Text file src/github.com/GoogleCloudPlatform/k8s-config-connector/config/servicemappings/secretmanager.yaml

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/config/servicemappings

     1# Copyright 2022 Google LLC
     2#
     3# Licensed under the Apache License, Version 2.0 (the "License");
     4# you may not use this file except in compliance with the License.
     5# You may obtain a copy of the License at
     6#
     7#      http://www.apache.org/licenses/LICENSE-2.0
     8#
     9# Unless required by applicable law or agreed to in writing, software
    10# distributed under the License is distributed on an "AS IS" BASIS,
    11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12# See the License for the specific language governing permissions and
    13# limitations under the License.
    14
    15apiVersion: core.cnrm.cloud.google.com/v1alpha1
    16kind: ServiceMapping
    17metadata:
    18  name: secretmanager.cnrm.cloud.google.com
    19  namespace: cnrm-system
    20spec:
    21  name: SecretManager
    22  version: v1beta1
    23  serviceHostName: "secretmanager.googleapis.com"
    24  resources:
    25    - name: google_secret_manager_secret
    26      kind: SecretManagerSecret
    27      idTemplate: projects/{{project}}/secrets/{{secret_id}}
    28      idTemplateCanBeUsedToMatchResourceName: true
    29      resourceAvailableInAssetInventory: true
    30      metadataMapping:
    31        name: secret_id
    32        labels: labels
    33      resourceID:
    34        targetField: secret_id
    35      resourceReferences:
    36        - tfField: replication.user_managed.replicas.customer_managed_encryption.kms_key_name
    37          description: |-
    38            Customer Managed Encryption for the secret.
    39          key: kmsKeyRef
    40          gvk:
    41            kind: KMSCryptoKey
    42            version: v1beta1
    43            group: kms.cnrm.cloud.google.com
    44          targetField: self_link
    45        - tfField: topics.name
    46          description: |-
    47            A list of up to 10 Pub/Sub topics to which messages are
    48            published when control plane operations are called on the secret
    49            or its versions.
    50          valueTemplate: "projects/{{project}}/topics/{{value}}"
    51          key: topicRef
    52          gvk:
    53            kind: PubSubTopic
    54            version: v1beta1
    55            group: pubsub.cnrm.cloud.google.com
    56      iamConfig:
    57        policyName: google_secret_manager_secret_iam_policy
    58        policyMemberName: google_secret_manager_secret_iam_member
    59        referenceField:
    60          name: secret_id
    61          type: name
    62        supportsConditions: false
    63      containers:
    64        - type: project
    65          tfField: project
    66    - name: google_secret_manager_secret_version
    67      kind: SecretManagerSecretVersion
    68      # importer is broken -- doesn't break out the project and secret subfields
    69      idTemplateCanBeUsedToMatchResourceName: false
    70      resourceAvailableInAssetInventory: true
    71      serverGeneratedIDField: name
    72      resourceID:
    73        targetField: name
    74        valueTemplate: "{{secret}}/versions/{{value}}"
    75      resourceReferences:
    76        - tfField: secret
    77          description: |-
    78            Secret Manager secret resource
    79          key: secretRef
    80          gvk:
    81            kind: SecretManagerSecret
    82            version: v1beta1
    83            group: secretmanager.cnrm.cloud.google.com
    84          targetField: name
    85          parent: true

View as plain text