From ee555a4c8c4c9eabe067ee72254e9e337db285b9 Mon Sep 17 00:00:00 2001 From: Bryce Lampe Date: Fri, 10 May 2024 16:16:35 -0700 Subject: [PATCH] Update controller-gen, fix `make test` (#581) `make test` was panicking locally with controller-gen v0.9.2. This updates controller-gen to v0.15, regenerates CRDs, and fixes a few other things to get `make test` runnable locally. --- CHANGELOG.md | 1 + Makefile | 4 +- deploy/crds/pulumi.com_programs.yaml | 48 +- deploy/crds/pulumi.com_stacks.yaml | 879 +++++++++--------- docs/programs.md | 15 +- docs/stacks.md | 522 ++++++++--- go.mod | 2 + go.sum | 2 + pkg/apis/pulumi/shared/stack_types.go | 2 +- .../pulumi/shared/zz_generated.deepcopy.go | 1 - pkg/apis/pulumi/v1/zz_generated.deepcopy.go | 1 - .../pulumi/v1alpha1/zz_generated.deepcopy.go | 1 - scripts/generate_crds.sh | 15 +- tools.go | 3 + 14 files changed, 911 insertions(+), 585 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d4b15887..b30da54e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ CHANGELOG ========= ## HEAD (unreleased) +- Regenerate CRDs with controller-gen v0.15.0. ## 1.15.0 (2024-04-12) - Clean up stale workspace directories and don't treat them as a crude lock. [#552](https://github.com/pulumi/pulumi-kubernetes-operator/pull/552) diff --git a/Makefile b/Makefile index 777efc8b..32bd62c1 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ install-crds: codegen: install-controller-gen install-crdoc generate-k8s generate-crds generate-crdocs install-controller-gen: - @echo "Installing controller-gen to GOPATH/bin"; pushd /tmp >& /dev/null && go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.2 ; popd >& /dev/null + @echo "Installing controller-gen to GOPATH/bin"; pushd /tmp >& /dev/null && go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.15.0 ; popd >& /dev/null install-crdoc: @echo "Installing crdoc to go GOPATH/bin"; pushd /tmp >& /dev/null && go install fybrik.io/crdoc@v0.5.2; popd >& /dev/null @@ -48,7 +48,7 @@ push-image: test: codegen download-test-deps KUBEBUILDER_ASSETS="$(shell setup-envtest --use-env use -p path)" \ - ginkgo -nodes=${TEST_NODES} --randomize-all ./test/... + go run github.com/onsi/ginkgo/v2/ginkgo -nodes=${TEST_NODES} --randomize-all -v ./... deploy: kubectl apply -f deploy/yaml/service_account.yaml diff --git a/deploy/crds/pulumi.com_programs.yaml b/deploy/crds/pulumi.com_programs.yaml index 2714f2ea..3d9fbc44 100644 --- a/deploy/crds/pulumi.com_programs.yaml +++ b/deploy/crds/pulumi.com_programs.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: programs.pulumi.com spec: group: pulumi.com @@ -25,14 +24,19 @@ spec: description: Program is the schema for the inline YAML program API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,8 +58,9 @@ spec: - List type: string type: object - description: configuration specifies the Pulumi config inputs to the - deployment. Either type or default is required. + description: |- + configuration specifies the Pulumi config inputs to the deployment. + Either type or default is required. type: object outputs: additionalProperties: @@ -77,9 +82,9 @@ spec: state: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: state contains the known properties (input - & output) of the resource. This assists the provider in - figuring out the correct resource. + description: |- + state contains the known properties (input & output) of the resource. This assists + the provider in figuring out the correct resource. type: object required: - id @@ -95,9 +100,9 @@ spec: type: string type: array aliases: - description: aliases specifies names that this resource - used to have, so that renaming or refactoring doesn’t - replace it. + description: |- + aliases specifies names that this resource used to have, so that renaming or refactoring + doesn’t replace it. items: type: string type: array @@ -139,9 +144,9 @@ spec: cloud account under the control of Pulumi. type: string parent: - description: parent resource option specifies a parent for - a resource. It is used to associate children with the - parents that encapsulate or are responsible for them. + description: |- + parent resource option specifies a parent for a resource. It is used to associate + children with the parents that encapsulate or are responsible for them. x-kubernetes-preserve-unknown-fields: true protect: description: protect prevents accidental deletion of a resource. @@ -180,8 +185,9 @@ spec: variables: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: variables specifies intermediate values of the program; - the values of variables are expressions that can be re-used. + description: |- + variables specifies intermediate values of the program; the values of variables are + expressions that can be re-used. type: object type: object type: object diff --git a/deploy/crds/pulumi.com_stacks.yaml b/deploy/crds/pulumi.com_stacks.yaml index b9d5a456..89fcd034 100644 --- a/deploy/crds/pulumi.com_stacks.yaml +++ b/deploy/crds/pulumi.com_stacks.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: stacks.pulumi.com spec: group: pulumi.com @@ -28,14 +27,19 @@ spec: description: Stack is the Schema for the stacks API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -44,51 +48,49 @@ spec: managed by this operator. properties: accessTokenSecret: - description: '(optional) AccessTokenSecret is the name of a Secret - containing the PULUMI_ACCESS_TOKEN for Pulumi access. Deprecated: - use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN - instead.' + description: |- + (optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access. + Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead. type: string backend: - description: '(optional) Backend is an optional backend URL to use - for all Pulumi operations.
Examples:
- Pulumi Service: "https://app.pulumi.com" - (default)
- Self-managed Pulumi Service: "https://pulumi.acmecorp.com" -
- Local: "file://./einstein"
- - AWS: "s3://"
- - Azure: "azblob://" -
- GCP: "gs://" -
See: https://www.pulumi.com/docs/intro/concepts/state/' + description: |- + (optional) Backend is an optional backend URL to use for all Pulumi operations.
+ Examples:
+ - Pulumi Service: "https://app.pulumi.com" (default)
+ - Self-managed Pulumi Service: "https://pulumi.acmecorp.com"
+ - Local: "file://./einstein"
+ - AWS: "s3://"
+ - Azure: "azblob://"
+ - GCP: "gs://"
+ See: https://www.pulumi.com/docs/intro/concepts/state/ type: string branch: - description: (optional) Branch is the branch name to deploy, either - the simple or fully qualified ref name, e.g. refs/heads/master. - This is mutually exclusive with the Commit setting. Either value - needs to be specified. When specified, the operator will periodically - poll to check if the branch has any new commits. The frequency of - the polling is configurable through ResyncFrequencySeconds, defaulting - to every 60 seconds. + description: |- + (optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This + is mutually exclusive with the Commit setting. Either value needs to be specified. + When specified, the operator will periodically poll to check if the branch has any new commits. + The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds. type: string commit: - description: (optional) Commit is the hash of the commit to deploy. - If used, HEAD will be in detached mode. This is mutually exclusive - with the Branch setting. Either value needs to be specified. + description: |- + (optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This + is mutually exclusive with the Branch setting. Either value needs to be specified. type: string config: additionalProperties: type: string - description: (optional) Config is the configuration for this stack, - which can be optionally specified inline. If this is omitted, configuration - is assumed to be checked in and taken from the source repository. + description: |- + (optional) Config is the configuration for this stack, which can be optionally specified inline. If this + is omitted, configuration is assumed to be checked in and taken from the source repository. type: object continueResyncOnCommitMatch: - description: (optional) ContinueResyncOnCommitMatch - when true - - informs the operator to continue trying to update stacks even if - the revision of the source matches. This might be useful in environments - where Pulumi programs have dynamic elements for example, calls to - internal APIs where GitOps style commit tracking is not sufficient. Defaults - to false, i.e. when a particular revision is successfully run, the - operator will not attempt to rerun the program at that revision - again. + description: |- + (optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying + to update stacks even if the revision of the source matches. This might be useful in + environments where Pulumi programs have dynamic elements for example, calls to internal APIs + where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a + particular revision is successfully run, the operator will not attempt to rerun the program + at that revision again. type: boolean destroyOnFinalize: description: (optional) DestroyOnFinalize can be set to true to destroy @@ -96,9 +98,10 @@ spec: type: boolean envRefs: additionalProperties: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes Secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on the @@ -140,54 +143,56 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object - description: (optional) EnvRefs is an optional map containing environment - variables as keys and stores descriptors to where the variables' - values should be loaded from (one of literal, environment variable, - file on the filesystem, or Kubernetes Secret) as values. + description: |- + (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where + the variables' values should be loaded from (one of literal, environment variable, file on the + filesystem, or Kubernetes Secret) as values. type: object envSecrets: - description: '(optional) SecretEnvs is an optional array of Secret - names containing environment variables to set. Deprecated: use EnvRefs - instead.' + description: |- + (optional) SecretEnvs is an optional array of Secret names containing environment variables to set. + Deprecated: use EnvRefs instead. items: type: string type: array envs: - description: '(optional) Envs is an optional array of config maps - containing environment variables to set. Deprecated: use EnvRefs - instead.' + description: |- + (optional) Envs is an optional array of config maps containing environment variables to set. + Deprecated: use EnvRefs instead. items: type: string type: array expectNoRefreshChanges: - description: (optional) ExpectNoRefreshChanges can be set to true - if a stack is not expected to have changes during a refresh before - the update is run. This could occur, for example, is a resource's - state is changing outside of Pulumi (e.g., metadata, timestamps). + description: |- + (optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have + changes during a refresh before the update is run. + This could occur, for example, is a resource's state is changing outside of Pulumi + (e.g., metadata, timestamps). type: boolean fluxSource: description: FluxSource specifies how to fetch source code from a Flux source object. properties: dir: - description: Dir gives the subdirectory containing the Pulumi - project (i.e., containing Pulumi.yaml) of interest, within the - fetched source. + description: |- + Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of + interest, within the fetched source. type: string sourceRef: properties: @@ -206,18 +211,21 @@ spec: - sourceRef type: object gitAuth: - description: '(optional) GitAuth allows configuring git authentication - options There are 3 different authentication options: * SSH private - key (and its optional password) * Personal access token * Basic - auth username and password Only one authentication mode will be - considered if more than one option is specified, with ssh private - key/password preferred first, then personal access token, and finally - basic auth credentials.' + description: |- + (optional) GitAuth allows configuring git authentication options + There are 3 different authentication options: + * SSH private key (and its optional password) + * Personal access token + * Basic auth username and password + Only one authentication mode will be considered if more than one option is specified, + with ssh private key/password preferred first, then personal access token, and finally + basic auth credentials. properties: accessToken: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes Secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on the @@ -259,31 +267,32 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object basicAuth: - description: BasicAuth configures git authentication through basic - auth — i.e. username and password. Both UserName and Password - are required. + description: |- + BasicAuth configures git authentication through basic auth — + i.e. username and password. Both UserName and Password are required. properties: password: - description: ResourceRef identifies a resource from which - information can be loaded. Environment variables, files - on the filesystem, Kubernetes Secrets and literal strings - are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -325,27 +334,27 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. - Deprecated; non-empty values will be considered - invalid unless namespace isolation is disabled in - the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object userName: - description: ResourceRef identifies a resource from which - information can be loaded. Environment variables, files - on the filesystem, Kubernetes Secrets and literal strings - are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -387,18 +396,18 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. - Deprecated; non-empty values will be considered - invalid unless namespace isolation is disabled in - the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type @@ -408,14 +417,15 @@ spec: - userName type: object sshAuth: - description: SSHAuth configures ssh-based auth for git authentication. + description: |- + SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional. properties: password: - description: ResourceRef identifies a resource from which - information can be loaded. Environment variables, files - on the filesystem, Kubernetes Secrets and literal strings - are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -457,27 +467,27 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. - Deprecated; non-empty values will be considered - invalid unless namespace isolation is disabled in - the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object sshPrivateKey: - description: ResourceRef identifies a resource from which - information can be loaded. Environment variables, files - on the filesystem, Kubernetes Secrets and literal strings - are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -519,18 +529,18 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. - Deprecated; non-empty values will be considered - invalid unless namespace isolation is disabled in - the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type @@ -540,39 +550,42 @@ spec: type: object type: object gitAuthSecret: - description: '(optional) GitAuthSecret is the the name of a Secret - containing an authentication option for the git repository. There - are 3 different authentication options: * Personal access token - * SSH private key (and it''s optional password) * Basic auth username - and password Only one authentication mode will be considered if - more than one option is specified, with ssh private key/password - preferred first, then personal access token, and finally basic auth - credentials. Deprecated. Use GitAuth instead.' + description: |- + (optional) GitAuthSecret is the the name of a Secret containing an + authentication option for the git repository. + There are 3 different authentication options: + * Personal access token + * SSH private key (and it's optional password) + * Basic auth username and password + Only one authentication mode will be considered if more than one option is specified, + with ssh private key/password preferred first, then personal access token, and finally + basic auth credentials. + Deprecated. Use GitAuth instead. type: string prerequisites: - description: (optional) Prerequisites is a list of references to other - stacks, each with a constraint on how long ago it must have succeeded. - This can be used to make sure e.g., state is re-evaluated before - running a stack that depends on it. + description: |- + (optional) Prerequisites is a list of references to other stacks, each with a constraint on + how long ago it must have succeeded. This can be used to make sure e.g., state is + re-evaluated before running a stack that depends on it. items: - description: PrerequisiteRef refers to another stack, and gives - requirements for the prerequisite to be considered satisfied. + description: |- + PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be + considered satisfied. properties: name: description: Name is the name of the Stack resource that is a prerequisite. type: string requirement: - description: Requirement gives specific requirements for the - prerequisite; the base requirement is that the referenced - stack is in a successful state. + description: |- + Requirement gives specific requirements for the prerequisite; the base requirement is that + the referenced stack is in a successful state. properties: succeededWithinDuration: - description: SucceededWithinDuration gives a duration within - which the prerequisite must have reached a succeeded state; - e.g., "1h" means "the prerequisite must be successful, - and have become so in the last hour". Fields (should there - ever be more than one) are not intended to be mutually + description: |- + SucceededWithinDuration gives a duration within which the prerequisite must have reached a + succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in + the last hour". Fields (should there ever be more than one) are not intended to be mutually exclusive. type: string type: object @@ -598,48 +611,54 @@ spec: stack before it is updated. type: boolean repoDir: - description: (optional) RepoDir is the directory to work from in the - project's source repository where Pulumi.yaml is located. It is - used in case Pulumi.yaml is not in the project source root. + description: |- + (optional) RepoDir is the directory to work from in the project's source repository + where Pulumi.yaml is located. It is used in case Pulumi.yaml is not + in the project source root. type: string resyncFrequencySeconds: - description: (optional) ResyncFrequencySeconds when set to a non-zero - value, triggers a resync of the stack at the specified frequency - even if no changes to the custom resource are detected. If branch - tracking is enabled (branch is non-empty), commit polling will occur - at this frequency. The minimal resync frequency supported is 60 - seconds. The default value for this field is 60 seconds. + description: |- + (optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at + the specified frequency even if no changes to the custom resource are detected. + If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency. + The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds. format: int64 type: integer retryOnUpdateConflict: - description: (optional) RetryOnUpdateConflict issues a stack update - retry reconciliation loop in the event that the update hits a HTTP - 409 conflict due to another update in progress. This is only recommended - if you are sure that the stack updates are idempotent, and if you - are willing to accept retry loops until all spawned retries succeed. - This will also create a more populated, and randomized activity - timeline for the stack in the Pulumi Service. + description: |- + (optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop + in the event that the update hits a HTTP 409 conflict due to + another update in progress. + This is only recommended if you are sure that the stack updates are + idempotent, and if you are willing to accept retry loops until + all spawned retries succeed. This will also create a more populated, + and randomized activity timeline for the stack in the Pulumi Service. type: boolean secrets: additionalProperties: type: string - description: '(optional) Secrets is the secret configuration for this - stack, which can be optionally specified inline. If this is omitted, - secrets configuration is assumed to be checked in and taken from - the source repository. Deprecated: use SecretRefs instead.' + description: |- + (optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this + is omitted, secrets configuration is assumed to be checked in and taken from the source repository. + Deprecated: use SecretRefs instead. type: object secretsProvider: - description: '(optional) SecretsProvider is used to initialize a Stack - with alternative encryption. Examples: - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" - - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" - - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" - - See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption' + description: |- + (optional) SecretsProvider is used to initialize a Stack with alternative encryption. + Examples: + - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" + - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" + - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" + + + See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption type: string secretsRef: additionalProperties: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes Secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on the @@ -681,42 +700,42 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object - description: (optional) SecretRefs is the secret configuration for - this stack which can be specified through ResourceRef. If this is - omitted, secrets configuration is assumed to be checked in and taken - from the source repository. + description: |- + (optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef. + If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository. type: object stack: description: Stack is the fully qualified name of the stack to deploy (/). type: string targets: - description: (optional) Targets is a list of URNs of resources to - update exclusively. If supplied, only resources mentioned will be - updated. + description: |- + (optional) Targets is a list of URNs of resources to update exclusively. If supplied, only + resources mentioned will be updated. items: type: string type: array useLocalStackOnly: - description: (optional) UseLocalStackOnly can be set to true to prevent - the operator from creating stacks that do not exist in the tracking - git repo. The default behavior is to create a stack if it doesn't - exist. + description: |- + (optional) UseLocalStackOnly can be set to true to prevent the operator from + creating stacks that do not exist in the tracking git repo. + The default behavior is to create a stack if it doesn't exist. type: boolean required: - stack @@ -726,43 +745,49 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -776,11 +801,12 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -822,8 +848,9 @@ spec: format: int64 type: integer observedReconcileRequest: - description: ObservedReconcileRequest records the value of the annotation - named for `ReconcileRequestAnnotation` when it was last seen. + description: |- + ObservedReconcileRequest records the value of the annotation named for + `ReconcileRequestAnnotation` when it was last seen. type: string outputs: additionalProperties: @@ -840,20 +867,25 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'Stack is the Schema for the stacks API. Deprecated: Note Stacks - from pulumi.com/v1alpha1 is deprecated in favor of pulumi.com/v1. It is - completely backward compatible. Users are strongly encouraged to switch - to pulumi.com/v1.' + description: |- + Stack is the Schema for the stacks API. + Deprecated: Note Stacks from pulumi.com/v1alpha1 is deprecated in favor of pulumi.com/v1. + It is completely backward compatible. Users are strongly encouraged to switch to pulumi.com/v1. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -862,51 +894,49 @@ spec: managed by this operator. properties: accessTokenSecret: - description: '(optional) AccessTokenSecret is the name of a Secret - containing the PULUMI_ACCESS_TOKEN for Pulumi access. Deprecated: - use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN - instead.' + description: |- + (optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access. + Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead. type: string backend: - description: '(optional) Backend is an optional backend URL to use - for all Pulumi operations.
Examples:
- Pulumi Service: "https://app.pulumi.com" - (default)
- Self-managed Pulumi Service: "https://pulumi.acmecorp.com" -
- Local: "file://./einstein"
- - AWS: "s3://"
- - Azure: "azblob://" -
- GCP: "gs://" -
See: https://www.pulumi.com/docs/intro/concepts/state/' + description: |- + (optional) Backend is an optional backend URL to use for all Pulumi operations.
+ Examples:
+ - Pulumi Service: "https://app.pulumi.com" (default)
+ - Self-managed Pulumi Service: "https://pulumi.acmecorp.com"
+ - Local: "file://./einstein"
+ - AWS: "s3://"
+ - Azure: "azblob://"
+ - GCP: "gs://"
+ See: https://www.pulumi.com/docs/intro/concepts/state/ type: string branch: - description: (optional) Branch is the branch name to deploy, either - the simple or fully qualified ref name, e.g. refs/heads/master. - This is mutually exclusive with the Commit setting. Either value - needs to be specified. When specified, the operator will periodically - poll to check if the branch has any new commits. The frequency of - the polling is configurable through ResyncFrequencySeconds, defaulting - to every 60 seconds. + description: |- + (optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This + is mutually exclusive with the Commit setting. Either value needs to be specified. + When specified, the operator will periodically poll to check if the branch has any new commits. + The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds. type: string commit: - description: (optional) Commit is the hash of the commit to deploy. - If used, HEAD will be in detached mode. This is mutually exclusive - with the Branch setting. Either value needs to be specified. + description: |- + (optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This + is mutually exclusive with the Branch setting. Either value needs to be specified. type: string config: additionalProperties: type: string - description: (optional) Config is the configuration for this stack, - which can be optionally specified inline. If this is omitted, configuration - is assumed to be checked in and taken from the source repository. + description: |- + (optional) Config is the configuration for this stack, which can be optionally specified inline. If this + is omitted, configuration is assumed to be checked in and taken from the source repository. type: object continueResyncOnCommitMatch: - description: (optional) ContinueResyncOnCommitMatch - when true - - informs the operator to continue trying to update stacks even if - the revision of the source matches. This might be useful in environments - where Pulumi programs have dynamic elements for example, calls to - internal APIs where GitOps style commit tracking is not sufficient. Defaults - to false, i.e. when a particular revision is successfully run, the - operator will not attempt to rerun the program at that revision - again. + description: |- + (optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying + to update stacks even if the revision of the source matches. This might be useful in + environments where Pulumi programs have dynamic elements for example, calls to internal APIs + where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a + particular revision is successfully run, the operator will not attempt to rerun the program + at that revision again. type: boolean destroyOnFinalize: description: (optional) DestroyOnFinalize can be set to true to destroy @@ -914,9 +944,10 @@ spec: type: boolean envRefs: additionalProperties: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes Secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on the @@ -958,54 +989,56 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object - description: (optional) EnvRefs is an optional map containing environment - variables as keys and stores descriptors to where the variables' - values should be loaded from (one of literal, environment variable, - file on the filesystem, or Kubernetes Secret) as values. + description: |- + (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where + the variables' values should be loaded from (one of literal, environment variable, file on the + filesystem, or Kubernetes Secret) as values. type: object envSecrets: - description: '(optional) SecretEnvs is an optional array of Secret - names containing environment variables to set. Deprecated: use EnvRefs - instead.' + description: |- + (optional) SecretEnvs is an optional array of Secret names containing environment variables to set. + Deprecated: use EnvRefs instead. items: type: string type: array envs: - description: '(optional) Envs is an optional array of config maps - containing environment variables to set. Deprecated: use EnvRefs - instead.' + description: |- + (optional) Envs is an optional array of config maps containing environment variables to set. + Deprecated: use EnvRefs instead. items: type: string type: array expectNoRefreshChanges: - description: (optional) ExpectNoRefreshChanges can be set to true - if a stack is not expected to have changes during a refresh before - the update is run. This could occur, for example, is a resource's - state is changing outside of Pulumi (e.g., metadata, timestamps). + description: |- + (optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have + changes during a refresh before the update is run. + This could occur, for example, is a resource's state is changing outside of Pulumi + (e.g., metadata, timestamps). type: boolean fluxSource: description: FluxSource specifies how to fetch source code from a Flux source object. properties: dir: - description: Dir gives the subdirectory containing the Pulumi - project (i.e., containing Pulumi.yaml) of interest, within the - fetched source. + description: |- + Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of + interest, within the fetched source. type: string sourceRef: properties: @@ -1024,18 +1057,21 @@ spec: - sourceRef type: object gitAuth: - description: '(optional) GitAuth allows configuring git authentication - options There are 3 different authentication options: * SSH private - key (and its optional password) * Personal access token * Basic - auth username and password Only one authentication mode will be - considered if more than one option is specified, with ssh private - key/password preferred first, then personal access token, and finally - basic auth credentials.' + description: |- + (optional) GitAuth allows configuring git authentication options + There are 3 different authentication options: + * SSH private key (and its optional password) + * Personal access token + * Basic auth username and password + Only one authentication mode will be considered if more than one option is specified, + with ssh private key/password preferred first, then personal access token, and finally + basic auth credentials. properties: accessToken: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes Secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on the @@ -1077,31 +1113,32 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object basicAuth: - description: BasicAuth configures git authentication through basic - auth — i.e. username and password. Both UserName and Password - are required. + description: |- + BasicAuth configures git authentication through basic auth — + i.e. username and password. Both UserName and Password are required. properties: password: - description: ResourceRef identifies a resource from which - information can be loaded. Environment variables, files - on the filesystem, Kubernetes Secrets and literal strings - are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -1143,27 +1180,27 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. - Deprecated; non-empty values will be considered - invalid unless namespace isolation is disabled in - the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object userName: - description: ResourceRef identifies a resource from which - information can be loaded. Environment variables, files - on the filesystem, Kubernetes Secrets and literal strings - are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -1205,18 +1242,18 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. - Deprecated; non-empty values will be considered - invalid unless namespace isolation is disabled in - the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type @@ -1226,14 +1263,15 @@ spec: - userName type: object sshAuth: - description: SSHAuth configures ssh-based auth for git authentication. + description: |- + SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional. properties: password: - description: ResourceRef identifies a resource from which - information can be loaded. Environment variables, files - on the filesystem, Kubernetes Secrets and literal strings - are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -1275,27 +1313,27 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. - Deprecated; non-empty values will be considered - invalid unless namespace isolation is disabled in - the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object sshPrivateKey: - description: ResourceRef identifies a resource from which - information can be loaded. Environment variables, files - on the filesystem, Kubernetes Secrets and literal strings - are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on @@ -1337,18 +1375,18 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. - Deprecated; non-empty values will be considered - invalid unless namespace isolation is disabled in - the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the - type of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type @@ -1358,39 +1396,42 @@ spec: type: object type: object gitAuthSecret: - description: '(optional) GitAuthSecret is the the name of a Secret - containing an authentication option for the git repository. There - are 3 different authentication options: * Personal access token - * SSH private key (and it''s optional password) * Basic auth username - and password Only one authentication mode will be considered if - more than one option is specified, with ssh private key/password - preferred first, then personal access token, and finally basic auth - credentials. Deprecated. Use GitAuth instead.' + description: |- + (optional) GitAuthSecret is the the name of a Secret containing an + authentication option for the git repository. + There are 3 different authentication options: + * Personal access token + * SSH private key (and it's optional password) + * Basic auth username and password + Only one authentication mode will be considered if more than one option is specified, + with ssh private key/password preferred first, then personal access token, and finally + basic auth credentials. + Deprecated. Use GitAuth instead. type: string prerequisites: - description: (optional) Prerequisites is a list of references to other - stacks, each with a constraint on how long ago it must have succeeded. - This can be used to make sure e.g., state is re-evaluated before - running a stack that depends on it. + description: |- + (optional) Prerequisites is a list of references to other stacks, each with a constraint on + how long ago it must have succeeded. This can be used to make sure e.g., state is + re-evaluated before running a stack that depends on it. items: - description: PrerequisiteRef refers to another stack, and gives - requirements for the prerequisite to be considered satisfied. + description: |- + PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be + considered satisfied. properties: name: description: Name is the name of the Stack resource that is a prerequisite. type: string requirement: - description: Requirement gives specific requirements for the - prerequisite; the base requirement is that the referenced - stack is in a successful state. + description: |- + Requirement gives specific requirements for the prerequisite; the base requirement is that + the referenced stack is in a successful state. properties: succeededWithinDuration: - description: SucceededWithinDuration gives a duration within - which the prerequisite must have reached a succeeded state; - e.g., "1h" means "the prerequisite must be successful, - and have become so in the last hour". Fields (should there - ever be more than one) are not intended to be mutually + description: |- + SucceededWithinDuration gives a duration within which the prerequisite must have reached a + succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in + the last hour". Fields (should there ever be more than one) are not intended to be mutually exclusive. type: string type: object @@ -1416,48 +1457,54 @@ spec: stack before it is updated. type: boolean repoDir: - description: (optional) RepoDir is the directory to work from in the - project's source repository where Pulumi.yaml is located. It is - used in case Pulumi.yaml is not in the project source root. + description: |- + (optional) RepoDir is the directory to work from in the project's source repository + where Pulumi.yaml is located. It is used in case Pulumi.yaml is not + in the project source root. type: string resyncFrequencySeconds: - description: (optional) ResyncFrequencySeconds when set to a non-zero - value, triggers a resync of the stack at the specified frequency - even if no changes to the custom resource are detected. If branch - tracking is enabled (branch is non-empty), commit polling will occur - at this frequency. The minimal resync frequency supported is 60 - seconds. The default value for this field is 60 seconds. + description: |- + (optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at + the specified frequency even if no changes to the custom resource are detected. + If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency. + The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds. format: int64 type: integer retryOnUpdateConflict: - description: (optional) RetryOnUpdateConflict issues a stack update - retry reconciliation loop in the event that the update hits a HTTP - 409 conflict due to another update in progress. This is only recommended - if you are sure that the stack updates are idempotent, and if you - are willing to accept retry loops until all spawned retries succeed. - This will also create a more populated, and randomized activity - timeline for the stack in the Pulumi Service. + description: |- + (optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop + in the event that the update hits a HTTP 409 conflict due to + another update in progress. + This is only recommended if you are sure that the stack updates are + idempotent, and if you are willing to accept retry loops until + all spawned retries succeed. This will also create a more populated, + and randomized activity timeline for the stack in the Pulumi Service. type: boolean secrets: additionalProperties: type: string - description: '(optional) Secrets is the secret configuration for this - stack, which can be optionally specified inline. If this is omitted, - secrets configuration is assumed to be checked in and taken from - the source repository. Deprecated: use SecretRefs instead.' + description: |- + (optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this + is omitted, secrets configuration is assumed to be checked in and taken from the source repository. + Deprecated: use SecretRefs instead. type: object secretsProvider: - description: '(optional) SecretsProvider is used to initialize a Stack - with alternative encryption. Examples: - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" - - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" - - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" - - See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption' + description: |- + (optional) SecretsProvider is used to initialize a Stack with alternative encryption. + Examples: + - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" + - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" + - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" + + + See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption type: string secretsRef: additionalProperties: - description: ResourceRef identifies a resource from which information - can be loaded. Environment variables, files on the filesystem, - Kubernetes Secrets and literal strings are currently supported. + description: |- + ResourceRef identifies a resource from which information can be loaded. + Environment variables, files on the filesystem, Kubernetes Secrets and literal + strings are currently supported. properties: env: description: Env selects an environment variable set on the @@ -1499,42 +1546,42 @@ spec: description: Name of the Secret type: string namespace: - description: Namespace where the Secret is stored. Deprecated; - non-empty values will be considered invalid unless namespace - isolation is disabled in the controller. + description: |- + Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid + unless namespace isolation is disabled in the controller. type: string required: - key - name type: object type: - description: 'SelectorType is required and signifies the type - of selector. Must be one of: Env, FS, Secret, Literal' + description: |- + SelectorType is required and signifies the type of selector. Must be one of: + Env, FS, Secret, Literal type: string required: - type type: object - description: (optional) SecretRefs is the secret configuration for - this stack which can be specified through ResourceRef. If this is - omitted, secrets configuration is assumed to be checked in and taken - from the source repository. + description: |- + (optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef. + If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository. type: object stack: description: Stack is the fully qualified name of the stack to deploy (/). type: string targets: - description: (optional) Targets is a list of URNs of resources to - update exclusively. If supplied, only resources mentioned will be - updated. + description: |- + (optional) Targets is a list of URNs of resources to update exclusively. If supplied, only + resources mentioned will be updated. items: type: string type: array useLocalStackOnly: - description: (optional) UseLocalStackOnly can be set to true to prevent - the operator from creating stacks that do not exist in the tracking - git repo. The default behavior is to create a stack if it doesn't - exist. + description: |- + (optional) UseLocalStackOnly can be set to true to prevent the operator from + creating stacks that do not exist in the tracking git repo. + The default behavior is to create a stack if it doesn't exist. type: boolean required: - stack diff --git a/docs/programs.md b/docs/programs.md index c7e57e4e..291a0067 100644 --- a/docs/programs.md +++ b/docs/programs.md @@ -80,7 +80,8 @@ Program is the schema for the inline YAML program API. configuration map[string]object - configuration specifies the Pulumi config inputs to the deployment. Either type or default is required.
+ configuration specifies the Pulumi config inputs to the deployment. +Either type or default is required.
false @@ -101,7 +102,8 @@ Program is the schema for the inline YAML program API. variables map[string]JSON - variables specifies intermediate values of the program; the values of variables are expressions that can be re-used.
+ variables specifies intermediate values of the program; the values of variables are +expressions that can be re-used.
false @@ -219,7 +221,8 @@ A getter function for the resource. Supplying get is mutually exclusive to prope state map[string]JSON - state contains the known properties (input & output) of the resource. This assists the provider in figuring out the correct resource.
+ state contains the known properties (input & output) of the resource. This assists +the provider in figuring out the correct resource.
false @@ -253,7 +256,8 @@ options contains all resource options supported by Pulumi. aliases []string - aliases specifies names that this resource used to have, so that renaming or refactoring doesn’t replace it.
+ aliases specifies names that this resource used to have, so that renaming or refactoring +doesn’t replace it.
false @@ -295,7 +299,8 @@ options contains all resource options supported by Pulumi. parent JSON - parent resource option specifies a parent for a resource. It is used to associate children with the parents that encapsulate or are responsible for them.
+ parent resource option specifies a parent for a resource. It is used to associate +children with the parents that encapsulate or are responsible for them.
false diff --git a/docs/stacks.md b/docs/stacks.md index 7a3b28ae..7af3c951 100644 --- a/docs/stacks.md +++ b/docs/stacks.md @@ -95,42 +95,61 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat accessTokenSecret string - (optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access. Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead.
+ (optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access. +Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead.
false backend string - (optional) Backend is an optional backend URL to use for all Pulumi operations.
Examples:
- Pulumi Service: "https://app.pulumi.com" (default)
- Self-managed Pulumi Service: "https://pulumi.acmecorp.com"
- Local: "file://./einstein"
- AWS: "s3://"
- Azure: "azblob://"
- GCP: "gs://"
See: https://www.pulumi.com/docs/intro/concepts/state/
+ (optional) Backend is an optional backend URL to use for all Pulumi operations.
+Examples:
+ - Pulumi Service: "https://app.pulumi.com" (default)
+ - Self-managed Pulumi Service: "https://pulumi.acmecorp.com"
+ - Local: "file://./einstein"
+ - AWS: "s3://"
+ - Azure: "azblob://"
+ - GCP: "gs://"
+See: https://www.pulumi.com/docs/intro/concepts/state/
false branch string - (optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This is mutually exclusive with the Commit setting. Either value needs to be specified. When specified, the operator will periodically poll to check if the branch has any new commits. The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds.
+ (optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This +is mutually exclusive with the Commit setting. Either value needs to be specified. +When specified, the operator will periodically poll to check if the branch has any new commits. +The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds.
false commit string - (optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This is mutually exclusive with the Branch setting. Either value needs to be specified.
+ (optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This +is mutually exclusive with the Branch setting. Either value needs to be specified.
false config map[string]string - (optional) Config is the configuration for this stack, which can be optionally specified inline. If this is omitted, configuration is assumed to be checked in and taken from the source repository.
+ (optional) Config is the configuration for this stack, which can be optionally specified inline. If this +is omitted, configuration is assumed to be checked in and taken from the source repository.
false continueResyncOnCommitMatch boolean - (optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying to update stacks even if the revision of the source matches. This might be useful in environments where Pulumi programs have dynamic elements for example, calls to internal APIs where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a particular revision is successfully run, the operator will not attempt to rerun the program at that revision again.
+ (optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying +to update stacks even if the revision of the source matches. This might be useful in +environments where Pulumi programs have dynamic elements for example, calls to internal APIs +where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a +particular revision is successfully run, the operator will not attempt to rerun the program +at that revision again.
false @@ -144,28 +163,35 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat envRefs map[string]object - (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where the variables' values should be loaded from (one of literal, environment variable, file on the filesystem, or Kubernetes Secret) as values.
+ (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where +the variables' values should be loaded from (one of literal, environment variable, file on the +filesystem, or Kubernetes Secret) as values.
false envSecrets []string - (optional) SecretEnvs is an optional array of Secret names containing environment variables to set. Deprecated: use EnvRefs instead.
+ (optional) SecretEnvs is an optional array of Secret names containing environment variables to set. +Deprecated: use EnvRefs instead.
false envs []string - (optional) Envs is an optional array of config maps containing environment variables to set. Deprecated: use EnvRefs instead.
+ (optional) Envs is an optional array of config maps containing environment variables to set. +Deprecated: use EnvRefs instead.
false expectNoRefreshChanges boolean - (optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have changes during a refresh before the update is run. This could occur, for example, is a resource's state is changing outside of Pulumi (e.g., metadata, timestamps).
+ (optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have +changes during a refresh before the update is run. +This could occur, for example, is a resource's state is changing outside of Pulumi +(e.g., metadata, timestamps).
false @@ -179,21 +205,39 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat gitAuth object - (optional) GitAuth allows configuring git authentication options There are 3 different authentication options: * SSH private key (and its optional password) * Personal access token * Basic auth username and password Only one authentication mode will be considered if more than one option is specified, with ssh private key/password preferred first, then personal access token, and finally basic auth credentials.
+ (optional) GitAuth allows configuring git authentication options +There are 3 different authentication options: + * SSH private key (and its optional password) + * Personal access token + * Basic auth username and password +Only one authentication mode will be considered if more than one option is specified, +with ssh private key/password preferred first, then personal access token, and finally +basic auth credentials.
false gitAuthSecret string - (optional) GitAuthSecret is the the name of a Secret containing an authentication option for the git repository. There are 3 different authentication options: * Personal access token * SSH private key (and it's optional password) * Basic auth username and password Only one authentication mode will be considered if more than one option is specified, with ssh private key/password preferred first, then personal access token, and finally basic auth credentials. Deprecated. Use GitAuth instead.
+ (optional) GitAuthSecret is the the name of a Secret containing an +authentication option for the git repository. +There are 3 different authentication options: + * Personal access token + * SSH private key (and it's optional password) + * Basic auth username and password +Only one authentication mode will be considered if more than one option is specified, +with ssh private key/password preferred first, then personal access token, and finally +basic auth credentials. +Deprecated. Use GitAuth instead.
false prerequisites []object - (optional) Prerequisites is a list of references to other stacks, each with a constraint on how long ago it must have succeeded. This can be used to make sure e.g., state is re-evaluated before running a stack that depends on it.
+ (optional) Prerequisites is a list of references to other stacks, each with a constraint on +how long ago it must have succeeded. This can be used to make sure e.g., state is +re-evaluated before running a stack that depends on it.
false @@ -221,14 +265,19 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat repoDir string - (optional) RepoDir is the directory to work from in the project's source repository where Pulumi.yaml is located. It is used in case Pulumi.yaml is not in the project source root.
+ (optional) RepoDir is the directory to work from in the project's source repository +where Pulumi.yaml is located. It is used in case Pulumi.yaml is not +in the project source root.
false resyncFrequencySeconds integer - (optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at the specified frequency even if no changes to the custom resource are detected. If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency. The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds.
+ (optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at +the specified frequency even if no changes to the custom resource are detected. +If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency. +The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds.

Format: int64
@@ -237,42 +286,61 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat retryOnUpdateConflict boolean - (optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop in the event that the update hits a HTTP 409 conflict due to another update in progress. This is only recommended if you are sure that the stack updates are idempotent, and if you are willing to accept retry loops until all spawned retries succeed. This will also create a more populated, and randomized activity timeline for the stack in the Pulumi Service.
+ (optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop +in the event that the update hits a HTTP 409 conflict due to +another update in progress. +This is only recommended if you are sure that the stack updates are +idempotent, and if you are willing to accept retry loops until +all spawned retries succeed. This will also create a more populated, +and randomized activity timeline for the stack in the Pulumi Service.
false secrets map[string]string - (optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository. Deprecated: use SecretRefs instead.
+ (optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this +is omitted, secrets configuration is assumed to be checked in and taken from the source repository. +Deprecated: use SecretRefs instead.
false secretsProvider string - (optional) SecretsProvider is used to initialize a Stack with alternative encryption. Examples: - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" - See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption
+ (optional) SecretsProvider is used to initialize a Stack with alternative encryption. +Examples: + - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" + - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" + - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" + + +See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption
false secretsRef map[string]object - (optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef. If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository.
+ (optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef. +If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository.
false targets []string - (optional) Targets is a list of URNs of resources to update exclusively. If supplied, only resources mentioned will be updated.
+ (optional) Targets is a list of URNs of resources to update exclusively. If supplied, only +resources mentioned will be updated.
false useLocalStackOnly boolean - (optional) UseLocalStackOnly can be set to true to prevent the operator from creating stacks that do not exist in the tracking git repo. The default behavior is to create a stack if it doesn't exist.
+ (optional) UseLocalStackOnly can be set to true to prevent the operator from +creating stacks that do not exist in the tracking git repo. +The default behavior is to create a stack if it doesn't exist.
false @@ -284,7 +352,9 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported. @@ -299,7 +369,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -449,7 +520,8 @@ SecretRef refers to a Kubernetes Secret @@ -483,7 +555,8 @@ FluxSource specifies how to fetch source code from a Flux source object. @@ -536,7 +609,14 @@ FluxSource specifies how to fetch source code from a Flux source object. -(optional) GitAuth allows configuring git authentication options There are 3 different authentication options: * SSH private key (and its optional password) * Personal access token * Basic auth username and password Only one authentication mode will be considered if more than one option is specified, with ssh private key/password preferred first, then personal access token, and finally basic auth credentials. +(optional) GitAuth allows configuring git authentication options +There are 3 different authentication options: + * SSH private key (and its optional password) + * Personal access token + * Basic auth username and password +Only one authentication mode will be considered if more than one option is specified, +with ssh private key/password preferred first, then personal access token, and finally +basic auth credentials.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
dir string - Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of interest, within the fetched source.
+ Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of +interest, within the fetched source.
 false
@@ -551,21 +631,25 @@ FluxSource specifies how to fetch source code from a Flux source object. @@ -577,7 +661,9 @@ FluxSource specifies how to fetch source code from a Flux source object. -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
accessToken object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 false
basicAuth object - BasicAuth configures git authentication through basic auth — i.e. username and password. Both UserName and Password are required.
+ BasicAuth configures git authentication through basic auth — +i.e. username and password. Both UserName and Password are required.
 false
sshAuth object - SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional.
+ SSHAuth configures ssh-based auth for git authentication. +SSHPrivateKey is required but password is optional.
 false
@@ -592,7 +678,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -742,7 +829,8 @@ SecretRef refers to a Kubernetes Secret @@ -754,7 +842,8 @@ SecretRef refers to a Kubernetes Secret -BasicAuth configures git authentication through basic auth — i.e. username and password. Both UserName and Password are required. +BasicAuth configures git authentication through basic auth — +i.e. username and password. Both UserName and Password are required.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -769,14 +858,18 @@ BasicAuth configures git authentication through basic auth — i.e. username and @@ -788,7 +881,9 @@ BasicAuth configures git authentication through basic auth — i.e. username and -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
password object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 true
userName object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 true
@@ -803,7 +898,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -953,7 +1049,8 @@ SecretRef refers to a Kubernetes Secret @@ -965,7 +1062,9 @@ SecretRef refers to a Kubernetes Secret -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -980,7 +1079,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -1130,7 +1230,8 @@ SecretRef refers to a Kubernetes Secret @@ -1142,7 +1243,8 @@ SecretRef refers to a Kubernetes Secret -SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional. +SSHAuth configures ssh-based auth for git authentication. +SSHPrivateKey is required but password is optional.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -1157,14 +1259,18 @@ SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is requi @@ -1176,7 +1282,9 @@ SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is requi -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
sshPrivateKey object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 true
password object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 false
@@ -1191,7 +1299,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -1341,7 +1450,8 @@ SecretRef refers to a Kubernetes Secret @@ -1353,7 +1463,9 @@ SecretRef refers to a Kubernetes Secret -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -1368,7 +1480,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -1518,7 +1631,8 @@ SecretRef refers to a Kubernetes Secret @@ -1530,7 +1644,8 @@ SecretRef refers to a Kubernetes Secret -PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be considered satisfied. +PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be +considered satisfied.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -1552,7 +1667,8 @@ PrerequisiteRef refers to another stack, and gives requirements for the prerequi @@ -1564,7 +1680,8 @@ PrerequisiteRef refers to another stack, and gives requirements for the prerequi -Requirement gives specific requirements for the prerequisite; the base requirement is that the referenced stack is in a successful state. +Requirement gives specific requirements for the prerequisite; the base requirement is that +the referenced stack is in a successful state.
requirement object - Requirement gives specific requirements for the prerequisite; the base requirement is that the referenced stack is in a successful state.
+ Requirement gives specific requirements for the prerequisite; the base requirement is that +the referenced stack is in a successful state.
 false
@@ -1579,7 +1696,10 @@ Requirement gives specific requirements for the prerequisite; the base requireme @@ -1618,7 +1738,9 @@ ProgramRef refers to a Program object, to be used as the source for the stack. -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
succeededWithinDuration string - SucceededWithinDuration gives a duration within which the prerequisite must have reached a succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in the last hour". Fields (should there ever be more than one) are not intended to be mutually exclusive.
+ SucceededWithinDuration gives a duration within which the prerequisite must have reached a +succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in +the last hour". Fields (should there ever be more than one) are not intended to be mutually +exclusive.
 false
@@ -1633,7 +1755,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -1783,7 +1906,8 @@ SecretRef refers to a Kubernetes Secret @@ -1833,7 +1957,8 @@ StackStatus defines the observed state of Stack @@ -1852,8 +1977,21 @@ StackStatus defines the observed state of Stack -Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - // other fields } +Condition contains details for one aspect of the current state of this API Resource. +--- +This struct is intended for direct use as an array at the field path .status.conditions. For example, +type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields +}
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
observedReconcileRequest string - ObservedReconcileRequest records the value of the annotation named for `ReconcileRequestAnnotation` when it was last seen.
+ ObservedReconcileRequest records the value of the annotation named for +`ReconcileRequestAnnotation` when it was last seen.
 false
@@ -1868,7 +2006,8 @@ Condition contains details for one aspect of the current state of this API Resou @@ -1877,14 +2016,19 @@ Condition contains details for one aspect of the current state of this API Resou @@ -1900,14 +2044,20 @@ Condition contains details for one aspect of the current state of this API Resou
lastTransitionTime string - lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

Format: date-time
message string - message is a human readable message indicating details about the transition. This may be an empty string.
+ message is a human readable message indicating details about the transition. +This may be an empty string.
 true
reason string - reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+ reason contains a programmatic identifier indicating the reason for the condition's last transition. +Producers of specific condition types may define expected values and meanings for this field, +and whether the values are considered a guaranteed API. +The value should be a CamelCase string. +This field may not be empty.
 true
type string - type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ type of condition in CamelCase or in foo.example.com/CamelCase. +--- +Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be +useful (see .node.status.conditions), the ability to deconflict is important. +The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
 true
observedGeneration integer - observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+ observedGeneration represents the .metadata.generation that the condition was set based upon. +For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date +with respect to the current state of the instance.

Format: int64
Minimum: 0
@@ -1990,7 +2140,9 @@ Resource Types: -Stack is the Schema for the stacks API. Deprecated: Note Stacks from pulumi.com/v1alpha1 is deprecated in favor of pulumi.com/v1. It is completely backward compatible. Users are strongly encouraged to switch to pulumi.com/v1. +Stack is the Schema for the stacks API. +Deprecated: Note Stacks from pulumi.com/v1alpha1 is deprecated in favor of pulumi.com/v1. +It is completely backward compatible. Users are strongly encouraged to switch to pulumi.com/v1. @@ -2063,42 +2215,61 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat @@ -2112,28 +2283,35 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat @@ -2147,21 +2325,39 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat @@ -2189,14 +2385,19 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat @@ -2205,42 +2406,61 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat @@ -2252,7 +2472,9 @@ StackSpec defines the desired state of Pulumi Stack being managed by this operat -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
accessTokenSecret string - (optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access. Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead.
+ (optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access. +Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead.
 false
backend string - (optional) Backend is an optional backend URL to use for all Pulumi operations.
Examples:
- Pulumi Service: "https://app.pulumi.com" (default)
- Self-managed Pulumi Service: "https://pulumi.acmecorp.com"
- Local: "file://./einstein"
- AWS: "s3://"
- Azure: "azblob://"
- GCP: "gs://"
See: https://www.pulumi.com/docs/intro/concepts/state/
+ (optional) Backend is an optional backend URL to use for all Pulumi operations.
+Examples:
+ - Pulumi Service: "https://app.pulumi.com" (default)
+ - Self-managed Pulumi Service: "https://pulumi.acmecorp.com"
+ - Local: "file://./einstein"
+ - AWS: "s3://"
+ - Azure: "azblob://"
+ - GCP: "gs://"
+See: https://www.pulumi.com/docs/intro/concepts/state/
 false
branch string - (optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This is mutually exclusive with the Commit setting. Either value needs to be specified. When specified, the operator will periodically poll to check if the branch has any new commits. The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds.
+ (optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This +is mutually exclusive with the Commit setting. Either value needs to be specified. +When specified, the operator will periodically poll to check if the branch has any new commits. +The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds.
 false
commit string - (optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This is mutually exclusive with the Branch setting. Either value needs to be specified.
+ (optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This +is mutually exclusive with the Branch setting. Either value needs to be specified.
 false
config map[string]string - (optional) Config is the configuration for this stack, which can be optionally specified inline. If this is omitted, configuration is assumed to be checked in and taken from the source repository.
+ (optional) Config is the configuration for this stack, which can be optionally specified inline. If this +is omitted, configuration is assumed to be checked in and taken from the source repository.
 false
continueResyncOnCommitMatch boolean - (optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying to update stacks even if the revision of the source matches. This might be useful in environments where Pulumi programs have dynamic elements for example, calls to internal APIs where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a particular revision is successfully run, the operator will not attempt to rerun the program at that revision again.
+ (optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying +to update stacks even if the revision of the source matches. This might be useful in +environments where Pulumi programs have dynamic elements for example, calls to internal APIs +where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a +particular revision is successfully run, the operator will not attempt to rerun the program +at that revision again.
 false
envRefs map[string]object - (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where the variables' values should be loaded from (one of literal, environment variable, file on the filesystem, or Kubernetes Secret) as values.
+ (optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where +the variables' values should be loaded from (one of literal, environment variable, file on the +filesystem, or Kubernetes Secret) as values.
 false
envSecrets []string - (optional) SecretEnvs is an optional array of Secret names containing environment variables to set. Deprecated: use EnvRefs instead.
+ (optional) SecretEnvs is an optional array of Secret names containing environment variables to set. +Deprecated: use EnvRefs instead.
 false
envs []string - (optional) Envs is an optional array of config maps containing environment variables to set. Deprecated: use EnvRefs instead.
+ (optional) Envs is an optional array of config maps containing environment variables to set. +Deprecated: use EnvRefs instead.
 false
expectNoRefreshChanges boolean - (optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have changes during a refresh before the update is run. This could occur, for example, is a resource's state is changing outside of Pulumi (e.g., metadata, timestamps).
+ (optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have +changes during a refresh before the update is run. +This could occur, for example, is a resource's state is changing outside of Pulumi +(e.g., metadata, timestamps).
 false
gitAuth object - (optional) GitAuth allows configuring git authentication options There are 3 different authentication options: * SSH private key (and its optional password) * Personal access token * Basic auth username and password Only one authentication mode will be considered if more than one option is specified, with ssh private key/password preferred first, then personal access token, and finally basic auth credentials.
+ (optional) GitAuth allows configuring git authentication options +There are 3 different authentication options: + * SSH private key (and its optional password) + * Personal access token + * Basic auth username and password +Only one authentication mode will be considered if more than one option is specified, +with ssh private key/password preferred first, then personal access token, and finally +basic auth credentials.
 false
gitAuthSecret string - (optional) GitAuthSecret is the the name of a Secret containing an authentication option for the git repository. There are 3 different authentication options: * Personal access token * SSH private key (and it's optional password) * Basic auth username and password Only one authentication mode will be considered if more than one option is specified, with ssh private key/password preferred first, then personal access token, and finally basic auth credentials. Deprecated. Use GitAuth instead.
+ (optional) GitAuthSecret is the the name of a Secret containing an +authentication option for the git repository. +There are 3 different authentication options: + * Personal access token + * SSH private key (and it's optional password) + * Basic auth username and password +Only one authentication mode will be considered if more than one option is specified, +with ssh private key/password preferred first, then personal access token, and finally +basic auth credentials. +Deprecated. Use GitAuth instead.
 false
prerequisites []object - (optional) Prerequisites is a list of references to other stacks, each with a constraint on how long ago it must have succeeded. This can be used to make sure e.g., state is re-evaluated before running a stack that depends on it.
+ (optional) Prerequisites is a list of references to other stacks, each with a constraint on +how long ago it must have succeeded. This can be used to make sure e.g., state is +re-evaluated before running a stack that depends on it.
 false
repoDir string - (optional) RepoDir is the directory to work from in the project's source repository where Pulumi.yaml is located. It is used in case Pulumi.yaml is not in the project source root.
+ (optional) RepoDir is the directory to work from in the project's source repository +where Pulumi.yaml is located. It is used in case Pulumi.yaml is not +in the project source root.
 false
resyncFrequencySeconds integer - (optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at the specified frequency even if no changes to the custom resource are detected. If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency. The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds.
+ (optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at +the specified frequency even if no changes to the custom resource are detected. +If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency. +The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds.

Format: int64
retryOnUpdateConflict boolean - (optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop in the event that the update hits a HTTP 409 conflict due to another update in progress. This is only recommended if you are sure that the stack updates are idempotent, and if you are willing to accept retry loops until all spawned retries succeed. This will also create a more populated, and randomized activity timeline for the stack in the Pulumi Service.
+ (optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop +in the event that the update hits a HTTP 409 conflict due to +another update in progress. +This is only recommended if you are sure that the stack updates are +idempotent, and if you are willing to accept retry loops until +all spawned retries succeed. This will also create a more populated, +and randomized activity timeline for the stack in the Pulumi Service.
 false
secrets map[string]string - (optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository. Deprecated: use SecretRefs instead.
+ (optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this +is omitted, secrets configuration is assumed to be checked in and taken from the source repository. +Deprecated: use SecretRefs instead.
 false
secretsProvider string - (optional) SecretsProvider is used to initialize a Stack with alternative encryption. Examples: - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" - See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption
+ (optional) SecretsProvider is used to initialize a Stack with alternative encryption. +Examples: + - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" + - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" + - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" + + +See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption
 false
secretsRef map[string]object - (optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef. If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository.
+ (optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef. +If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository.
 false
targets []string - (optional) Targets is a list of URNs of resources to update exclusively. If supplied, only resources mentioned will be updated.
+ (optional) Targets is a list of URNs of resources to update exclusively. If supplied, only +resources mentioned will be updated.
 false
useLocalStackOnly boolean - (optional) UseLocalStackOnly can be set to true to prevent the operator from creating stacks that do not exist in the tracking git repo. The default behavior is to create a stack if it doesn't exist.
+ (optional) UseLocalStackOnly can be set to true to prevent the operator from +creating stacks that do not exist in the tracking git repo. +The default behavior is to create a stack if it doesn't exist.
 false
@@ -2267,7 +2489,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -2417,7 +2640,8 @@ SecretRef refers to a Kubernetes Secret @@ -2451,7 +2675,8 @@ FluxSource specifies how to fetch source code from a Flux source object. @@ -2504,7 +2729,14 @@ FluxSource specifies how to fetch source code from a Flux source object. -(optional) GitAuth allows configuring git authentication options There are 3 different authentication options: * SSH private key (and its optional password) * Personal access token * Basic auth username and password Only one authentication mode will be considered if more than one option is specified, with ssh private key/password preferred first, then personal access token, and finally basic auth credentials. +(optional) GitAuth allows configuring git authentication options +There are 3 different authentication options: + * SSH private key (and its optional password) + * Personal access token + * Basic auth username and password +Only one authentication mode will be considered if more than one option is specified, +with ssh private key/password preferred first, then personal access token, and finally +basic auth credentials.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
dir string - Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of interest, within the fetched source.
+ Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of +interest, within the fetched source.
 false
@@ -2519,21 +2751,25 @@ FluxSource specifies how to fetch source code from a Flux source object. @@ -2545,7 +2781,9 @@ FluxSource specifies how to fetch source code from a Flux source object. -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
accessToken object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 false
basicAuth object - BasicAuth configures git authentication through basic auth — i.e. username and password. Both UserName and Password are required.
+ BasicAuth configures git authentication through basic auth — +i.e. username and password. Both UserName and Password are required.
 false
sshAuth object - SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional.
+ SSHAuth configures ssh-based auth for git authentication. +SSHPrivateKey is required but password is optional.
 false
@@ -2560,7 +2798,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -2710,7 +2949,8 @@ SecretRef refers to a Kubernetes Secret @@ -2722,7 +2962,8 @@ SecretRef refers to a Kubernetes Secret -BasicAuth configures git authentication through basic auth — i.e. username and password. Both UserName and Password are required. +BasicAuth configures git authentication through basic auth — +i.e. username and password. Both UserName and Password are required.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -2737,14 +2978,18 @@ BasicAuth configures git authentication through basic auth — i.e. username and @@ -2756,7 +3001,9 @@ BasicAuth configures git authentication through basic auth — i.e. username and -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
password object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 true
userName object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 true
@@ -2771,7 +3018,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -2921,7 +3169,8 @@ SecretRef refers to a Kubernetes Secret @@ -2933,7 +3182,9 @@ SecretRef refers to a Kubernetes Secret -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -2948,7 +3199,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -3098,7 +3350,8 @@ SecretRef refers to a Kubernetes Secret @@ -3110,7 +3363,8 @@ SecretRef refers to a Kubernetes Secret -SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional. +SSHAuth configures ssh-based auth for git authentication. +SSHPrivateKey is required but password is optional.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -3125,14 +3379,18 @@ SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is requi @@ -3144,7 +3402,9 @@ SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is requi -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
sshPrivateKey object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 true
password object - ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
+ ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
 false
@@ -3159,7 +3419,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -3309,7 +3570,8 @@ SecretRef refers to a Kubernetes Secret @@ -3321,7 +3583,9 @@ SecretRef refers to a Kubernetes Secret -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -3336,7 +3600,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -3486,7 +3751,8 @@ SecretRef refers to a Kubernetes Secret @@ -3498,7 +3764,8 @@ SecretRef refers to a Kubernetes Secret -PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be considered satisfied. +PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be +considered satisfied.
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false
@@ -3520,7 +3787,8 @@ PrerequisiteRef refers to another stack, and gives requirements for the prerequi @@ -3532,7 +3800,8 @@ PrerequisiteRef refers to another stack, and gives requirements for the prerequi -Requirement gives specific requirements for the prerequisite; the base requirement is that the referenced stack is in a successful state. +Requirement gives specific requirements for the prerequisite; the base requirement is that +the referenced stack is in a successful state.
requirement object - Requirement gives specific requirements for the prerequisite; the base requirement is that the referenced stack is in a successful state.
+ Requirement gives specific requirements for the prerequisite; the base requirement is that +the referenced stack is in a successful state.
 false
@@ -3547,7 +3816,10 @@ Requirement gives specific requirements for the prerequisite; the base requireme @@ -3586,7 +3858,9 @@ ProgramRef refers to a Program object, to be used as the source for the stack. -ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported. +ResourceRef identifies a resource from which information can be loaded. +Environment variables, files on the filesystem, Kubernetes Secrets and literal +strings are currently supported.
succeededWithinDuration string - SucceededWithinDuration gives a duration within which the prerequisite must have reached a succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in the last hour". Fields (should there ever be more than one) are not intended to be mutually exclusive.
+ SucceededWithinDuration gives a duration within which the prerequisite must have reached a +succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in +the last hour". Fields (should there ever be more than one) are not intended to be mutually +exclusive.
 false
@@ -3601,7 +3875,8 @@ ResourceRef identifies a resource from which information can be loaded. Environm @@ -3751,7 +4026,8 @@ SecretRef refers to a Kubernetes Secret diff --git a/go.mod b/go.mod index fde29035..c966b5db 100644 --- a/go.mod +++ b/go.mod @@ -74,12 +74,14 @@ require ( github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-logr/zapr v0.4.0 // indirect + github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.4.2 // indirect github.com/golang/glog v1.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.6.0 // indirect + github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect github.com/googleapis/gnostic v0.5.5 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect diff --git a/go.sum b/go.sum index c3101f58..ddb0ce3c 100644 --- a/go.sum +++ b/go.sum @@ -442,6 +442,7 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+ github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/gobuffalo/envy v1.6.5/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ= github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= @@ -551,6 +552,7 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= diff --git a/pkg/apis/pulumi/shared/stack_types.go b/pkg/apis/pulumi/shared/stack_types.go index 3e6827b9..2846bc73 100644 --- a/pkg/apis/pulumi/shared/stack_types.go +++ b/pkg/apis/pulumi/shared/stack_types.go @@ -59,7 +59,7 @@ type StackSpec struct { // - AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1" // - Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname" // - GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY" - // - + // // See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption SecretsProvider string `json:"secretsProvider,omitempty"` diff --git a/pkg/apis/pulumi/shared/zz_generated.deepcopy.go b/pkg/apis/pulumi/shared/zz_generated.deepcopy.go index 9b7b2f91..7f5937f9 100644 --- a/pkg/apis/pulumi/shared/zz_generated.deepcopy.go +++ b/pkg/apis/pulumi/shared/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/pkg/apis/pulumi/v1/zz_generated.deepcopy.go b/pkg/apis/pulumi/v1/zz_generated.deepcopy.go index 614ca9f3..f25de173 100644 --- a/pkg/apis/pulumi/v1/zz_generated.deepcopy.go +++ b/pkg/apis/pulumi/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/pkg/apis/pulumi/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/pulumi/v1alpha1/zz_generated.deepcopy.go index 0d70b18d..ebb253cc 100644 --- a/pkg/apis/pulumi/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/pulumi/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated // Code generated by controller-gen. DO NOT EDIT. diff --git a/scripts/generate_crds.sh b/scripts/generate_crds.sh index fb42d9d4..2da713f0 100755 --- a/scripts/generate_crds.sh +++ b/scripts/generate_crds.sh @@ -5,19 +5,6 @@ cwd=$(dirname "$0") apis_dir="$cwd/../pkg/apis" deploy_dir="$cwd/../deploy/crds" -function pased() { - if [ "$(uname)" = 'Darwin' ]; then - sed -i '' -e "$1" "$2" - else - sed -i'' -e "$1" "$2" - fi -} - echo "Generating CRD API types..." -controller-gen crd paths="$apis_dir/..." crd:crdVersions=v1 output:crd:dir="$deploy_dir" - -# Manually overwrite until issue is resolved in controller-tools: -# https://git.io/JJsjs -pased "s#conditions: null#conditions: []#g" "$deploy_dir/pulumi.com_stacks.yaml" -pased "s#storedVersions: null#storedVersions: []#g" "$deploy_dir/pulumi.com_stacks.yaml" +controller-gen paths="$apis_dir/..." crd:crdVersions=v1 output:crd:dir="$deploy_dir" diff --git a/tools.go b/tools.go index 8f441312..e9410c5b 100644 --- a/tools.go +++ b/tools.go @@ -1,7 +1,10 @@ // Copyright 2021, Pulumi Corporation. All rights reserved. +//go:build tools // +build tools // Place any runtime dependencies as imports in this file. // Go modules will be forced to download and install them. package tools + +import _ "github.com/onsi/ginkgo/v2/ginkgo
type string - SelectorType is required and signifies the type of selector. Must be one of: Env, FS, Secret, Literal
+ SelectorType is required and signifies the type of selector. Must be one of: +Env, FS, Secret, Literal
 true
namespace string - Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid unless namespace isolation is disabled in the controller.
+ Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid +unless namespace isolation is disabled in the controller.
 false