...

Text file src/edge-infra.dev/config/components/edge-iam/crds/crd-oauth2clients.yaml

Documentation: edge-infra.dev/config/components/edge-iam/crds

     1apiVersion: apiextensions.k8s.io/v1
     2kind: CustomResourceDefinition
     3metadata:
     4  name: oauth2clients.hydra.ory.sh
     5  annotations:
     6    controller-gen.kubebuilder.io/version: v0.2.9
     7spec:
     8  group: hydra.ory.sh
     9  names:
    10    kind: OAuth2Client
    11    listKind: OAuth2ClientList
    12    plural: oauth2clients
    13    singular: oauth2client
    14  scope: Namespaced
    15  versions:
    16  - name: v1alpha1
    17    schema:
    18      openAPIV3Schema:
    19        type: object
    20        description: OAuth2Client is the Schema for the oauth2clients API
    21        properties:
    22          apiVersion:
    23            type: string
    24            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
    25          kind:
    26            type: string
    27            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
    28          metadata:
    29            type: object
    30          spec:
    31            type: object
    32            description: OAuth2ClientSpec defines the desired state of OAuth2Client
    33            properties:
    34              metadata:
    35                type: object
    36                description: Metadata is abritrary data
    37                nullable: true
    38                x-kubernetes-preserve-unknown-fields: true
    39              allowedCorsOrigins:
    40                type: array
    41                description: AllowedCorsOrigins is an array of allowed CORS origins
    42                items:
    43                  type: string
    44                  description: RedirectURI represents a redirect URI for the client
    45                  pattern: \w+:/?/?[^\s]+
    46              audience:
    47                type: array
    48                description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
    49                items:
    50                  type: string
    51              clientName:
    52                type: string
    53                description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
    54              grantTypes:
    55                type: array
    56                description: GrantTypes is an array of grant types the client is allowed to use.
    57                items:
    58                  type: string
    59                  description: GrantType represents an OAuth 2.0 grant type
    60                  enum:
    61                  - client_credentials
    62                  - authorization_code
    63                  - implicit
    64                  - refresh_token
    65                maxItems: 4
    66                minItems: 1
    67              hydraAdmin:
    68                type: object
    69                description: HydraAdmin is the optional configuration to use for managing this client
    70                properties:
    71                  port:
    72                    type: integer
    73                    description: Port is the port for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-port`
    74                    maximum: 65535
    75                  endpoint:
    76                    type: string
    77                    description: Endpoint is the endpoint for the hydra instance on which to set up the client. This value will override the value provided to `--endpoint` (defaults to `"/clients"` in the application)
    78                    pattern: (^$|^/.*)
    79                  forwardedProto:
    80                    type: string
    81                    description: ForwardedProto overrides the `--forwarded-proto` flag. The value "off" will force this to be off even if `--forwarded-proto` is specified
    82                    pattern: (^$|https?|off)
    83                  url:
    84                    type: string
    85                    description: URL is the URL for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-url`
    86                    maxLength: 64
    87                    pattern: (^$|^https?://.*)
    88              postLogoutRedirectUris:
    89                type: array
    90                description: PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
    91                items:
    92                  type: string
    93                  description: RedirectURI represents a redirect URI for the client
    94                  pattern: \w+:/?/?[^\s]+
    95              redirectUris:
    96                type: array
    97                description: RedirectURIs is an array of the redirect URIs allowed for the application
    98                items:
    99                  type: string
   100                  description: RedirectURI represents a redirect URI for the client
   101                  pattern: \w+:/?/?[^\s]+
   102              responseTypes:
   103                type: array
   104                description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
   105                items:
   106                  type: string
   107                  description: ResponseType represents an OAuth 2.0 response type strings
   108                  enum:
   109                  - id_token
   110                  - code
   111                  - token
   112                maxItems: 3
   113                minItems: 1
   114              scope:
   115                type: string
   116                description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
   117                pattern: ([a-zA-Z0-9\.\*]+\s?)+
   118              secretName:
   119                type: string
   120                description: SecretName points to the K8s secret that contains this client's ID and password
   121                maxLength: 253
   122                minLength: 1
   123                pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
   124              tokenEndpointAuthMethod:
   125                type: string
   126                allOf:
   127                - enum:
   128                  - client_secret_basic
   129                  - client_secret_post
   130                  - private_key_jwt
   131                  - none
   132                - enum:
   133                  - client_secret_basic
   134                  - client_secret_post
   135                  - private_key_jwt
   136                  - none
   137                description: Indication which authentication method shoud be used for the token endpoint
   138            required:
   139            - grantTypes
   140            - scope
   141            - secretName
   142          status:
   143            type: object
   144            description: OAuth2ClientStatus defines the observed state of OAuth2Client
   145            properties:
   146              observedGeneration:
   147                type: integer
   148                description: ObservedGeneration represents the most recent generation observed by the daemon set controller.
   149                format: int64
   150              reconciliationError:
   151                type: object
   152                description: ReconciliationError represents an error that occurred during the reconciliation process
   153                properties:
   154                  description:
   155                    type: string
   156                    description: Description is the description of the reconciliation error
   157                  statusCode:
   158                    type: string
   159                    description: Code is the status code of the reconciliation error
   160    served: true
   161    storage: true
   162    subresources:
   163      status: {}

View as plain text