...
1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 name: oauth2clients.hydra.ory.sh
5 annotations:
6 controller-gen.kubebuilder.io/version: v0.2.9
7spec:
8 group: hydra.ory.sh
9 names:
10 kind: OAuth2Client
11 listKind: OAuth2ClientList
12 plural: oauth2clients
13 singular: oauth2client
14 scope: Namespaced
15 versions:
16 - name: v1alpha1
17 schema:
18 openAPIV3Schema:
19 type: object
20 description: OAuth2Client is the Schema for the oauth2clients API
21 properties:
22 apiVersion:
23 type: string
24 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
25 kind:
26 type: string
27 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
28 metadata:
29 type: object
30 spec:
31 type: object
32 description: OAuth2ClientSpec defines the desired state of OAuth2Client
33 properties:
34 metadata:
35 type: object
36 description: Metadata is abritrary data
37 nullable: true
38 x-kubernetes-preserve-unknown-fields: true
39 allowedCorsOrigins:
40 type: array
41 description: AllowedCorsOrigins is an array of allowed CORS origins
42 items:
43 type: string
44 description: RedirectURI represents a redirect URI for the client
45 pattern: \w+:/?/?[^\s]+
46 audience:
47 type: array
48 description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
49 items:
50 type: string
51 clientName:
52 type: string
53 description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
54 grantTypes:
55 type: array
56 description: GrantTypes is an array of grant types the client is allowed to use.
57 items:
58 type: string
59 description: GrantType represents an OAuth 2.0 grant type
60 enum:
61 - client_credentials
62 - authorization_code
63 - implicit
64 - refresh_token
65 maxItems: 4
66 minItems: 1
67 hydraAdmin:
68 type: object
69 description: HydraAdmin is the optional configuration to use for managing this client
70 properties:
71 port:
72 type: integer
73 description: Port is the port for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-port`
74 maximum: 65535
75 endpoint:
76 type: string
77 description: Endpoint is the endpoint for the hydra instance on which to set up the client. This value will override the value provided to `--endpoint` (defaults to `"/clients"` in the application)
78 pattern: (^$|^/.*)
79 forwardedProto:
80 type: string
81 description: ForwardedProto overrides the `--forwarded-proto` flag. The value "off" will force this to be off even if `--forwarded-proto` is specified
82 pattern: (^$|https?|off)
83 url:
84 type: string
85 description: URL is the URL for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-url`
86 maxLength: 64
87 pattern: (^$|^https?://.*)
88 postLogoutRedirectUris:
89 type: array
90 description: PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
91 items:
92 type: string
93 description: RedirectURI represents a redirect URI for the client
94 pattern: \w+:/?/?[^\s]+
95 redirectUris:
96 type: array
97 description: RedirectURIs is an array of the redirect URIs allowed for the application
98 items:
99 type: string
100 description: RedirectURI represents a redirect URI for the client
101 pattern: \w+:/?/?[^\s]+
102 responseTypes:
103 type: array
104 description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
105 items:
106 type: string
107 description: ResponseType represents an OAuth 2.0 response type strings
108 enum:
109 - id_token
110 - code
111 - token
112 maxItems: 3
113 minItems: 1
114 scope:
115 type: string
116 description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
117 pattern: ([a-zA-Z0-9\.\*]+\s?)+
118 secretName:
119 type: string
120 description: SecretName points to the K8s secret that contains this client's ID and password
121 maxLength: 253
122 minLength: 1
123 pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
124 tokenEndpointAuthMethod:
125 type: string
126 allOf:
127 - enum:
128 - client_secret_basic
129 - client_secret_post
130 - private_key_jwt
131 - none
132 - enum:
133 - client_secret_basic
134 - client_secret_post
135 - private_key_jwt
136 - none
137 description: Indication which authentication method shoud be used for the token endpoint
138 required:
139 - grantTypes
140 - scope
141 - secretName
142 status:
143 type: object
144 description: OAuth2ClientStatus defines the observed state of OAuth2Client
145 properties:
146 observedGeneration:
147 type: integer
148 description: ObservedGeneration represents the most recent generation observed by the daemon set controller.
149 format: int64
150 reconciliationError:
151 type: object
152 description: ReconciliationError represents an error that occurred during the reconciliation process
153 properties:
154 description:
155 type: string
156 description: Description is the description of the reconciliation error
157 statusCode:
158 type: string
159 description: Code is the status code of the reconciliation error
160 served: true
161 storage: true
162 subresources:
163 status: {}
View as plain text