Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VPS: support day duration notation for TTL #990

Merged
merged 1 commit into from
Dec 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion api/v1beta1/vaultpkisecret_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ type VaultPKISecretSpec struct {
// not when generating a CSR for an intermediate CA.
// Should be in duration notation e.g. 120s, 2h, etc.
// +kubebuilder:validation:Type=string
// +kubebuilder:validation:Pattern=`^([0-9]+(\.[0-9]+)?(s|m|h))$`
// +kubebuilder:validation:Pattern=`^([0-9]+(\.[0-9]+)?(s|m|h|d))$`
TTL string `json:"ttl,omitempty"`

// Format for the certificate. Choices: "pem", "der", "pem_bundle".
Expand Down
2 changes: 1 addition & 1 deletion api/v1beta1/vaultstaticsecret_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ type VaultStaticSecretSpec struct {
// not support dynamically reloading a rotated secret.
// In that case one, or more RolloutRestartTarget(s) can be configured here. The Operator will
// trigger a "rollout-restart" for each target whenever the Vault secret changes between reconciliation events.
// All configured targets wil be ignored if HMACSecretData is set to false.
// All configured targets will be ignored if HMACSecretData is set to false.
// See RolloutRestartTarget for more details.
RolloutRestartTargets []RolloutRestartTarget `json:"rolloutRestartTargets,omitempty"`
// Destination provides configuration necessary for syncing the Vault secret to Kubernetes.
Expand Down
2 changes: 1 addition & 1 deletion chart/crds/secrets.hashicorp.com_vaultpkisecrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,7 @@ spec:
Note: this only has an effect when generating a CA cert or signing a CA cert,
not when generating a CSR for an intermediate CA.
Should be in duration notation e.g. 120s, 2h, etc.
pattern: ^([0-9]+(\.[0-9]+)?(s|m|h))$
pattern: ^([0-9]+(\.[0-9]+)?(s|m|h|d))$
type: string
uriSans:
description: The requested URI SANs.
Expand Down
2 changes: 1 addition & 1 deletion chart/crds/secrets.hashicorp.com_vaultstaticsecrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ spec:
not support dynamically reloading a rotated secret.
In that case one, or more RolloutRestartTarget(s) can be configured here. The Operator will
trigger a "rollout-restart" for each target whenever the Vault secret changes between reconciliation events.
All configured targets wil be ignored if HMACSecretData is set to false.
All configured targets will be ignored if HMACSecretData is set to false.
See RolloutRestartTarget for more details.
items:
description: |-
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,7 @@ spec:
Note: this only has an effect when generating a CA cert or signing a CA cert,
not when generating a CSR for an intermediate CA.
Should be in duration notation e.g. 120s, 2h, etc.
pattern: ^([0-9]+(\.[0-9]+)?(s|m|h))$
pattern: ^([0-9]+(\.[0-9]+)?(s|m|h|d))$
type: string
uriSans:
description: The requested URI SANs.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ spec:
not support dynamically reloading a rotated secret.
In that case one, or more RolloutRestartTarget(s) can be configured here. The Operator will
trigger a "rollout-restart" for each target whenever the Vault secret changes between reconciliation events.
All configured targets wil be ignored if HMACSecretData is set to false.
All configured targets will be ignored if HMACSecretData is set to false.
See RolloutRestartTarget for more details.
items:
description: |-
Expand Down
4 changes: 2 additions & 2 deletions docs/api/api-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -1073,7 +1073,7 @@ _Appears in:_
| `uriSans` _string array_ | The requested URI SANs. | | |
| `otherSans` _string array_ | Requested other SANs, in an array with the format<br />oid;type:value for each entry. | | |
| `userIDs` _string array_ | User ID (OID 0.9.2342.19200300.100.1.1) Subject values to be placed on the<br />signed certificate. | | |
| `ttl` _string_ | TTL for the certificate; sets the expiration date.<br />If not specified the Vault role's default,<br />backend default, or system default TTL is used, in that order.<br />Cannot be larger than the mount's max TTL.<br />Note: this only has an effect when generating a CA cert or signing a CA cert,<br />not when generating a CSR for an intermediate CA.<br />Should be in duration notation e.g. 120s, 2h, etc. | | Pattern: `^([0-9]+(\.[0-9]+)?(s|m|h))$` <br />Type: string <br /> |
| `ttl` _string_ | TTL for the certificate; sets the expiration date.<br />If not specified the Vault role's default,<br />backend default, or system default TTL is used, in that order.<br />Cannot be larger than the mount's max TTL.<br />Note: this only has an effect when generating a CA cert or signing a CA cert,<br />not when generating a CSR for an intermediate CA.<br />Should be in duration notation e.g. 120s, 2h, etc. | | Pattern: `^([0-9]+(\.[0-9]+)?(s|m|h|d))$` <br />Type: string <br /> |
| `format` _string_ | Format for the certificate. Choices: "pem", "der", "pem_bundle".<br />If "pem_bundle",<br />any private key and issuing cert will be appended to the certificate pem.<br />If "der", the value will be base64 encoded.<br />Default: pem | | |
| `privateKeyFormat` _string_ | PrivateKeyFormat, generally the default will be controlled by the Format<br />parameter as either base64-encoded DER or PEM-encoded DER.<br />However, this can be set to "pkcs8" to have the returned<br />private key contain base64-encoded pkcs8 or PEM-encoded<br />pkcs8 instead.<br />Default: der | | |
| `notAfter` _string_ | NotAfter field of the certificate with specified date value.<br />The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ | | |
Expand Down Expand Up @@ -1178,7 +1178,7 @@ _Appears in:_
| `type` _string_ | Type of the Vault static secret | | Enum: [kv-v1 kv-v2] <br /> |
| `refreshAfter` _string_ | RefreshAfter a period of time, in duration notation e.g. 30s, 1m, 24h | | Pattern: `^([0-9]+(\.[0-9]+)?(s|m|h))$` <br />Type: string <br /> |
| `hmacSecretData` _boolean_ | HMACSecretData determines whether the Operator computes the<br />HMAC of the Secret's data. The MAC value will be stored in<br />the resource's Status.SecretMac field, and will be used for drift detection<br />and during incoming Vault secret comparison.<br />Enabling this feature is recommended to ensure that Secret's data stays consistent with Vault. | true | |
| `rolloutRestartTargets` _[RolloutRestartTarget](#rolloutrestarttarget) array_ | RolloutRestartTargets should be configured whenever the application(s) consuming the Vault secret does<br />not support dynamically reloading a rotated secret.<br />In that case one, or more RolloutRestartTarget(s) can be configured here. The Operator will<br />trigger a "rollout-restart" for each target whenever the Vault secret changes between reconciliation events.<br />All configured targets wil be ignored if HMACSecretData is set to false.<br />See RolloutRestartTarget for more details. | | |
| `rolloutRestartTargets` _[RolloutRestartTarget](#rolloutrestarttarget) array_ | RolloutRestartTargets should be configured whenever the application(s) consuming the Vault secret does<br />not support dynamically reloading a rotated secret.<br />In that case one, or more RolloutRestartTarget(s) can be configured here. The Operator will<br />trigger a "rollout-restart" for each target whenever the Vault secret changes between reconciliation events.<br />All configured targets will be ignored if HMACSecretData is set to false.<br />See RolloutRestartTarget for more details. | | |
| `destination` _[Destination](#destination)_ | Destination provides configuration necessary for syncing the Vault secret to Kubernetes. | | |
| `syncConfig` _[SyncConfig](#syncconfig)_ | SyncConfig configures sync behavior from Vault to VSO | | |

Expand Down
Loading