From 52b3f454772098bd7da78f658b801d03c1c92a06 Mon Sep 17 00:00:00 2001 From: Norbert Gruszka Date: Mon, 2 Feb 2026 10:16:10 +0100 Subject: [PATCH 1/2] Implement Autounseal for OpenBao Service --- apis/vshn/v1/dbaas_vshn_openbao.go | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/apis/vshn/v1/dbaas_vshn_openbao.go b/apis/vshn/v1/dbaas_vshn_openbao.go index 0c402c1859..67c154f33a 100644 --- a/apis/vshn/v1/dbaas_vshn_openbao.go +++ b/apis/vshn/v1/dbaas_vshn_openbao.go @@ -103,14 +103,8 @@ type VSHNOpenBaoSettings struct { // VSHNOpenBaoSettingsAutoUnseal contains OpenBao auto-unseal configuration type VSHNOpenBaoSettingsAutoUnseal struct { - // AWSKmsSecretRef references to secret containing AWS KMS credentials and configuration - AWSKmsSecretRef LocalObjectReference `json:"awsKmsSecretRef,omitempty"` - // AzureKeyVaultSecretRef references to secret containing Azure Key Vault credentials and configuration - AzureKeyVaultSecretRef LocalObjectReference `json:"azureKeyVaultSecretRef,omitempty"` - // GCPKmsSecretRef references to secret containing GCP KMS credentials and configuration - GCPKmsSecretRef LocalObjectReference `json:"gcpKmsSecretRef,omitempty"` - // TransitSecretRef references to secret containing Transit auto-unseal configuration - TransitSecretRef LocalObjectReference `json:"transitSecretRef,omitempty"` + // Enabled allows users to enable Autounseal with VSHN provided Vault instance (required for SLA) + Enabled bool `json:"enabled,omitempty"` } // VSHNOpenBaoSizeSpec contains settings to control the sizing of a service. From 159097b00826749295a4fc2bacdabb3fe7dd419a Mon Sep 17 00:00:00 2001 From: Norbert Gruszka Date: Mon, 2 Feb 2026 10:23:25 +0100 Subject: [PATCH 2/2] Re-generate CRDs after changing Autounseal fields --- apis/vshn/v1/zz_generated.deepcopy.go | 4 -- crds/vshn.appcat.vshn.io_vshnopenbaos.yaml | 51 ++---------------- crds/vshn.appcat.vshn.io_xvshnopenbaos.yaml | 58 ++------------------- 3 files changed, 8 insertions(+), 105 deletions(-) diff --git a/apis/vshn/v1/zz_generated.deepcopy.go b/apis/vshn/v1/zz_generated.deepcopy.go index cbd31bbff5..2115090f0e 100644 --- a/apis/vshn/v1/zz_generated.deepcopy.go +++ b/apis/vshn/v1/zz_generated.deepcopy.go @@ -1576,10 +1576,6 @@ func (in *VSHNOpenBaoSettings) DeepCopy() *VSHNOpenBaoSettings { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VSHNOpenBaoSettingsAutoUnseal) DeepCopyInto(out *VSHNOpenBaoSettingsAutoUnseal) { *out = *in - out.AWSKmsSecretRef = in.AWSKmsSecretRef - out.AzureKeyVaultSecretRef = in.AzureKeyVaultSecretRef - out.GCPKmsSecretRef = in.GCPKmsSecretRef - out.TransitSecretRef = in.TransitSecretRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSHNOpenBaoSettingsAutoUnseal. diff --git a/crds/vshn.appcat.vshn.io_vshnopenbaos.yaml b/crds/vshn.appcat.vshn.io_vshnopenbaos.yaml index 23d60174c5..c14644c953 100644 --- a/crds/vshn.appcat.vshn.io_vshnopenbaos.yaml +++ b/crds/vshn.appcat.vshn.io_vshnopenbaos.yaml @@ -4597,54 +4597,9 @@ spec: version: description: AutoUnseal configures various auto unseal methods. properties: - awsKmsSecretRef: - description: AWSKmsSecretRef references to secret containing AWS KMS credentials and configuration - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic - azureKeyVaultSecretRef: - description: AzureKeyVaultSecretRef references to secret containing Azure Key Vault credentials and configuration - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic - gcpKmsSecretRef: - description: GCPKmsSecretRef references to secret containing GCP KMS credentials and configuration - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic - transitSecretRef: - description: TransitSecretRef references to secret containing Transit auto-unseal configuration - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic + enabled: + description: Enabled allows users to enable Autounseal with VSHN provided Vault instance (required for SLA) + type: boolean type: object type: object serviceLevel: diff --git a/crds/vshn.appcat.vshn.io_xvshnopenbaos.yaml b/crds/vshn.appcat.vshn.io_xvshnopenbaos.yaml index 5c69bea041..547e1fd885 100644 --- a/crds/vshn.appcat.vshn.io_xvshnopenbaos.yaml +++ b/crds/vshn.appcat.vshn.io_xvshnopenbaos.yaml @@ -5322,59 +5322,11 @@ spec: description: AutoUnseal configures various auto unseal methods. properties: - awsKmsSecretRef: - description: AWSKmsSecretRef references to secret - containing AWS KMS credentials and configuration - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic - azureKeyVaultSecretRef: - description: AzureKeyVaultSecretRef references to - secret containing Azure Key Vault credentials and - configuration - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic - gcpKmsSecretRef: - description: GCPKmsSecretRef references to secret - containing GCP KMS credentials and configuration - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic - transitSecretRef: - description: TransitSecretRef references to secret - containing Transit auto-unseal configuration - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - type: string - type: object - x-kubernetes-map-type: atomic + enabled: + description: Enabled allows users to enable Autounseal + with VSHN provided Vault instance (required for + SLA) + type: boolean type: object type: object serviceLevel: