apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: providers.iam.edge-infra.dev annotations: controller-gen.kubebuilder.io/version: (unknown) spec: group: iam.edge-infra.dev names: kind: Provider listKind: ProviderList plural: providers singular: provider scope: Namespaced versions: - name: v1alpha1 additionalPrinterColumns: - name: Target type: string jsonPath: .spec.target - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object description: Provider is the Schema for the providers API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ProviderSpec defines the desired state of Provider properties: barcode: type: object description: Barcode contains the configuration that Barcode login method should have properties: expire: type: string role: type: boolean description: checks if the user has the permission to print barcode encryption: type: object description: encryption field contains the version of the encryption key secret properties: version: type: string required: - version ff: type: object additionalProperties: type: boolean description: FF contains the launchdarkly feature flags defaults that should be enabled issuer: type: string description: "Issuer sets the value of the `iss`-claim (issuer) that is minted in our tokens Recommended is to use the URL of the authorization server, i.e. https://iam.store.ncr.corp If this claim does not contain a URL (some other kind of identifier) or it cannot be resolved on that URL, the client will need to configure a separate URL. \n Workloads running inside the cluster require this change as the external addr1ess, https://iam.store.ncr.corp cannot be resolved in the cluster. \n Should not contain trailing '/'" okta: type: object description: okta field contains authurl as well as cred secret name properties: credsSecretName: type: string required: - credsSecretName pin: type: object description: PIN contains the configuration that PIN login method should have properties: attempts: type: integer maximum: 5 minimum: 3 expire: type: string history: type: integer maximum: 5 minimum: 3 length: type: integer profile: type: object description: Profile contains the configuration of profile properties: expire: type: string target: type: string description: 'Target sets the type of environment this provider targets, options: gcp, sds' status: type: object description: ProviderStatus defines the observed state of Provider properties: conditions: type: array items: type: object description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: type: type: string description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ status: type: string description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown lastTransitionTime: type: string description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time message: type: string description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 observedGeneration: type: integer description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 reason: type: string description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ required: - lastTransitionTime - message - reason - status - type served: true storage: true subresources: status: {}