1apiVersion: v1
2kind: Namespace
3metadata:
4 name: edge-iam
5 labels:
6 workload.edge.ncr.com: platform
7 annotations:
8 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
9 pallet.edge.ncr.com/name: edge-iam-crds
10 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
11 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
12 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
13 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
14---
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 name: clients.iam.edge-infra.dev
19 annotations:
20 controller-gen.kubebuilder.io/version: (unknown)
21 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
22 pallet.edge.ncr.com/name: edge-iam-crds
23 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
24 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
25 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
26 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
27 labels: {}
28spec:
29 group: iam.edge-infra.dev
30 names:
31 kind: Client
32 listKind: ClientList
33 plural: clients
34 singular: client
35 scope: Namespaced
36 versions:
37 - name: v1alpha1
38 additionalPrinterColumns:
39 - name: Reason
40 type: string
41 jsonPath: .status.conditions[0].reason
42 - name: Message
43 type: string
44 jsonPath: .status.conditions[0].message
45 - name: Age
46 type: date
47 jsonPath: .metadata.creationTimestamp
48 schema:
49 openAPIV3Schema:
50 type: object
51 description: Client is the Schema for the clients API
52 properties:
53 apiVersion:
54 type: string
55 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
56 kind:
57 type: string
58 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
59 metadata:
60 type: object
61 spec:
62 type: object
63 description: ClientSpec defines the desired state of Client
64 properties:
65 audience:
66 type: array
67 description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
68 items:
69 type: string
70 clientName:
71 type: string
72 description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
73 grantTypes:
74 type: array
75 description: GrantTypes is an array of grant types the client is allowed to use.
76 items:
77 type: string
78 maxItems: 5
79 minItems: 1
80 printBarcodeTypes:
81 type: array
82 description: PrintBarcodeTypes is an array that tells Edge-ID about client's printing capabilities.
83 items:
84 type: string
85 maxItems: 2
86 printBarcodeUri:
87 type: string
88 description: PrintBarcodeURI is the redirect URI of the client where print barcode is handled.
89 redirectUris:
90 type: array
91 description: RedirectURIs is an array of the redirect URIs allowed for the application
92 items:
93 type: string
94 responseModes:
95 type: array
96 description: ResponseModes is an array of response modes that client is allowed to send
97 items:
98 type: string
99 maxItems: 3
100 minItems: 0
101 responseTypes:
102 type: array
103 description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
104 items:
105 type: string
106 maxItems: 3
107 minItems: 1
108 roles:
109 type: array
110 description: Roles is an array of roles the client has.
111 items:
112 type: string
113 maxItems: 100
114 minItems: 0
115 scope:
116 type: string
117 description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
118 pattern: ([a-zA-Z0-9\.\*]+\s?)+
119 secretName:
120 type: string
121 description: SecretName points to the K8s secret that contains this client's ID and password
122 maxLength: 253
123 minLength: 1
124 pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
125 required:
126 - grantTypes
127 - secretName
128 status:
129 type: object
130 description: ClientStatus defines the observed state of Client
131 properties:
132 conditions:
133 type: array
134 description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
135 items:
136 type: object
137 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
138 properties:
139 type:
140 type: string
141 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
142 maxLength: 316
143 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
144 status:
145 type: string
146 description: status of the condition, one of True, False, Unknown.
147 enum:
148 - "True"
149 - "False"
150 - Unknown
151 lastTransitionTime:
152 type: string
153 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
154 format: date-time
155 message:
156 type: string
157 description: message is a human readable message indicating details about the transition. This may be an empty string.
158 maxLength: 32768
159 observedGeneration:
160 type: integer
161 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
162 format: int64
163 minimum: 0
164 reason:
165 type: string
166 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
167 maxLength: 1024
168 minLength: 1
169 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
170 required:
171 - lastTransitionTime
172 - message
173 - reason
174 - status
175 - type
176 reconciliationError:
177 type: object
178 description: ReconciliationError represents an error that occurred during the reconciliation process
179 properties:
180 description:
181 type: string
182 description: Description is the description of the reconciliation error
183 statusCode:
184 type: string
185 description: Code is the status code of the reconciliation error
186 served: true
187 storage: true
188 subresources:
189 status: {}
190---
191apiVersion: apiextensions.k8s.io/v1
192kind: CustomResourceDefinition
193metadata:
194 name: providers.iam.edge-infra.dev
195 annotations:
196 controller-gen.kubebuilder.io/version: (unknown)
197 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
198 pallet.edge.ncr.com/name: edge-iam-crds
199 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
200 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
201 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation'
202 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
203 labels: {}
204spec:
205 group: iam.edge-infra.dev
206 names:
207 kind: Provider
208 listKind: ProviderList
209 plural: providers
210 singular: provider
211 scope: Namespaced
212 versions:
213 - name: v1alpha1
214 additionalPrinterColumns:
215 - name: Target
216 type: string
217 jsonPath: .spec.target
218 - name: Age
219 type: date
220 jsonPath: .metadata.creationTimestamp
221 schema:
222 openAPIV3Schema:
223 type: object
224 description: Provider is the Schema for the providers API
225 properties:
226 apiVersion:
227 type: string
228 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
229 kind:
230 type: string
231 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
232 metadata:
233 type: object
234 spec:
235 type: object
236 description: ProviderSpec defines the desired state of Provider
237 properties:
238 barcode:
239 type: object
240 description: Barcode contains the configuration that Barcode login method should have
241 properties:
242 expire:
243 type: string
244 role:
245 type: boolean
246 description: checks if the user has the permission to print barcode
247 ff:
248 type: object
249 additionalProperties:
250 type: boolean
251 description: FF contains the launchdarkly feature flags defaults that should be enabled
252 issuer:
253 type: string
254 description: "Issuer sets the value of the `iss`-claim (issuer) that is minted in our tokens Recommended is to use the URL of the authorization server, i.e. https://iam.store.ncr.corp If this claim does not contain a URL (some other kind of identifier) or it cannot be resolved on that URL, the client will need to configure a separate URL. \n Workloads running inside the cluster require this change as the external addr1ess, https://iam.store.ncr.corp cannot be resolved in the cluster. \n Should not contain trailing '/'"
255 okta:
256 type: object
257 description: okta field contains authurl as well as cred secret name
258 properties:
259 credsSecretName:
260 type: string
261 required:
262 - credsSecretName
263 pin:
264 type: object
265 description: PIN contains the configuration that PIN login method should have
266 properties:
267 attempts:
268 type: integer
269 maximum: 5
270 minimum: 3
271 expire:
272 type: string
273 history:
274 type: integer
275 maximum: 5
276 minimum: 3
277 length:
278 type: integer
279 profile:
280 type: object
281 description: Profile contains the configuration of profile
282 properties:
283 expire:
284 type: string
285 target:
286 type: string
287 description: 'Target sets the type of environment this provider targets, options: gcp, sds'
288 status:
289 type: object
290 description: ProviderStatus defines the observed state of Provider
291 properties:
292 conditions:
293 type: array
294 items:
295 type: object
296 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
297 properties:
298 type:
299 type: string
300 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
301 maxLength: 316
302 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
303 status:
304 type: string
305 description: status of the condition, one of True, False, Unknown.
306 enum:
307 - "True"
308 - "False"
309 - Unknown
310 lastTransitionTime:
311 type: string
312 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
313 format: date-time
314 message:
315 type: string
316 description: message is a human readable message indicating details about the transition. This may be an empty string.
317 maxLength: 32768
318 observedGeneration:
319 type: integer
320 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
321 format: int64
322 minimum: 0
323 reason:
324 type: string
325 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
326 maxLength: 1024
327 minLength: 1
328 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
329 required:
330 - lastTransitionTime
331 - message
332 - reason
333 - status
334 - type
335 served: true
336 storage: true
337 subresources:
338 status: {}
View as plain text