Deployed b1bad77e to main with MkDocs 1.4.3 and mike 1.2.0.dev0

main/api/spec/index.html

@@ -6511,6 +6511,32 @@ OracleSecretRef
 </tr>
 </tbody>
 </table>
+<h3 id="external-secrets.io/v1beta1.OraclePrincipalType">OraclePrincipalType
+(<code>string</code> alias)</p></h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.OracleProvider">OracleProvider</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody><tr><td><p>&#34;InstancePrincipal&#34;</p></td>
+<td><p>InstancePrincipal represents a instance principal.</p>
+</td>
+</tr><tr><td><p>&#34;UserPrincipal&#34;</p></td>
+<td><p>UserPrincipal represents a user principal.</p>
+</td>
+</tr><tr><td><p>&#34;Workload&#34;</p></td>
+<td><p>WorkloadPrincipal represents a workload principal.</p>
+</td>
+</tr></tbody>
+</table>
 <h3 id="external-secrets.io/v1beta1.OracleProvider">OracleProvider
 </h3>
 <p>
@@ -6553,6 +6579,22 @@ string
 </tr>
 <tr>
 <td>
+<code>principalType</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.OraclePrincipalType">
+OraclePrincipalType
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The type of principal to use for authentication. If left blank, the Auth struct will
+determine the principal type. This optional field must be specified if using
+workload identity.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>auth</code></br>
 <em>
 <a href="#external-secrets.io/v1beta1.OracleAuth">

main/provider/oracle-vault/index.html

@@ -2255,8 +2255,9 @@
 <h2 id="oracle-vault">Oracle Vault</h2>
 <p>External Secrets Operator integrates with <a href="https://github.com/oracle/oci-go-sdk">OCI API</a> to sync secret on the Oracle Vault to secrets held on the Kubernetes cluster.</p>
 <h3 id="authentication">Authentication</h3>
-<p>If <code>auth</code> is not specified, the operator uses the instance principal.</p>
-<p>For using a specific user credentials, userOCID, tenancyOCID, fingerprint and private key are required.
+<p>Specify the authenticating principal with <code>principalType</code>, using <code>UserPrincipal</code>, <code>InstancePrincipal</code>, or <code>Workload</code> as values.
+If <code>principalType</code> or <code>auth</code> are not set, the operator defaults to instance principal for authentication.</p>
+<p>For user principal, userOCID, tenancyOCID, fingerprint and private key are required.
 The fingerprint and key file should be supplied in the secret with the rest being provided in the secret store.</p>
 <p>See url for what region you you are accessing.
 <img alt="userOCID-details" src="../../pictures/screenshot_region.png" /></p>
@@ -2293,6 +2294,20 @@ This will automatically generate a fingerprint.
 <span class="w">    </span><span class="nt">oracle</span><span class="p">:</span>
 <span class="w">      </span><span class="nt">vault</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault OCID</span>
 <span class="w">      </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault region</span>
+<span class="w">      </span><span class="nt">principalType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">InstancePrincipal</span>
+
+<span class="nn">---</span>
+
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-workload-identity</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">provider</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">oracle</span><span class="p">:</span>
+<span class="w">      </span><span class="nt">vault</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault OCID</span>
+<span class="w">      </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault region</span>
+<span class="w">      </span><span class="nt">principalType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Workload</span>
 
 <span class="nn">---</span>
 
@@ -2308,6 +2323,7 @@ This will automatically generate a fingerprint.
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span>
 <span class="w">        </span><span class="nt">user</span><span class="p">:</span><span class="w"> </span><span class="c1"># A user OCID</span>
 <span class="w">        </span><span class="nt">tenancy</span><span class="p">:</span><span class="w"> </span><span class="c1"># A user&#39;s tenancy</span>
+<span class="w">        </span><span class="nt">principalType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">UserPrincipal</span>
 <span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span>
 <span class="w">          </span><span class="nt">privatekey</span><span class="p">:</span>
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">oracle-secret</span>

main/snippets/oracle-secret-store.yaml

@@ -7,6 +7,20 @@ spec:
     oracle:
       vault: # The vault OCID
       region: # The vault region
+      principalType: InstancePrincipal
+
+---
+
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: example-workload-identity
+spec:
+  provider:
+    oracle:
+      vault: # The vault OCID
+      region: # The vault region
+      principalType: Workload
 
 ---
 
@@ -22,6 +36,7 @@ spec:
       auth:
         user: # A user OCID
         tenancy: # A user's tenancy
+        principalType: UserPrincipal
         secretRef:
           privatekey:
             name: oracle-secret