed to the backend + Specifies mount type specific options that are passed to the backend type: object path: - description: Where the secret backend will be mounted Where the - secret backend will be mounted + description: |- + Where the secret backend will be mounted + Where the secret backend will be mounted type: string sealWrap: - description: Boolean flag that can be explicitly set to true to - enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability - Enable seal wrapping for the mount, causing values stored by - the mount to be wrapped by the seal's encryption capability + description: |- + Boolean flag that can be explicitly set to true to enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability + Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability type: boolean type: - description: Type of the backend, such as "aws" Type of the backend, - such as 'aws' + description: |- + Type of the backend, such as "aws" + Type of the backend, such as 'aws' type: string type: object conditions: @@ -533,13 +512,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -550,8 +531,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -560,6 +542,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/vault.vault.upbound.io_namespaces.yaml b/package/crds/vault.vault.upbound.io_namespaces.yaml index 890e24bb..b61b337c 100644 --- a/package/crds/vault.vault.upbound.io_namespaces.yaml +++ b/package/crds/vault.vault.upbound.io_namespaces.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: namespaces.vault.vault.upbound.io spec: group: vault.vault.upbound.io @@ -38,14 +38,19 @@ spec: for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -70,83 +76,91 @@ spec: customMetadata: additionalProperties: type: string - description: Custom metadata describing this namespace. Value - type is map[string]string. Requires Vault version 1.12+. Custom - metadata describing this namespace. Value type is map[string]string. + description: |- + Custom metadata describing this namespace. Value type + is map[string]string. Requires Vault version 1.12+. + Custom metadata describing this namespace. Value type is map[string]string. type: object namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The path of the namespace. Must not have a trailing - /. Namespace path. + description: |- + The path of the namespace. Must not have a trailing /. + Namespace path. type: string pathFq: - description: The fully qualified path to the namespace. Useful - when provisioning resources in a child namespace. The path is - relative to the provider's namespace argument. The fully qualified - namespace path. + description: |- + The fully qualified path to the namespace. Useful when provisioning resources in a child namespace. + The path is relative to the provider's namespace argument. + The fully qualified namespace path. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: customMetadata: additionalProperties: type: string - description: Custom metadata describing this namespace. Value - type is map[string]string. Requires Vault version 1.12+. Custom - metadata describing this namespace. Value type is map[string]string. + description: |- + Custom metadata describing this namespace. Value type + is map[string]string. Requires Vault version 1.12+. + Custom metadata describing this namespace. Value type is map[string]string. type: object namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string path: - description: The path of the namespace. Must not have a trailing - /. Namespace path. + description: |- + The path of the namespace. Must not have a trailing /. + Namespace path. type: string pathFq: - description: The fully qualified path to the namespace. Useful - when provisioning resources in a child namespace. The path is - relative to the provider's namespace argument. The fully qualified - namespace path. + description: |- + The fully qualified path to the namespace. Useful when provisioning resources in a child namespace. + The path is relative to the provider's namespace argument. + The fully qualified namespace path. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -159,9 +173,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -171,57 +186,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -231,17 +210,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -251,21 +232,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -280,21 +261,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -305,14 +287,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -340,34 +323,38 @@ spec: customMetadata: additionalProperties: type: string - description: Custom metadata describing this namespace. Value - type is map[string]string. Requires Vault version 1.12+. Custom - metadata describing this namespace. Value type is map[string]string. + description: |- + Custom metadata describing this namespace. Value type + is map[string]string. Requires Vault version 1.12+. + Custom metadata describing this namespace. Value type is map[string]string. type: object id: description: The fully qualified path to the namespace, including the provider namespace and a trailing slash. type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string namespaceId: - description: Vault server's internal ID of the namespace. Namespace - ID. + description: |- + Vault server's internal ID of the namespace. + Namespace ID. type: string path: - description: The path of the namespace. Must not have a trailing - /. Namespace path. + description: |- + The path of the namespace. Must not have a trailing /. + Namespace path. type: string pathFq: - description: The fully qualified path to the namespace. Useful - when provisioning resources in a child namespace. The path is - relative to the provider's namespace argument. The fully qualified - namespace path. + description: |- + The fully qualified path to the namespace. Useful when provisioning resources in a child namespace. + The path is relative to the provider's namespace argument. + The fully qualified namespace path. type: string type: object conditions: @@ -376,13 +363,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -393,8 +382,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -403,6 +393,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/vault.vault.upbound.io_policies.yaml b/package/crds/vault.vault.upbound.io_policies.yaml index 571c71d6..f3730985 100644 --- a/package/crds/vault.vault.upbound.io_policies.yaml +++ b/package/crds/vault.vault.upbound.io_policies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: policies.vault.vault.upbound.io spec: group: vault.vault.upbound.io @@ -38,14 +38,19 @@ spec: for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,13 +59,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -68,63 +74,75 @@ spec: forProvider: properties: name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a Vault policy The policy document + description: |- + String containing a Vault policy + The policy document type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a Vault policy The policy document + description: |- + String containing a Vault policy + The policy document type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -137,9 +155,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -149,57 +168,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -209,17 +192,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -229,21 +214,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -258,21 +243,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -283,14 +269,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -322,17 +309,22 @@ spec: id: type: string name: - description: The name of the policy Name of the policy + description: |- + The name of the policy + Name of the policy type: string namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string policy: - description: String containing a Vault policy The policy document + description: |- + String containing a Vault policy + The policy document type: string type: object conditions: @@ -341,13 +333,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -358,8 +352,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -368,6 +363,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec diff --git a/package/crds/vault.vault.upbound.io_tokens.yaml b/package/crds/vault.vault.upbound.io_tokens.yaml index d9d7047c..9cc52157 100644 --- a/package/crds/vault.vault.upbound.io_tokens.yaml +++ b/package/crds/vault.vault.upbound.io_tokens.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.14.0 name: tokens.vault.vault.upbound.io spec: group: vault.vault.upbound.io @@ -37,14 +37,19 @@ spec: description: Token is the Schema for the Tokens API. Writes token for Vault properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -53,13 +58,14 @@ spec: properties: deletionPolicy: default: Delete - description: 'DeletionPolicy specifies what will happen to the underlying - external when this managed resource is deleted - either "Delete" - or "Orphan" the external resource. This field is planned to be deprecated - in favor of the ManagementPolicies field in a future release. Currently, - both could be set independently and non-default values would be - honored if the feature flag is enabled. See the design doc for more - information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + description: |- + DeletionPolicy specifies what will happen to the underlying external + when this managed resource is deleted - either "Delete" or "Orphan" the + external resource. + This field is planned to be deprecated in favor of the ManagementPolicies + field in a future release. Currently, both could be set independently and + non-default values would be honored if the feature flag is enabled. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 enum: - Orphan - Delete @@ -67,177 +73,203 @@ spec: forProvider: properties: displayName: - description: String containing the token display name The display - name of the token. + description: |- + String containing the token display name + The display name of the token. type: string explicitMaxTtl: - description: The explicit max TTL of this token. This is specified - as a numeric string with suffix like "30s" ro "5m" The explicit - max TTL of the token. + description: |- + The explicit max TTL of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The explicit max TTL of the token. type: string metadata: additionalProperties: type: string - description: Metadata to be set on this token Metadata to be associated - with the token. + description: |- + Metadata to be set on this token + Metadata to be associated with the token. type: object namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string noDefaultPolicy: - description: Flag to not attach the default policy to this token + description: |- + Flag to not attach the default policy to this token Flag to disable the default policy. type: boolean noParent: - description: Flag to create a token without parent Flag to create - a token without parent. + description: |- + Flag to create a token without parent + Flag to create a token without parent. type: boolean numUses: - description: The number of allowed uses of this token The number - of allowed uses of the token. + description: |- + The number of allowed uses of this token + The number of allowed uses of the token. type: number period: - description: The period of this token. This is specified as a - numeric string with suffix like "30s" ro "5m" The period of - the token. + description: |- + The period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The period of the token. type: string policies: - description: List of policies to attach to this token List of - policies. + description: |- + List of policies to attach to this token + List of policies. items: type: string type: array renewIncrement: - description: The renew increment. This is specified in seconds + description: |- + The renew increment. This is specified in seconds The renew increment. type: number renewMinLease: - description: The minimal lease to renew this token The minimum - lease to renew token. + description: |- + The minimal lease to renew this token + The minimum lease to renew token. type: number renewable: - description: Flag to allow to renew this token Flag to allow the - token to be renewed + description: |- + Flag to allow to renew this token + Flag to allow the token to be renewed type: boolean roleName: - description: The token role name The token role name. + description: |- + The token role name + The token role name. type: string ttl: - description: The TTL period of this token. This is specified as - a numeric string with suffix like "30s" ro "5m" The TTL period - of the token. + description: |- + The TTL period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The TTL period of the token. type: string wrappingTtl: - description: The TTL period of this token. This is specified as - a numeric string with suffix like "30s" ro "5m" The TTL period - of the wrapped token. + description: |- + The TTL period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The TTL period of the wrapped token. type: string type: object initProvider: - description: THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. InitProvider - holds the same fields as ForProvider, with the exception of Identifier - and other resource reference fields. The fields that are in InitProvider - are merged into ForProvider when the resource is created. The same - fields are also added to the terraform ignore_changes hook, to avoid - updating them after creation. This is useful for fields that are - required on creation, but we do not desire to update them after - creation, for example because of an external controller is managing - them, like an autoscaler. + description: |- + THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored + unless the relevant Crossplane feature flag is enabled, and may be + changed or removed without notice. + InitProvider holds the same fields as ForProvider, with the exception + of Identifier and other resource reference fields. The fields that are + in InitProvider are merged into ForProvider when the resource is created. + The same fields are also added to the terraform ignore_changes hook, to + avoid updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after creation, + for example because of an external controller is managing them, like an + autoscaler. properties: displayName: - description: String containing the token display name The display - name of the token. + description: |- + String containing the token display name + The display name of the token. type: string explicitMaxTtl: - description: The explicit max TTL of this token. This is specified - as a numeric string with suffix like "30s" ro "5m" The explicit - max TTL of the token. + description: |- + The explicit max TTL of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The explicit max TTL of the token. type: string metadata: additionalProperties: type: string - description: Metadata to be set on this token Metadata to be associated - with the token. + description: |- + Metadata to be set on this token + Metadata to be associated with the token. type: object namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string noDefaultPolicy: - description: Flag to not attach the default policy to this token + description: |- + Flag to not attach the default policy to this token Flag to disable the default policy. type: boolean noParent: - description: Flag to create a token without parent Flag to create - a token without parent. + description: |- + Flag to create a token without parent + Flag to create a token without parent. type: boolean numUses: - description: The number of allowed uses of this token The number - of allowed uses of the token. + description: |- + The number of allowed uses of this token + The number of allowed uses of the token. type: number period: - description: The period of this token. This is specified as a - numeric string with suffix like "30s" ro "5m" The period of - the token. + description: |- + The period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The period of the token. type: string policies: - description: List of policies to attach to this token List of - policies. + description: |- + List of policies to attach to this token + List of policies. items: type: string type: array renewIncrement: - description: The renew increment. This is specified in seconds + description: |- + The renew increment. This is specified in seconds The renew increment. type: number renewMinLease: - description: The minimal lease to renew this token The minimum - lease to renew token. + description: |- + The minimal lease to renew this token + The minimum lease to renew token. type: number renewable: - description: Flag to allow to renew this token Flag to allow the - token to be renewed + description: |- + Flag to allow to renew this token + Flag to allow the token to be renewed type: boolean roleName: - description: The token role name The token role name. + description: |- + The token role name + The token role name. type: string ttl: - description: The TTL period of this token. This is specified as - a numeric string with suffix like "30s" ro "5m" The TTL period - of the token. + description: |- + The TTL period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The TTL period of the token. type: string wrappingTtl: - description: The TTL period of this token. This is specified as - a numeric string with suffix like "30s" ro "5m" The TTL period - of the wrapped token. + description: |- + The TTL period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The TTL period of the wrapped token. type: string type: object managementPolicies: default: - '*' - description: 'THIS IS AN ALPHA FIELD. Do not use it in production. - It is not honored unless the relevant Crossplane feature flag is - enabled, and may be changed or removed without notice. ManagementPolicies - specify the array of actions Crossplane is allowed to take on the - managed and external resources. This field is planned to replace - the DeletionPolicy field in a future release. Currently, both could - be set independently and non-default values would be honored if - the feature flag is enabled. If both are custom, the DeletionPolicy - field will be ignored. See the design doc for more information: - https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 - and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + description: |- + THIS IS A BETA FIELD. It is on by default but can be opted out + through a Crossplane feature flag. + ManagementPolicies specify the array of actions Crossplane is allowed to + take on the managed and external resources. + This field is planned to replace the DeletionPolicy field in a future + release. Currently, both could be set independently and non-default + values would be honored if the feature flag is enabled. If both are + custom, the DeletionPolicy field will be ignored. + See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md items: - description: A ManagementAction represents an action that the Crossplane - controllers can take on an external resource. + description: |- + A ManagementAction represents an action that the Crossplane controllers + can take on an external resource. enum: - Observe - Create @@ -250,9 +282,10 @@ spec: providerConfigRef: default: name: default - description: ProviderConfigReference specifies how the provider that - will be used to create, observe, update, and delete this managed - resource should be configured. + description: |- + ProviderConfigReference specifies how the provider that will be used to + create, observe, update, and delete this managed resource should be + configured. properties: name: description: Name of the referenced object. @@ -262,57 +295,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. - enum: - - Always - - IfNotPresent - type: string - type: object - required: - - name - type: object - providerRef: - description: 'ProviderReference specifies the provider that will be - used to create, observe, update, and delete this managed resource. - Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' - properties: - name: - description: Name of the referenced object. - type: string - policy: - description: Policies for referencing. - properties: - resolution: - default: Required - description: Resolution specifies whether resolution of this - reference is required. The default is 'Required', which - means the reconcile will fail if the reference cannot be - resolved. 'Optional' means this reference will be a no-op - if it cannot be resolved. - enum: - - Required - - Optional - type: string - resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will attempt - to resolve the reference only when the corresponding field - is not present. Use 'Always' to resolve the reference on - every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -322,17 +319,19 @@ spec: - name type: object publishConnectionDetailsTo: - description: PublishConnectionDetailsTo specifies the connection secret - config which contains a name, metadata and a reference to secret - store config to which any connection details for this managed resource - should be written. Connection details frequently include the endpoint, - username, and password required to connect to the managed resource. + description: |- + PublishConnectionDetailsTo specifies the connection secret config which + contains a name, metadata and a reference to secret store config to + which any connection details for this managed resource should be written. + Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. properties: configRef: default: name: default - description: SecretStoreConfigRef specifies which secret store - config should be used for this ConnectionSecret. + description: |- + SecretStoreConfigRef specifies which secret store config should be used + for this ConnectionSecret. properties: name: description: Name of the referenced object. @@ -342,21 +341,21 @@ spec: properties: resolution: default: Required - description: Resolution specifies whether resolution of - this reference is required. The default is 'Required', - which means the reconcile will fail if the reference - cannot be resolved. 'Optional' means this reference - will be a no-op if it cannot be resolved. + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. enum: - Required - Optional type: string resolve: - description: Resolve specifies when this reference should - be resolved. The default is 'IfNotPresent', which will - attempt to resolve the reference only when the corresponding - field is not present. Use 'Always' to resolve the reference - on every reconcile. + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. enum: - Always - IfNotPresent @@ -371,21 +370,22 @@ spec: annotations: additionalProperties: type: string - description: Annotations are the annotations to be added to - connection secret. - For Kubernetes secrets, this will be - used as "metadata.annotations". - It is up to Secret Store - implementation for others store types. + description: |- + Annotations are the annotations to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.annotations". + - It is up to Secret Store implementation for others store types. type: object labels: additionalProperties: type: string - description: Labels are the labels/tags to be added to connection - secret. - For Kubernetes secrets, this will be used as "metadata.labels". - - It is up to Secret Store implementation for others store - types. + description: |- + Labels are the labels/tags to be added to connection secret. + - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store types. type: object type: - description: Type is the SecretType for the connection secret. + description: |- + Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores. type: string type: object @@ -396,14 +396,15 @@ spec: - name type: object writeConnectionSecretToRef: - description: WriteConnectionSecretToReference specifies the namespace - and name of a Secret to which any connection details for this managed - resource should be written. Connection details frequently include - the endpoint, username, and password required to connect to the - managed resource. This field is planned to be replaced in a future - release in favor of PublishConnectionDetailsTo. Currently, both - could be set independently and connection details would be published - to both without affecting each other. + description: |- + WriteConnectionSecretToReference specifies the namespace and name of a + Secret to which any connection details for this managed resource should + be written. Connection details frequently include the endpoint, username, + and password required to connect to the managed resource. + This field is planned to be replaced in a future release in favor of + PublishConnectionDetailsTo. Currently, both could be set independently + and connection details would be published to both without affecting + each other. properties: name: description: Name of the secret. @@ -424,84 +425,98 @@ spec: atProvider: properties: displayName: - description: String containing the token display name The display - name of the token. + description: |- + String containing the token display name + The display name of the token. type: string explicitMaxTtl: - description: The explicit max TTL of this token. This is specified - as a numeric string with suffix like "30s" ro "5m" The explicit - max TTL of the token. + description: |- + The explicit max TTL of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The explicit max TTL of the token. type: string id: type: string leaseDuration: - description: String containing the token lease duration if present - in state file The token lease duration. + description: |- + String containing the token lease duration if present in state file + The token lease duration. type: number leaseStarted: - description: String containing the token lease started time if - present in state file The token lease started on. + description: |- + String containing the token lease started time if present in state file + The token lease started on. type: string metadata: additionalProperties: type: string - description: Metadata to be set on this token Metadata to be associated - with the token. + description: |- + Metadata to be set on this token + Metadata to be associated with the token. type: object namespace: - description: The namespace to provision the resource in. The value - should not contain leading or trailing forward slashes. The - namespace is always relative to the provider's configured namespace. - Available only for Vault Enterprise. Target namespace. (requires - Enterprise) + description: |- + The namespace to provision the resource in. + The value should not contain leading or trailing forward slashes. + The namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. + Target namespace. (requires Enterprise) type: string noDefaultPolicy: - description: Flag to not attach the default policy to this token + description: |- + Flag to not attach the default policy to this token Flag to disable the default policy. type: boolean noParent: - description: Flag to create a token without parent Flag to create - a token without parent. + description: |- + Flag to create a token without parent + Flag to create a token without parent. type: boolean numUses: - description: The number of allowed uses of this token The number - of allowed uses of the token. + description: |- + The number of allowed uses of this token + The number of allowed uses of the token. type: number period: - description: The period of this token. This is specified as a - numeric string with suffix like "30s" ro "5m" The period of - the token. + description: |- + The period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The period of the token. type: string policies: - description: List of policies to attach to this token List of - policies. + description: |- + List of policies to attach to this token + List of policies. items: type: string type: array renewIncrement: - description: The renew increment. This is specified in seconds + description: |- + The renew increment. This is specified in seconds The renew increment. type: number renewMinLease: - description: The minimal lease to renew this token The minimum - lease to renew token. + description: |- + The minimal lease to renew this token + The minimum lease to renew token. type: number renewable: - description: Flag to allow to renew this token Flag to allow the - token to be renewed + description: |- + Flag to allow to renew this token + Flag to allow the token to be renewed type: boolean roleName: - description: The token role name The token role name. + description: |- + The token role name + The token role name. type: string ttl: - description: The TTL period of this token. This is specified as - a numeric string with suffix like "30s" ro "5m" The TTL period - of the token. + description: |- + The TTL period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The TTL period of the token. type: string wrappingTtl: - description: The TTL period of this token. This is specified as - a numeric string with suffix like "30s" ro "5m" The TTL period - of the wrapped token. + description: |- + The TTL period of this token. This is specified as a numeric string with suffix like "30s" ro "5m" + The TTL period of the wrapped token. type: string type: object conditions: @@ -510,13 +525,15 @@ spec: description: A Condition that may apply to a resource. properties: lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. format: date-time type: string message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. type: string reason: description: A Reason for this condition's last transition from @@ -527,8 +544,9 @@ spec: False, or Unknown? type: string type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. type: string required: - lastTransitionTime @@ -537,6 +555,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map type: object required: - spec