// Sequel is the Edge Database Authentication and Authorization controller
// it is an extension of kcc.
//
// Example Database User Spec for BulitIn User Type
// NB: in this example we do not provide a reference to a secret
// that contains a password for the user to be created in the spec.passwordRef.
// A secret will be created for you in the cluster with the name of the database
// user suffixed by sql-password. The secret will also be saved in Secret Manager with the same identifier.
//
//	apiVersion: backend.edge.ncr.com/v1alpha2
//	kind: DatabaseUser
//	metadata:
//	  name: edgereadonly
//	spec:
//	  type: BUILT_IN
//	  prune: true
//	  instanceRef:
//	    name: sequel
//	    namespace: sequel
//	    projectID: ret-edge-dev-sandbox1
//	  grants:
//	    - schema: public
//	      tableGrant:
//	        - table: clusters
//	          permissions:
//	            - permission: INSERT
//
// Example Database User Spec for BulitIn User Type
// NB: in this example we provide a reference to a secret
// that contains a password for the user to be created in the spec.passwordRef
//
//	apiVersion: backend.edge.ncr.com/v1alpha2
//	kind: DatabaseUser
//	metadata:
//	  name: edgereadonly
//	spec:
//	  type: BUILT_IN
//	  prune: true
//	  passwordRef:
//	    name: edgereadonly
//	    namespace: edge-system
//	  instanceRef:
//	    name: sequel
//	    namespace: sequel
//	    projectID: ret-edge-dev-sandbox1
//	  grants:
//	    - schema: public
//	      tableGrant:
//	        - table: clusters
//	          permissions:
//	            - permission: INSERT
//
// Example Database User Spec for IAM Service Account Type
// NB: in this example the service account does not already exist
// so we set the spec.serviceAccount.createServiceAccount to true
// this ensures that the Sequel controller will create a service account for the Database User.
//
//	 apiVersion: backend.edge.ncr.com/v1alpha2
//	 kind: DatabaseUser
//	 metadata:
//	  name: bannerctl
//	 spec:
//		 type: CLOUD_IAM_SERVICE_ACCOUNT
//		 prune: true
//		 instanceRef:
//		   name: sequel
//		   namespace: sequel
//		   projectID: ret-edge-dev-sandbox1
//		 serviceAccount:
//		   createServiceAccount: true
//		 grants:
//		   - schema: public
//		     tableGrant:
//		       - table: clusters
//		         permissions:
//		           - permission: INSERT
//
// Example Database User Spec for IAM Service Account Type
// NB: in this example the service account already exists
// so we set the spec.serviceAccount.EmailRef to the email of the service account.
//
//	 apiVersion: backend.edge.ncr.com/v1alpha1
//	 kind: DatabaseUser
//	 metadata:
//	 name: bannerctl
//	 spec:
//	  type: CLOUD_IAM_SERVICE_ACCOUNT
//	  prune: true
//	  instanceRef:
//		name: sequel
//		namespace: sequel
//		projectID: ret-edge-dev-sandbox1
//	  serviceAccount:
//		emailRef: obef405a91deb46c8105@ret-edge-dev-sandbox1.iam.gserviceaccount.com
//	  grants:
//	    - schema: public
//	      tableGrant:
//	    - table: clusters
//	      permissions:
//	    - permission: INSERT
package sequel