Workable
diff --git a/‎apis/externalsecrets/v1alpha1/externalsecret_types.go
Lines changed: 29 additions & 8 deletions b/‎apis/externalsecrets/v1alpha1/externalsecret_types.go
Lines changed: 29 additions & 8 deletions
diff --git a/‎apis/externalsecrets/v1alpha1/pushsecret_types.go
Lines changed: 21 additions & 6 deletions b/‎apis/externalsecrets/v1alpha1/pushsecret_types.go
Lines changed: 21 additions & 6 deletions
diff --git a/‎apis/externalsecrets/v1alpha1/secretstore_kubernetes_types.go
Lines changed: 4 additions & 1 deletion b/‎apis/externalsecrets/v1alpha1/secretstore_kubernetes_types.go
Lines changed: 4 additions & 1 deletion
diff --git a/‎apis/externalsecrets/v1alpha1/secretstore_vault_types.go
Lines changed: 10 additions & 1 deletion b/‎apis/externalsecrets/v1alpha1/secretstore_vault_types.go
Lines changed: 10 additions & 1 deletion
diff --git a/‎apis/externalsecrets/v1alpha1/secretstore_webhook_types.go
Lines changed: 10 additions & 1 deletion b/‎apis/externalsecrets/v1alpha1/secretstore_webhook_types.go
Lines changed: 10 additions & 1 deletion
diff --git a/‎apis/externalsecrets/v1beta1/clusterexternalsecret_types.go
Lines changed: 8 additions & 1 deletion b/‎apis/externalsecrets/v1beta1/clusterexternalsecret_types.go
Lines changed: 8 additions & 1 deletion
diff --git a/‎apis/externalsecrets/v1beta1/externalsecret_types.go
Lines changed: 43 additions & 12 deletions b/‎apis/externalsecrets/v1beta1/externalsecret_types.go
Lines changed: 43 additions & 12 deletions
diff --git a/‎apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go
Lines changed: 4 additions & 1 deletion b/‎apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go
Lines changed: 4 additions & 1 deletion
@@ -22,11 +22,15 @@ import (
 // SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
 type SecretStoreRef struct {
 	// Name of the SecretStore resource
-	Name string `json:"name"`
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+	Name string `json:"name,omitempty"`
 
 	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
 	// Defaults to `SecretStore`
 	// +optional
+	// +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore
 	Kind string `json:"kind,omitempty"`
 }
 
@@ -92,25 +96,37 @@ type TemplateFrom struct {
 }
 
 type TemplateRef struct {
-	Name  string            `json:"name"`
+	// The name of the ConfigMap/Secret resource
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+	Name string `json:"name"`
+
+	// A list of keys in the ConfigMap/Secret to use as templates for Secret data
 	Items []TemplateRefItem `json:"items"`
 }
 
 type TemplateRefItem struct {
+	// A key in the ConfigMap/Secret
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key"`
 }
 
 // ExternalSecretTarget defines the Kubernetes Secret to be created
 // There can be only one target per ExternalSecret.
 type ExternalSecretTarget struct {
-	// Name defines the name of the Secret resource to be managed
-	// This field is immutable
+	// The name of the Secret resource to be managed.
 	// Defaults to the .metadata.name of the ExternalSecret resource
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name,omitempty"`
 
-	// CreationPolicy defines rules on how to create the resulting Secret
-	// Defaults to 'Owner'
+	// CreationPolicy defines rules on how to create the resulting Secret.
+	// Defaults to "Owner"
 	// +optional
 	// +kubebuilder:default="Owner"
 	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
@@ -126,6 +142,10 @@ type ExternalSecretTarget struct {
 
 // ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
 type ExternalSecretData struct {
+	// The key in the Kubernetes Secret to store the value.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	SecretKey string `json:"secretKey"`
 
 	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
@@ -140,11 +160,12 @@ type ExternalSecretDataRemoteRef struct {
 	// +optional
 	Version string `json:"version,omitempty"`
 
-	// +optional
 	// Used to select a specific property of the Provider value (if a map), if supported
-	Property string `json:"property,omitempty"`
 	// +optional
+	Property string `json:"property,omitempty"`
+
 	// Used to define a conversion Strategy
+	// +optional
 	// +kubebuilder:default="Default"
 	ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"`
 }
 
@@ -30,14 +30,19 @@ const (
 type PushSecretStoreRef struct {
 	// Optionally, sync to the SecretStore of the given name
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name,omitempty"`
+
 	// Optionally, sync to secret stores with label selector
 	// +optional
 	LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"`
+
 	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
-	// Defaults to `SecretStore`
-	// +kubebuilder:default="SecretStore"
 	// +optional
+	// +kubebuilder:default="SecretStore"
+	// +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore
 	Kind string `json:"kind,omitempty"`
 }
 
@@ -68,27 +73,37 @@ const (
 // PushSecretSpec configures the behavior of the PushSecret.
 type PushSecretSpec struct {
 	// The Interval to which External Secrets will try to push a secret definition
-	RefreshInterval *metav1.Duration     `json:"refreshInterval,omitempty"`
+	RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"`
+
 	SecretStoreRefs []PushSecretStoreRef `json:"secretStoreRefs"`
-	// UpdatePolicy to handle Secrets in the provider. Possible Values: "Replace/IfNotExists". Defaults to "Replace".
+
+	// UpdatePolicy to handle Secrets in the provider.
 	// +kubebuilder:default="Replace"
 	// +optional
 	UpdatePolicy PushSecretUpdatePolicy `json:"updatePolicy,omitempty"`
-	// Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".
+
+	// Deletion Policy to handle Secrets in the provider.
 	// +kubebuilder:default="None"
 	// +optional
 	DeletionPolicy PushSecretDeletionPolicy `json:"deletionPolicy,omitempty"`
+
 	// The Secret Selector (k8s source) for the Push Secret
 	Selector PushSecretSelector `json:"selector"`
+
 	// Secret Data that should be pushed to providers
 	Data []PushSecretData `json:"data,omitempty"`
+
 	// Template defines a blueprint for the created Secret resource.
 	// +optional
 	Template *esv1beta1.ExternalSecretTemplate `json:"template,omitempty"`
 }
 
 type PushSecretSecret struct {
-	// Name of the Secret. The Secret must exist in the same namespace as the PushSecret manifest.
+	// Name of the Secret.
+	// The Secret must exist in the same namespace as the PushSecret manifest.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 }
 
 
@@ -50,8 +50,11 @@ type KubernetesProvider struct {
 	Auth KubernetesAuth `json:"auth"`
 
 	// Remote namespace to fetch the secrets from
-	// +kubebuilder:default= default
 	// +optional
+	// +kubebuilder:default=default
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	RemoteNamespace string `json:"remoteNamespace,omitempty"`
 }
 
 
@@ -39,14 +39,23 @@ type CAProvider struct {
 	Type CAProviderType `json:"type"`
 
 	// The name of the object located at the provider type.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 
-	// The key the value inside of the provider type to use, only used with "Secret" type
+	// The key where the CA certificate can be found in the Secret or ConfigMap.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 
 	// The namespace the Provider type is in.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
 }
 
 
@@ -75,14 +75,23 @@ type WebhookCAProvider struct {
 	Type WebhookCAProviderType `json:"type"`
 
 	// The name of the object located at the provider type.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 
-	// The key the value inside of the provider type to use, only used with "Secret" type
+	// The key where the CA certificate can be found in the Secret or ConfigMap.
 	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key,omitempty"`
 
 	// The namespace the Provider type is in.
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespace *string `json:"namespace,omitempty"`
 }
 
 
@@ -24,8 +24,12 @@ type ClusterExternalSecretSpec struct {
 	// The spec for the ExternalSecrets to be created
 	ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"`
 
-	// The name of the external secrets to be created defaults to the name of the ClusterExternalSecret
+	// The name of the external secrets to be created.
+	// Defaults to the name of the ClusterExternalSecret
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	ExternalSecretName string `json:"externalSecretName,omitempty"`
 
 	// The metadata of the external secrets to be created
@@ -43,6 +47,9 @@ type ClusterExternalSecretSpec struct {
 
 	// Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
 	// +optional
+	// +kubebuilder:validation:items:MinLength:=1
+	// +kubebuilder:validation:items:MaxLength:=63
+	// +kubebuilder:validation:items:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	Namespaces []string `json:"namespaces,omitempty"`
 
 	// The time in which the controller should reconcile its objects and recheck namespaces for labels.
 
@@ -22,11 +22,15 @@ import (
 // SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
 type SecretStoreRef struct {
 	// Name of the SecretStore resource
-	Name string `json:"name"`
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+	Name string `json:"name,omitempty"`
 
 	// Kind of the SecretStore resource (SecretStore or ClusterSecretStore)
 	// Defaults to `SecretStore`
 	// +optional
+	// +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore
 	Kind string `json:"kind,omitempty"`
 }
 
@@ -92,12 +96,16 @@ type ExternalSecretTemplate struct {
 	// template specified in .data and .templateFrom[].
 	// +kubebuilder:default="v2"
 	EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"`
+
 	// +optional
 	Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"`
+
 	// +kubebuilder:default="Replace"
 	MergePolicy TemplateMergePolicy `json:"mergePolicy,omitempty"`
+
 	// +optional
 	Data map[string]string `json:"data,omitempty"`
+
 	// +optional
 	TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"`
 }
@@ -121,10 +129,11 @@ const (
 type TemplateFrom struct {
 	ConfigMap *TemplateRef `json:"configMap,omitempty"`
 	Secret    *TemplateRef `json:"secret,omitempty"`
-	// +optional
+
 	// +optional
 	// +kubebuilder:default="Data"
 	Target TemplateTarget `json:"target,omitempty"`
+
 	// +optional
 	Literal *string `json:"literal,omitempty"`
 }
@@ -147,35 +156,50 @@ const (
 )
 
 type TemplateRef struct {
-	Name  string            `json:"name"`
+	// The name of the ConfigMap/Secret resource
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+	Name string `json:"name"`
+
+	// A list of keys in the ConfigMap/Secret to use as templates for Secret data
 	Items []TemplateRefItem `json:"items"`
 }
 
 type TemplateRefItem struct {
+	// A key in the ConfigMap/Secret
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	Key string `json:"key"`
+
 	// +kubebuilder:default="Values"
 	TemplateAs TemplateScope `json:"templateAs,omitempty"`
 }
 
 // ExternalSecretTarget defines the Kubernetes Secret to be created
 // There can be only one target per ExternalSecret.
 type ExternalSecretTarget struct {
-	// Name defines the name of the Secret resource to be managed
-	// This field is immutable
+	// The name of the Secret resource to be managed.
 	// Defaults to the .metadata.name of the ExternalSecret resource
 	// +optional
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name,omitempty"`
 
-	// CreationPolicy defines rules on how to create the resulting Secret
-	// Defaults to 'Owner'
+	// CreationPolicy defines rules on how to create the resulting Secret.
+	// Defaults to "Owner"
 	// +optional
 	// +kubebuilder:default="Owner"
 	CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
-	// DeletionPolicy defines rules on how to delete the resulting Secret
-	// Defaults to 'Retain'
+
+	// DeletionPolicy defines rules on how to delete the resulting Secret.
+	// Defaults to "Retain"
 	// +optional
 	// +kubebuilder:default="Retain"
 	DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"`
+
 	// Template defines a blueprint for the created Secret resource.
 	// +optional
 	Template *ExternalSecretTemplate `json:"template,omitempty"`
@@ -187,16 +211,18 @@ type ExternalSecretTarget struct {
 
 // ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
 type ExternalSecretData struct {
-	// SecretKey defines the key in which the controller stores
-	// the value. This is the key in the Kind=Secret
+	// The key in the Kubernetes Secret to store the value.
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$
 	SecretKey string `json:"secretKey"`
 
 	// RemoteRef points to the remote secret and defines
 	// which secret (version/property/..) to fetch.
 	RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
 
 	// SourceRef allows you to override the source
-	// from which the value will pulled from.
+	// from which the value will be pulled.
 	SourceRef *StoreSourceRef `json:"sourceRef,omitempty"`
 }
 
@@ -338,6 +364,7 @@ type FindName struct {
 type ExternalSecretSpec struct {
 	// +optional
 	SecretStoreRef SecretStoreRef `json:"secretStoreRef,omitempty"`
+
 	// +kubebuilder:default={creationPolicy:Owner,deletionPolicy:Retain}
 	// +optional
 	Target ExternalSecretTarget `json:"target,omitempty"`
@@ -395,7 +422,11 @@ type GeneratorRef struct {
 	APIVersion string `json:"apiVersion,omitempty"`
 	// Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc.
 	Kind string `json:"kind"`
+
 	// Specify the name of the generator resource
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=253
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
 	Name string `json:"name"`
 }
 
 
@@ -49,8 +49,11 @@ type KubernetesProvider struct {
 	AuthRef *esmeta.SecretKeySelector `json:"authRef,omitempty"`
 
 	// Remote namespace to fetch the secrets from
-	// +kubebuilder:default= default
 	// +optional
+	// +kubebuilder:default=default
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
 	RemoteNamespace string `json:"remoteNamespace,omitempty"`
 }