Add example for issue https://github.com/philippemerle/KubeDiagrams/issues/55

issues/issue#55.kdc

@@ -0,0 +1,120 @@
+nodes:
+  VaultConnection/secrets.hashicorp.com/v1beta1:
+    scope: Namespaced
+    # custom_icon: path-to-a-png-icon
+  VaultAuth/secrets.hashicorp.com/v1beta1:
+    scope: Namespaced
+    # custom_icon: path-to-a-png-icon
+    edges: |
+      edges.add_edge_to(
+        "spec.vaultConnectionRef",
+        ".",
+        get_namespace(resource),
+        "VaultConnection",
+        "secrets.hashicorp.com/v1beta1",
+        "REFERENCE"
+      )
+      edges.add_edge_to(
+        "spec.vaultAuthGlobalRef.name",
+        ".",
+        get_namespace(resource),
+        "VaultAuthGlobal",
+        "secrets.hashicorp.com/v1beta1",
+        "REFERENCE"
+      )
+  VaultAuthGlobal/secrets.hashicorp.com/v1beta1:
+    scope: Namespaced
+    # custom_icon: path-to-a-png-icon
+  VaultStaticSecret/secrets.hashicorp.com/v1beta1:
+    scope: Namespaced
+    # custom_icon: path-to-a-png-icon
+    edges: |
+      edges.add_edge_to(
+        "spec.vaultAuthRef",
+        ".",
+        get_namespace(resource),
+        "VaultAuth",
+        "secrets.hashicorp.com/v1beta1",
+        "REFERENCE"
+      )
+      edges.add_edge_to(
+        "spec.destination.name",
+        ".",
+        get_namespace(resource),
+        "Secret",
+        "v1",
+        "OWNER"
+      )
+    nodes: |
+      secret_name = query_path(resource, "spec.destination.name")
+      if secret_name is not None:
+        nodes.append({
+          "kind": "Secret",
+          "apiVersion": "v1",
+          "metadata": {
+            "name": secret_name,
+            "namespace": get_namespace(resource)
+          }
+        })
+  VaultPKISecret/secrets.hashicorp.com/v1beta1:
+    scope: Namespaced
+    # custom_icon: path-to-a-png-icon
+    edges: |
+      edges.add_edge_to(
+        "spec.vaultAuthRef",
+        ".",
+        get_namespace(resource),
+        "VaultAuth",
+        "secrets.hashicorp.com/v1beta1",
+        "REFERENCE"
+      )
+      edges.add_edge_to(
+        "spec.destination.name",
+        ".",
+        get_namespace(resource),
+        "Secret",
+        "v1",
+        "OWNER"
+      )
+    nodes: |
+      secret_name = query_path(resource, "spec.destination.name")
+      if secret_name is not None:
+        nodes.append({
+          "kind": "Secret",
+          "apiVersion": "v1",
+          "metadata": {
+            "name": secret_name,
+            "namespace": get_namespace(resource)
+          }
+        })
+  VaultDynamicSecret/secrets.hashicorp.com/v1beta1:
+    scope: Namespaced
+    # custom_icon: path-to-a-png-icon
+    edges: |
+      edges.add_edge_to(
+        "spec.vaultAuthRef",
+        ".",
+        get_namespace(resource),
+        "VaultAuth",
+        "secrets.hashicorp.com/v1beta1",
+        "REFERENCE"
+      )
+      edges.add_edge_to(
+        "spec.destination.name",
+        ".",
+        get_namespace(resource),
+        "Secret",
+        "v1",
+        "OWNER"
+      )
+    nodes: |
+      secret_name = query_path(resource, "spec.destination.name")
+      if secret_name is not None:
+        nodes.append({
+          "kind": "Secret",
+          "apiVersion": "v1",
+          "metadata": {
+            "name": secret_name,
+            "namespace": get_namespace(resource)
+          }
+        })

issues/issue#55.yaml

@@ -0,0 +1,180 @@
+# Source: https://developer.hashicorp.com/vault/docs/deploy/kubernetes/vso/sources/vault
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultConnection
+metadata:
+  namespace: vso-example
+  name: vault-connection
+spec:
+  # required configuration
+  # address to the Vault server.
+  address: http://vault.vault.svc.cluster.local:8200
+
+  # optional configuration
+  # HTTP headers to be included in all Vault requests.
+  # headers: []
+  # TLS server name to use as the SNI host for TLS connections.
+  # tlsServerName: ""
+  # skip TLS verification for TLS connections to Vault.
+  # skipTLSVerify: false
+  # the trusted PEM encoded CA certificate chain stored in a Kubernetes Secret
+  # caCertSecretRef: ""
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultAuth
+metadata:
+  namespace: vso-example
+  name: vault-auth
+spec:
+  # required configuration
+  # VaultConnectionRef of the corresponding VaultConnection CustomResource.
+  # If no value is specified the Operator will default to the `default` VaultConnection,
+  # configured in its own Kubernetes namespace.
+  vaultConnectionRef: vault-connection
+  # Method to use when authenticating to Vault.
+  method: kubernetes
+  # Mount to use when authenticating to auth method.
+  mount: kubernetes
+  # Kubernetes specific auth configuration, requires that the Method be set to kubernetes.
+  kubernetes:
+    # role to use when authenticating to Vault
+    role: example
+    # ServiceAccount to use when authenticating to Vault
+    # it is recommended to always provide a unique serviceAccount per Pod/application
+    serviceAccount: default
+
+  # optional configuration
+  # Vault namespace where the auth backend is mounted (requires Vault Enterprise)
+  # namespace: ""
+  # Params to use when authenticating to Vault
+  # params: []
+  # HTTP headers to be included in all Vault authentication requests.
+  # headers: []
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultAuthGlobal
+metadata:
+  namespace: vso-example
+  name: vault-auth-global
+spec:
+  defaultAuthMethod: kubernetes
+  kubernetes:
+    audiences:
+    - vault
+    mount: kubernetes
+    namespace: example-ns
+    role: auth-role
+    serviceAccount: default
+    tokenExpirationSeconds: 600
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultAuth
+metadata:
+  namespace: vso-example
+  name: vault-auth2
+spec:
+  vaultAuthGlobalRef:
+    name: vault-auth-global
+  kubernetes:
+    role: local-role
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  namespace: vso-example
+  name: vault-static-secret-v1
+spec:
+  vaultAuthRef: vault-auth
+  mount: kvv1
+  type: kv-v1
+  path: eng/apikey/google
+  refreshAfter: 60s
+  destination:
+    create: true
+    name: static-secret1
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  namespace: vso-example
+  name: vault-static-secret-v2
+spec:
+  vaultAuthRef: vault-auth
+  mount: kvv2
+  type: kv-v2
+  path: eng/apikey/google
+  version: 2
+  refreshAfter: 60s
+  destination:
+    create: true
+    name: static-secret2
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultPKISecret
+metadata:
+  namespace: vso-example
+  name: vault-pki
+spec:
+  vaultAuthRef: vault-auth
+  mount: pki
+  role: default
+  commonName: example.com
+  format: pem
+  expiryOffset: 1s
+  ttl: 60s
+  namespace: tenant-1
+  destination:
+    create: true
+    name: pki1
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultDynamicSecret
+metadata:
+  namespace: vso-example
+  name: vault-dynamic-secret-db
+spec:
+  vaultAuthRef: vault-auth
+  mount: db
+  path: creds/my-postgresql-role
+  destination:
+    create: true
+    name: dynamic-db
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultDynamicSecret
+metadata:
+  namespace: vso-example
+  name: vault-dynamic-secret-aws-iam
+spec:
+  vaultAuthRef: vault-auth
+  mount: aws
+  path: creds/my-iam-role
+  destination:
+    create: true
+    name: dynamic-aws-iam
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultDynamicSecret
+metadata:
+  namespace: vso-example
+  name: vault-dynamic-secret-aws-sts
+spec:
+  vaultAuthRef: vault-auth
+  mount: aws
+  path: sts/my-sts-role
+  destination:
+    create: true
+    name: dynamic-aws-sts
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultDynamicSecret
+metadata:
+  namespace: vso-example
+  name: vault-dynamic-secret-aws-iam-role
+spec:
+  vaultAuthRef: vault-auth
+  mount: aws
+  path: creds/my-iam-role
+  destination:
+    create: true
+    name: dynamic-aws-iam-role