From f433099feef41ae4dcccf237bb37d6b3805b12f1 Mon Sep 17 00:00:00 2001 From: isindir Date: Thu, 24 Jun 2021 10:27:42 +0100 Subject: [PATCH] feat: Add CRD support for multiple versions (include deprecated) (#83) * Add CRD support for multiple versions * Fix typo * Fix typo * Fix typo --- Makefile | 6 +- PROJECT | 16 + api/v1alpha1/groupversion_info.go | 24 ++ api/v1alpha1/sopssecret_types.go | 175 +++++++++ api/v1alpha1/zz_generated.deepcopy.go | 241 ++++++++++++ api/v1alpha2/groupversion_info.go | 24 ++ api/v1alpha2/sopssecret_types.go | 217 +++++++++++ api/v1alpha2/zz_generated.deepcopy.go | 281 ++++++++++++++ api/v1alpha3/sopssecret_types.go | 89 ++--- chart/helm3/sops-secrets-operator/Chart.yaml | 4 +- chart/helm3/sops-secrets-operator/README.md | 2 +- .../tests/operator_test.yaml | 6 +- chart/helm3/sops-secrets-operator/values.yaml | 2 +- .../bases/isindir.github.com_sopssecrets.yaml | 355 +++++++++++++++++- .../samples/isindir_v1alpha1_sopssecret.yaml | 7 + .../samples/isindir_v1alpha2_sopssecret.yaml | 7 + docs/index.yaml | 114 +++--- docs/sops-secrets-operator-0.9.2.tgz | Bin 0 -> 10868 bytes main.go | 4 + 19 files changed, 1472 insertions(+), 102 deletions(-) create mode 100644 api/v1alpha1/groupversion_info.go create mode 100644 api/v1alpha1/sopssecret_types.go create mode 100644 api/v1alpha1/zz_generated.deepcopy.go create mode 100644 api/v1alpha2/groupversion_info.go create mode 100644 api/v1alpha2/sopssecret_types.go create mode 100644 api/v1alpha2/zz_generated.deepcopy.go create mode 100644 config/samples/isindir_v1alpha1_sopssecret.yaml create mode 100644 config/samples/isindir_v1alpha2_sopssecret.yaml create mode 100644 docs/sops-secrets-operator-0.9.2.tgz diff --git a/Makefile b/Makefile index 37f951d9..16573769 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ GO := GOPROXY=https://proxy.golang.org go -SOPS_SEC_OPERATOR_VERSION := 0.3.1 +SOPS_SEC_OPERATOR_VERSION := 0.3.2 # https://github.com/kubernetes-sigs/controller-tools/releases -CONTROLLER_GEN_VERSION := "v0.4.1" +CONTROLLER_GEN_VERSION := "v0.6.1" # https://github.com/kubernetes-sigs/controller-runtime/releases CONTROLLER_RUNTIME_VERSION := "v0.8.3" # https://github.com/kubernetes-sigs/kustomize/releases @@ -51,9 +51,9 @@ help: ## Display this help. @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) clean: ## Cleans dependency directories. - rm -fr $$( which controller-gen ) rm -fr ./vendor rm -fr ./testbin + rm -fr ./bin tidy: ## Fetches all go dependencies. $(GO) mod tidy diff --git a/PROJECT b/PROJECT index bbd3945e..caae600e 100644 --- a/PROJECT +++ b/PROJECT @@ -13,4 +13,20 @@ resources: kind: SopsSecret path: github.com/isindir/sops-secrets-operator/api/v1alpha3 version: v1alpha3 +- api: + crdVersion: v1 + namespaced: true + domain: github.com + group: isindir + kind: SopsSecret + path: github.com/isindir/sops-secrets-operator/api/v1alpha2 + version: v1alpha2 +- api: + crdVersion: v1 + namespaced: true + domain: github.com + group: isindir + kind: SopsSecret + path: github.com/isindir/sops-secrets-operator/api/v1alpha1 + version: v1alpha1 version: "3" diff --git a/api/v1alpha1/groupversion_info.go b/api/v1alpha1/groupversion_info.go new file mode 100644 index 00000000..46f4ff59 --- /dev/null +++ b/api/v1alpha1/groupversion_info.go @@ -0,0 +1,24 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +// Package v1alpha1 contains API Schema definitions for the isindir v1alpha1 API group +//+kubebuilder:object:generate=true +//+groupName=isindir.github.com +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "isindir.github.com", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/v1alpha1/sopssecret_types.go b/api/v1alpha1/sopssecret_types.go new file mode 100644 index 00000000..e1e35478 --- /dev/null +++ b/api/v1alpha1/sopssecret_types.go @@ -0,0 +1,175 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. +// For upstream reference, see https://github.com/mozilla/sops/blob/master/stores/stores.go + +// SopsSecretSpec defines the desired state of SopsSecret +type SopsSecretSpec struct { + // Secrets template is a list of definitions to create Kubernetes Secrets + //+kubebuilder:validation:MinItems=1 + //+required + SecretsTemplate []SopsSecretTemplate `json:"secret_templates"` +} + +// SopsSecretTemplate defines the map of secrets to create +type SopsSecretTemplate struct { + // Name of the Kubernetes secret to create + //+required + Name string `json:"name"` + + // Annotations to apply to Kubernetes secret + //+optional + Annotations map[string]string `json:"annotations,omitempty"` + + // Labels to apply to Kubernetes secret + //+optional + Labels map[string]string `json:"labels,omitempty"` + + // Kubernetes secret type. Default: Opauqe. Possible values: Opauqe, + // kubernetes.io/service-account-token, kubernetes.io/dockercfg, + // kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, + // kubernetes.io/ssh-auth, kubernetes.io/tls, bootstrap.kubernetes.io/token + //+optional + Type string `json:"type,omitempty"` + + // Data map to use in Kubernetes secret (equivalent to Kubernetes Secret object stringData, please see for more + // information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets) + Data map[string]string `json:"data"` +} + +// KmsDataItem defines AWS KMS specific encryption details +type KmsDataItem struct { + // Arn - KMS key ARN to use + //+optional + Arn string `json:"arn,omitempty"` + + //+optional + EncryptedKey string `json:"enc,omitempty"` + // Object creation date + //+optional + CreationDate string `json:"created_at,omitempty"` + //+optional + AwsProfile string `json:"aws_profile,omitempty"` +} + +// PgpDataItem defines PGP specific encryption details +type PgpDataItem struct { + //+optional + EncryptedKey string `json:"enc,omitempty"` + + // Object creation date + //+optional + CreationDate string `json:"created_at,omitempty"` + // PGP FingerPrint of the key which can be used for decryption + //+optional + FingerPrint string `json:"fp,omitempty"` +} + +// AzureKmsItem defines Azure Keyvault Key specific encryption details +type AzureKmsItem struct { + // Azure KMS vault URL + //+optional + VaultURL string `json:"vault_url,omitempty"` + //+optional + KeyName string `json:"name,omitempty"` + //+optional + Version string `json:"version,omitempty"` + //+optional + EncryptedKey string `json:"enc,omitempty"` + // Object creation date + //+optional + CreationDate string `json:"created_at,omitempty"` +} + +// GcpKmsDataItem defines GCP KMS Key specific encryption details +type GcpKmsDataItem struct { + //+optional + VaultURL string `json:"resource_id,omitempty"` + //+optional + EncryptedKey string `json:"enc,omitempty"` + // Object creation date + //+optional + CreationDate string `json:"created_at,omitempty"` +} + +// SopsMetadata defines the encryption details +type SopsMetadata struct { + // Aws KMS configuration + //+optional + AwsKms []KmsDataItem `json:"kms,omitempty"` + + // PGP configuration + //+optional + Pgp []PgpDataItem `json:"pgp,omitempty"` + + // Azure KMS configuration + //+optional + AzureKms []AzureKmsItem `json:"azure_kv,omitempty"` + + // Gcp KMS configuration + //+optional + GcpKms []GcpKmsDataItem `json:"gcp_kms,omitempty"` + + // Mac - sops setting + //+optional + Mac string `json:"mac,omitempty"` + + // LastModified date when SopsSecret was last modified + //+optional + LastModified string `json:"lastmodified,omitempty"` + + // Version of the sops tool used to encrypt SopsSecret + //+optional + Version string `json:"version,omitempty"` + + // Suffix used to encrypt SopsSecret resource + //+optional + EncryptedSuffix string `json:"encrypted_suffix,omitempty"` +} + +// SopsSecretStatus defines the observed state of SopsSecret +type SopsSecretStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file + // Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html +} + +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status + +// SopsSecret is the Schema for the sopssecrets API +//+kubebuilder:resource:shortName=sops,scope=Namespaced +//+kubebuilder:deprecatedversion +//+kubebuilder:subresource:status +type SopsSecret struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // SopsSecret Spec definition + Spec SopsSecretSpec `json:"spec,omitempty"` + // SopsSecret Status information + Status SopsSecretStatus `json:"status,omitempty"` + // SopsSecret metadata + Sops SopsMetadata `json:"sops,omitempty"` +} + +//+kubebuilder:object:root=true + +// SopsSecretList contains a list of SopsSecret +type SopsSecretList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []SopsSecret `json:"items"` +} + +func init() { + SchemeBuilder.Register(&SopsSecret{}, &SopsSecretList{}) +} diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..4745efc5 --- /dev/null +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,241 @@ +// +build !ignore_autogenerated + +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureKmsItem) DeepCopyInto(out *AzureKmsItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKmsItem. +func (in *AzureKmsItem) DeepCopy() *AzureKmsItem { + if in == nil { + return nil + } + out := new(AzureKmsItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcpKmsDataItem) DeepCopyInto(out *GcpKmsDataItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcpKmsDataItem. +func (in *GcpKmsDataItem) DeepCopy() *GcpKmsDataItem { + if in == nil { + return nil + } + out := new(GcpKmsDataItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KmsDataItem) DeepCopyInto(out *KmsDataItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KmsDataItem. +func (in *KmsDataItem) DeepCopy() *KmsDataItem { + if in == nil { + return nil + } + out := new(KmsDataItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PgpDataItem) DeepCopyInto(out *PgpDataItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PgpDataItem. +func (in *PgpDataItem) DeepCopy() *PgpDataItem { + if in == nil { + return nil + } + out := new(PgpDataItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsMetadata) DeepCopyInto(out *SopsMetadata) { + *out = *in + if in.AwsKms != nil { + in, out := &in.AwsKms, &out.AwsKms + *out = make([]KmsDataItem, len(*in)) + copy(*out, *in) + } + if in.Pgp != nil { + in, out := &in.Pgp, &out.Pgp + *out = make([]PgpDataItem, len(*in)) + copy(*out, *in) + } + if in.AzureKms != nil { + in, out := &in.AzureKms, &out.AzureKms + *out = make([]AzureKmsItem, len(*in)) + copy(*out, *in) + } + if in.GcpKms != nil { + in, out := &in.GcpKms, &out.GcpKms + *out = make([]GcpKmsDataItem, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsMetadata. +func (in *SopsMetadata) DeepCopy() *SopsMetadata { + if in == nil { + return nil + } + out := new(SopsMetadata) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecret) DeepCopyInto(out *SopsSecret) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + in.Sops.DeepCopyInto(&out.Sops) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecret. +func (in *SopsSecret) DeepCopy() *SopsSecret { + if in == nil { + return nil + } + out := new(SopsSecret) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SopsSecret) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecretList) DeepCopyInto(out *SopsSecretList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]SopsSecret, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecretList. +func (in *SopsSecretList) DeepCopy() *SopsSecretList { + if in == nil { + return nil + } + out := new(SopsSecretList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SopsSecretList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecretSpec) DeepCopyInto(out *SopsSecretSpec) { + *out = *in + if in.SecretsTemplate != nil { + in, out := &in.SecretsTemplate, &out.SecretsTemplate + *out = make([]SopsSecretTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecretSpec. +func (in *SopsSecretSpec) DeepCopy() *SopsSecretSpec { + if in == nil { + return nil + } + out := new(SopsSecretSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecretStatus) DeepCopyInto(out *SopsSecretStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecretStatus. +func (in *SopsSecretStatus) DeepCopy() *SopsSecretStatus { + if in == nil { + return nil + } + out := new(SopsSecretStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecretTemplate) DeepCopyInto(out *SopsSecretTemplate) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Data != nil { + in, out := &in.Data, &out.Data + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecretTemplate. +func (in *SopsSecretTemplate) DeepCopy() *SopsSecretTemplate { + if in == nil { + return nil + } + out := new(SopsSecretTemplate) + in.DeepCopyInto(out) + return out +} diff --git a/api/v1alpha2/groupversion_info.go b/api/v1alpha2/groupversion_info.go new file mode 100644 index 00000000..44be9d09 --- /dev/null +++ b/api/v1alpha2/groupversion_info.go @@ -0,0 +1,24 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +// Package v1alpha2 contains API Schema definitions for the isindir v1alpha2 API group +//+kubebuilder:object:generate=true +//+groupName=isindir.github.com +package v1alpha2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "isindir.github.com", Version: "v1alpha2"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/v1alpha2/sopssecret_types.go b/api/v1alpha2/sopssecret_types.go new file mode 100644 index 00000000..82a75c1f --- /dev/null +++ b/api/v1alpha2/sopssecret_types.go @@ -0,0 +1,217 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +package v1alpha2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. +// For upstream reference, see https://github.com/mozilla/sops/blob/master/stores/stores.go + +// SopsSecretSpec defines the desired state of SopsSecret +type SopsSecretSpec struct { + // Secrets template is a list of definitions to create Kubernetes Secrets + //+kubebuilder:validation:MinItems=1 + //+required + SecretsTemplate []SopsSecretTemplate `json:"secretTemplates"` +} + +// SopsSecretTemplate defines the map of secrets to create +type SopsSecretTemplate struct { + // Name of the Kubernetes secret to create + //+required + Name string `json:"name"` + + // Annotations to apply to Kubernetes secret + //+optional + Annotations map[string]string `json:"annotations,omitempty"` + + // Labels to apply to Kubernetes secret + //+optional + Labels map[string]string `json:"labels,omitempty"` + + // Kubernetes secret type. Default: Opauqe. Possible values: Opauqe, + // kubernetes.io/service-account-token, kubernetes.io/dockercfg, + // kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, + // kubernetes.io/ssh-auth, kubernetes.io/tls, bootstrap.kubernetes.io/token + //+optional + Type string `json:"type,omitempty"` + + // Data map to use in Kubernetes secret (equivalent to Kubernetes Secret object stringData, please see for more + // information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets) + Data map[string]string `json:"data"` +} + +// KmsDataItem defines AWS KMS specific encryption details +type KmsDataItem struct { + // Arn - KMS key ARN to use + //+optional + Arn string `json:"arn,omitempty"` + // AWS Iam Role + //+optional + Role string `json:"role,omitempty"` + + //+optional + EncryptedKey string `json:"enc,omitempty"` + // Object creation date + //+optional + CreationDate string `json:"created_at,omitempty"` + //+optional + AwsProfile string `json:"aws_profile,omitempty"` +} + +// PgpDataItem defines PGP specific encryption details +type PgpDataItem struct { + //+optional + EncryptedKey string `json:"enc,omitempty"` + + // Object creation date + //+optional + CreationDate string `json:"created_at,omitempty"` + // PGP FingerPrint of the key which can be used for decryption + //+optional + FingerPrint string `json:"fp,omitempty"` +} + +// AzureKmsItem defines Azure Keyvault Key specific encryption details +type AzureKmsItem struct { + // Azure KMS vault URL + //+optional + VaultURL string `json:"vault_url,omitempty"` + //+optional + KeyName string `json:"name,omitempty"` + //+optional + Version string `json:"version,omitempty"` + //+optional + EncryptedKey string `json:"enc,omitempty"` + // Object creation date + //+optional + CreationDate string `json:"created_at,omitempty"` +} + +type AgeItem struct { + // Recepient which private key can be used for decription + //+optional + Recipient string `json:"recipient,omitempty"` + //+optional + EncryptedKey string `json:"enc,omitempty"` +} + +// HcVaultItem defines Hashicorp Vault Key specific encryption details +type HcVaultItem struct { + //+optional + VaultAddress string `json:"vault_address,omitempty"` + //+optional + EnginePath string `json:"engine_path,omitempty"` + //+optional + KeyName string `json:"key_name,omitempty"` + //+optional + CreationDate string `json:"created_at,omitempty"` + //+optional + EncryptedKey string `json:"enc,omitempty"` +} + +// GcpKmsDataItem defines GCP KMS Key specific encryption details +type GcpKmsDataItem struct { + //+optional + VaultURL string `json:"resource_id,omitempty"` + //+optional + EncryptedKey string `json:"enc,omitempty"` + // Object creation date + //+optional + CreationDate string `json:"created_at,omitempty"` +} + +// SopsMetadata defines the encryption details +type SopsMetadata struct { + // Aws KMS configuration + //+optional + AwsKms []KmsDataItem `json:"kms,omitempty"` + + // PGP configuration + //+optional + Pgp []PgpDataItem `json:"pgp,omitempty"` + + // Azure KMS configuration + //+optional + AzureKms []AzureKmsItem `json:"azure_kv,omitempty"` + + // Hashicorp Vault KMS configurarion + //+optional + HcVault []HcVaultItem `json:"hc_vault,omitempty"` + + // Gcp KMS configuration + //+optional + GcpKms []GcpKmsDataItem `json:"gcp_kms,omitempty"` + + // Age configuration + //+optional + Age []AgeItem `json:"age,omitempty"` + + // Mac - sops setting + //+optional + Mac string `json:"mac,omitempty"` + + // LastModified date when SopsSecret was last modified + //+optional + LastModified string `json:"lastmodified,omitempty"` + + // Version of the sops tool used to encrypt SopsSecret + //+optional + Version string `json:"version,omitempty"` + + // Suffix used to encrypt SopsSecret resource + //+optional + EncryptedSuffix string `json:"encrypted_suffix,omitempty"` + + // Regex used to encrypt SopsSecret resource + // This opstion should be used with more care, as it can make resource unapplicable to the cluster. + //+optional + EncryptedRegex string `json:"encrypted_regex,omitempty"` +} + +// SopsSecretStatus defines the observed state of SopsSecret +type SopsSecretStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file + + // SopsSecret status message + //+optional + Message string `json:"message,omitempty"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status + +// SopsSecret is the Schema for the sopssecrets API +//+kubebuilder:resource:shortName=sops,scope=Namespaced +//+kubebuilder:deprecatedversion +//+kubebuilder:subresource:status +//+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.message` +type SopsSecret struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // SopsSecret Spec definition + Spec SopsSecretSpec `json:"spec,omitempty"` + // SopsSecret Status information + Status SopsSecretStatus `json:"status,omitempty"` + // SopsSecret metadata + Sops SopsMetadata `json:"sops,omitempty"` +} + +//+kubebuilder:object:root=true + +// SopsSecretList contains a list of SopsSecret +type SopsSecretList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []SopsSecret `json:"items"` +} + +func init() { + SchemeBuilder.Register(&SopsSecret{}, &SopsSecretList{}) +} diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go new file mode 100644 index 00000000..9b611ae3 --- /dev/null +++ b/api/v1alpha2/zz_generated.deepcopy.go @@ -0,0 +1,281 @@ +// +build !ignore_autogenerated + +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgeItem) DeepCopyInto(out *AgeItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgeItem. +func (in *AgeItem) DeepCopy() *AgeItem { + if in == nil { + return nil + } + out := new(AgeItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureKmsItem) DeepCopyInto(out *AzureKmsItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKmsItem. +func (in *AzureKmsItem) DeepCopy() *AzureKmsItem { + if in == nil { + return nil + } + out := new(AzureKmsItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GcpKmsDataItem) DeepCopyInto(out *GcpKmsDataItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcpKmsDataItem. +func (in *GcpKmsDataItem) DeepCopy() *GcpKmsDataItem { + if in == nil { + return nil + } + out := new(GcpKmsDataItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HcVaultItem) DeepCopyInto(out *HcVaultItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HcVaultItem. +func (in *HcVaultItem) DeepCopy() *HcVaultItem { + if in == nil { + return nil + } + out := new(HcVaultItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KmsDataItem) DeepCopyInto(out *KmsDataItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KmsDataItem. +func (in *KmsDataItem) DeepCopy() *KmsDataItem { + if in == nil { + return nil + } + out := new(KmsDataItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PgpDataItem) DeepCopyInto(out *PgpDataItem) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PgpDataItem. +func (in *PgpDataItem) DeepCopy() *PgpDataItem { + if in == nil { + return nil + } + out := new(PgpDataItem) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsMetadata) DeepCopyInto(out *SopsMetadata) { + *out = *in + if in.AwsKms != nil { + in, out := &in.AwsKms, &out.AwsKms + *out = make([]KmsDataItem, len(*in)) + copy(*out, *in) + } + if in.Pgp != nil { + in, out := &in.Pgp, &out.Pgp + *out = make([]PgpDataItem, len(*in)) + copy(*out, *in) + } + if in.AzureKms != nil { + in, out := &in.AzureKms, &out.AzureKms + *out = make([]AzureKmsItem, len(*in)) + copy(*out, *in) + } + if in.HcVault != nil { + in, out := &in.HcVault, &out.HcVault + *out = make([]HcVaultItem, len(*in)) + copy(*out, *in) + } + if in.GcpKms != nil { + in, out := &in.GcpKms, &out.GcpKms + *out = make([]GcpKmsDataItem, len(*in)) + copy(*out, *in) + } + if in.Age != nil { + in, out := &in.Age, &out.Age + *out = make([]AgeItem, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsMetadata. +func (in *SopsMetadata) DeepCopy() *SopsMetadata { + if in == nil { + return nil + } + out := new(SopsMetadata) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecret) DeepCopyInto(out *SopsSecret) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + in.Sops.DeepCopyInto(&out.Sops) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecret. +func (in *SopsSecret) DeepCopy() *SopsSecret { + if in == nil { + return nil + } + out := new(SopsSecret) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SopsSecret) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecretList) DeepCopyInto(out *SopsSecretList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]SopsSecret, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecretList. +func (in *SopsSecretList) DeepCopy() *SopsSecretList { + if in == nil { + return nil + } + out := new(SopsSecretList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SopsSecretList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecretSpec) DeepCopyInto(out *SopsSecretSpec) { + *out = *in + if in.SecretsTemplate != nil { + in, out := &in.SecretsTemplate, &out.SecretsTemplate + *out = make([]SopsSecretTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecretSpec. +func (in *SopsSecretSpec) DeepCopy() *SopsSecretSpec { + if in == nil { + return nil + } + out := new(SopsSecretSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecretStatus) DeepCopyInto(out *SopsSecretStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecretStatus. +func (in *SopsSecretStatus) DeepCopy() *SopsSecretStatus { + if in == nil { + return nil + } + out := new(SopsSecretStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SopsSecretTemplate) DeepCopyInto(out *SopsSecretTemplate) { + *out = *in + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Data != nil { + in, out := &in.Data, &out.Data + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SopsSecretTemplate. +func (in *SopsSecretTemplate) DeepCopy() *SopsSecretTemplate { + if in == nil { + return nil + } + out := new(SopsSecretTemplate) + in.DeepCopyInto(out) + return out +} diff --git a/api/v1alpha3/sopssecret_types.go b/api/v1alpha3/sopssecret_types.go index 416a76cf..8ee43c8c 100644 --- a/api/v1alpha3/sopssecret_types.go +++ b/api/v1alpha3/sopssecret_types.go @@ -20,172 +20,172 @@ const ( // SopsSecretSpec defines the desired state of SopsSecret type SopsSecretSpec struct { // Secrets template is a list of definitions to create Kubernetes Secrets - // +kubebuilder:validation:MinItems=1 - // +required + //+kubebuilder:validation:MinItems=1 + //+required SecretsTemplate []SopsSecretTemplate `json:"secretTemplates"` // This flag tells the controller to suspend the reconciliation of this source. - // +optional + //+optional Suspend bool `json:"suspend,omitempty"` } // SopsSecretTemplate defines the map of secrets to create type SopsSecretTemplate struct { // Name of the Kubernetes secret to create - // +required + //+required Name string `json:"name"` // Annotations to apply to Kubernetes secret - // +optional + //+optional Annotations map[string]string `json:"annotations,omitempty"` // Labels to apply to Kubernetes secret - // +optional + //+optional Labels map[string]string `json:"labels,omitempty"` // Kubernetes secret type. Default: Opauqe. Possible values: Opauqe, // kubernetes.io/service-account-token, kubernetes.io/dockercfg, // kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, // kubernetes.io/ssh-auth, kubernetes.io/tls, bootstrap.kubernetes.io/token - // +optional + //+optional Type string `json:"type,omitempty"` // Data map to use in Kubernetes secret (equivalent to Kubernetes Secret object data, please see for more // information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets) - // +optional + //+optional Data map[string]string `json:"data,omitempty"` // stringData map to use in Kubernetes secret (equivalent to Kubernetes Secret object stringData, please see for more // information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets) - // +optional + //+optional StringData map[string]string `json:"stringData,omitempty"` } // KmsDataItem defines AWS KMS specific encryption details type KmsDataItem struct { // Arn - KMS key ARN to use - // +optional + //+optional Arn string `json:"arn,omitempty"` // AWS Iam Role - // +optional + //+optional Role string `json:"role,omitempty"` - // +optional + //+optional EncryptedKey string `json:"enc,omitempty"` // Object creation date - // +optional + //+optional CreationDate string `json:"created_at,omitempty"` - // +optional + //+optional AwsProfile string `json:"aws_profile,omitempty"` } // PgpDataItem defines PGP specific encryption details type PgpDataItem struct { - // +optional + //+optional EncryptedKey string `json:"enc,omitempty"` // Object creation date - // +optional + //+optional CreationDate string `json:"created_at,omitempty"` // PGP FingerPrint of the key which can be used for decryption - // +optional + //+optional FingerPrint string `json:"fp,omitempty"` } // AzureKmsItem defines Azure Keyvault Key specific encryption details type AzureKmsItem struct { // Azure KMS vault URL - // +optional + //+optional VaultURL string `json:"vault_url,omitempty"` - // +optional + //+optional KeyName string `json:"name,omitempty"` - // +optional + //+optional Version string `json:"version,omitempty"` - // +optional + //+optional EncryptedKey string `json:"enc,omitempty"` // Object creation date - // +optional + //+optional CreationDate string `json:"created_at,omitempty"` } type AgeItem struct { // Recepient which private key can be used for decription - // +optional + //+optional Recipient string `json:"recipient,omitempty"` - // +optional + //+optional EncryptedKey string `json:"enc,omitempty"` } // HcVaultItem defines Hashicorp Vault Key specific encryption details type HcVaultItem struct { - // +optional + //+optional VaultAddress string `json:"vault_address,omitempty"` - // +optional + //+optional EnginePath string `json:"engine_path,omitempty"` - // +optional + //+optional KeyName string `json:"key_name,omitempty"` - // +optional + //+optional CreationDate string `json:"created_at,omitempty"` - // +optional + //+optional EncryptedKey string `json:"enc,omitempty"` } // GcpKmsDataItem defines GCP KMS Key specific encryption details type GcpKmsDataItem struct { - // +optional + //+optional VaultURL string `json:"resource_id,omitempty"` - // +optional + //+optional EncryptedKey string `json:"enc,omitempty"` // Object creation date - // +optional + //+optional CreationDate string `json:"created_at,omitempty"` } // SopsMetadata defines the encryption details type SopsMetadata struct { // Aws KMS configuration - // +optional + //+optional AwsKms []KmsDataItem `json:"kms,omitempty"` // PGP configuration - // +optional + //+optional Pgp []PgpDataItem `json:"pgp,omitempty"` // Azure KMS configuration - // +optional + //+optional AzureKms []AzureKmsItem `json:"azure_kv,omitempty"` // Hashicorp Vault KMS configurarion - // +optional + //+optional HcVault []HcVaultItem `json:"hc_vault,omitempty"` // Gcp KMS configuration - // +optional + //+optional GcpKms []GcpKmsDataItem `json:"gcp_kms,omitempty"` // Age configuration - // +optional + //+optional Age []AgeItem `json:"age,omitempty"` // Mac - sops setting - // +optional + //+optional Mac string `json:"mac,omitempty"` // LastModified date when SopsSecret was last modified - // +optional + //+optional LastModified string `json:"lastmodified,omitempty"` // Version of the sops tool used to encrypt SopsSecret - // +optional + //+optional Version string `json:"version,omitempty"` // Suffix used to encrypt SopsSecret resource - // +optional + //+optional EncryptedSuffix string `json:"encrypted_suffix,omitempty"` // Regex used to encrypt SopsSecret resource // This opstion should be used with more care, as it can make resource unapplicable to the cluster. - // +optional + //+optional EncryptedRegex string `json:"encrypted_regex,omitempty"` } @@ -195,7 +195,7 @@ type SopsSecretStatus struct { // Important: Run "make" to regenerate code after modifying this file // SopsSecret status message - // +optional + //+optional Message string `json:"message,omitempty"` } @@ -205,6 +205,7 @@ type SopsSecretStatus struct { // SopsSecret is the Schema for the sopssecrets API //+kubebuilder:resource:shortName=sops,scope=Namespaced //+kubebuilder:subresource:status +//+kubebuilder:storageversion //+kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.message` type SopsSecret struct { metav1.TypeMeta `json:",inline"` diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml index 03d845f7..bdaea727 100644 --- a/chart/helm3/sops-secrets-operator/Chart.yaml +++ b/chart/helm3/sops-secrets-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -version: 0.9.1 -appVersion: 0.3.1 +version: 0.9.2 +appVersion: 0.3.2 type: application description: Helm chart deploys sops-secrets-operator name: sops-secrets-operator diff --git a/chart/helm3/sops-secrets-operator/README.md b/chart/helm3/sops-secrets-operator/README.md index adbe045e..f8550465 100644 --- a/chart/helm3/sops-secrets-operator/README.md +++ b/chart/helm3/sops-secrets-operator/README.md @@ -131,7 +131,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat | healthProbes.readiness | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Readiness probe configuration | | image.pullPolicy | string | `"Always"` | Operator image pull policy | | image.repository | string | `"isindir/sops-secrets-operator"` | Operator image name | -| image.tag | string | `"0.3.1"` | Operator image tag | +| image.tag | string | `"0.3.2"` | Operator image tag | | imagePullSecrets | list | `[]` | Secrets to pull image from private docker repository | | kubeconfig | object | `{"enabled":false,"path":null}` | Paths to a kubeconfig. Only required if out-of-cluster. | | logging | object | `{"encoder":"json","level":"info","stacktraceLevel":"error"}` | Logging configuration section suggested values Development Mode (encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode (encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default) | diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml index f2b71a6d..66081632 100644 --- a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml +++ b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml @@ -30,8 +30,8 @@ tests: app.kubernetes.io/instance: sops app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: sops-secrets-operator - app.kubernetes.io/version: 0.3.1 - helm.sh/chart: sops-secrets-operator-0.9.1 + app.kubernetes.io/version: 0.3.2 + helm.sh/chart: sops-secrets-operator-0.9.2 # template metadata and spec selector - it: should correctly render template metadata and spec selector @@ -140,7 +140,7 @@ tests: asserts: - equal: path: spec.template.spec.containers[0].image - value: isindir/sops-secrets-operator:0.3.1 + value: isindir/sops-secrets-operator:0.3.2 - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml index 8881b8cf..0743293f 100644 --- a/chart/helm3/sops-secrets-operator/values.yaml +++ b/chart/helm3/sops-secrets-operator/values.yaml @@ -12,7 +12,7 @@ image: # -- Operator image name repository: isindir/sops-secrets-operator # -- Operator image tag - tag: 0.3.1 + tag: 0.3.2 # -- Operator image pull policy pullPolicy: Always diff --git a/config/crd/bases/isindir.github.com_sopssecrets.yaml b/config/crd/bases/isindir.github.com_sopssecrets.yaml index 33421b62..95de7c5b 100644 --- a/config/crd/bases/isindir.github.com_sopssecrets.yaml +++ b/config/crd/bases/isindir.github.com_sopssecrets.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.1 + controller-gen.kubebuilder.io/version: v0.6.1 creationTimestamp: null name: sopssecrets.isindir.github.com spec: @@ -18,6 +18,359 @@ spec: singular: sopssecret scope: Namespaced versions: + - deprecated: true + name: v1alpha1 + schema: + openAPIV3Schema: + description: SopsSecret is the Schema for the sopssecrets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + sops: + description: SopsSecret metadata + properties: + azure_kv: + description: Azure KMS configuration + items: + description: AzureKmsItem defines Azure Keyvault Key specific encryption + details + properties: + created_at: + description: Object creation date + type: string + enc: + type: string + name: + type: string + vault_url: + description: Azure KMS vault URL + type: string + version: + type: string + type: object + type: array + encrypted_suffix: + description: Suffix used to encrypt SopsSecret resource + type: string + gcp_kms: + description: Gcp KMS configuration + items: + description: GcpKmsDataItem defines GCP KMS Key specific encryption + details + properties: + created_at: + description: Object creation date + type: string + enc: + type: string + resource_id: + type: string + type: object + type: array + kms: + description: Aws KMS configuration + items: + description: KmsDataItem defines AWS KMS specific encryption details + properties: + arn: + description: Arn - KMS key ARN to use + type: string + aws_profile: + type: string + created_at: + description: Object creation date + type: string + enc: + type: string + type: object + type: array + lastmodified: + description: LastModified date when SopsSecret was last modified + type: string + mac: + description: Mac - sops setting + type: string + pgp: + description: PGP configuration + items: + description: PgpDataItem defines PGP specific encryption details + properties: + created_at: + description: Object creation date + type: string + enc: + type: string + fp: + description: PGP FingerPrint of the key which can be used for + decryption + type: string + type: object + type: array + version: + description: Version of the sops tool used to encrypt SopsSecret + type: string + type: object + spec: + description: SopsSecret Spec definition + properties: + secret_templates: + description: Secrets template is a list of definitions to create Kubernetes + Secrets + items: + description: SopsSecretTemplate defines the map of secrets to create + properties: + annotations: + additionalProperties: + type: string + description: Annotations to apply to Kubernetes secret + type: object + data: + additionalProperties: + type: string + description: 'Data map to use in Kubernetes secret (equivalent + to Kubernetes Secret object stringData, please see for more + information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets)' + type: object + labels: + additionalProperties: + type: string + description: Labels to apply to Kubernetes secret + type: object + name: + description: Name of the Kubernetes secret to create + type: string + type: + description: 'Kubernetes secret type. Default: Opauqe. Possible + values: Opauqe, kubernetes.io/service-account-token, kubernetes.io/dockercfg, + kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, + kubernetes.io/ssh-auth, kubernetes.io/tls, bootstrap.kubernetes.io/token' + type: string + required: + - data + - name + type: object + minItems: 1 + type: array + required: + - secret_templates + type: object + status: + description: SopsSecret Status information + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.message + name: Status + type: string + deprecated: true + name: v1alpha2 + schema: + openAPIV3Schema: + description: SopsSecret is the Schema for the sopssecrets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + sops: + description: SopsSecret metadata + properties: + age: + description: Age configuration + items: + properties: + enc: + type: string + recipient: + description: Recepient which private key can be used for decription + type: string + type: object + type: array + azure_kv: + description: Azure KMS configuration + items: + description: AzureKmsItem defines Azure Keyvault Key specific encryption + details + properties: + created_at: + description: Object creation date + type: string + enc: + type: string + name: + type: string + vault_url: + description: Azure KMS vault URL + type: string + version: + type: string + type: object + type: array + encrypted_regex: + description: Regex used to encrypt SopsSecret resource This opstion + should be used with more care, as it can make resource unapplicable + to the cluster. + type: string + encrypted_suffix: + description: Suffix used to encrypt SopsSecret resource + type: string + gcp_kms: + description: Gcp KMS configuration + items: + description: GcpKmsDataItem defines GCP KMS Key specific encryption + details + properties: + created_at: + description: Object creation date + type: string + enc: + type: string + resource_id: + type: string + type: object + type: array + hc_vault: + description: Hashicorp Vault KMS configurarion + items: + description: HcVaultItem defines Hashicorp Vault Key specific encryption + details + properties: + created_at: + type: string + enc: + type: string + engine_path: + type: string + key_name: + type: string + vault_address: + type: string + type: object + type: array + kms: + description: Aws KMS configuration + items: + description: KmsDataItem defines AWS KMS specific encryption details + properties: + arn: + description: Arn - KMS key ARN to use + type: string + aws_profile: + type: string + created_at: + description: Object creation date + type: string + enc: + type: string + role: + description: AWS Iam Role + type: string + type: object + type: array + lastmodified: + description: LastModified date when SopsSecret was last modified + type: string + mac: + description: Mac - sops setting + type: string + pgp: + description: PGP configuration + items: + description: PgpDataItem defines PGP specific encryption details + properties: + created_at: + description: Object creation date + type: string + enc: + type: string + fp: + description: PGP FingerPrint of the key which can be used for + decryption + type: string + type: object + type: array + version: + description: Version of the sops tool used to encrypt SopsSecret + type: string + type: object + spec: + description: SopsSecret Spec definition + properties: + secretTemplates: + description: Secrets template is a list of definitions to create Kubernetes + Secrets + items: + description: SopsSecretTemplate defines the map of secrets to create + properties: + annotations: + additionalProperties: + type: string + description: Annotations to apply to Kubernetes secret + type: object + data: + additionalProperties: + type: string + description: 'Data map to use in Kubernetes secret (equivalent + to Kubernetes Secret object stringData, please see for more + information: https://kubernetes.io/docs/concepts/configuration/secret/#overview-of-secrets)' + type: object + labels: + additionalProperties: + type: string + description: Labels to apply to Kubernetes secret + type: object + name: + description: Name of the Kubernetes secret to create + type: string + type: + description: 'Kubernetes secret type. Default: Opauqe. Possible + values: Opauqe, kubernetes.io/service-account-token, kubernetes.io/dockercfg, + kubernetes.io/dockerconfigjson, kubernetes.io/basic-auth, + kubernetes.io/ssh-auth, kubernetes.io/tls, bootstrap.kubernetes.io/token' + type: string + required: + - data + - name + type: object + minItems: 1 + type: array + required: + - secretTemplates + type: object + status: + description: SopsSecret Status information + properties: + message: + description: SopsSecret status message + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} - additionalPrinterColumns: - jsonPath: .status.message name: Status diff --git a/config/samples/isindir_v1alpha1_sopssecret.yaml b/config/samples/isindir_v1alpha1_sopssecret.yaml new file mode 100644 index 00000000..3355c50f --- /dev/null +++ b/config/samples/isindir_v1alpha1_sopssecret.yaml @@ -0,0 +1,7 @@ +apiVersion: isindir.github.com/v1alpha1 +kind: SopsSecret +metadata: + name: sopssecret-sample +spec: + # Add fields here + foo: bar diff --git a/config/samples/isindir_v1alpha2_sopssecret.yaml b/config/samples/isindir_v1alpha2_sopssecret.yaml new file mode 100644 index 00000000..d33afd68 --- /dev/null +++ b/config/samples/isindir_v1alpha2_sopssecret.yaml @@ -0,0 +1,7 @@ +apiVersion: isindir.github.com/v1alpha2 +kind: SopsSecret +metadata: + name: sopssecret-sample +spec: + # Add fields here + foo: bar diff --git a/docs/index.yaml b/docs/index.yaml index 04e23d7c..b2ecd157 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,9 +1,29 @@ apiVersion: v1 entries: sops-secrets-operator: + - apiVersion: v2 + appVersion: 0.3.2 + created: "2021-06-24T09:42:08.808341+01:00" + description: Helm chart deploys sops-secrets-operator + digest: dbec66ae148cd665612f9b69e0dd139264c47744c797cf504a26556c77ae2130 + keywords: + - gitops + - sops + - kms + - encryption + maintainers: + - email: isindir@users.sf.net + name: isindir + name: sops-secrets-operator + sources: + - https://github.com/isindir/sops-secrets-operator.git + type: application + urls: + - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.9.2.tgz + version: 0.9.2 - apiVersion: v2 appVersion: 0.3.1 - created: "2021-06-20T21:15:54.000434+01:00" + created: "2021-06-24T09:42:08.807413+01:00" description: Helm chart deploys sops-secrets-operator digest: 6228534471c0bab5eca824d98963adce99d4754bf03f37130529ac52536c79ad keywords: @@ -23,7 +43,7 @@ entries: version: 0.9.1 - apiVersion: v2 appVersion: 0.3.0 - created: "2021-06-20T21:15:53.99951+01:00" + created: "2021-06-24T09:42:08.806433+01:00" description: Helm chart deploys sops-secrets-operator digest: b7f077f8acac1b6ec60d0c0eb6326ab33cf3e4b9fb1ee8d94b1fa21f96aa7383 keywords: @@ -43,7 +63,7 @@ entries: version: 0.9.0 - apiVersion: v2 appVersion: 0.2.2 - created: "2021-06-20T21:15:53.998382+01:00" + created: "2021-06-24T09:42:08.805089+01:00" description: Helm chart deploys sops-secrets-operator digest: 39d3d35a28a405e7baf82d507fa642966c2705ac3ca2f10077186a7fec5de1f6 keywords: @@ -63,7 +83,7 @@ entries: version: 0.8.4 - apiVersion: v2 appVersion: 0.2.1 - created: "2021-06-20T21:15:53.99716+01:00" + created: "2021-06-24T09:42:08.803792+01:00" description: Helm chart deploys sops-secrets-operator digest: 4a1a3299532a4ec61acb61db45d763385bc3c2bd50c9c1707e3ba258498b5ee5 keywords: @@ -83,7 +103,7 @@ entries: version: 0.8.3 - apiVersion: v2 appVersion: 0.2.1 - created: "2021-06-20T21:15:53.995079+01:00" + created: "2021-06-24T09:42:08.802535+01:00" description: Helm chart deploys sops-secrets-operator digest: d328b4e165c3945430e196a853836dcee9982929fe24455021ddb885099d5334 keywords: @@ -103,7 +123,7 @@ entries: version: 0.8.2 - apiVersion: v2 appVersion: 0.2.0 - created: "2021-06-20T21:15:53.993817+01:00" + created: "2021-06-24T09:42:08.801459+01:00" description: Helm chart deploys sops-secrets-operator digest: d0ac8b738d0f10d64b2fb78c4386efe91de39aa88a4b107fdf9d93a82d18573c keywords: @@ -123,7 +143,7 @@ entries: version: 0.8.1 - apiVersion: v2 appVersion: 0.2.0 - created: "2021-06-20T21:15:53.992113+01:00" + created: "2021-06-24T09:42:08.800007+01:00" description: Helm chart deploys sops-secrets-operator digest: 289d7c6c96f858fe15427b1858fbfcdec373fc345acf52e667df4ca5ee729c10 keywords: @@ -143,7 +163,7 @@ entries: version: 0.8.0 - apiVersion: v2 appVersion: 0.1.17 - created: "2021-06-20T21:15:53.991091+01:00" + created: "2021-06-24T09:42:08.798571+01:00" description: sops secrets operator digest: 1c3c4bba7d66a7621beced04856d9904260558fe10369513743bc322d69482c1 keywords: @@ -163,7 +183,7 @@ entries: version: 0.7.6 - apiVersion: v2 appVersion: 0.1.16 - created: "2021-06-20T21:15:53.990143+01:00" + created: "2021-06-24T09:42:08.797545+01:00" description: sops secrets operator digest: c526d5d4b9c7c2cce1d9da2c75b4e9be7a994f24dce159a659189414a8725eae keywords: @@ -183,7 +203,7 @@ entries: version: 0.7.5 - apiVersion: v2 appVersion: 0.1.16 - created: "2021-06-20T21:15:53.989104+01:00" + created: "2021-06-24T09:42:08.796382+01:00" description: sops secrets operator digest: 572c9015988b76869b58997e02a0c64152283e559721e4883d54f1258a57e8b7 keywords: @@ -203,7 +223,7 @@ entries: version: 0.7.4 - apiVersion: v2 appVersion: 0.1.15 - created: "2021-06-20T21:15:53.988048+01:00" + created: "2021-06-24T09:42:08.795446+01:00" description: sops secrets operator digest: 84365f8e919ba9d3a00cfa50435cce6c63a8383357b2fde062b7aab8baeca6eb keywords: @@ -223,7 +243,7 @@ entries: version: 0.7.3 - apiVersion: v2 appVersion: 0.1.14 - created: "2021-06-20T21:15:53.986993+01:00" + created: "2021-06-24T09:42:08.794474+01:00" description: sops secrets operator digest: a1f2375080df20421701a33179b8e947ee682a70084d83d85da707889871ad64 keywords: @@ -243,7 +263,7 @@ entries: version: 0.7.2 - apiVersion: v2 appVersion: 0.1.13 - created: "2021-06-20T21:15:53.985912+01:00" + created: "2021-06-24T09:42:08.793481+01:00" description: sops secrets operator digest: 2e81dc4e4d49d9cd802aff263f005e04fb57df07f33b3ce8643ab287dfd3a7fb keywords: @@ -263,7 +283,7 @@ entries: version: 0.7.1 - apiVersion: v2 appVersion: 0.1.12 - created: "2021-06-20T21:15:53.984831+01:00" + created: "2021-06-24T09:42:08.792321+01:00" description: sops secrets operator digest: 81f59ed60bfa8204ed285476f9ed96a45a6f4e7cc6940a5d246c9241573d93d5 keywords: @@ -283,7 +303,7 @@ entries: version: 0.7.0 - apiVersion: v2 appVersion: 0.1.12 - created: "2021-06-20T21:15:53.983808+01:00" + created: "2021-06-24T09:42:08.791149+01:00" description: sops secrets operator digest: 91c3fbda73ba2d860bdaa21e37bf9afbc260ff767b377a144d0181d116a7ee34 keywords: @@ -303,7 +323,7 @@ entries: version: 0.6.8 - apiVersion: v2 appVersion: 0.1.12 - created: "2021-06-20T21:15:53.982686+01:00" + created: "2021-06-24T09:42:08.789381+01:00" description: sops secrets operator digest: 89d9d41d70d4dafcfb957bd48776ad779d0cef7dbb1ab2daf0b745a53dd6e3c6 maintainers: @@ -318,7 +338,7 @@ entries: version: 0.6.7 - apiVersion: v2 appVersion: 0.1.11 - created: "2021-06-20T21:15:53.981646+01:00" + created: "2021-06-24T09:42:08.788387+01:00" description: sops secrets operator digest: 7b0a65fd6fa9bafa3fd11bfef1a5f91f1e17d8cb8ad65b6377ffdc4d12495d01 maintainers: @@ -333,7 +353,7 @@ entries: version: 0.6.6 - apiVersion: v2 appVersion: 0.1.10 - created: "2021-06-20T21:15:53.980547+01:00" + created: "2021-06-24T09:42:08.787231+01:00" description: sops secrets operator digest: fac31d6cc862cb7b9a81aee52ba1fc4183d70bdcb7424c3dbdd087fb53246b30 maintainers: @@ -348,7 +368,7 @@ entries: version: 0.6.5 - apiVersion: v2 appVersion: 0.1.9 - created: "2021-06-20T21:15:53.979293+01:00" + created: "2021-06-24T09:42:08.786302+01:00" description: sops secrets operator digest: 01347c27e37dfff999ebcee12aae6d0aafa092d7c3b221d566cdf0abe71f4d5a maintainers: @@ -363,7 +383,7 @@ entries: version: 0.6.4 - apiVersion: v2 appVersion: 0.1.8 - created: "2021-06-20T21:15:53.977477+01:00" + created: "2021-06-24T09:42:08.785153+01:00" description: sops secrets operator digest: 6348b1b1b0e8d3df3926e437b2c0f4ad63268d26e2cb54cbecbb564102e6b19c maintainers: @@ -378,7 +398,7 @@ entries: version: 0.6.3 - apiVersion: v2 appVersion: 0.1.7 - created: "2021-06-20T21:15:53.976383+01:00" + created: "2021-06-24T09:42:08.783003+01:00" description: sops secrets operator digest: 710c1c9fa73a2ebf791fda4a608b5e29072d42c0b68c803c7bbeed54a582fd7f maintainers: @@ -393,7 +413,7 @@ entries: version: 0.6.2 - apiVersion: v2 appVersion: 0.1.7 - created: "2021-06-20T21:15:53.975385+01:00" + created: "2021-06-24T09:42:08.781556+01:00" description: sops secrets operator digest: f2a606c3837843241bb9d59adc02c38e1cca98753c602b9f758cc61d735ca7cd maintainers: @@ -408,7 +428,7 @@ entries: version: 0.6.1 - apiVersion: v2 appVersion: 0.1.6 - created: "2021-06-20T21:15:53.974319+01:00" + created: "2021-06-24T09:42:08.780609+01:00" description: sops secrets operator digest: a2bbf9b39ec5f5b82965037f8f245fb3122adbe31b1c7d336fa1f4cddb228b88 maintainers: @@ -423,7 +443,7 @@ entries: version: 0.6.0 - apiVersion: v1 appVersion: 0.1.8 - created: "2021-06-20T21:15:53.973312+01:00" + created: "2021-06-24T09:42:08.779631+01:00" description: sops secrets operator digest: b89986787f33bb6ed9fb0c658431be8646302e9c1a24537c26269c62249fa071 maintainers: @@ -437,7 +457,7 @@ entries: version: 0.5.3 - apiVersion: v1 appVersion: 0.1.7 - created: "2021-06-20T21:15:53.972242+01:00" + created: "2021-06-24T09:42:08.778593+01:00" description: sops secrets operator digest: 9467709cf6fbe8d9d779cedf15fe388af172b609f3ca452ef3d8894f39d999df maintainers: @@ -451,7 +471,7 @@ entries: version: 0.5.2 - apiVersion: v1 appVersion: 0.1.7 - created: "2021-06-20T21:15:53.969667+01:00" + created: "2021-06-24T09:42:08.777614+01:00" description: sops secrets operator digest: b54b5d8497564ddc04bd6d8b105eb0a3559e82ae1f6aab2f59ed3e426f119287 maintainers: @@ -465,7 +485,7 @@ entries: version: 0.5.1 - apiVersion: v1 appVersion: 0.1.6 - created: "2021-06-20T21:15:53.968905+01:00" + created: "2021-06-24T09:42:08.776707+01:00" description: sops secrets operator digest: 177f1ed214d6e72eda589a6ab155a417c1a4229bfda11e87f24af125a3542ad1 maintainers: @@ -479,7 +499,7 @@ entries: version: 0.5.0 - apiVersion: v2 appVersion: 0.1.5 - created: "2021-06-20T21:15:53.968148+01:00" + created: "2021-06-24T09:42:08.775527+01:00" description: sops secrets operator digest: 1535e130357afa883db0b3d30735c817d3b7d412fe5bdfd71534d0c08defa7d1 maintainers: @@ -494,7 +514,7 @@ entries: version: 0.4.8 - apiVersion: v2 appVersion: 0.1.5 - created: "2021-06-20T21:15:53.967242+01:00" + created: "2021-06-24T09:42:08.774422+01:00" description: sops secrets operator digest: 19b11dc2d1945f3c436a7d03763b4391d4a382fc13ea515d25422827d859d6d0 maintainers: @@ -509,7 +529,7 @@ entries: version: 0.4.7 - apiVersion: v2 appVersion: 0.1.5 - created: "2021-06-20T21:15:53.96649+01:00" + created: "2021-06-24T09:42:08.77323+01:00" description: sops secrets operator digest: c839e5d3374b948d27ad49643411f4891fdec44d179dea06423bb0d6e29d5e32 maintainers: @@ -524,7 +544,7 @@ entries: version: 0.4.6 - apiVersion: v2 appVersion: 0.1.4 - created: "2021-06-20T21:15:53.965712+01:00" + created: "2021-06-24T09:42:08.772081+01:00" description: sops secrets operator digest: c71f9f66be32f8b9d3c8d780b09b2455a40fd9755314004efd2bb8d379dafe3c maintainers: @@ -539,7 +559,7 @@ entries: version: 0.4.5 - apiVersion: v2 appVersion: 0.1.3 - created: "2021-06-20T21:15:53.964813+01:00" + created: "2021-06-24T09:42:08.771244+01:00" description: sops secrets operator digest: f3f2f89d4ef6018776df0a12a63dd2f9c9519b9d1ac03a9a405e31d0fd902ba0 maintainers: @@ -554,7 +574,7 @@ entries: version: 0.4.4 - apiVersion: v2 appVersion: 0.1.2 - created: "2021-06-20T21:15:53.963897+01:00" + created: "2021-06-24T09:42:08.769776+01:00" description: sops secrets operator digest: 1fd5eed318627f5ed0656f4e8ce4a25729568a1626ae313bcbe21050f5f26240 maintainers: @@ -569,7 +589,7 @@ entries: version: 0.4.3 - apiVersion: v2 appVersion: 0.1.2 - created: "2021-06-20T21:15:53.962778+01:00" + created: "2021-06-24T09:42:08.768987+01:00" description: sops secrets operator digest: 1f4f9869c75f0922e83ba5d530e101bd4252d5c1c31365800cc9d1425680cf18 maintainers: @@ -584,7 +604,7 @@ entries: version: 0.4.2 - apiVersion: v2 appVersion: 0.1.1 - created: "2021-06-20T21:15:53.961906+01:00" + created: "2021-06-24T09:42:08.767768+01:00" description: sops secrets operator digest: 6b054a4e9f261eea3cb84ee2e70b87b24780f1703e2c218ea5f69b7f82d1876f maintainers: @@ -599,7 +619,7 @@ entries: version: 0.4.1 - apiVersion: v2 appVersion: 0.1.0 - created: "2021-06-20T21:15:53.959739+01:00" + created: "2021-06-24T09:42:08.766532+01:00" description: sops secrets operator digest: 78b62ab37eac1b45f0a68a9752a3615c5d3f1c960bb4057e665923ce104931cf maintainers: @@ -614,7 +634,7 @@ entries: version: 0.4.0 - apiVersion: v1 appVersion: 0.1.5 - created: "2021-06-20T21:15:53.95895+01:00" + created: "2021-06-24T09:42:08.765155+01:00" description: sops secrets operator digest: 41baa3c580cb9d8951c18513a4f04c4dbbfad99de9c62f53de2450c0c7b76725 maintainers: @@ -628,7 +648,7 @@ entries: version: 0.3.7 - apiVersion: v1 appVersion: 0.1.5 - created: "2021-06-20T21:15:53.958026+01:00" + created: "2021-06-24T09:42:08.763259+01:00" description: sops secrets operator digest: 1103b1f7bf7af3f400c172227cd5a3659f3a03e5e8158b19ba0b25f7ed45208b maintainers: @@ -642,7 +662,7 @@ entries: version: 0.3.6 - apiVersion: v1 appVersion: 0.1.5 - created: "2021-06-20T21:15:53.957111+01:00" + created: "2021-06-24T09:42:08.762198+01:00" description: sops secrets operator digest: 15c72ba7fb09d0e980ec32fd94f56893c439c05c435281a9ab9c8bc94bd20063 maintainers: @@ -656,7 +676,7 @@ entries: version: 0.3.5 - apiVersion: v1 appVersion: 0.1.4 - created: "2021-06-20T21:15:53.956272+01:00" + created: "2021-06-24T09:42:08.760537+01:00" description: sops secrets operator digest: 025a6a6381b75286756ef55105ace6e911e5a5818b495ede6356cc8ec572aeac maintainers: @@ -670,7 +690,7 @@ entries: version: 0.3.4 - apiVersion: v1 appVersion: 0.1.3 - created: "2021-06-20T21:15:53.955449+01:00" + created: "2021-06-24T09:42:08.759757+01:00" description: sops secrets operator digest: f61b070b640169439cf4ab500047c1e356748a85871f7aeefde46d63d87d453a maintainers: @@ -684,7 +704,7 @@ entries: version: 0.3.3 - apiVersion: v1 appVersion: 0.1.2 - created: "2021-06-20T21:15:53.954613+01:00" + created: "2021-06-24T09:42:08.758955+01:00" description: sops secrets operator digest: 2b37dc4e545e8a9540f6b7693079b98bf161ec5a68899defcfc9420bdcbb33e3 maintainers: @@ -698,7 +718,7 @@ entries: version: 0.3.2 - apiVersion: v1 appVersion: 0.1.1 - created: "2021-06-20T21:15:53.953724+01:00" + created: "2021-06-24T09:42:08.758152+01:00" description: sops secrets operator digest: 2e2762b8f9d66aab0caacde225955fec8bfd5a4cc10dc6943a1de3809dda4091 maintainers: @@ -712,7 +732,7 @@ entries: version: 0.3.1 - apiVersion: v1 appVersion: 0.1.0 - created: "2021-06-20T21:15:53.952917+01:00" + created: "2021-06-24T09:42:08.757382+01:00" description: sops secrets operator digest: ce84f5b64402a582c7689cb842ba03fb10f968c38b57dc9e05f588493128019a maintainers: @@ -726,7 +746,7 @@ entries: version: 0.3.0 - apiVersion: v2 appVersion: 0.0.10 - created: "2021-06-20T21:15:53.952019+01:00" + created: "2021-06-24T09:42:08.756494+01:00" description: sops secrets operator digest: 5e4c8bc37ea2c819c55b288c0a5e76ff8c9c02be591bd53776606666af45581c maintainers: @@ -741,7 +761,7 @@ entries: version: 0.2.1 - apiVersion: v1 appVersion: 0.0.10 - created: "2021-06-20T21:15:53.951234+01:00" + created: "2021-06-24T09:42:08.755556+01:00" description: sops secrets operator digest: 50b8ebab19008dfc43de1eaee8b0f6287f7a55134585dc6ae88df2520d779f8f maintainers: @@ -753,4 +773,4 @@ entries: urls: - https://isindir.github.io/sops-secrets-operator/sops-secrets-operator-0.1.10.tgz version: 0.1.10 -generated: "2021-06-20T21:15:53.94994+01:00" +generated: "2021-06-24T09:42:08.754386+01:00" diff --git a/docs/sops-secrets-operator-0.9.2.tgz b/docs/sops-secrets-operator-0.9.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..621367adb1c9133e7bd4f72a8501c4cd19ba1333 GIT binary patch literal 10868 zcmV-)DvQ-0iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJSKPR=;QiTug|>6wA+XrpO}^&!+qq|Xz%XnGaDbUP_h#pS zu+?r2w&hrIlg^O++xMs>+45I^5JG0=wtq-yTdFFRN~MyjRN^e9Q1b10VGAvlu z-<#k}crzSFe|v;yFc=J8zkCV*4+ew!|AUurUjA+Pa`5`q;N{M%mxI3zhOb_}9{vpt z9s~KJC+7lZe;a%;u6pDCBo9vM&m`lNB_lN5ad4UzKL_3mZ^sD;_cNLbc=aQRV&qHV zKmkc3Hsh#OfSg-0yJK0vM~;g^Dp<-L7m7MAx{c+(B=NHufOTR_6M<<$GAK`COrsH^ zoF)Oy{&&tv#yvjv5+WRg5*(A_qoaPc)4*At`2;{tgh=_Q-w&yn{Tv zR5)Umk`cmb8c`nuq0^Ez|LN^G-@5M}<7prNQyk@lKb8WRKmLcq*Mm3p@&9J{W9 z@l8ZH5)9oClw!_FfM_BZnz1}Xg2ZWr1>v6KJZl@D3Cr#n3x4ZQNEEvP^EtvvP?StF z;`%I(sesbXGbGXG5{Y0aB#9)Npn&;#OcDX(7vWs67z^s-XeQCRF4_k*CX1kqz(_|v z%M*cI#3w9|0+cWzTM)B=jwuNoU2IR58lj=%&=`kgQ{e=pgy8QOoVc(maY#$|CB|90b44;KvB9v7Nazy zQ_Z+rl38@CW}f9yq-&4R`(G8f(<#X^8W0W)b`A3b$-zwWRcT_y3;B)j97+l^Bb~5alGlI zEU>_h(C?oehm&kdeX{F=j1+x72d$V8q-!CpsyPVZI$!{EPCn!$CuodmL;{o%pCvwx zs1jb9pqM7PARIl9X@Z8E9(o?=!TV~{$yDv#u^`z9z0xqxu$TZ*7@Fp@WK2U3ohH!? z$r?11!*YyRE?hQt{V3;xWS&zNmaQa-9L&K8jd8@KJf~PpMjFL23qzWONEOdBMJ^}4 z`acgt!ev(~1p`WAN+OoRpnJyxf}WGaX93B+_gTVOL=M!??TCfPvh4T!}+WAH#UJ~fOdrBXB!CMlRaYiMLQ9i*vW)PQB>~8SpL4-t1kg|< z>ERMQP5g{tE*n=+;~-UFge1ylJFoz?jBnVKXk@@zAz8~oDf>7TxfHX4V^!)mJqKBp zjukri<~S3ABQZJ4*p0O0H2TX4jIfMw4!ld{XGD@9Wi%1!hN^a2Lr5Q_L1e>Y8O-%sO6C6XgD^&<6r3?Z#vCi|Oc#`T zUaBXa5?@WfNPilRP?(0puZv^{kn9*9@13Ey?=HId?572vPox%#@QoZ;(x9qLKA3YF z0`H!VWmA9G_tnI`2ZR3v7ET)*wq%5U>S=nerIn{dWg7`;^(i@sa}L%}0bELhlBLQV zXNZx?52bh(F}OzI zdyisSNcHIjw09=EARvhxoE%L^Mx^4+IcdR$Zb-!LWVgxhs$mL^RE3IW$F!f0k>quq zEHg5tnbIjMmn6Z7INF!|Q}r)2gVKy9K233?sgM?=Dje9%--{>#0MB>JwJti^-)urW zYeMu@?G}jI%$x(Is9uwZvlbx$$iAs3afiC+a_Z0WM9`RQ zBTfuUVbj3TaCZ4YGW{86yh`51!QT17<<;T&!NKLx36RDuKEyMWNUG*&!UA%kOPXb`pJ!Ce_E;jw$8z0!0230beeRs8 zemdHhm}M_wDF|7f?DC(uTqF%&3&vTl&>9x#?=C<(U&YDS#@15 zXSn8ufFsJ1F!(K|;qh47SNDJ43}3!n@BcoDox$MMy8oZ#`Th6)7Mjv{gg6mk?TA@QzL(ZE_9tY7w)&qxJF=8>@G*ti zeWLbZ&H5DPX3x>(Txk=~grHu#6G7JOA-60G_JgM!&R~XnKP$V;-r_~~QcWg4di?_a zr13>Q9@CGg=a#^veIox>)EfO;;27u9l=+b3NH1K|6x!iAzYql-$_t4@wuz$~;$x}1 zIg1H;o8OQuA%bw#`Y|O@pfwnD zA1&S8P^Z_~IGgwCZ|&ws_u%)!K0&?z*+adn-b2P3i({7P4XR;3k4oTlDwF~B^^ z`f9cF`|olw5aq!Fed3|dpPdPbVvkSyz=~z+YMw#mCIvL%LasglQdK&v0i~F^TZB!t z!zuy?B&bG}d-Ne^q5vy-+X^Md2@Xl%-pr~rneB*L-z=s77tQ~$2X>_jJTx9)!TdiQ zH0J-|aIlX5d6GxVvD8LJDMOc=jbQX#F8OPp8hclpQuc0X5{&ewpHqn|8ago%IKTpr ziU^)nhPDfMbqNP)MKf|1!!Sz5L-&X#fn3zTl(Zs*(4#1wc0luWhYBn@P4S1EI9y~j z3HLQ`%KcecvBGupNntIwT^j|9olvWw*Pvjl(ybiwVoc7P+kh#HlJKyPygK|F+hx3RU+gx2dd zE2~}A7^fV5YKk8SOxNynfkj>e62heDq7(~%0)ORcfCXtnCR36KUN*NKmnyXcp)pIS zU~>NQe3lW$J)gyGw1a)BOLq{joZC$tI$F*vLjzk7u#~s5R|A!Q1|%Z-PlGa|yn}J_ z&pUYerS$a2G{F)5MC$GC>Y`QQuOtx7*?krLe{~~COTty>fkpejZ(h~ne|L6X4_~kK z|5H2*^nXLG|F;r>K{IQ+1kIR zZY0F^*tBwFRTiy_DipiC)#}UdG=zRy?lV{e=dZl!a7$+1Z(R1)z3a?jcC9(G)e1g- zS5w>ySX5!lqcY|ptU<{1w3>n;#Lu*>ehjTd)i|J5kRX8=2BCYD*vv5BD-5Zg^E!E` z$Q#(U#gm5i`btxtP_f6#Gth=^6Z9#+yYWm@ReaV>9-)BTP@IfzU`0{?eAYY#SeEcv z9Ai1!-*5D9Xwv7Cjcv5y`tn~tMecEi`cs_s&2B@OhNj*9t;VPR#;+FaDU0%$yptTX z+NAc4is;ok2&Ba$^ZYE_Y=eR|EZixbwyvcmr>!YE|g%xvn~K>B2$9YDHU# z*yl36lx3o(OrDwG@QC1mWC(0A$`Xj8mbxxuQA9GNIpV3}GznD*9Yny9gzM9>89|gI zmP9i+3X6R~r=$%`y)g>A3)mYi)hDLifIun|7vl53uh^93k?LCe0Kg}ly5^{{Rn45< z)t|a*Ml5vUY;9Xz_|R3eJS^J{pmw0P2CAl(tfS!_+NtNdWg#1%RW+4ks0?PR<7$TLX1FoIYT?n#L zz6z{38oV->WX;(VGpV5V5xG>toWmxPOsi}#lfc>O{?*CuyMr1Z;PBTE8H?-8Ln^XY z@71?{Q&WdovUxhiNBJyki8KG3ciUgw!&QP5V0P5zT7%> z69Od{6VyE2yMVUu7ei>n+`^&aNaw$PIzPC&JUH1sxx6~sUtXMxbCVq+UD!%C{WT)g zb4#Qtq{GnW5V?1JbntD7G$C+{iBv~XzcHZ~#^F#tbH+=DA*@f@cF9kdG5k2K^?2vd zuv%Ldd`o6+OJ&v6cxUfsx zrtgj}ZLIK{o!P~rG}JOUTo%jDmtfiHz+zh$Bu>R_pJw{tdMC4%+dr76L>4!oO$)XX zQ`yqC4_ueUD#x%LTQKHrWiOVL+G*{k)U=%TR*!XF+v=@4yrPuNI{OIsqPkGbt~_3% z=D1#MG24rS-KA5-9OwR0c31FNXUoe{_JQ+{r@00@S^y?mv093 z`0rP**YST(@~ja5U3i9Tk#kkwWkvL>el!o)J(*oz%l3r4)OkAH7MqL_vW z%g7_(STz1$*W>@>@PDx$|4;EeLuXhBlBo{*cge2%Drx7H&OtF89L&A#$z&uY= zmI;pdghUYvBX*<0D`*mKql`otw&!6xxO|V3z1pd0Mp=Bdi`I)j4&M@q_8V%G z_VIsyu)F{6z>9-N!7+dQ?+hCGKZdUc!}a)olIK}R@_c9MRR7MiXXrwuXWnB0ahxsm zzaElr{~rM9^7y~@&;QGDuCK3kHeKiMDs!=jOajaz-d^1(U=_e=8qJV9)+G1+EZ_$7 z)pUrXbb^OhIOp$3&Uq+L!wd%mxh_O0MG@dojA*C5kN&TNkn2{dl0>L% zbe^4O?)v)LasD9{Y(~&^v%s~^a|jOxx z#-CUMolI_dAJz?`pL3FhISoi(r&x0}D6^I1!jaO6h@(ws3le)a=!vN6ERoR5961W)sNb(d{%sm=N?{Dw>i4oy23)SRJKjU$qj(q^S!r zQS!qxDfd$RRnRJWF9p7}SvkL>!k_eIflW;YlveC&ts`ktSw(nXWQ6o%EF011Lb6|h zauC`=yOA_o!1{?K5jvNAE70G>O+=G^nQvYKIL%DrNwFU|76`;qLSH_L#KpMOLL^uMJ0uC+3VX@>iklZNVx_zeBCNK z*J$s2zwD_=G0mucJls2TN^0a-Hp5OYB0F0pm}!u+g$}5gkPM}{O5)fC=l@)so`BJZ zXrk_<(Ah&Rb*#R#%*;I4=1)DnETsLUiMkX6()vg(t0^cmX5m7Q8N3!k&xFl@K2(Wr zVJ6;FgL#HH5uhFHY|Sb_=~`B>VOfl|p!g>nldlxpQ ze%ISmJuyp3Z-jcaZKK|{F5r18MCY@b38ne40AE|8T-Y+lMV?-hEfyT{0QW)S{7}I) zIYdD}e-s(E*{rpboKq~aaGB$onv|r;hCmZMRmuKw1koF{8cHItC~BAAo0AjBWlFM` za&9tU%CVwzCj%D_ic6UK`=v6Fnn($T($E*DXBXAXwXGU0W}j#jVVE(Vnd_aB&;=!{ z{qwhE=1$cG3zb2tQX``>XEHk4hw)QQC2casHWM)a5y!B$B<7CdO2k9wI0hLCD-skE zbbU)^+!G(gwGy>9sn=wxiLR{RY@uJ|B40_r{AS6sl#*-XWxdv!-&L+$3dwTYtPpf9 z#pG)D@ZjqFVDISc=-}k?;u`pOU3Iot5W&{5$#Q;R8Oq3*WF(Q6G$A9|==ai6DsK!! zg0ZMo27jOtyI?}li1cwtq?CcpQ(Q;F5;Re1*)_PuqP(-y6lMi_H{uLvMDLH8k0T^4 zU&&0xZXA+dpGz}Yl2WdzH^G$oDWR>#%q2s)`P5fQ3*hs0JacvKz-vosjcQ9JwTMaV z#fwsjmlI+_RCR)44%w$AY)f8z7N;zM%*vQ^=2N&5q8J}aK$J-uK?V6%)1_>*y^1{z zc*|KvsF+a7g{oN?-|}^eGaM5^GH!B9UbHDM;XUs10bxxd**@k1l5^ zLHEUFSMsmoUORN}+`IBo|C;|Qf59*3zRU)Ej~JXNNB8LZ_s`epeqpv?1oc5DR4VsO zv`TN(>uvY!kP!7oYlq$lvMF!(np2`GXF_x2FQ90dTMkO9%EVFkNF5NB?2>v?cCTumBa=wVGrtf58I4E5cLmRTlqybp8HU z=#8bb`U9Mn6r6R+R=70_K!$!=6TM|c%eMNOZ^}rCLiFa|m12mQ*L_P~p;Cfs28=Wr z_SpA~6xeIWr0aN};C7W(Qmhb`Ze~2nB{K?r8ZMA89X!$-^};k9_RNbN^iZ}b#F_McW*R&wcV>kYWGGv1L)X! z7i~3hLNNM0q6r}TZt&d@wDE)Q{%T?A6ZDszaGdp?6;A zXu+`#_Eq4_-LY!}U(5^TiNFd#xM{MjB9t`s?6bJ_DeoZ{O#_Ngk{lGz68pX&z2O4I76vMP;Kf>Ukfquj3uBs|oX zY`Mf$!Ly?lJ61zWT{r{K8VL*P@E-AMS3p>abSmu#Wjfr?zrIBQuoF%c(-h26D_<(C z0a~XG3xKcG6!Qf)!)oAVOnRNQ^Dc&h%8fGybv^&J?h&hESE0Hq;$GtRFN38uEVjkO zY`^xX6^aQ3IU;r{=?k;MrX2roaYgVpD>aGqUxXs!>wbbqm(pza5wp?`#@a_25 zdgm>DLle4p9CHaH!TzM&EV6uw*RIQnK(}P}J#_E;?c&d0uMy6|TwUwM&^7Fn>0PpG z5BjEKuv>bhu>@RJFC2r4>@K+_;-4_e*8>Pu-$Y zqvIcFYwMDxTU#UaPnH89vx9Gj_j^l@e|>KK*!+_G|90Gjm5J1foZu@&0?&{CdG&fQ zsONuv@oKQX|K~{_$8}w&ngoiHkAfuNGioMy1{Hg*XNP?VOMrb|J4I9_su$_pChDNR zv@77qI7Ancta3TVbl|=Ah7MB8R?3n~8WS#XoQ{yR@Etpggb~A*e7PojP^eA~v}V)= zZ=j-12Q{;lTj%hkntEINaIEqLBa}vYhNDp}?=VuP(n$$fW$IO*XcFcT&g@DKLfmI5 z8KELoXrL1La>F|p1tiUgFD)@E4TWNZ320IX{0WJ%IZMD&lI)%x{ruvh@*1I_-1fGc zhN#kIs(7KxtOlapv!en^nn_h5X!S6hB}SDaauu8#k}Q4kiMk+$8|z)ZlLn`v0X8!z zmljk;cyVVYsyu9raH1zE5B6oH#??la&ypzt+tp`bLO&I-xtXq1tWpi8TmobXj+A0o zS31U6t{-74%o7WqR=DUL%aq@6ge-TG89qLX<2<2a)`yWmZ*svh-VdaO-{&-Rapq5` zAilKY`#7a8keY>{(PmCMKe)Io z4S(4gb?z(Ups2{pE|3hP$(UrS6Jg0OVHO)TFzLaDe+?+lZ(=HVamyua=Int^0b3F> zSqC0EO3)sTNwkMK`RW}YIn7;6IM_t}? zJ8d4_tsu}IlKO6aqY@P)Zs2H#_BQ56g2crLFPtzc7Va&X86(QK{JJfmC2)ahR2RMZ z4Ofre?Y+W{3>mG2pDJlKlMm9F;M<;#UN0Y#_+2;`)&=GM(8|Eyt2~RAYI520s$YIO zKYlRcHqF0u{f?1gf5cgaXSHuybVzW;;f}Heg03$zgXL%$0bma>qwP9qXr({&)2rLI zfl})+Vx^>=#N>}0TbEb><^;&f#a&v@Ts)Y zEP0KKUW&G0ESh7CEHCn1>xv?aaw|#JaK1>1uMe3t_}49+`V3W(EMSrKW%lKDd9?&J zF;OLUZbdGXk%=uGcF~g36fHe=%jRDig6#c>7^jjf%b8GICRKkH&XD!}u$Cf4MA+E^ zU}%}4SD$*ToA&CIoM6p3;kg5+V`Kof#!~mGnzkYJFLai6G18&W1|WpjlHJ5;JED)R>VQcZ>eONnj^@>xne z6Qm5cwd5a&ht3%1^d{<-GqnwADr}>wh}92X3U*79dLb2u_$;_!8KkNQKe~FA-!!u7X+l*p zFSnwPU}JudMR}YQ4i+hSDj%z-YI-r@9EYZZl&9pvT#|^|gkrIaMI|v?yI9sP7X7SU zENd4FJW``A*wqWkL-!gMEiArlAJnHQg%f1$5Gsv0Cq9AFdQEPkcjYR*wmye-IDPtc z_}ba^XWS%OJG)vx&UbcYBqWP`UFWjQGOjL_(~G6NLn!r3UkRy|i(cg8OitY#Q2{z2 z#Z{aWd)3!ob^BR+)z@D2wO4)ZRbK|m+N)l9)?W1opb_1?mlxPV9!EGtf<#eqVV+K<3^y_=IQkMk`%-|G zb{N03+O+H19KK;JBDh+A9iQ=);xo!O^TRVru3=y5H4>cE^H=wJ@WZ60hMzu5)P%uD z=>4ybLQI06O@e9p@>?e$Uq9dUY0v*J2p7C>eqPC+E9CpHKlAhdzZedOZ)*Af2QOdk ztn>dr#pAlJ!*eR6#%f-P4Hw#Sr;_2#Eee82I1ZEO<}qba0DH23#drC02(N=>`9N|DXMZSDb0 zs@ORx`~&vgW+U|KF^PMnxCFQOmivkY!L|2RoD7LmF+(>q!@91C<3N^MT4HP(>Ri(U zv`!Ko0~d=+`s>WAUS(HOf^Ym0`tadH@xl+t2z~nWX?6C_Z^wM`uTxQ>1p3Che6+mX zMscQboZVQHi1{*Od1ilWY1#=BU(mXh zI=&Ue`@ydrCP2MeUxa1Yg~etONK*YeIJi9W`Q_>U=?LyON50fWQrgtznNc2)cHQck z>(DpT6aV*Y|Z16UxKXAKld8yk!^E-A?mZ@KJ6wE>Q3#h89iZ1wU_OSwk1=``>|VR zkdor^+G?p|mFn~K1&&@qM89HD3LMH+$IBgWP`oQ|1s@?gK4Ica9ZC5LeKn6^4b)#j zGCCPF(mbgN`IJR@tZ#5_nA5r|mDK@O?YLUuQI%h{eG1PzMOO!5p`TXhnWqN*bR{+T z&~CBGmcN0nGb|>}uIf*5roCmnA2JpezNp7TKS%u)YwhrsxP0mxPgWjsZKK%t0xznK+JUUgY@MNcJ ztZC16W4Li5>O-x1b9XtUl<7TYtRSY~*9i6cMELzNW4+?5f^(u5XjZhxHyNy&yeAr@ z5|iGSRu&6Mrf7<@azZTUIo(AZu_T%ymXP9>^~dEFNv88R8B725by<64Tf(ueUoJRe)#Kr#w)fjWIb z3gcYuO5|LyxT)*uxU_N)lIhQ~^I--|$emrf-7eNO>XxyR^{d14gM-VXlfw=>SX1wY z86lM;P6by+sP@eu*gZMD{PE!YY8ga0VPZnEm9hP0t<5&nU5s2v!F&nUqS)Yh`6P>k z0j<#OPeg5(MA-u^VToC3wv9RRQDpcanIZ}&{1y*6Q=vZ8c7M6Jy4Zhvb$q(Jf3O_ynI~vgsYewsgIT$3_s+UV(PUIhJkeHyjj*#vUE5^p+=H+7hEmd9 zQ^m;~6D;&oV}LE>luD3e=7tu(+yc%)>8Zc#`^xa$14yMMRW?tO^`~ZbOLMw3onoit zvYu)m$l11?gLvi^ORUG)vHjLutv9EL&{#0sD@m1GY`$QZh5ebuzn`1a@P^OnYaot|F?(c=Dp zR`W_N7`+uq;0SXxmbE%p^nXB4*Gh6>le&D@6r_IZ<1FiE{j8t$vwoI*{(k@f0RR8Z KId{bX9svN)q+#s< literal 0 HcmV?d00001 diff --git a/main.go b/main.go index a8d29115..9a58fa4e 100644 --- a/main.go +++ b/main.go @@ -21,6 +21,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" + isindirv1alpha1 "github.com/isindir/sops-secrets-operator/api/v1alpha1" + isindirv1alpha2 "github.com/isindir/sops-secrets-operator/api/v1alpha2" isindirv1alpha3 "github.com/isindir/sops-secrets-operator/api/v1alpha3" "github.com/isindir/sops-secrets-operator/controllers" //+kubebuilder:scaffold:imports @@ -35,6 +37,8 @@ func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(isindirv1alpha3.AddToScheme(scheme)) + utilruntime.Must(isindirv1alpha2.AddToScheme(scheme)) + utilruntime.Must(isindirv1alpha1.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme }