Browse Source

Deployed b1bad77e to main with MkDocs 1.4.3 and mike 1.2.0.dev0

moolen 2 years ago
parent
commit
e2c91228eb

+ 42 - 0
main/api/spec/index.html

@@ -6511,6 +6511,32 @@ OracleSecretRef
 </tr>
 </tr>
 </tbody>
 </tbody>
 </table>
 </table>
+<h3 id="external-secrets.io/v1beta1.OraclePrincipalType">OraclePrincipalType
+(<code>string</code> alias)</p></h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.OracleProvider">OracleProvider</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody><tr><td><p>&#34;InstancePrincipal&#34;</p></td>
+<td><p>InstancePrincipal represents a instance principal.</p>
+</td>
+</tr><tr><td><p>&#34;UserPrincipal&#34;</p></td>
+<td><p>UserPrincipal represents a user principal.</p>
+</td>
+</tr><tr><td><p>&#34;Workload&#34;</p></td>
+<td><p>WorkloadPrincipal represents a workload principal.</p>
+</td>
+</tr></tbody>
+</table>
 <h3 id="external-secrets.io/v1beta1.OracleProvider">OracleProvider
 <h3 id="external-secrets.io/v1beta1.OracleProvider">OracleProvider
 </h3>
 </h3>
 <p>
 <p>
@@ -6553,6 +6579,22 @@ string
 </tr>
 </tr>
 <tr>
 <tr>
 <td>
 <td>
+<code>principalType</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.OraclePrincipalType">
+OraclePrincipalType
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>The type of principal to use for authentication. If left blank, the Auth struct will
+determine the principal type. This optional field must be specified if using
+workload identity.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>auth</code></br>
 <code>auth</code></br>
 <em>
 <em>
 <a href="#external-secrets.io/v1beta1.OracleAuth">
 <a href="#external-secrets.io/v1beta1.OracleAuth">

+ 18 - 2
main/provider/oracle-vault/index.html

@@ -2255,8 +2255,9 @@
 <h2 id="oracle-vault">Oracle Vault</h2>
 <h2 id="oracle-vault">Oracle Vault</h2>
 <p>External Secrets Operator integrates with <a href="https://github.com/oracle/oci-go-sdk">OCI API</a> to sync secret on the Oracle Vault to secrets held on the Kubernetes cluster.</p>
 <p>External Secrets Operator integrates with <a href="https://github.com/oracle/oci-go-sdk">OCI API</a> to sync secret on the Oracle Vault to secrets held on the Kubernetes cluster.</p>
 <h3 id="authentication">Authentication</h3>
 <h3 id="authentication">Authentication</h3>
-<p>If <code>auth</code> is not specified, the operator uses the instance principal.</p>
-<p>For using a specific user credentials, userOCID, tenancyOCID, fingerprint and private key are required.
+<p>Specify the authenticating principal with <code>principalType</code>, using <code>UserPrincipal</code>, <code>InstancePrincipal</code>, or <code>Workload</code> as values.
+If <code>principalType</code> or <code>auth</code> are not set, the operator defaults to instance principal for authentication.</p>
+<p>For user principal, userOCID, tenancyOCID, fingerprint and private key are required.
 The fingerprint and key file should be supplied in the secret with the rest being provided in the secret store.</p>
 The fingerprint and key file should be supplied in the secret with the rest being provided in the secret store.</p>
 <p>See url for what region you you are accessing.
 <p>See url for what region you you are accessing.
 <img alt="userOCID-details" src="../../pictures/screenshot_region.png" /></p>
 <img alt="userOCID-details" src="../../pictures/screenshot_region.png" /></p>
@@ -2293,6 +2294,20 @@ This will automatically generate a fingerprint.
 <span class="w">    </span><span class="nt">oracle</span><span class="p">:</span>
 <span class="w">    </span><span class="nt">oracle</span><span class="p">:</span>
 <span class="w">      </span><span class="nt">vault</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault OCID</span>
 <span class="w">      </span><span class="nt">vault</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault OCID</span>
 <span class="w">      </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault region</span>
 <span class="w">      </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault region</span>
+<span class="w">      </span><span class="nt">principalType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">InstancePrincipal</span>
+
+<span class="nn">---</span>
+
+<span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1beta1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">example-workload-identity</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">provider</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">oracle</span><span class="p">:</span>
+<span class="w">      </span><span class="nt">vault</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault OCID</span>
+<span class="w">      </span><span class="nt">region</span><span class="p">:</span><span class="w"> </span><span class="c1"># The vault region</span>
+<span class="w">      </span><span class="nt">principalType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Workload</span>
 
 
 <span class="nn">---</span>
 <span class="nn">---</span>
 
 
@@ -2308,6 +2323,7 @@ This will automatically generate a fingerprint.
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span>
 <span class="w">      </span><span class="nt">auth</span><span class="p">:</span>
 <span class="w">        </span><span class="nt">user</span><span class="p">:</span><span class="w"> </span><span class="c1"># A user OCID</span>
 <span class="w">        </span><span class="nt">user</span><span class="p">:</span><span class="w"> </span><span class="c1"># A user OCID</span>
 <span class="w">        </span><span class="nt">tenancy</span><span class="p">:</span><span class="w"> </span><span class="c1"># A user&#39;s tenancy</span>
 <span class="w">        </span><span class="nt">tenancy</span><span class="p">:</span><span class="w"> </span><span class="c1"># A user&#39;s tenancy</span>
+<span class="w">        </span><span class="nt">principalType</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">UserPrincipal</span>
 <span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span>
 <span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span>
 <span class="w">          </span><span class="nt">privatekey</span><span class="p">:</span>
 <span class="w">          </span><span class="nt">privatekey</span><span class="p">:</span>
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">oracle-secret</span>
 <span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">oracle-secret</span>

File diff suppressed because it is too large
+ 0 - 0
main/search/search_index.json


BIN
main/sitemap.xml.gz


+ 15 - 0
main/snippets/oracle-secret-store.yaml

@@ -7,6 +7,20 @@ spec:
     oracle:
     oracle:
       vault: # The vault OCID
       vault: # The vault OCID
       region: # The vault region
       region: # The vault region
+      principalType: InstancePrincipal
+
+---
+
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: example-workload-identity
+spec:
+  provider:
+    oracle:
+      vault: # The vault OCID
+      region: # The vault region
+      principalType: Workload
 
 
 ---
 ---
 
 
@@ -22,6 +36,7 @@ spec:
       auth:
       auth:
         user: # A user OCID
         user: # A user OCID
         tenancy: # A user's tenancy
         tenancy: # A user's tenancy
+        principalType: UserPrincipal
         secretRef:
         secretRef:
           privatekey:
           privatekey:
             name: oracle-secret
             name: oracle-secret

Some files were not shown because too many files changed in this diff