#150 Define data model for the Vault LDAP auth method

apis/externalsecrets/v1alpha1/secretstore_vault_types.go

@@ -77,6 +77,11 @@ type VaultAuth struct {
 	// token stored in the named Secret resource to the Vault server.
 	// +optional
 	Kubernetes *VaultKubernetesAuth `json:"kubernetes,omitempty"`
+
+	// Ldap authenticates with Vault by passing username/password pair using
+	// the LDAP authentication method
+	// +optional
+	Ldap *VaultLdapAuth `json:"ldap,omitempty"`
 }
 
 // VaultAppRole authenticates with Vault using the App Role auth mechanism,
@@ -124,3 +129,16 @@ type VaultKubernetesAuth struct {
 	// Kubernetes ServiceAccount with a set of Vault policies.
 	Role string `json:"role"`
 }
+
+// VaultLdapAuth authenticates with Vault using the LDAP authentication method,
+// with the username and password stored in a Kubernetes Secret resource.
+type VaultLdapAuth struct {
+	// Username is a LDAP user name used to authenticate using the LDAP Vault
+	// authentication method
+	Username string `json:"username"`
+
+	// SecretRef to a key in a Secret resource containing password for the LDAP
+	// user used to authenticate with Vault using the LDAP authentication
+	// method
+	SecretRef *esmeta.SecretKeySelector `json:"tokenSecretRef,omitempty"`
+}

apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go

@@ -567,6 +567,11 @@ func (in *VaultAuth) DeepCopyInto(out *VaultAuth) {
 		*out = new(VaultKubernetesAuth)
 		(*in).DeepCopyInto(*out)
 	}
+	if in.Ldap != nil {
+		in, out := &in.Ldap, &out.Ldap
+		*out = new(VaultLdapAuth)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultAuth.
@@ -605,6 +610,26 @@ func (in *VaultKubernetesAuth) DeepCopy() *VaultKubernetesAuth {
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *VaultLdapAuth) DeepCopyInto(out *VaultLdapAuth) {
+	*out = *in
+	if in.SecretRef != nil {
+		in, out := &in.SecretRef, &out.SecretRef
+		*out = new(metav1.SecretKeySelector)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultLdapAuth.
+func (in *VaultLdapAuth) DeepCopy() *VaultLdapAuth {
+	if in == nil {
+		return nil
+	}
+	out := new(VaultLdapAuth)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *VaultProvider) DeepCopyInto(out *VaultProvider) {
 	*out = *in
 	in.Auth.DeepCopyInto(&out.Auth)

deploy/crds/external-secrets.io_clustersecretstores.yaml

@@ -255,6 +255,43 @@ spec:
                             - mountPath
                             - role
                             type: object
+                          ldap:
+                            description: Ldap authenticates with Vault by passing
+                              username/password pair using the LDAP authentication
+                              method
+                            properties:
+                              tokenSecretRef:
+                                description: SecretRef to a key in a Secret resource
+                                  containing password for the LDAP user used to authenticate
+                                  with Vault using the LDAP authentication method
+                                properties:
+                                  key:
+                                    description: The key of the entry in the Secret
+                                      resource's `data` field to be used. Some instances
+                                      of this field may be defaulted, in others it
+                                      may be required.
+                                    type: string
+                                  name:
+                                    description: The name of the Secret resource being
+                                      referred to.
+                                    type: string
+                                  namespace:
+                                    description: Namespace of the resource being referred
+                                      to. Ignored if referent is not cluster-scoped.
+                                      cluster-scoped defaults to the namespace of
+                                      the referent.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              username:
+                                description: Username is a LDAP user name used to
+                                  authenticate using the LDAP Vault authentication
+                                  method
+                                type: string
+                            required:
+                            - username
+                            type: object
                           tokenSecretRef:
                             description: TokenSecretRef authenticates with Vault by
                               presenting a token.

deploy/crds/external-secrets.io_secretstores.yaml

@@ -255,6 +255,43 @@ spec:
                             - mountPath
                             - role
                             type: object
+                          ldap:
+                            description: Ldap authenticates with Vault by passing
+                              username/password pair using the LDAP authentication
+                              method
+                            properties:
+                              tokenSecretRef:
+                                description: SecretRef to a key in a Secret resource
+                                  containing password for the LDAP user used to authenticate
+                                  with Vault using the LDAP authentication method
+                                properties:
+                                  key:
+                                    description: The key of the entry in the Secret
+                                      resource's `data` field to be used. Some instances
+                                      of this field may be defaulted, in others it
+                                      may be required.
+                                    type: string
+                                  name:
+                                    description: The name of the Secret resource being
+                                      referred to.
+                                    type: string
+                                  namespace:
+                                    description: Namespace of the resource being referred
+                                      to. Ignored if referent is not cluster-scoped.
+                                      cluster-scoped defaults to the namespace of
+                                      the referent.
+                                    type: string
+                                required:
+                                - name
+                                type: object
+                              username:
+                                description: Username is a LDAP user name used to
+                                  authenticate using the LDAP Vault authentication
+                                  method
+                                type: string
+                            required:
+                            - username
+                            type: object
                           tokenSecretRef:
                             description: TokenSecretRef authenticates with Vault by
                               presenting a token.