diff --git a/Makefile b/Makefile index ad8a8848..555a28f3 100644 --- a/Makefile +++ b/Makefile @@ -190,7 +190,7 @@ KURUN_VERSION = 0.7.0 CODE_GENERATOR_VERSION = 0.27.1 HELM_DOCS_VERSION = 1.11.0 KUSTOMIZE_VERSION = 5.1.0 -CONTROLLER_TOOLS_VERSION = 0.12.1 +CONTROLLER_TOOLS_VERSION = 0.15.0 # Dependency binaries GOLANGCI_LINT_BIN := golangci-lint diff --git a/deploy/charts/vault-operator/crds/crd.yaml b/deploy/charts/vault-operator/crds/crd.yaml index 2e40ee81..4db28ced 100644 --- a/deploy/charts/vault-operator/crds/crd.yaml +++ b/deploy/charts/vault-operator/crds/crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaults.vault.banzaicloud.com spec: group: vault.banzaicloud.com @@ -1264,6 +1264,23 @@ spec: secretNamespace: type: string type: object + oci: + properties: + bucketName: + type: string + bucketNamespace: + type: string + bucketPrefix: + type: string + cryptographicEndpoint: + type: string + keyOCID: + type: string + required: + - bucketName + - cryptographicEndpoint + - keyOCID + type: object options: properties: preFlightChecks: diff --git a/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml b/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml index 2e40ee81..4db28ced 100644 --- a/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml +++ b/deploy/crd/bases/vault.banzaicloud.com_vaults.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaults.vault.banzaicloud.com spec: group: vault.banzaicloud.com @@ -1264,6 +1264,23 @@ spec: secretNamespace: type: string type: object + oci: + properties: + bucketName: + type: string + bucketNamespace: + type: string + bucketPrefix: + type: string + cryptographicEndpoint: + type: string + keyOCID: + type: string + required: + - bucketName + - cryptographicEndpoint + - keyOCID + type: object options: properties: preFlightChecks: diff --git a/pkg/apis/vault/v1alpha1/vault_types.go b/pkg/apis/vault/v1alpha1/vault_types.go index f6902523..c4797caf 100644 --- a/pkg/apis/vault/v1alpha1/vault_types.go +++ b/pkg/apis/vault/v1alpha1/vault_types.go @@ -50,6 +50,7 @@ var ( "mysql": true, "postgresql": true, "raft": true, + "oci": true, "spanner": true, "zookeeper": true, } @@ -661,6 +662,7 @@ type UnsealConfig struct { Alibaba *AlibabaUnsealConfig `json:"alibaba,omitempty"` Azure *AzureUnsealConfig `json:"azure,omitempty"` AWS *AWSUnsealConfig `json:"aws,omitempty"` + OCI *OCIUnsealConfig `json:"oci,omitempty"` Vault *VaultUnsealConfig `json:"vault,omitempty"` HSM *HSMUnsealConfig `json:"hsm,omitempty"` } @@ -710,6 +712,21 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string { "--azure-key-vault-name", usc.Azure.KeyVaultName, ) + } else if usc.OCI != nil { + args = append(args, + "--mode", + "oci", + "--oci-key-ocid", + usc.OCI.KeyOCID, + "--oci-cryptographic-endpoint", + usc.OCI.CryptographicEndpoint, + "--oci-bucket-namespace", + usc.OCI.BucketNamespace, + "--oci-bucket-name", + usc.OCI.BucketName, + "--oci-bucket-prefix", + usc.OCI.BucketPrefix, + ) } else if usc.AWS != nil { args = append(args, "--mode", @@ -911,6 +928,15 @@ type AWSUnsealConfig struct { S3SSE string `json:"s3SSE,omitempty"` } +// OCIUnsealConfig holds the parameters for Oracle Cloud Infrastructure based unsealing +type OCIUnsealConfig struct { + KeyOCID string `json:"keyOCID"` + CryptographicEndpoint string `json:"cryptographicEndpoint"` + BucketName string `json:"bucketName"` + BucketNamespace string `json:"bucketNamespace,omitempty"` + BucketPrefix string `json:"bucketPrefix,omitempty"` +} + // VaultUnsealConfig holds the parameters for remote Vault based unsealing type VaultUnsealConfig struct { Address string `json:"address"` diff --git a/pkg/apis/vault/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/vault/v1alpha1/zz_generated.deepcopy.go index 9d2a08a3..83a72f6f 100644 --- a/pkg/apis/vault/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/vault/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Copyright © 2019 Banzai Cloud // @@ -369,6 +368,21 @@ func (in *KubernetesUnsealConfig) DeepCopy() *KubernetesUnsealConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OCIUnsealConfig) DeepCopyInto(out *OCIUnsealConfig) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OCIUnsealConfig. +func (in *OCIUnsealConfig) DeepCopy() *OCIUnsealConfig { + if in == nil { + return nil + } + out := new(OCIUnsealConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Resources) DeepCopyInto(out *Resources) { *out = *in @@ -434,6 +448,11 @@ func (in *UnsealConfig) DeepCopyInto(out *UnsealConfig) { *out = new(AWSUnsealConfig) **out = **in } + if in.OCI != nil { + in, out := &in.OCI, &out.OCI + *out = new(OCIUnsealConfig) + **out = **in + } if in.Vault != nil { in, out := &in.Vault, &out.Vault *out = new(VaultUnsealConfig)