@firestartr/cli 1.50.0-snapshot-1 → 1.50.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/index.js +247 -138
- package/build/packages/cdk8s_renderer/src/claims/base/schemas/index.d.ts +91 -68
- package/build/packages/cdk8s_renderer/src/claims/external-secrets/external-secrets.schema.d.ts +91 -68
- package/build/packages/cdk8s_renderer/src/claims/external-secrets/index.d.ts +91 -68
- package/build/packages/cdk8s_renderer/src/validations/crossReferences.d.ts +2 -0
- package/package.json +1 -1
package/build/index.js
CHANGED
|
@@ -302525,94 +302525,116 @@ const ArgoCDSchemas = [argocd_schema];
|
|
|
302525
302525
|
$schema: SCHEMA,
|
|
302526
302526
|
$id: 'ExternalSecretsProvider',
|
|
302527
302527
|
definitions: {
|
|
302528
|
+
SecretStore: {
|
|
302529
|
+
$id: 'firestartr.dev://secrets/SecretStore',
|
|
302530
|
+
type: 'object',
|
|
302531
|
+
properties: {
|
|
302532
|
+
name: { type: 'string' },
|
|
302533
|
+
kind: {
|
|
302534
|
+
type: 'string',
|
|
302535
|
+
enum: ['SecretStore', 'ClusterSecretStore'],
|
|
302536
|
+
},
|
|
302537
|
+
},
|
|
302538
|
+
required: ['name'],
|
|
302539
|
+
},
|
|
302540
|
+
ExternalSecretsSection: {
|
|
302541
|
+
$id: 'firestartr.dev://secrets/ExternalSecretsSection',
|
|
302542
|
+
type: 'object',
|
|
302543
|
+
properties: {
|
|
302544
|
+
refreshInterval: { type: 'string' },
|
|
302545
|
+
secrets: {
|
|
302546
|
+
type: 'array',
|
|
302547
|
+
items: {
|
|
302548
|
+
additionalProperties: false,
|
|
302549
|
+
type: 'object',
|
|
302550
|
+
properties: {
|
|
302551
|
+
secretName: { type: 'string' },
|
|
302552
|
+
remoteRef: { type: 'string' },
|
|
302553
|
+
},
|
|
302554
|
+
required: ['secretName'],
|
|
302555
|
+
},
|
|
302556
|
+
},
|
|
302557
|
+
},
|
|
302558
|
+
},
|
|
302559
|
+
PushSecretsSection: {
|
|
302560
|
+
$id: 'firestartr.dev://secrets/PushSecretsSection',
|
|
302561
|
+
type: 'array',
|
|
302562
|
+
items: {
|
|
302563
|
+
type: 'object',
|
|
302564
|
+
properties: {
|
|
302565
|
+
data: { type: 'object' },
|
|
302566
|
+
template: { type: 'object' },
|
|
302567
|
+
secretName: { type: 'string' },
|
|
302568
|
+
refreshInterval: { type: 'string' },
|
|
302569
|
+
generator: {
|
|
302570
|
+
type: 'object',
|
|
302571
|
+
properties: {
|
|
302572
|
+
name: { type: 'string' },
|
|
302573
|
+
kind: {
|
|
302574
|
+
type: 'string',
|
|
302575
|
+
enum: [
|
|
302576
|
+
'ACRAccessToken',
|
|
302577
|
+
'ClusterGenerator',
|
|
302578
|
+
'ECRAuthorizationToken',
|
|
302579
|
+
'Fake',
|
|
302580
|
+
'GCRAccessToken',
|
|
302581
|
+
'GithubAccessToken',
|
|
302582
|
+
'QuayAccessToken',
|
|
302583
|
+
'Password',
|
|
302584
|
+
'STSSessionToken',
|
|
302585
|
+
'UUID',
|
|
302586
|
+
'VaultDynamicSecret',
|
|
302587
|
+
'Webhook',
|
|
302588
|
+
'Grafana',
|
|
302589
|
+
],
|
|
302590
|
+
},
|
|
302591
|
+
apiVersion: {
|
|
302592
|
+
type: 'string',
|
|
302593
|
+
},
|
|
302594
|
+
conversionStrategy: {
|
|
302595
|
+
type: 'string',
|
|
302596
|
+
},
|
|
302597
|
+
outputKey: {
|
|
302598
|
+
type: 'string',
|
|
302599
|
+
},
|
|
302600
|
+
},
|
|
302601
|
+
required: ['name'],
|
|
302602
|
+
},
|
|
302603
|
+
},
|
|
302604
|
+
required: ['secretName', 'generator'],
|
|
302605
|
+
},
|
|
302606
|
+
},
|
|
302528
302607
|
ExternalSecretsProvider: {
|
|
302529
302608
|
$id: 'firestartr.dev://secrets/ExternalSecretsProvider',
|
|
302530
302609
|
type: 'object',
|
|
302531
302610
|
description: 'A external secrets claim provider',
|
|
302532
302611
|
allOf: [
|
|
302612
|
+
{ $ref: 'firestartr.dev://common/ClaimProviderEnvelope' },
|
|
302533
302613
|
{
|
|
302534
|
-
|
|
302535
|
-
|
|
302536
|
-
{
|
|
302537
|
-
type: 'object',
|
|
302538
|
-
properties: {
|
|
302539
|
-
secretStore: {
|
|
302540
|
-
type: 'object',
|
|
302614
|
+
anyOf: [
|
|
302615
|
+
{
|
|
302541
302616
|
properties: {
|
|
302542
|
-
|
|
302543
|
-
|
|
302544
|
-
type: 'string',
|
|
302545
|
-
enum: ['SecretStore', 'ClusterSecretStore'],
|
|
302617
|
+
externalSecrets: {
|
|
302618
|
+
$ref: 'firestartr.dev://secrets/ExternalSecretsSection',
|
|
302546
302619
|
},
|
|
302547
|
-
|
|
302548
|
-
|
|
302549
|
-
},
|
|
302550
|
-
pushSecrets: {
|
|
302551
|
-
type: 'array',
|
|
302552
|
-
items: {
|
|
302553
|
-
type: 'object',
|
|
302554
|
-
properties: {
|
|
302555
|
-
data: { type: 'object' },
|
|
302556
|
-
template: { type: 'object' },
|
|
302557
|
-
secretName: { type: 'string' },
|
|
302558
|
-
refreshInterval: { type: 'string' },
|
|
302559
|
-
generator: {
|
|
302560
|
-
type: 'object',
|
|
302561
|
-
properties: {
|
|
302562
|
-
name: { type: 'string' },
|
|
302563
|
-
kind: {
|
|
302564
|
-
type: 'string',
|
|
302565
|
-
enum: [
|
|
302566
|
-
'ACRAccessToken',
|
|
302567
|
-
'ClusterGenerator',
|
|
302568
|
-
'ECRAuthorizationToken',
|
|
302569
|
-
'Fake',
|
|
302570
|
-
'GCRAccessToken',
|
|
302571
|
-
'GithubAccessToken',
|
|
302572
|
-
'QuayAccessToken',
|
|
302573
|
-
'Password',
|
|
302574
|
-
'STSSessionToken',
|
|
302575
|
-
'UUID',
|
|
302576
|
-
'VaultDynamicSecret',
|
|
302577
|
-
'Webhook',
|
|
302578
|
-
'Grafana',
|
|
302579
|
-
],
|
|
302580
|
-
},
|
|
302581
|
-
apiVersion: {
|
|
302582
|
-
type: 'string',
|
|
302583
|
-
},
|
|
302584
|
-
conversionStrategy: {
|
|
302585
|
-
type: 'string',
|
|
302586
|
-
},
|
|
302587
|
-
outputKey: {
|
|
302588
|
-
type: 'string',
|
|
302589
|
-
},
|
|
302590
|
-
},
|
|
302591
|
-
required: ['name'],
|
|
302592
|
-
},
|
|
302620
|
+
secretStore: {
|
|
302621
|
+
$ref: 'firestartr.dev://secrets/SecretStore',
|
|
302593
302622
|
},
|
|
302594
|
-
required: ['secretName', 'generator'],
|
|
302595
302623
|
},
|
|
302624
|
+
required: ['secretStore', 'externalSecrets'],
|
|
302596
302625
|
},
|
|
302597
|
-
|
|
302598
|
-
type: 'object',
|
|
302626
|
+
{
|
|
302599
302627
|
properties: {
|
|
302600
|
-
|
|
302601
|
-
|
|
302602
|
-
|
|
302603
|
-
|
|
302604
|
-
|
|
302605
|
-
type: 'object',
|
|
302606
|
-
properties: {
|
|
302607
|
-
secretName: { type: 'string' },
|
|
302608
|
-
},
|
|
302609
|
-
required: ['secretName'],
|
|
302610
|
-
},
|
|
302628
|
+
pushSecrets: {
|
|
302629
|
+
$ref: 'firestartr.dev://secrets/PushSecretsSection',
|
|
302630
|
+
},
|
|
302631
|
+
secretStore: {
|
|
302632
|
+
$ref: 'firestartr.dev://secrets/SecretStore',
|
|
302611
302633
|
},
|
|
302612
302634
|
},
|
|
302635
|
+
required: ['secretStore', 'pushSecrets'],
|
|
302613
302636
|
},
|
|
302614
|
-
|
|
302615
|
-
required: ['secretStore'],
|
|
302637
|
+
],
|
|
302616
302638
|
},
|
|
302617
302639
|
],
|
|
302618
302640
|
},
|
|
@@ -303313,15 +303335,19 @@ function validatePermissionsUniqueness(crs) {
|
|
|
303313
303335
|
const permissions = cr.spec.permissions;
|
|
303314
303336
|
cdk8s_renderer_src_logger.debug(`Validating Permissions Uniqueness of ${crkey}`);
|
|
303315
303337
|
if (permissions) {
|
|
303316
|
-
const
|
|
303338
|
+
const rolesByIdentifier = new Map();
|
|
303317
303339
|
for (const perm of permissions) {
|
|
303318
303340
|
const identifier = perm.collaborator
|
|
303319
303341
|
? perm.collaborator
|
|
303320
303342
|
: `ref:${perm.ref.kind}:${perm.ref.name}`;
|
|
303321
|
-
|
|
303322
|
-
|
|
303343
|
+
const role = perm.role;
|
|
303344
|
+
const prevRole = rolesByIdentifier.get(identifier);
|
|
303345
|
+
if (prevRole === undefined) {
|
|
303346
|
+
rolesByIdentifier.set(identifier, role);
|
|
303347
|
+
}
|
|
303348
|
+
else if (prevRole !== role) {
|
|
303349
|
+
throw new Error(`Conflicting permission role in FirestartrGithubRepository ${crkey}: ${identifier} has roles "${prevRole}" and "${role}".\nFull CR: ${JSON.stringify(cr, null, 2)}`);
|
|
303323
303350
|
}
|
|
303324
|
-
seen.add(identifier);
|
|
303325
303351
|
}
|
|
303326
303352
|
}
|
|
303327
303353
|
}
|
|
@@ -308590,12 +308616,12 @@ class SecretsChart extends BaseSecretsChart {
|
|
|
308590
308616
|
gvk() {
|
|
308591
308617
|
return {
|
|
308592
308618
|
kind: 'ExternalSecret/PushSecret',
|
|
308593
|
-
apiVersion: 'external-secrets.io/
|
|
308619
|
+
apiVersion: 'external-secrets.io/v1',
|
|
308594
308620
|
};
|
|
308595
308621
|
}
|
|
308596
308622
|
extraCharts() {
|
|
308597
|
-
const externalSecrets = this.get('
|
|
308598
|
-
const pushSecrets = this.get('
|
|
308623
|
+
const externalSecrets = this.get('externalSecrets');
|
|
308624
|
+
const pushSecrets = this.get('pushSecrets');
|
|
308599
308625
|
const kind = this.get('claim').kind;
|
|
308600
308626
|
const name = this.get('claim').name;
|
|
308601
308627
|
const concatenated = externalSecrets
|
|
@@ -308627,12 +308653,12 @@ class SecretsChart extends BaseSecretsChart {
|
|
|
308627
308653
|
refsData.push({
|
|
308628
308654
|
secretKey: secret.secretName,
|
|
308629
308655
|
remoteRef: {
|
|
308630
|
-
key: secret.secretName,
|
|
308656
|
+
key: secret.remoteRef ? secret.remoteRef : secret.secretName,
|
|
308631
308657
|
},
|
|
308632
308658
|
});
|
|
308633
308659
|
}
|
|
308634
308660
|
const k8sResource = {
|
|
308635
|
-
apiVersion: 'external-secrets.io/
|
|
308661
|
+
apiVersion: 'external-secrets.io/v1',
|
|
308636
308662
|
kind: 'ExternalSecret',
|
|
308637
308663
|
metadata: {
|
|
308638
308664
|
name: catalog_common.generic.normalizeName(claim.name),
|
|
@@ -308652,12 +308678,6 @@ class SecretsChart extends BaseSecretsChart {
|
|
|
308652
308678
|
name: catalog_common.generic.normalizeName(claim.name),
|
|
308653
308679
|
creationPolicy: 'Owner',
|
|
308654
308680
|
deletionPolicy: 'Delete',
|
|
308655
|
-
template: {
|
|
308656
|
-
engineVersion: 'v2',
|
|
308657
|
-
metadata: {
|
|
308658
|
-
data: templateData,
|
|
308659
|
-
},
|
|
308660
|
-
},
|
|
308661
308681
|
},
|
|
308662
308682
|
data: refsData,
|
|
308663
308683
|
},
|
|
@@ -308679,7 +308699,7 @@ class SecretsChart extends BaseSecretsChart {
|
|
|
308679
308699
|
}
|
|
308680
308700
|
for (const pushSecret of pushSecretsFromClaim) {
|
|
308681
308701
|
const k8sResource = {
|
|
308682
|
-
apiVersion: 'external-secrets.io/
|
|
308702
|
+
apiVersion: 'external-secrets.io/v1',
|
|
308683
308703
|
kind: 'PushSecret',
|
|
308684
308704
|
metadata: {
|
|
308685
308705
|
name: catalog_common.generic.normalizeName(`${pushSecret.secretName}-${claim.name}`),
|
|
@@ -308702,7 +308722,7 @@ class SecretsChart extends BaseSecretsChart {
|
|
|
308702
308722
|
selector: {
|
|
308703
308723
|
generatorRef: {
|
|
308704
308724
|
apiVersion: pushSecret.generator?.apiVersion ||
|
|
308705
|
-
'generators.external-secrets.io/
|
|
308725
|
+
'generators.external-secrets.io/v1',
|
|
308706
308726
|
kind: pushSecret.generator?.kind || 'Password',
|
|
308707
308727
|
name: pushSecret.generator.name,
|
|
308708
308728
|
},
|
|
@@ -308944,6 +308964,52 @@ async function renderClaim(catalogScope, firestartrScope, claim, patches, previo
|
|
|
308944
308964
|
};
|
|
308945
308965
|
}
|
|
308946
308966
|
|
|
308967
|
+
;// CONCATENATED MODULE: ../cdk8s_renderer/src/validations/crossReferences.ts
|
|
308968
|
+
const IS_COMPONENT_CLAIM_REF = new RegExp(/^ComponentClaim-/);
|
|
308969
|
+
function validateSubReferences(renderClaims) {
|
|
308970
|
+
for (const ref of Object.keys(renderClaims)) {
|
|
308971
|
+
if (IS_COMPONENT_CLAIM_REF.test(ref))
|
|
308972
|
+
validateClaimsSecretsRefs(ref, renderClaims);
|
|
308973
|
+
}
|
|
308974
|
+
}
|
|
308975
|
+
function validateClaimsSecretsRefs(ref, renderClaims) {
|
|
308976
|
+
const claim = renderClaims[ref].claim;
|
|
308977
|
+
const secrets = claim.providers.github.secrets;
|
|
308978
|
+
if (!secrets) {
|
|
308979
|
+
return;
|
|
308980
|
+
}
|
|
308981
|
+
for (const section of ['actions', 'codespaces', 'copilot']) {
|
|
308982
|
+
const secretsSection = secrets[section];
|
|
308983
|
+
if (!secretsSection) {
|
|
308984
|
+
continue;
|
|
308985
|
+
}
|
|
308986
|
+
for (const secret of secretsSection) {
|
|
308987
|
+
const [secretName, key] = secret.value.split(':').slice(2);
|
|
308988
|
+
const keyFound = searchSecretKey(renderClaims[`SecretsClaim-${secretName}`].claim, key);
|
|
308989
|
+
if (!keyFound) {
|
|
308990
|
+
throw new Error(`CrossReference error: ComponentClaim/${claim.name} references a secret key inexistent: '${secretName}/${key}'`);
|
|
308991
|
+
}
|
|
308992
|
+
}
|
|
308993
|
+
}
|
|
308994
|
+
}
|
|
308995
|
+
function searchSecretKey(secretClaim, key) {
|
|
308996
|
+
let found = false;
|
|
308997
|
+
if ('pushSecrets' in secretClaim.providers['external_secrets']) {
|
|
308998
|
+
found =
|
|
308999
|
+
secretClaim.providers['external_secrets'].pushSecrets.find((secret) => {
|
|
309000
|
+
return secret.secretName === key;
|
|
309001
|
+
}) !== undefined;
|
|
309002
|
+
}
|
|
309003
|
+
if (!found &&
|
|
309004
|
+
'externalSecrets' in secretClaim.providers['external_secrets']) {
|
|
309005
|
+
found =
|
|
309006
|
+
secretClaim.providers['external_secrets'].externalSecrets.secrets.find((secret) => {
|
|
309007
|
+
return secret.secretName === key;
|
|
309008
|
+
}) !== undefined;
|
|
309009
|
+
}
|
|
309010
|
+
return found;
|
|
309011
|
+
}
|
|
309012
|
+
|
|
308947
309013
|
;// CONCATENATED MODULE: ../cdk8s_renderer/src/renderer/renderer.ts
|
|
308948
309014
|
|
|
308949
309015
|
|
|
@@ -308951,6 +309017,7 @@ async function renderClaim(catalogScope, firestartrScope, claim, patches, previo
|
|
|
308951
309017
|
|
|
308952
309018
|
|
|
308953
309019
|
|
|
309020
|
+
|
|
308954
309021
|
/*
|
|
308955
309022
|
* Function called when rendering but not importing
|
|
308956
309023
|
*
|
|
@@ -308966,6 +309033,7 @@ async function renderer_render(catalogScope, firestartrScope, claimList) {
|
|
|
308966
309033
|
const data = await loadClaimsList(claimList);
|
|
308967
309034
|
const result = await renderClaims(catalogScope, firestartrScope, data);
|
|
308968
309035
|
try {
|
|
309036
|
+
validateSubReferences(data.renderClaims);
|
|
308969
309037
|
validateTfStateKeyUniqueness(result);
|
|
308970
309038
|
validateCrSizes(result);
|
|
308971
309039
|
validatePermissionsUniqueness(result);
|
|
@@ -312724,6 +312792,7 @@ var dependabot_secret = __nccwpck_require__(82783);
|
|
|
312724
312792
|
|
|
312725
312793
|
|
|
312726
312794
|
|
|
312795
|
+
|
|
312727
312796
|
async function provisionRepositorySecrets(scope, repo, fsGithubRepository) {
|
|
312728
312797
|
const sections = ['actions', 'codespaces', 'dependabot'];
|
|
312729
312798
|
if ('secrets' in fsGithubRepository.spec) {
|
|
@@ -312731,7 +312800,7 @@ async function provisionRepositorySecrets(scope, repo, fsGithubRepository) {
|
|
|
312731
312800
|
for (const section of sections) {
|
|
312732
312801
|
if (section in secrets) {
|
|
312733
312802
|
for (const secret of secrets[section]) {
|
|
312734
|
-
await provisionRepositorySecret(scope, fsGithubRepository, section, secret.name, secret.ref);
|
|
312803
|
+
await provisionRepositorySecret(scope, fsGithubRepository, section, secret.name, secret.ref, repo);
|
|
312735
312804
|
}
|
|
312736
312805
|
}
|
|
312737
312806
|
}
|
|
@@ -312740,7 +312809,7 @@ async function provisionRepositorySecrets(scope, repo, fsGithubRepository) {
|
|
|
312740
312809
|
provisioner_src_logger.info(`FirestartrGithubRepository ${fsGithubRepository.metadata.name} does not have a secrets section`);
|
|
312741
312810
|
}
|
|
312742
312811
|
}
|
|
312743
|
-
async function provisionRepositorySecret(scope, repo, section, repoSecretName, secretRef) {
|
|
312812
|
+
async function provisionRepositorySecret(scope, repo, section, repoSecretName, secretRef, repoResource) {
|
|
312744
312813
|
provisioner_src_logger.info(`Provisioning repo secret ${repo.metadata.name}/${section}/${repoSecretName}`);
|
|
312745
312814
|
const secretClass = section === 'actions'
|
|
312746
312815
|
? actions_secret/* ActionsSecret */.N
|
|
@@ -312750,19 +312819,52 @@ async function provisionRepositorySecret(scope, repo, section, repoSecretName, s
|
|
|
312750
312819
|
? dependabot_secret/* DependabotSecret */.c
|
|
312751
312820
|
: null;
|
|
312752
312821
|
if (secretClass) {
|
|
312753
|
-
const
|
|
312754
|
-
|
|
312755
|
-
|
|
312756
|
-
|
|
312757
|
-
secretName: repoSecretName,
|
|
312758
|
-
repository: repo.metadata.name,
|
|
312759
|
-
encryptedValue: encrypted_value,
|
|
312760
|
-
});
|
|
312761
|
-
provisioner_src_logger.info(tfStateKey);
|
|
312762
|
-
repo.addResourceToStack(resourceKey, sc);
|
|
312822
|
+
const fSecretCreation = process.env['AVOID_PROVIDER_SECRET_ENCRYPTION']
|
|
312823
|
+
? createUnencryptedSecret
|
|
312824
|
+
: createEncryptedSecrect;
|
|
312825
|
+
await fSecretCreation(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource);
|
|
312763
312826
|
provisioner_src_logger.info(`RepoSecret provisioned ${section}-${repoSecretName.toLowerCase()}-secret`);
|
|
312764
312827
|
}
|
|
312765
312828
|
}
|
|
312829
|
+
async function createEncryptedSecrect(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource) {
|
|
312830
|
+
const { key_id, encrypted_value } = await encryptSecret(repo, secretRef);
|
|
312831
|
+
const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
|
|
312832
|
+
const plainTextSecret = repo.resolveSecretRef({
|
|
312833
|
+
name: secretRef.name,
|
|
312834
|
+
key: secretRef.key,
|
|
312835
|
+
});
|
|
312836
|
+
const sha256 = external_crypto_default().createHash('sha256')
|
|
312837
|
+
.update(plainTextSecret)
|
|
312838
|
+
.digest('hex');
|
|
312839
|
+
const secretResourceName = `_${repoSecretName}-${sha256.slice(0, 12)}`;
|
|
312840
|
+
const instanceLifecycle = {
|
|
312841
|
+
ignoreChanges: ['encrypted_value'],
|
|
312842
|
+
};
|
|
312843
|
+
const sc = new secretClass(scope, secretResourceName, {
|
|
312844
|
+
secretName: repoSecretName,
|
|
312845
|
+
repository: repo.metadata.name,
|
|
312846
|
+
encryptedValue: encrypted_value,
|
|
312847
|
+
dependsOn: [repoResource],
|
|
312848
|
+
lifecycle: instanceLifecycle,
|
|
312849
|
+
});
|
|
312850
|
+
repo.addResourceToStack(resourceKey, sc);
|
|
312851
|
+
}
|
|
312852
|
+
async function createUnencryptedSecret(scope, repo, secretRef, secretClass, section, repoSecretName, repoResource) {
|
|
312853
|
+
const plainTextSecret = repo.resolveSecretRef({
|
|
312854
|
+
name: secretRef.name,
|
|
312855
|
+
key: secretRef.key,
|
|
312856
|
+
});
|
|
312857
|
+
const resourceKey = `${section}-${repoSecretName.toLowerCase()}-secret`;
|
|
312858
|
+
const tfStateKey = `_${repo.getTfStateKey()}-${resourceKey}`;
|
|
312859
|
+
const sc = new secretClass(scope, tfStateKey, {
|
|
312860
|
+
secretName: repoSecretName,
|
|
312861
|
+
plaintextValue: plainTextSecret,
|
|
312862
|
+
repository: repo.metadata.name,
|
|
312863
|
+
dependsOn: [repoResource],
|
|
312864
|
+
});
|
|
312865
|
+
provisioner_src_logger.info(tfStateKey);
|
|
312866
|
+
repo.addResourceToStack(resourceKey, sc);
|
|
312867
|
+
}
|
|
312766
312868
|
async function encryptSecret(repo, secretRef) {
|
|
312767
312869
|
const plainTextSecret = repo.resolveSecretRef({
|
|
312768
312870
|
name: secretRef.name,
|
|
@@ -312792,7 +312894,7 @@ async function provisionRepositoryVariables(scope, repo, fsGithubRepository) {
|
|
|
312792
312894
|
key: repoVar.ref.key,
|
|
312793
312895
|
});
|
|
312794
312896
|
}
|
|
312795
|
-
await provisionRepositoryVar(scope, fsGithubRepository, section, repoVar.name, plainTextSecret ? plainTextSecret : repoVar.value);
|
|
312897
|
+
await provisionRepositoryVar(scope, fsGithubRepository, section, repoVar.name, plainTextSecret ? plainTextSecret : repoVar.value, repo);
|
|
312796
312898
|
}
|
|
312797
312899
|
}
|
|
312798
312900
|
}
|
|
@@ -312801,7 +312903,7 @@ async function provisionRepositoryVariables(scope, repo, fsGithubRepository) {
|
|
|
312801
312903
|
// log.info(`FirestartrGithubRepository ${fsGithubRepository.metadata.name} does not have a vars section`)
|
|
312802
312904
|
}
|
|
312803
312905
|
}
|
|
312804
|
-
async function provisionRepositoryVar(scope, repo, section, repoVarName, value) {
|
|
312906
|
+
async function provisionRepositoryVar(scope, repo, section, repoVarName, value, repoResource) {
|
|
312805
312907
|
provisioner_src_logger.info(`Provisioning repo var ${repo.metadata.name}/${section}/${repoVarName}`);
|
|
312806
312908
|
const varClass = section === 'actions' ? actions_variable/* ActionsVariable */.m : null;
|
|
312807
312909
|
if (varClass) {
|
|
@@ -312811,6 +312913,7 @@ async function provisionRepositoryVar(scope, repo, section, repoVarName, value)
|
|
|
312811
312913
|
variableName: repoVarName,
|
|
312812
312914
|
repository: repo.metadata.name,
|
|
312813
312915
|
value,
|
|
312916
|
+
dependsOn: [repoResource],
|
|
312814
312917
|
});
|
|
312815
312918
|
provisioner_src_logger.info(tfStateKey);
|
|
312816
312919
|
repo.addResourceToStack(resourceKey, sc);
|
|
@@ -313538,18 +313641,13 @@ async function runTerraform(entity, command, stream) {
|
|
|
313538
313641
|
? '/library/packages/provisioner'
|
|
313539
313642
|
: '/library/provisioner', 'cdktf.out', 'stacks', entityID);
|
|
313540
313643
|
provisioner_src_logger.info(`Running terraform with command ${command} in ${workDir}`);
|
|
313644
|
+
// filter environment variables to exclude those starting with 'GITHUB'
|
|
313645
|
+
const env = Object.fromEntries(Object.entries(process.env).filter(([key]) => !key.startsWith('GITHUB')));
|
|
313541
313646
|
return new Promise((ok, ko) => {
|
|
313542
313647
|
const terraformProcess = (0,external_child_process_.spawn)('terraform', [...command], {
|
|
313543
313648
|
stdio: ['inherit', 'pipe', 'pipe'],
|
|
313544
313649
|
cwd: workDir,
|
|
313545
|
-
env
|
|
313546
|
-
PATH: process.env.PATH,
|
|
313547
|
-
ORG: catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.org),
|
|
313548
|
-
TOKEN: catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.token),
|
|
313549
|
-
KUBERNETES_SERVICE_HOST: catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.kubernetesServiceHost),
|
|
313550
|
-
KUBERNETES_SERVICE_PORT: catalog_common.environment.getFromEnvironment(catalog_common.types.envVars.kubernetesServicePort),
|
|
313551
|
-
CDKTF_LOG_LEVEL: 'DEBUG',
|
|
313552
|
-
},
|
|
313650
|
+
env,
|
|
313553
313651
|
});
|
|
313554
313652
|
let output = '';
|
|
313555
313653
|
terraformProcess.stdout.on('data', (log) => {
|
|
@@ -314255,7 +314353,7 @@ ${commentContent}
|
|
|
314255
314353
|
}
|
|
314256
314354
|
}
|
|
314257
314355
|
catch (e) {
|
|
314258
|
-
operator_src_logger.error(`An error occurred while publishing user feedback for item '${item.kind}/${item.metadata.name}'
|
|
314356
|
+
operator_src_logger.error(`An error occurred while publishing user feedback for item '${item.kind}/${item.metadata.name}': '${e}'.`);
|
|
314259
314357
|
}
|
|
314260
314358
|
}
|
|
314261
314359
|
async function publishApply(item, applyOutput, kind) {
|
|
@@ -315697,38 +315795,48 @@ async function* errorPolicyCompatibility(syncPolicy, generalPolicy, item, op) {
|
|
|
315697
315795
|
|
|
315698
315796
|
;// CONCATENATED MODULE: ../operator/src/user-feedback-ops/tf-checkrun.ts
|
|
315699
315797
|
|
|
315798
|
+
|
|
315700
315799
|
async function TFCheckRun(cmd, item) {
|
|
315701
|
-
|
|
315702
|
-
|
|
315703
|
-
|
|
315800
|
+
try {
|
|
315801
|
+
const prInfo = tf_checkrun_extractPrInfo(item);
|
|
315802
|
+
const checkRun = await github_0.feedback.createCheckRun(prInfo.org, prInfo.repo, tf_checkrun_helperCreateCheckRunName(cmd), {
|
|
315803
|
+
pullNumber: Number(prInfo.prNumber),
|
|
315804
|
+
includeCheckRunComment: true,
|
|
315805
|
+
checkRunComment: `The TFWorkspace is being processed (cmd=${cmd}). Details: `,
|
|
315806
|
+
});
|
|
315807
|
+
checkRun.mdOptionsDetails({
|
|
315808
|
+
quotes: 'terraform',
|
|
315809
|
+
});
|
|
315810
|
+
checkRun.update('Initiating', 'queued');
|
|
315811
|
+
return {
|
|
315812
|
+
fnData: (d) => {
|
|
315813
|
+
checkRun.update(d.toString(), 'in_progress');
|
|
315814
|
+
},
|
|
315815
|
+
fnEnd: () => {
|
|
315816
|
+
checkRun.close('OK', true);
|
|
315817
|
+
},
|
|
315818
|
+
fnOnError: (err) => {
|
|
315819
|
+
checkRun.close('KO', false);
|
|
315820
|
+
},
|
|
315821
|
+
};
|
|
315822
|
+
}
|
|
315823
|
+
catch (e) {
|
|
315824
|
+
// log error and return empty fns
|
|
315825
|
+
logger_logger.warn('Error in TFCheckRun:', e);
|
|
315826
|
+
return {
|
|
315827
|
+
fnData: (d) => { },
|
|
315828
|
+
fnEnd: () => { },
|
|
315829
|
+
fnOnError: (err) => { },
|
|
315830
|
+
};
|
|
315704
315831
|
}
|
|
315705
|
-
const checkRun = await github_0.feedback.createCheckRun(prInfo.org, prInfo.repo, tf_checkrun_helperCreateCheckRunName(cmd), {
|
|
315706
|
-
//Number(pr_number),
|
|
315707
|
-
pullNumber: Number(prInfo.prNumber),
|
|
315708
|
-
includeCheckRunComment: true,
|
|
315709
|
-
checkRunComment: `The TFWorkspace is being processed (cmd=${cmd}). Details: `,
|
|
315710
|
-
});
|
|
315711
|
-
checkRun.mdOptionsDetails({
|
|
315712
|
-
quotes: 'terraform',
|
|
315713
|
-
});
|
|
315714
|
-
checkRun.update('Initiating', 'queued');
|
|
315715
|
-
return {
|
|
315716
|
-
fnData: (d) => {
|
|
315717
|
-
checkRun.update(d.toString(), 'in_progress');
|
|
315718
|
-
},
|
|
315719
|
-
fnEnd: () => {
|
|
315720
|
-
checkRun.close('OK', true);
|
|
315721
|
-
},
|
|
315722
|
-
fnOnError: (err) => {
|
|
315723
|
-
checkRun.close('KO', false);
|
|
315724
|
-
},
|
|
315725
|
-
};
|
|
315726
315832
|
}
|
|
315727
315833
|
function tf_checkrun_helperCreateCheckRunName(cmd) {
|
|
315728
315834
|
return `TFWorkspace - ${cmd}`;
|
|
315729
315835
|
}
|
|
315730
315836
|
function tf_checkrun_extractPrInfo(item) {
|
|
315731
315837
|
const prInfo = item.metadata.annotations['firestartr.dev/last-state-pr'];
|
|
315838
|
+
if (!prInfo)
|
|
315839
|
+
throw new Error('No firestartr.dev/last-state-pr field in CR');
|
|
315732
315840
|
const prNumber = prInfo.split('#')[1];
|
|
315733
315841
|
if (!prNumber)
|
|
315734
315842
|
throw new Error('No PR number found in CR');
|
|
@@ -317485,7 +317593,8 @@ class CRStateMetrics {
|
|
|
317485
317593
|
catch (err) {
|
|
317486
317594
|
console.log(`CRStateMetrics: update ${err}`);
|
|
317487
317595
|
this.onUpdate = false;
|
|
317488
|
-
operator_src_logger.error(
|
|
317596
|
+
operator_src_logger.error(`On update of CR metrics: ${err}`);
|
|
317597
|
+
await this.__prepareConnection();
|
|
317489
317598
|
}
|
|
317490
317599
|
this.onUpdate = false;
|
|
317491
317600
|
}
|
|
@@ -837,97 +837,120 @@ declare const schemas: {
|
|
|
837
837
|
$schema: string;
|
|
838
838
|
$id: string;
|
|
839
839
|
definitions: {
|
|
840
|
-
|
|
840
|
+
SecretStore: {
|
|
841
841
|
$id: string;
|
|
842
842
|
type: string;
|
|
843
|
-
|
|
844
|
-
|
|
845
|
-
|
|
846
|
-
|
|
847
|
-
|
|
848
|
-
|
|
849
|
-
|
|
850
|
-
|
|
851
|
-
|
|
852
|
-
|
|
843
|
+
properties: {
|
|
844
|
+
name: {
|
|
845
|
+
type: string;
|
|
846
|
+
};
|
|
847
|
+
kind: {
|
|
848
|
+
type: string;
|
|
849
|
+
enum: string[];
|
|
850
|
+
};
|
|
851
|
+
};
|
|
852
|
+
required: string[];
|
|
853
|
+
};
|
|
854
|
+
ExternalSecretsSection: {
|
|
855
|
+
$id: string;
|
|
856
|
+
type: string;
|
|
857
|
+
properties: {
|
|
858
|
+
refreshInterval: {
|
|
859
|
+
type: string;
|
|
860
|
+
};
|
|
861
|
+
secrets: {
|
|
862
|
+
type: string;
|
|
863
|
+
items: {
|
|
864
|
+
additionalProperties: boolean;
|
|
853
865
|
type: string;
|
|
854
866
|
properties: {
|
|
855
|
-
|
|
867
|
+
secretName: {
|
|
856
868
|
type: string;
|
|
857
869
|
};
|
|
858
|
-
|
|
870
|
+
remoteRef: {
|
|
859
871
|
type: string;
|
|
860
|
-
enum: string[];
|
|
861
872
|
};
|
|
862
873
|
};
|
|
863
874
|
required: string[];
|
|
864
875
|
};
|
|
865
|
-
|
|
876
|
+
};
|
|
877
|
+
};
|
|
878
|
+
};
|
|
879
|
+
PushSecretsSection: {
|
|
880
|
+
$id: string;
|
|
881
|
+
type: string;
|
|
882
|
+
items: {
|
|
883
|
+
type: string;
|
|
884
|
+
properties: {
|
|
885
|
+
data: {
|
|
886
|
+
type: string;
|
|
887
|
+
};
|
|
888
|
+
template: {
|
|
889
|
+
type: string;
|
|
890
|
+
};
|
|
891
|
+
secretName: {
|
|
866
892
|
type: string;
|
|
867
|
-
items: {
|
|
868
|
-
type: string;
|
|
869
|
-
properties: {
|
|
870
|
-
data: {
|
|
871
|
-
type: string;
|
|
872
|
-
};
|
|
873
|
-
template: {
|
|
874
|
-
type: string;
|
|
875
|
-
};
|
|
876
|
-
secretName: {
|
|
877
|
-
type: string;
|
|
878
|
-
};
|
|
879
|
-
refreshInterval: {
|
|
880
|
-
type: string;
|
|
881
|
-
};
|
|
882
|
-
generator: {
|
|
883
|
-
type: string;
|
|
884
|
-
properties: {
|
|
885
|
-
name: {
|
|
886
|
-
type: string;
|
|
887
|
-
};
|
|
888
|
-
kind: {
|
|
889
|
-
type: string;
|
|
890
|
-
enum: string[];
|
|
891
|
-
};
|
|
892
|
-
apiVersion: {
|
|
893
|
-
type: string;
|
|
894
|
-
};
|
|
895
|
-
conversionStrategy: {
|
|
896
|
-
type: string;
|
|
897
|
-
};
|
|
898
|
-
outputKey: {
|
|
899
|
-
type: string;
|
|
900
|
-
};
|
|
901
|
-
};
|
|
902
|
-
required: string[];
|
|
903
|
-
};
|
|
904
|
-
};
|
|
905
|
-
required: string[];
|
|
906
|
-
};
|
|
907
893
|
};
|
|
908
|
-
|
|
894
|
+
refreshInterval: {
|
|
895
|
+
type: string;
|
|
896
|
+
};
|
|
897
|
+
generator: {
|
|
909
898
|
type: string;
|
|
910
899
|
properties: {
|
|
911
|
-
|
|
900
|
+
name: {
|
|
912
901
|
type: string;
|
|
913
902
|
};
|
|
914
|
-
|
|
903
|
+
kind: {
|
|
904
|
+
type: string;
|
|
905
|
+
enum: string[];
|
|
906
|
+
};
|
|
907
|
+
apiVersion: {
|
|
908
|
+
type: string;
|
|
909
|
+
};
|
|
910
|
+
conversionStrategy: {
|
|
911
|
+
type: string;
|
|
912
|
+
};
|
|
913
|
+
outputKey: {
|
|
915
914
|
type: string;
|
|
916
|
-
items: {
|
|
917
|
-
additionalProperties: boolean;
|
|
918
|
-
type: string;
|
|
919
|
-
properties: {
|
|
920
|
-
secretName: {
|
|
921
|
-
type: string;
|
|
922
|
-
};
|
|
923
|
-
};
|
|
924
|
-
required: string[];
|
|
925
|
-
};
|
|
926
915
|
};
|
|
927
916
|
};
|
|
917
|
+
required: string[];
|
|
928
918
|
};
|
|
929
919
|
};
|
|
930
920
|
required: string[];
|
|
921
|
+
};
|
|
922
|
+
};
|
|
923
|
+
ExternalSecretsProvider: {
|
|
924
|
+
$id: string;
|
|
925
|
+
type: string;
|
|
926
|
+
description: string;
|
|
927
|
+
allOf: ({
|
|
928
|
+
$ref: string;
|
|
929
|
+
anyOf?: undefined;
|
|
930
|
+
} | {
|
|
931
|
+
anyOf: ({
|
|
932
|
+
properties: {
|
|
933
|
+
externalSecrets: {
|
|
934
|
+
$ref: string;
|
|
935
|
+
};
|
|
936
|
+
secretStore: {
|
|
937
|
+
$ref: string;
|
|
938
|
+
};
|
|
939
|
+
pushSecrets?: undefined;
|
|
940
|
+
};
|
|
941
|
+
required: string[];
|
|
942
|
+
} | {
|
|
943
|
+
properties: {
|
|
944
|
+
pushSecrets: {
|
|
945
|
+
$ref: string;
|
|
946
|
+
};
|
|
947
|
+
secretStore: {
|
|
948
|
+
$ref: string;
|
|
949
|
+
};
|
|
950
|
+
externalSecrets?: undefined;
|
|
951
|
+
};
|
|
952
|
+
required: string[];
|
|
953
|
+
})[];
|
|
931
954
|
$ref?: undefined;
|
|
932
955
|
})[];
|
|
933
956
|
};
|
package/build/packages/cdk8s_renderer/src/claims/external-secrets/external-secrets.schema.d.ts
CHANGED
|
@@ -2,97 +2,120 @@ declare const _default: {
|
|
|
2
2
|
$schema: string;
|
|
3
3
|
$id: string;
|
|
4
4
|
definitions: {
|
|
5
|
-
|
|
5
|
+
SecretStore: {
|
|
6
6
|
$id: string;
|
|
7
7
|
type: string;
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
8
|
+
properties: {
|
|
9
|
+
name: {
|
|
10
|
+
type: string;
|
|
11
|
+
};
|
|
12
|
+
kind: {
|
|
13
|
+
type: string;
|
|
14
|
+
enum: string[];
|
|
15
|
+
};
|
|
16
|
+
};
|
|
17
|
+
required: string[];
|
|
18
|
+
};
|
|
19
|
+
ExternalSecretsSection: {
|
|
20
|
+
$id: string;
|
|
21
|
+
type: string;
|
|
22
|
+
properties: {
|
|
23
|
+
refreshInterval: {
|
|
24
|
+
type: string;
|
|
25
|
+
};
|
|
26
|
+
secrets: {
|
|
27
|
+
type: string;
|
|
28
|
+
items: {
|
|
29
|
+
additionalProperties: boolean;
|
|
18
30
|
type: string;
|
|
19
31
|
properties: {
|
|
20
|
-
|
|
32
|
+
secretName: {
|
|
21
33
|
type: string;
|
|
22
34
|
};
|
|
23
|
-
|
|
35
|
+
remoteRef: {
|
|
24
36
|
type: string;
|
|
25
|
-
enum: string[];
|
|
26
37
|
};
|
|
27
38
|
};
|
|
28
39
|
required: string[];
|
|
29
40
|
};
|
|
30
|
-
|
|
41
|
+
};
|
|
42
|
+
};
|
|
43
|
+
};
|
|
44
|
+
PushSecretsSection: {
|
|
45
|
+
$id: string;
|
|
46
|
+
type: string;
|
|
47
|
+
items: {
|
|
48
|
+
type: string;
|
|
49
|
+
properties: {
|
|
50
|
+
data: {
|
|
51
|
+
type: string;
|
|
52
|
+
};
|
|
53
|
+
template: {
|
|
54
|
+
type: string;
|
|
55
|
+
};
|
|
56
|
+
secretName: {
|
|
57
|
+
type: string;
|
|
58
|
+
};
|
|
59
|
+
refreshInterval: {
|
|
31
60
|
type: string;
|
|
32
|
-
items: {
|
|
33
|
-
type: string;
|
|
34
|
-
properties: {
|
|
35
|
-
data: {
|
|
36
|
-
type: string;
|
|
37
|
-
};
|
|
38
|
-
template: {
|
|
39
|
-
type: string;
|
|
40
|
-
};
|
|
41
|
-
secretName: {
|
|
42
|
-
type: string;
|
|
43
|
-
};
|
|
44
|
-
refreshInterval: {
|
|
45
|
-
type: string;
|
|
46
|
-
};
|
|
47
|
-
generator: {
|
|
48
|
-
type: string;
|
|
49
|
-
properties: {
|
|
50
|
-
name: {
|
|
51
|
-
type: string;
|
|
52
|
-
};
|
|
53
|
-
kind: {
|
|
54
|
-
type: string;
|
|
55
|
-
enum: string[];
|
|
56
|
-
};
|
|
57
|
-
apiVersion: {
|
|
58
|
-
type: string;
|
|
59
|
-
};
|
|
60
|
-
conversionStrategy: {
|
|
61
|
-
type: string;
|
|
62
|
-
};
|
|
63
|
-
outputKey: {
|
|
64
|
-
type: string;
|
|
65
|
-
};
|
|
66
|
-
};
|
|
67
|
-
required: string[];
|
|
68
|
-
};
|
|
69
|
-
};
|
|
70
|
-
required: string[];
|
|
71
|
-
};
|
|
72
61
|
};
|
|
73
|
-
|
|
62
|
+
generator: {
|
|
74
63
|
type: string;
|
|
75
64
|
properties: {
|
|
76
|
-
|
|
65
|
+
name: {
|
|
66
|
+
type: string;
|
|
67
|
+
};
|
|
68
|
+
kind: {
|
|
69
|
+
type: string;
|
|
70
|
+
enum: string[];
|
|
71
|
+
};
|
|
72
|
+
apiVersion: {
|
|
77
73
|
type: string;
|
|
78
74
|
};
|
|
79
|
-
|
|
75
|
+
conversionStrategy: {
|
|
76
|
+
type: string;
|
|
77
|
+
};
|
|
78
|
+
outputKey: {
|
|
80
79
|
type: string;
|
|
81
|
-
items: {
|
|
82
|
-
additionalProperties: boolean;
|
|
83
|
-
type: string;
|
|
84
|
-
properties: {
|
|
85
|
-
secretName: {
|
|
86
|
-
type: string;
|
|
87
|
-
};
|
|
88
|
-
};
|
|
89
|
-
required: string[];
|
|
90
|
-
};
|
|
91
80
|
};
|
|
92
81
|
};
|
|
82
|
+
required: string[];
|
|
93
83
|
};
|
|
94
84
|
};
|
|
95
85
|
required: string[];
|
|
86
|
+
};
|
|
87
|
+
};
|
|
88
|
+
ExternalSecretsProvider: {
|
|
89
|
+
$id: string;
|
|
90
|
+
type: string;
|
|
91
|
+
description: string;
|
|
92
|
+
allOf: ({
|
|
93
|
+
$ref: string;
|
|
94
|
+
anyOf?: undefined;
|
|
95
|
+
} | {
|
|
96
|
+
anyOf: ({
|
|
97
|
+
properties: {
|
|
98
|
+
externalSecrets: {
|
|
99
|
+
$ref: string;
|
|
100
|
+
};
|
|
101
|
+
secretStore: {
|
|
102
|
+
$ref: string;
|
|
103
|
+
};
|
|
104
|
+
pushSecrets?: undefined;
|
|
105
|
+
};
|
|
106
|
+
required: string[];
|
|
107
|
+
} | {
|
|
108
|
+
properties: {
|
|
109
|
+
pushSecrets: {
|
|
110
|
+
$ref: string;
|
|
111
|
+
};
|
|
112
|
+
secretStore: {
|
|
113
|
+
$ref: string;
|
|
114
|
+
};
|
|
115
|
+
externalSecrets?: undefined;
|
|
116
|
+
};
|
|
117
|
+
required: string[];
|
|
118
|
+
})[];
|
|
96
119
|
$ref?: undefined;
|
|
97
120
|
})[];
|
|
98
121
|
};
|
|
@@ -2,97 +2,120 @@ export declare const SecretsSchemas: {
|
|
|
2
2
|
$schema: string;
|
|
3
3
|
$id: string;
|
|
4
4
|
definitions: {
|
|
5
|
-
|
|
5
|
+
SecretStore: {
|
|
6
6
|
$id: string;
|
|
7
7
|
type: string;
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
8
|
+
properties: {
|
|
9
|
+
name: {
|
|
10
|
+
type: string;
|
|
11
|
+
};
|
|
12
|
+
kind: {
|
|
13
|
+
type: string;
|
|
14
|
+
enum: string[];
|
|
15
|
+
};
|
|
16
|
+
};
|
|
17
|
+
required: string[];
|
|
18
|
+
};
|
|
19
|
+
ExternalSecretsSection: {
|
|
20
|
+
$id: string;
|
|
21
|
+
type: string;
|
|
22
|
+
properties: {
|
|
23
|
+
refreshInterval: {
|
|
24
|
+
type: string;
|
|
25
|
+
};
|
|
26
|
+
secrets: {
|
|
27
|
+
type: string;
|
|
28
|
+
items: {
|
|
29
|
+
additionalProperties: boolean;
|
|
18
30
|
type: string;
|
|
19
31
|
properties: {
|
|
20
|
-
|
|
32
|
+
secretName: {
|
|
21
33
|
type: string;
|
|
22
34
|
};
|
|
23
|
-
|
|
35
|
+
remoteRef: {
|
|
24
36
|
type: string;
|
|
25
|
-
enum: string[];
|
|
26
37
|
};
|
|
27
38
|
};
|
|
28
39
|
required: string[];
|
|
29
40
|
};
|
|
30
|
-
|
|
41
|
+
};
|
|
42
|
+
};
|
|
43
|
+
};
|
|
44
|
+
PushSecretsSection: {
|
|
45
|
+
$id: string;
|
|
46
|
+
type: string;
|
|
47
|
+
items: {
|
|
48
|
+
type: string;
|
|
49
|
+
properties: {
|
|
50
|
+
data: {
|
|
51
|
+
type: string;
|
|
52
|
+
};
|
|
53
|
+
template: {
|
|
54
|
+
type: string;
|
|
55
|
+
};
|
|
56
|
+
secretName: {
|
|
57
|
+
type: string;
|
|
58
|
+
};
|
|
59
|
+
refreshInterval: {
|
|
31
60
|
type: string;
|
|
32
|
-
items: {
|
|
33
|
-
type: string;
|
|
34
|
-
properties: {
|
|
35
|
-
data: {
|
|
36
|
-
type: string;
|
|
37
|
-
};
|
|
38
|
-
template: {
|
|
39
|
-
type: string;
|
|
40
|
-
};
|
|
41
|
-
secretName: {
|
|
42
|
-
type: string;
|
|
43
|
-
};
|
|
44
|
-
refreshInterval: {
|
|
45
|
-
type: string;
|
|
46
|
-
};
|
|
47
|
-
generator: {
|
|
48
|
-
type: string;
|
|
49
|
-
properties: {
|
|
50
|
-
name: {
|
|
51
|
-
type: string;
|
|
52
|
-
};
|
|
53
|
-
kind: {
|
|
54
|
-
type: string;
|
|
55
|
-
enum: string[];
|
|
56
|
-
};
|
|
57
|
-
apiVersion: {
|
|
58
|
-
type: string;
|
|
59
|
-
};
|
|
60
|
-
conversionStrategy: {
|
|
61
|
-
type: string;
|
|
62
|
-
};
|
|
63
|
-
outputKey: {
|
|
64
|
-
type: string;
|
|
65
|
-
};
|
|
66
|
-
};
|
|
67
|
-
required: string[];
|
|
68
|
-
};
|
|
69
|
-
};
|
|
70
|
-
required: string[];
|
|
71
|
-
};
|
|
72
61
|
};
|
|
73
|
-
|
|
62
|
+
generator: {
|
|
74
63
|
type: string;
|
|
75
64
|
properties: {
|
|
76
|
-
|
|
65
|
+
name: {
|
|
66
|
+
type: string;
|
|
67
|
+
};
|
|
68
|
+
kind: {
|
|
69
|
+
type: string;
|
|
70
|
+
enum: string[];
|
|
71
|
+
};
|
|
72
|
+
apiVersion: {
|
|
77
73
|
type: string;
|
|
78
74
|
};
|
|
79
|
-
|
|
75
|
+
conversionStrategy: {
|
|
76
|
+
type: string;
|
|
77
|
+
};
|
|
78
|
+
outputKey: {
|
|
80
79
|
type: string;
|
|
81
|
-
items: {
|
|
82
|
-
additionalProperties: boolean;
|
|
83
|
-
type: string;
|
|
84
|
-
properties: {
|
|
85
|
-
secretName: {
|
|
86
|
-
type: string;
|
|
87
|
-
};
|
|
88
|
-
};
|
|
89
|
-
required: string[];
|
|
90
|
-
};
|
|
91
80
|
};
|
|
92
81
|
};
|
|
82
|
+
required: string[];
|
|
93
83
|
};
|
|
94
84
|
};
|
|
95
85
|
required: string[];
|
|
86
|
+
};
|
|
87
|
+
};
|
|
88
|
+
ExternalSecretsProvider: {
|
|
89
|
+
$id: string;
|
|
90
|
+
type: string;
|
|
91
|
+
description: string;
|
|
92
|
+
allOf: ({
|
|
93
|
+
$ref: string;
|
|
94
|
+
anyOf?: undefined;
|
|
95
|
+
} | {
|
|
96
|
+
anyOf: ({
|
|
97
|
+
properties: {
|
|
98
|
+
externalSecrets: {
|
|
99
|
+
$ref: string;
|
|
100
|
+
};
|
|
101
|
+
secretStore: {
|
|
102
|
+
$ref: string;
|
|
103
|
+
};
|
|
104
|
+
pushSecrets?: undefined;
|
|
105
|
+
};
|
|
106
|
+
required: string[];
|
|
107
|
+
} | {
|
|
108
|
+
properties: {
|
|
109
|
+
pushSecrets: {
|
|
110
|
+
$ref: string;
|
|
111
|
+
};
|
|
112
|
+
secretStore: {
|
|
113
|
+
$ref: string;
|
|
114
|
+
};
|
|
115
|
+
externalSecrets?: undefined;
|
|
116
|
+
};
|
|
117
|
+
required: string[];
|
|
118
|
+
})[];
|
|
96
119
|
$ref?: undefined;
|
|
97
120
|
})[];
|
|
98
121
|
};
|