UNPKG

cdktf-crd

Version:

github.com/glacion/cdktf-typescript-crd

glacion/cdktf-typescript-crd

316 lines (315 loc) 16.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
import { Manifest, type ManifestConfig } from "@cdktf/provider-kubernetes/lib/manifest"; import { Construct } from "constructs"; export declare class KubernetesExternalSecretV1beta1Manifest extends Manifest { constructor(scope: Construct, id: string, config: KubernetesExternalSecretV1beta1ManifestConfig); } export interface KubernetesExternalSecretV1beta1ManifestConfig extends ManifestConfig { manifest: { apiVersion?: "external-secrets.io/v1beta1"; kind?: "ExternalSecret"; metadata: { annotations?: { [key: string]: string; }; labels?: { [key: string]: string; }; name: string; namespace?: string; }; /** @description ExternalSecretSpec defines the desired state of ExternalSecret. */ spec?: { /** @description Data defines the connection between the Kubernetes Secret keys and the Provider data */ data?: { /** @description RemoteRef points to the remote secret and defines * which secret (version/property/..) to fetch. */ remoteRef: { /** * @description Used to define a conversion Strategy * @default Default * @enum {string} */ conversionStrategy: "Default" | "Unicode"; /** * @description Used to define a decoding Strategy * @default None * @enum {string} */ decodingStrategy: "Auto" | "Base64" | "Base64URL" | "None"; /** @description Key is the key used in the Provider, mandatory */ key: string; /** * @description Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None * @default None * @enum {string} */ metadataPolicy: "None" | "Fetch"; /** @description Used to select a specific property of the Provider value (if a map), if supported */ property?: string; /** @description Used to select a specific version of the Provider value, if supported */ version?: string; }; /** @description The key in the Kubernetes Secret to store the value. */ secretKey: string; /** @description SourceRef allows you to override the source * from which the value will be pulled. */ sourceRef?: { /** @description GeneratorRef points to a generator custom resource. * * Deprecated: The generatorRef is not implemented in .data[]. * this will be removed with v1. */ generatorRef?: { /** * @description Specify the apiVersion of the generator resource * @default generators.external-secrets.io/v1alpha1 */ apiVersion: string; /** * @description Specify the Kind of the generator resource * @enum {string} */ kind: "ACRAccessToken" | "ClusterGenerator" | "ECRAuthorizationToken" | "Fake" | "GCRAccessToken" | "GithubAccessToken" | "Password" | "STSSessionToken" | "UUID" | "VaultDynamicSecret" | "Webhook"; /** @description Specify the name of the generator resource */ name: string; }; /** @description SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. */ storeRef?: { /** * @description Kind of the SecretStore resource (SecretStore or ClusterSecretStore) * Defaults to `SecretStore` * @enum {string} */ kind?: "SecretStore" | "ClusterSecretStore"; /** @description Name of the SecretStore resource */ name?: string; }; }; }[]; /** @description DataFrom is used to fetch all properties from a specific Provider data * If multiple entries are specified, the Secret keys are merged in the specified order */ dataFrom?: { /** @description Used to extract multiple key/value pairs from one secret * Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef. */ extract?: { /** * @description Used to define a conversion Strategy * @default Default * @enum {string} */ conversionStrategy: "Default" | "Unicode"; /** * @description Used to define a decoding Strategy * @default None * @enum {string} */ decodingStrategy: "Auto" | "Base64" | "Base64URL" | "None"; /** @description Key is the key used in the Provider, mandatory */ key: string; /** * @description Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None * @default None * @enum {string} */ metadataPolicy: "None" | "Fetch"; /** @description Used to select a specific property of the Provider value (if a map), if supported */ property?: string; /** @description Used to select a specific version of the Provider value, if supported */ version?: string; }; /** @description Used to find secrets based on tags or regular expressions * Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef. */ find?: { /** * @description Used to define a conversion Strategy * @default Default * @enum {string} */ conversionStrategy: "Default" | "Unicode"; /** * @description Used to define a decoding Strategy * @default None * @enum {string} */ decodingStrategy: "Auto" | "Base64" | "Base64URL" | "None"; /** @description Finds secrets based on the name. */ name?: { /** @description Finds secrets base */ regexp?: string; }; /** @description A root path to start the find operations. */ path?: string; /** @description Find secrets based on tags. */ tags?: { [key: string]: string; }; }; /** @description Used to rewrite secret Keys after getting them from the secret Provider * Multiple Rewrite operations can be provided. They are applied in a layered order (first to last) */ rewrite?: { /** @description Used to rewrite with regular expressions. * The resulting key will be the output of a regexp.ReplaceAll operation. */ regexp?: { /** @description Used to define the regular expression of a re.Compiler. */ source: string; /** @description Used to define the target pattern of a ReplaceAll operation. */ target: string; }; /** @description Used to apply string transformation on the secrets. * The resulting key will be the output of the template applied by the operation. */ transform?: { /** @description Used to define the template to apply on the secret name. * `.value ` will specify the secret name in the template. */ template: string; }; }[]; /** @description SourceRef points to a store or generator * which contains secret values ready to use. * Use this in combination with Extract or Find pull values out of * a specific SecretStore. * When sourceRef points to a generator Extract or Find is not supported. * The generator returns a static map of values */ sourceRef?: { /** @description GeneratorRef points to a generator custom resource. */ generatorRef?: { /** * @description Specify the apiVersion of the generator resource * @default generators.external-secrets.io/v1alpha1 */ apiVersion: string; /** * @description Specify the Kind of the generator resource * @enum {string} */ kind: "ACRAccessToken" | "ClusterGenerator" | "ECRAuthorizationToken" | "Fake" | "GCRAccessToken" | "GithubAccessToken" | "Password" | "STSSessionToken" | "UUID" | "VaultDynamicSecret" | "Webhook"; /** @description Specify the name of the generator resource */ name: string; }; /** @description SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. */ storeRef?: { /** * @description Kind of the SecretStore resource (SecretStore or ClusterSecretStore) * Defaults to `SecretStore` * @enum {string} */ kind?: "SecretStore" | "ClusterSecretStore"; /** @description Name of the SecretStore resource */ name?: string; }; }; }[]; /** @description RefreshInterval is the amount of time before the values are read again from the SecretStore provider, * specified as Golang Duration strings. * Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" * Example values: "1h", "2h30m", "5d", "10s" * May be set to zero to fetch and create it once. Defaults to 1h. */ refreshInterval?: string; /** @description SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. */ secretStoreRef?: { /** @description Kind of the SecretStore resource (SecretStore or ClusterSecretStore) * Defaults to `SecretStore` */ kind?: string; /** @description Name of the SecretStore resource */ name?: string; }; /** @description ExternalSecretTarget defines the Kubernetes Secret to be created * There can be only one target per ExternalSecret. */ target?: { /** @description CreationPolicy defines rules on how to create the resulting Secret. * Defaults to "Owner" */ creationPolicy?: string; /** @description DeletionPolicy defines rules on how to delete the resulting Secret. * Defaults to "Retain" */ deletionPolicy?: string; /** @description Immutable defines if the final secret will be immutable */ immutable?: boolean; /** @description The name of the Secret resource to be managed. * Defaults to the .metadata.name of the ExternalSecret resource */ name?: string; /** @description Template defines a blueprint for the created Secret resource. */ template?: { data?: { [key: string]: string; }; /** @description EngineVersion specifies the template engine version * that should be used to compile/execute the * template specified in .data and .templateFrom[]. */ engineVersion?: string; mergePolicy?: string; /** @description ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. */ metadata?: { annotations?: { [key: string]: string; }; labels?: { [key: string]: string; }; }; templateFrom?: { configMap?: { /** @description A list of keys in the ConfigMap/Secret to use as templates for Secret data */ items: { /** @description A key in the ConfigMap/Secret */ key: string; /** * @default Values * @enum {string} */ templateAs: "Values" | "KeysAndValues"; }[]; /** @description The name of the ConfigMap/Secret resource */ name: string; }; literal?: string; secret?: { /** @description A list of keys in the ConfigMap/Secret to use as templates for Secret data */ items: { /** @description A key in the ConfigMap/Secret */ key: string; /** * @default Values * @enum {string} */ templateAs: "Values" | "KeysAndValues"; }[]; /** @description The name of the ConfigMap/Secret resource */ name: string; }; /** * @default Data * @enum {string} */ target: "Data" | "Annotations" | "Labels"; }[]; type?: string; }; }; }; status?: { /** @description Binding represents a servicebinding.io Provisioned Service reference to the secret */ binding?: { /** @description Name of the referent. * This field is effectively required, but due to backwards compatibility is * allowed to be empty. Instances of this type with an empty value here are * almost certainly wrong. * More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names */ name?: string; }; conditions?: { /** Format: date-time */ lastTransitionTime?: string; message?: string; reason?: string; status: string; type: string; }[]; /** * Format: date-time * @description refreshTime is the time and date the external secret was fetched and * the target secret updated */ refreshTime?: string | null; /** @description SyncedResourceVersion keeps track of the last synced version */ syncedResourceVersion?: string; }; }; }