enforce that exactly one auth property is used

apis/externalsecrets/v1alpha1/secretstore_kubernetes_types.go

@@ -55,6 +55,8 @@ type KubernetesProvider struct {
 	RemoteNamespace string `json:"remoteNamespace"`
 }
 
+// +kubebuilder:validation:MinProperties=1
+// +kubebuilder:validation:MaxProperties=1
 type KubernetesAuth struct {
 	// has both clientCert and clientKey as secretKeySelector
 	// +optional

deploy/crds/external-secrets.io_clustersecretstores.yaml

@@ -562,6 +562,8 @@ spec:
                       auth:
                         description: Auth configures how secret-manager authenticates
                           with a Kubernetes instance.
+                        maxProperties: 1
+                        minProperties: 1
                         properties:
                           cert:
                             description: has both clientCert and clientKey as secretKeySelector

deploy/crds/external-secrets.io_secretstores.yaml

@@ -562,6 +562,8 @@ spec:
                       auth:
                         description: Auth configures how secret-manager authenticates
                           with a Kubernetes instance.
+                        maxProperties: 1
+                        minProperties: 1
                         properties:
                           cert:
                             description: has both clientCert and clientKey as secretKeySelector