Added SecretStoreRefs to the CRD defintion

Fixing data.match type.

Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
Signed-off-by: Marcin Kubica <marcin.kubica@engineerbetter.com>
Signed-off-by: William Young <will.young@engineerbetter.com>
Signed-off-by: Dominic Meddick <dom.meddick@engineerbetter.com>

apis/externalsecrets/v1alpha1/secretsink_types.go

@@ -19,10 +19,21 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+type SecretSinkStoreRef struct {
+	// Name of the SecretStore resource
+	Name string `json:"name"`
+
+	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
+	// Defaults to `SecretStore`
+	// +optional
+	Kind string `json:"kind,omitempty"`
+}
+
 // SecretSinkSpec configures the behavior of the SecretSink.
 type SecretSinkSpec struct {
-	Selector SecretSinkSelector `json:"selector"`
-	Data     []SecretSinkData   `json:"data,omitempty"`
+	SecretStoreRefs []SecretSinkStoreRef `json:"secretStoreRefs"`
+	Selector        SecretSinkSelector   `json:"selector"`
+	Data            []SecretSinkData     `json:"data,omitempty"`
 }
 
 type SecretSinkSecret struct {
@@ -43,7 +54,7 @@ type SecretSinkMatch struct {
 }
 
 type SecretSinkData struct {
-	Match SecretSinkMatch `json:"match"`
+	Match []SecretSinkMatch `json:"match"`
 }
 
 // SecretSinkConditionType indicates the condition of the SecretSink.

apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go

@@ -994,7 +994,13 @@ func (in *SecretSink) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SecretSinkData) DeepCopyInto(out *SecretSinkData) {
 	*out = *in
-	in.Match.DeepCopyInto(&out.Match)
+	if in.Match != nil {
+		in, out := &in.Match, &out.Match
+		*out = make([]SecretSinkMatch, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretSinkData.
@@ -1108,6 +1114,11 @@ func (in *SecretSinkSelector) DeepCopy() *SecretSinkSelector {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SecretSinkSpec) DeepCopyInto(out *SecretSinkSpec) {
 	*out = *in
+	if in.SecretStoreRefs != nil {
+		in, out := &in.SecretStoreRefs, &out.SecretStoreRefs
+		*out = make([]SecretSinkStoreRef, len(*in))
+		copy(*out, *in)
+	}
 	out.Selector = in.Selector
 	if in.Data != nil {
 		in, out := &in.Data, &out.Data
@@ -1167,6 +1178,21 @@ func (in *SecretSinkStatusCondition) DeepCopy() *SecretSinkStatusCondition {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SecretSinkStoreRef) DeepCopyInto(out *SecretSinkStoreRef) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretSinkStoreRef.
+func (in *SecretSinkStoreRef) DeepCopy() *SecretSinkStoreRef {
+	if in == nil {
+		return nil
+	}
+	out := new(SecretSinkStoreRef)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *SecretStore) DeepCopyInto(out *SecretStore) {
 	*out = *in

config/crds/bases/external-secrets.io_secretsinks.yaml

@@ -39,26 +39,42 @@ spec:
                 items:
                   properties:
                     match:
-                      properties:
-                        remoteRefs:
-                          items:
-                            properties:
-                              remoteKey:
-                                type: string
-                            required:
-                            - remoteKey
-                            type: object
-                          type: array
-                        secretKey:
-                          type: string
-                      required:
-                      - remoteRefs
-                      - secretKey
-                      type: object
+                      items:
+                        properties:
+                          remoteRefs:
+                            items:
+                              properties:
+                                remoteKey:
+                                  type: string
+                              required:
+                              - remoteKey
+                              type: object
+                            type: array
+                          secretKey:
+                            type: string
+                        required:
+                        - remoteRefs
+                        - secretKey
+                        type: object
+                      type: array
                   required:
                   - match
                   type: object
                 type: array
+              secretStoreRefs:
+                items:
+                  properties:
+                    kind:
+                      description: Kind of the SecretStore resource (SecretStore or
+                        ClusterSecretStore) Defaults to `SecretStore`
+                      type: string
+                    name:
+                      description: Name of the SecretStore resource
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
               selector:
                 properties:
                   secret:
@@ -72,6 +88,7 @@ spec:
                 - secret
                 type: object
             required:
+            - secretStoreRefs
             - selector
             type: object
           status:

deploy/crds/bundle.yaml

@@ -3042,26 +3042,41 @@ spec:
                   items:
                     properties:
                       match:
-                        properties:
-                          remoteRefs:
-                            items:
-                              properties:
-                                remoteKey:
-                                  type: string
-                              required:
-                                - remoteKey
-                              type: object
-                            type: array
-                          secretKey:
-                            type: string
-                        required:
-                          - remoteRefs
-                          - secretKey
-                        type: object
+                        items:
+                          properties:
+                            remoteRefs:
+                              items:
+                                properties:
+                                  remoteKey:
+                                    type: string
+                                required:
+                                  - remoteKey
+                                type: object
+                              type: array
+                            secretKey:
+                              type: string
+                          required:
+                            - remoteRefs
+                            - secretKey
+                          type: object
+                        type: array
                     required:
                       - match
                     type: object
                   type: array
+                secretStoreRefs:
+                  items:
+                    properties:
+                      kind:
+                        description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore`
+                        type: string
+                      name:
+                        description: Name of the SecretStore resource
+                        type: string
+                    required:
+                      - name
+                    type: object
+                  type: array
                 selector:
                   properties:
                     secret:
@@ -3075,6 +3090,7 @@ spec:
                     - secret
                   type: object
               required:
+                - secretStoreRefs
                 - selector
               type: object
             status: