-
-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathmod.rs
More file actions
67 lines (59 loc) · 2.54 KB
/
mod.rs
File metadata and controls
67 lines (59 loc) · 2.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
use serde::{Deserialize, Serialize};
use stackable_operator::{
kube::CustomResource,
schemars::{self, JsonSchema},
versioned::versioned,
};
use crate::format::{SecretFormat, well_known::FILE_PEM_CERT_CA};
#[versioned(
version(name = "v1alpha1"),
crates(
kube_core = "stackable_operator::kube::core",
kube_client = "stackable_operator::kube::client",
k8s_openapi = "stackable_operator::k8s_openapi",
schemars = "stackable_operator::schemars",
versioned = "stackable_operator::versioned"
)
)]
pub mod versioned {
/// A [TrustStore](DOCS_BASE_URL_PLACEHOLDER/secret-operator/truststore) requests information about how to
/// validate secrets issued by a [SecretClass](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass).
///
/// The requested information is written to a ConfigMap with the same name as the TrustStore.
#[versioned(crd(group = "secrets.stackable.tech", namespaced))]
#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)]
#[serde(rename_all = "camelCase")]
pub struct TrustStoreSpec {
/// The name of the SecretClass that the request concerns.
pub secret_class_name: String,
/// Which Kubernetes kind should be used to output the requested information to.
///
/// The trust information (such as a `ca.crt`) can be considered public information, so we put
/// it in a `ConfigMap` by default. However, some tools might require it to be placed in a
/// `Secret`, so we also support that.
///
/// Can be either `ConfigMap` or `Secret`, defaults to `ConfigMap`.
#[serde(default)]
pub target_kind: TrustStoreOutputType,
/// The [format](DOCS_BASE_URL_PLACEHOLDER/secret-operator/secretclass#format) that the data should be converted into.
pub format: Option<SecretFormat>,
/// Name of the key in the ConfigMap/Secret, in which the PEM encoded CA certificate should be placed.
///
/// Only takes effect in case the `format` is `tls-pem`.
/// Defaults to `ca.crt`.
#[serde(default = "TrustStoreSpec::default_tls_pem_ca_name")]
pub tls_pem_ca_name: String,
}
#[derive(Clone, Debug, Default, PartialEq, JsonSchema, Serialize, Deserialize)]
#[serde(rename_all = "PascalCase")]
pub enum TrustStoreOutputType {
Secret,
#[default]
ConfigMap,
}
}
impl v1alpha1::TrustStoreSpec {
fn default_tls_pem_ca_name() -> String {
FILE_PEM_CERT_CA.to_owned()
}
}