update: source github.com/jsonnet-libs/k8s@8df516dc

0.1.0/_gen/secrets/v1beta1/hcpVaultSecretsApp.libsonnet

@@ -118,6 +118,14 @@
       '#withName':: d.fn(help='"Name of the resource"', args=[d.arg(name='name', type=d.T.string)]),
       withName(name): { name: name },
     },
+    '#syncConfig':: d.obj(help='"SyncConfig configures sync behavior from HVS to VSO"'),
+    syncConfig: {
+      '#dynamic':: d.obj(help='"Dynamic configures sync behavior for dynamic secrets."'),
+      dynamic: {
+        '#withRenewalPercent':: d.fn(help="\"RenewalPercent is the percent out of 100 of a dynamic secret's TTL when\\nnew secrets are generated. Defaults to 67 percent minus jitter.\"", args=[d.arg(name='renewalPercent', type=d.T.integer)]),
+        withRenewalPercent(renewalPercent): { spec+: { syncConfig+: { dynamic+: { renewalPercent: renewalPercent } } } },
+      },
+    },
     '#withAppName':: d.fn(help='"AppName of the Vault Secrets Application that is to be synced."', args=[d.arg(name='appName', type=d.T.string)]),
     withAppName(appName): { spec+: { appName: appName } },
     '#withHcpAuthRef':: d.fn(help="\"HCPAuthRef to the HCPAuth resource, can be prefixed with a namespace, eg:\\n`namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default\\nto the namespace of the HCPAuth CR. If no value is specified for HCPAuthRef the\\nOperator will default to the `default` HCPAuth, configured in the operator's\\nnamespace.\"", args=[d.arg(name='hcpAuthRef', type=d.T.string)]),

0.1.0/_gen/secrets/v1beta1/vaultAuth.libsonnet

@@ -127,12 +127,12 @@
     vaultAuthGlobalRef: {
       '#mergeStrategy':: d.obj(help='"MergeStrategy configures the merge strategy for HTTP headers and parameters\\nthat are included in all Vault authentication requests."'),
       mergeStrategy: {
-        '#withHeaders':: d.fn(help='"Headers configures the merge strategy for HTTP headers that are included in\\nall Vault requests. Choices are `union`, `replace`, or `none`.\\n\\n\\nIf `union` is set, the headers from the VaultAuthGlobal and VaultAuth\\nresources are merged. The headers from the VaultAuth always take precedence.\\n\\n\\nIf `replace` is set, the first set of non-empty headers taken in order from:\\nVaultAuth, VaultAuthGlobal auth method, VaultGlobal default headers.\\n\\n\\nIf `none` is set, the headers from the\\nVaultAuthGlobal resource are ignored and only the headers from the VaultAuth\\nresource are used. The default is `none`."', args=[d.arg(name='headers', type=d.T.string)]),
+        '#withHeaders':: d.fn(help='"Headers configures the merge strategy for HTTP headers that are included in\\nall Vault requests. Choices are `union`, `replace`, or `none`.\\n\\nIf `union` is set, the headers from the VaultAuthGlobal and VaultAuth\\nresources are merged. The headers from the VaultAuth always take precedence.\\n\\nIf `replace` is set, the first set of non-empty headers taken in order from:\\nVaultAuth, VaultAuthGlobal auth method, VaultGlobal default headers.\\n\\nIf `none` is set, the headers from the\\nVaultAuthGlobal resource are ignored and only the headers from the VaultAuth\\nresource are used. The default is `none`."', args=[d.arg(name='headers', type=d.T.string)]),
         withHeaders(headers): { spec+: { vaultAuthGlobalRef+: { mergeStrategy+: { headers: headers } } } },
-        '#withParams':: d.fn(help='"Params configures the merge strategy for HTTP parameters that are included in\\nall Vault requests. Choices are `union`, `replace`, or `none`.\\n\\n\\nIf `union` is set, the parameters from the VaultAuthGlobal and VaultAuth\\nresources are merged. The parameters from the VaultAuth always take\\nprecedence.\\n\\n\\nIf `replace` is set, the first set of non-empty parameters taken in order from:\\nVaultAuth, VaultAuthGlobal auth method, VaultGlobal default parameters.\\n\\n\\nIf `none` is set, the parameters from the VaultAuthGlobal resource are ignored\\nand only the parameters from the VaultAuth resource are used. The default is\\n`none`."', args=[d.arg(name='params', type=d.T.string)]),
+        '#withParams':: d.fn(help='"Params configures the merge strategy for HTTP parameters that are included in\\nall Vault requests. Choices are `union`, `replace`, or `none`.\\n\\nIf `union` is set, the parameters from the VaultAuthGlobal and VaultAuth\\nresources are merged. The parameters from the VaultAuth always take\\nprecedence.\\n\\nIf `replace` is set, the first set of non-empty parameters taken in order from:\\nVaultAuth, VaultAuthGlobal auth method, VaultGlobal default parameters.\\n\\nIf `none` is set, the parameters from the VaultAuthGlobal resource are ignored\\nand only the parameters from the VaultAuth resource are used. The default is\\n`none`."', args=[d.arg(name='params', type=d.T.string)]),
         withParams(params): { spec+: { vaultAuthGlobalRef+: { mergeStrategy+: { params: params } } } },
       },
-      '#withAllowDefault':: d.fn(help="\"AllowDefault when set to true will use the default VaultAuthGlobal resource\\nas the default if Name is not set. The 'allow-default-globals' option must be\\nset on the operator's '-global-vault-auth-options' flag\\n\\n\\nThe default VaultAuthGlobal search is conditional.\\nWhen a ref Namespace is set, the search for the default\\nVaultAuthGlobal resource is constrained to that namespace.\\nOtherwise, the search order is:\\n1. The default VaultAuthGlobal resource in the referring VaultAuth resource's\\nnamespace.\\n2. The default VaultAuthGlobal resource in the Operator's namespace.\"", args=[d.arg(name='allowDefault', type=d.T.boolean)]),
+      '#withAllowDefault':: d.fn(help="\"AllowDefault when set to true will use the default VaultAuthGlobal resource\\nas the default if Name is not set. The 'allow-default-globals' option must be\\nset on the operator's '-global-vault-auth-options' flag\\n\\nThe default VaultAuthGlobal search is conditional.\\nWhen a ref Namespace is set, the search for the default\\nVaultAuthGlobal resource is constrained to that namespace.\\nOtherwise, the search order is:\\n1. The default VaultAuthGlobal resource in the referring VaultAuth resource's\\nnamespace.\\n2. The default VaultAuthGlobal resource in the Operator's namespace.\"", args=[d.arg(name='allowDefault', type=d.T.boolean)]),
       withAllowDefault(allowDefault): { spec+: { vaultAuthGlobalRef+: { allowDefault: allowDefault } } },
       '#withName':: d.fn(help='"Name of the VaultAuthGlobal resource."', args=[d.arg(name='name', type=d.T.string)]),
       withName(name): { spec+: { vaultAuthGlobalRef+: { name: name } } },
@@ -157,7 +157,7 @@
     withParams(params): { spec+: { params: params } },
     '#withParamsMixin':: d.fn(help='"Params to use when authenticating to Vault"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='params', type=d.T.object)]),
     withParamsMixin(params): { spec+: { params+: params } },
-    '#withVaultConnectionRef':: d.fn(help="\"VaultConnectionRef to the VaultConnection resource, can be prefixed with a namespace,\\neg: `namespaceA/vaultConnectionRefB`. If no namespace prefix is provided it will default to\\nnamespace of the VaultConnection CR. If no value is specified for VaultConnectionRef the\\nOperator will default to the `default` VaultConnection, configured in the operator's namespace.\"", args=[d.arg(name='vaultConnectionRef', type=d.T.string)]),
+    '#withVaultConnectionRef':: d.fn(help="\"VaultConnectionRef to the VaultConnection resource, can be prefixed with a namespace,\\neg: `namespaceA/vaultConnectionRefB`. If no namespace prefix is provided it will default to\\nthe namespace of the VaultConnection CR. If no value is specified for VaultConnectionRef the\\nOperator will default to the `default` VaultConnection, configured in the operator's namespace.\"", args=[d.arg(name='vaultConnectionRef', type=d.T.string)]),
     withVaultConnectionRef(vaultConnectionRef): { spec+: { vaultConnectionRef: vaultConnectionRef } },
   },
   '#mixin': 'ignore',

0.1.0/_gen/secrets/v1beta1/vaultDynamicSecret.libsonnet

@@ -122,7 +122,7 @@
     withAllowStaticCreds(allowStaticCreds): { spec+: { allowStaticCreds: allowStaticCreds } },
     '#withMount':: d.fn(help="\"Mount path of the secret's engine in Vault.\"", args=[d.arg(name='mount', type=d.T.string)]),
     withMount(mount): { spec+: { mount: mount } },
-    '#withNamespace':: d.fn(help='"Namespace where the secrets engine is mounted in Vault."', args=[d.arg(name='namespace', type=d.T.string)]),
+    '#withNamespace':: d.fn(help="\"Namespace of the secrets engine mount in Vault. If not set, the namespace that's\\npart of VaultAuth resource will be inferred.\"", args=[d.arg(name='namespace', type=d.T.string)]),
     withNamespace(namespace): { spec+: { namespace: namespace } },
     '#withParams':: d.fn(help="\"Params that can be passed when requesting credentials/secrets.\\nWhen Params is set the configured RequestHTTPMethod will be\\nignored. See RequestHTTPMethod for more details.\\nPlease consult https://developer.hashicorp.com/vault/docs/secrets if you are\\nuncertain about what 'params' should/can be set to.\"", args=[d.arg(name='params', type=d.T.object)]),
     withParams(params): { spec+: { params: params } },
@@ -142,7 +142,7 @@
     withRolloutRestartTargets(rolloutRestartTargets): { spec+: { rolloutRestartTargets: if std.isArray(v=rolloutRestartTargets) then rolloutRestartTargets else [rolloutRestartTargets] } },
     '#withRolloutRestartTargetsMixin':: d.fn(help='"RolloutRestartTargets should be configured whenever the application(s) consuming the Vault secret does\\nnot support dynamically reloading a rotated secret.\\nIn that case one, or more RolloutRestartTarget(s) can be configured here. The Operator will\\ntrigger a \\"rollout-restart\\" for each target whenever the Vault secret changes between reconciliation events.\\nSee RolloutRestartTarget for more details."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rolloutRestartTargets', type=d.T.array)]),
     withRolloutRestartTargetsMixin(rolloutRestartTargets): { spec+: { rolloutRestartTargets+: if std.isArray(v=rolloutRestartTargets) then rolloutRestartTargets else [rolloutRestartTargets] } },
-    '#withVaultAuthRef':: d.fn(help="\"VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace,\\neg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to\\nnamespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator will\\ndefault to the `default` VaultAuth, configured in the operator's namespace.\"", args=[d.arg(name='vaultAuthRef', type=d.T.string)]),
+    '#withVaultAuthRef':: d.fn(help="\"VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace,\\neg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to\\nthe namespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator\\nwill default to the `default` VaultAuth, configured in the operator's namespace.\"", args=[d.arg(name='vaultAuthRef', type=d.T.string)]),
     withVaultAuthRef(vaultAuthRef): { spec+: { vaultAuthRef: vaultAuthRef } },
   },
   '#mixin': 'ignore',

0.1.0/_gen/secrets/v1beta1/vaultPKISecret.libsonnet

@@ -140,7 +140,7 @@
     withIssuerRef(issuerRef): { spec+: { issuerRef: issuerRef } },
     '#withMount':: d.fn(help='"Mount for the secret in Vault"', args=[d.arg(name='mount', type=d.T.string)]),
     withMount(mount): { spec+: { mount: mount } },
-    '#withNamespace':: d.fn(help='"Namespace to get the secret from in Vault"', args=[d.arg(name='namespace', type=d.T.string)]),
+    '#withNamespace':: d.fn(help="\"Namespace of the secrets engine mount in Vault. If not set, the namespace that's\\npart of VaultAuth resource will be inferred.\"", args=[d.arg(name='namespace', type=d.T.string)]),
     withNamespace(namespace): { spec+: { namespace: namespace } },
     '#withNotAfter':: d.fn(help='"NotAfter field of the certificate with specified date value.\\nThe value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ"', args=[d.arg(name='notAfter', type=d.T.string)]),
     withNotAfter(notAfter): { spec+: { notAfter: notAfter } },
@@ -168,7 +168,7 @@
     withUserIDs(userIDs): { spec+: { userIDs: if std.isArray(v=userIDs) then userIDs else [userIDs] } },
     '#withUserIDsMixin':: d.fn(help='"User ID (OID 0.9.2342.19200300.100.1.1) Subject values to be placed on the\\nsigned certificate."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='userIDs', type=d.T.array)]),
     withUserIDsMixin(userIDs): { spec+: { userIDs+: if std.isArray(v=userIDs) then userIDs else [userIDs] } },
-    '#withVaultAuthRef':: d.fn(help="\"VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace,\\neg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to\\nnamespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator will\\ndefault to the `default` VaultAuth, configured in the operator's namespace.\"", args=[d.arg(name='vaultAuthRef', type=d.T.string)]),
+    '#withVaultAuthRef':: d.fn(help="\"VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace,\\neg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to\\nthe namespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator\\nwill default to the `default` VaultAuth, configured in the operator's namespace.\"", args=[d.arg(name='vaultAuthRef', type=d.T.string)]),
     withVaultAuthRef(vaultAuthRef): { spec+: { vaultAuthRef: vaultAuthRef } },
   },
   '#mixin': 'ignore',

0.1.0/_gen/secrets/v1beta1/vaultStaticSecret.libsonnet

@@ -127,7 +127,7 @@
     withHmacSecretData(hmacSecretData): { spec+: { hmacSecretData: hmacSecretData } },
     '#withMount':: d.fn(help='"Mount for the secret in Vault"', args=[d.arg(name='mount', type=d.T.string)]),
     withMount(mount): { spec+: { mount: mount } },
-    '#withNamespace':: d.fn(help='"Namespace to get the secret from in Vault"', args=[d.arg(name='namespace', type=d.T.string)]),
+    '#withNamespace':: d.fn(help="\"Namespace of the secrets engine mount in Vault. If not set, the namespace that's\\npart of VaultAuth resource will be inferred.\"", args=[d.arg(name='namespace', type=d.T.string)]),
     withNamespace(namespace): { spec+: { namespace: namespace } },
     '#withPath':: d.fn(help='"Path of the secret in Vault, corresponds to the `path` parameter for,\\nkv-v1: https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v1#read-secret\\nkv-v2: https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#read-secret-version"', args=[d.arg(name='path', type=d.T.string)]),
     withPath(path): { spec+: { path: path } },
@@ -139,7 +139,7 @@
     withRolloutRestartTargetsMixin(rolloutRestartTargets): { spec+: { rolloutRestartTargets+: if std.isArray(v=rolloutRestartTargets) then rolloutRestartTargets else [rolloutRestartTargets] } },
     '#withType':: d.fn(help='"Type of the Vault static secret"', args=[d.arg(name='type', type=d.T.string)]),
     withType(type): { spec+: { type: type } },
-    '#withVaultAuthRef':: d.fn(help="\"VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace,\\neg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to\\nnamespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator will\\ndefault to the `default` VaultAuth, configured in the operator's namespace.\"", args=[d.arg(name='vaultAuthRef', type=d.T.string)]),
+    '#withVaultAuthRef':: d.fn(help="\"VaultAuthRef to the VaultAuth resource, can be prefixed with a namespace,\\neg: `namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default to the\\nnamespace of the VaultAuth CR. If no value is specified for VaultAuthRef the Operator will\\ndefault to the `default` VaultAuth, configured in the operator's namespace.\"", args=[d.arg(name='vaultAuthRef', type=d.T.string)]),
     withVaultAuthRef(vaultAuthRef): { spec+: { vaultAuthRef: vaultAuthRef } },
     '#withVersion':: d.fn(help='"Version of the secret to fetch. Only valid for type kv-v2. Corresponds to version query parameter:\\nhttps://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#version"', args=[d.arg(name='version', type=d.T.integer)]),
     withVersion(version): { spec+: { version: version } },

0.2.0/_gen/secrets/v1beta1/hcpVaultSecretsApp.libsonnet

@@ -118,6 +118,14 @@
       '#withName':: d.fn(help='"Name of the resource"', args=[d.arg(name='name', type=d.T.string)]),
       withName(name): { name: name },
     },
+    '#syncConfig':: d.obj(help='"SyncConfig configures sync behavior from HVS to VSO"'),
+    syncConfig: {
+      '#dynamic':: d.obj(help='"Dynamic configures sync behavior for dynamic secrets."'),
+      dynamic: {
+        '#withRenewalPercent':: d.fn(help="\"RenewalPercent is the percent out of 100 of a dynamic secret's TTL when\\nnew secrets are generated. Defaults to 67 percent minus jitter.\"", args=[d.arg(name='renewalPercent', type=d.T.integer)]),
+        withRenewalPercent(renewalPercent): { spec+: { syncConfig+: { dynamic+: { renewalPercent: renewalPercent } } } },
+      },
+    },
     '#withAppName':: d.fn(help='"AppName of the Vault Secrets Application that is to be synced."', args=[d.arg(name='appName', type=d.T.string)]),
     withAppName(appName): { spec+: { appName: appName } },
     '#withHcpAuthRef':: d.fn(help="\"HCPAuthRef to the HCPAuth resource, can be prefixed with a namespace, eg:\\n`namespaceA/vaultAuthRefB`. If no namespace prefix is provided it will default\\nto the namespace of the HCPAuth CR. If no value is specified for HCPAuthRef the\\nOperator will default to the `default` HCPAuth, configured in the operator's\\nnamespace.\"", args=[d.arg(name='hcpAuthRef', type=d.T.string)]),