apiVersion: v1 kind: Namespace metadata: name: edge-iam labels: workload.edge.ncr.com: platform annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam-crds pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clients.iam.edge-infra.dev annotations: controller-gen.kubebuilder.io/version: (unknown) pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam-crds pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: group: iam.edge-infra.dev names: kind: Client listKind: ClientList plural: clients singular: client scope: Namespaced versions: - name: v1alpha1 additionalPrinterColumns: - name: Reason type: string jsonPath: .status.conditions[0].reason - name: Message type: string jsonPath: .status.conditions[0].message - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object description: Client is the Schema for the clients API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ClientSpec defines the desired state of Client properties: audience: type: array description: Audience is a whitelist defining the audiences this client is allowed to request tokens for items: type: string clientName: type: string description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization. grantTypes: type: array description: GrantTypes is an array of grant types the client is allowed to use. items: type: string maxItems: 5 minItems: 1 printBarcodeTypes: type: array description: PrintBarcodeTypes is an array that tells Edge-ID about client's printing capabilities. items: type: string maxItems: 2 printBarcodeUri: type: string description: PrintBarcodeURI is the redirect URI of the client where print barcode is handled. redirectUris: type: array description: RedirectURIs is an array of the redirect URIs allowed for the application items: type: string responseModes: type: array description: ResponseModes is an array of response modes that client is allowed to send items: type: string maxItems: 3 minItems: 0 responseTypes: type: array description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. items: type: string maxItems: 3 minItems: 1 roles: type: array description: Roles is an array of roles the client has. items: type: string maxItems: 100 minItems: 0 scope: type: string description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. pattern: ([a-zA-Z0-9\.\*]+\s?)+ secretName: type: string description: SecretName points to the K8s secret that contains this client's ID and password maxLength: 253 minLength: 1 pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' required: - grantTypes - secretName status: type: object description: ClientStatus defines the observed state of Client properties: conditions: type: array description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' items: type: object description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: type: type: string description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ status: type: string description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown lastTransitionTime: type: string description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time message: type: string description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 observedGeneration: type: integer description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 reason: type: string description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ required: - lastTransitionTime - message - reason - status - type reconciliationError: type: object description: ReconciliationError represents an error that occurred during the reconciliation process properties: description: type: string description: Description is the description of the reconciliation error statusCode: type: string description: Code is the status code of the reconciliation error served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: providers.iam.edge-infra.dev annotations: controller-gen.kubebuilder.io/version: (unknown) pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: edge-iam-crds pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/innovation' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a labels: {} spec: group: iam.edge-infra.dev names: kind: Provider listKind: ProviderList plural: providers singular: provider scope: Namespaced versions: - name: v1alpha1 additionalPrinterColumns: - name: Target type: string jsonPath: .spec.target - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object description: Provider is the Schema for the providers API properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' metadata: type: object spec: type: object description: ProviderSpec defines the desired state of Provider properties: barcode: type: object description: Barcode contains the configuration that Barcode login method should have properties: expire: type: string role: type: boolean description: checks if the user has the permission to print barcode ff: type: object additionalProperties: type: boolean description: FF contains the launchdarkly feature flags defaults that should be enabled issuer: type: string description: "Issuer sets the value of the `iss`-claim (issuer) that is minted in our tokens Recommended is to use the URL of the authorization server, i.e. https://iam.store.ncr.corp If this claim does not contain a URL (some other kind of identifier) or it cannot be resolved on that URL, the client will need to configure a separate URL. \n Workloads running inside the cluster require this change as the external addr1ess, https://iam.store.ncr.corp cannot be resolved in the cluster. \n Should not contain trailing '/'" okta: type: object description: okta field contains authurl as well as cred secret name properties: credsSecretName: type: string required: - credsSecretName pin: type: object description: PIN contains the configuration that PIN login method should have properties: attempts: type: integer maximum: 5 minimum: 3 expire: type: string history: type: integer maximum: 5 minimum: 3 length: type: integer profile: type: object description: Profile contains the configuration of profile properties: expire: type: string target: type: string description: 'Target sets the type of environment this provider targets, options: gcp, sds' status: type: object description: ProviderStatus defines the observed state of Provider properties: conditions: type: array items: type: object description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: type: type: string description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ status: type: string description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown lastTransitionTime: type: string description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time message: type: string description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 observedGeneration: type: integer description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 reason: type: string description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ required: - lastTransitionTime - message - reason - status - type served: true storage: true subresources: status: {}