package v1alpha1

import "time"

// SealedSecret is the K8s representation of a "sealed Secret" - a
// regular k8s Secret that has been sealed (encrypted) using the
// controller's key.
#SealedSecret: {
	_embeddedResource

	// APIVersion defines the versioned schema of this representation
	// of an object.
	// Servers should convert recognized schemas to the latest
	// internal value, and
	// may reject unrecognized values.
	// More info:
	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	"apiVersion"?: string

	// Kind is a string value representing the REST resource this
	// object represents.
	// Servers may infer this from the endpoint the client submits
	// requests to.
	// Cannot be updated.
	// In CamelCase.
	// More info:
	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	"kind"?: string
	"metadata"?: {}

	// SealedSecretSpec is the specification of a SealedSecret.
	"spec"!: {
		// Data is deprecated and will be removed eventually. Use
		// per-value EncryptedData instead.
		"data"?: string
		"encryptedData"!: {
			[string]: string
			...
		}

		// Template defines the structure of the Secret that will be
		// created from this sealed secret.
		"template"?: {
			// Keys that should be templated using decrypted data.
			"data"?:
				null | {
					[string]: string
				}

			// Immutable, if set to true, ensures that data stored in the
			// Secret cannot
			// be updated (only object metadata can be modified).
			// If not set to true, the field can be modified at any time.
			// Defaulted to nil.
			"immutable"?: bool

			// Standard object's metadata.
			// More info:
			// https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
			"metadata"?:
				null | {
					"annotations"?: [string]: string
					"finalizers"?: [...string]
					"labels"?: {
						[string]: string
					}
					"name"?:      string
					"namespace"?: string
					...
				}

			// Used to facilitate programmatic handling of secret data.
			"type"?: string
		}
	}

	// SealedSecretStatus is the most recently observed status of the
	// SealedSecret.
	"status"?: {
		// Represents the latest available observations of a sealed
		// secret's current state.
		"conditions"?: [...{
			// Last time the condition transitioned from one status to
			// another.
			"lastTransitionTime"?: time.Time

			// The last time this condition was updated.
			"lastUpdateTime"?: time.Time

			// A human readable message indicating details about the
			// transition.
			"message"?: string

			// The reason for the condition's last transition.
			"reason"?: string

			// Status of the condition for a sealed secret.
			// Valid values for "Synced": "True", "False", or "Unknown".
			"status"!: string

			// Type of condition for a sealed secret.
			// Valid value: "Synced"
			"type"!: string
		}]

		// ObservedGeneration reflects the generation most recently
		// observed by the sealed-secrets controller.
		"observedGeneration"?: int64 & int
	}

	_embeddedResource: {
		"apiVersion"!: string
		"kind"!:       string
		"metadata"?: {
			...
		}
	}
	apiVersion: "bitnami.com/v1alpha1"
	kind:       "SealedSecret"
	metadata!: {
		"name"!:      string
		"namespace"!: string
		"labels"?: {
			[string]: string
		}
		"annotations"?: {
			[string]: string
		}
		...
	}
}