1 package v1
2
3
4
5
6
7
8
9
10
11
12
13
14 var map_AllowAllPasswordIdentityProvider = map[string]string{
15 "": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
16 }
17
18 func (AllowAllPasswordIdentityProvider) SwaggerDoc() map[string]string {
19 return map_AllowAllPasswordIdentityProvider
20 }
21
22 var map_BasicAuthPasswordIdentityProvider = map[string]string{
23 "": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
24 }
25
26 func (BasicAuthPasswordIdentityProvider) SwaggerDoc() map[string]string {
27 return map_BasicAuthPasswordIdentityProvider
28 }
29
30 var map_DenyAllPasswordIdentityProvider = map[string]string{
31 "": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
32 }
33
34 func (DenyAllPasswordIdentityProvider) SwaggerDoc() map[string]string {
35 return map_DenyAllPasswordIdentityProvider
36 }
37
38 var map_GitHubIdentityProvider = map[string]string{
39 "": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
40 "clientID": "clientID is the oauth client ID",
41 "clientSecret": "clientSecret is the oauth client secret",
42 "organizations": "organizations optionally restricts which organizations are allowed to log in",
43 "teams": "teams optionally restricts which teams are allowed to log in. Format is <org>/<team>.",
44 "hostname": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.",
45 "ca": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.",
46 }
47
48 func (GitHubIdentityProvider) SwaggerDoc() map[string]string {
49 return map_GitHubIdentityProvider
50 }
51
52 var map_GitLabIdentityProvider = map[string]string{
53 "": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
54 "ca": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used",
55 "url": "url is the oauth server base URL",
56 "clientID": "clientID is the oauth client ID",
57 "clientSecret": "clientSecret is the oauth client secret",
58 "legacy": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used",
59 }
60
61 func (GitLabIdentityProvider) SwaggerDoc() map[string]string {
62 return map_GitLabIdentityProvider
63 }
64
65 var map_GoogleIdentityProvider = map[string]string{
66 "": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
67 "clientID": "clientID is the oauth client ID",
68 "clientSecret": "clientSecret is the oauth client secret",
69 "hostedDomain": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to",
70 }
71
72 func (GoogleIdentityProvider) SwaggerDoc() map[string]string {
73 return map_GoogleIdentityProvider
74 }
75
76 var map_GrantConfig = map[string]string{
77 "": "GrantConfig holds the necessary configuration options for grant handlers",
78 "method": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients",
79 "serviceAccountMethod": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt",
80 }
81
82 func (GrantConfig) SwaggerDoc() map[string]string {
83 return map_GrantConfig
84 }
85
86 var map_HTPasswdPasswordIdentityProvider = map[string]string{
87 "": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
88 "file": "file is a reference to your htpasswd file",
89 }
90
91 func (HTPasswdPasswordIdentityProvider) SwaggerDoc() map[string]string {
92 return map_HTPasswdPasswordIdentityProvider
93 }
94
95 var map_IdentityProvider = map[string]string{
96 "": "IdentityProvider provides identities for users authenticating using credentials",
97 "name": "name is used to qualify the identities returned by this provider",
98 "challenge": "challenge indicates whether to issue WWW-Authenticate challenges for this provider",
99 "login": "login indicates whether to use this identity provider for unauthenticated browsers to login against",
100 "mappingMethod": "mappingMethod determines how identities from this provider are mapped to users",
101 "provider": "provider contains the information about how to set up a specific identity provider",
102 }
103
104 func (IdentityProvider) SwaggerDoc() map[string]string {
105 return map_IdentityProvider
106 }
107
108 var map_KeystonePasswordIdentityProvider = map[string]string{
109 "": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
110 "domainName": "domainName is required for keystone v3",
111 "useKeystoneIdentity": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username",
112 }
113
114 func (KeystonePasswordIdentityProvider) SwaggerDoc() map[string]string {
115 return map_KeystonePasswordIdentityProvider
116 }
117
118 var map_LDAPAttributeMapping = map[string]string{
119 "": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields",
120 "id": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"",
121 "preferredUsername": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"",
122 "name": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"",
123 "email": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity",
124 }
125
126 func (LDAPAttributeMapping) SwaggerDoc() map[string]string {
127 return map_LDAPAttributeMapping
128 }
129
130 var map_LDAPPasswordIdentityProvider = map[string]string{
131 "": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
132 "url": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter",
133 "bindDN": "bindDN is an optional DN to bind with during the search phase.",
134 "bindPassword": "bindPassword is an optional password to bind with during the search phase.",
135 "insecure": "insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830",
136 "ca": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used",
137 "attributes": "attributes maps LDAP attributes to identities",
138 }
139
140 func (LDAPPasswordIdentityProvider) SwaggerDoc() map[string]string {
141 return map_LDAPPasswordIdentityProvider
142 }
143
144 var map_OAuthConfig = map[string]string{
145 "": "OAuthConfig holds the necessary configuration options for OAuth authentication",
146 "masterCA": "masterCA is the CA for verifying the TLS connection back to the MasterURL. This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated",
147 "masterURL": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated",
148 "masterPublicURL": "masterPublicURL is used for building valid client redirect URLs for internal and external access This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated",
149 "loginURL": "loginURL, along with masterCA, masterURL and masterPublicURL have distinct meanings depending on how the OAuth server is run. The two states are: 1. embedded in the kube api server (all 3.x releases) 2. as a standalone external process (all 4.x releases) in the embedded configuration, loginURL is equivalent to masterPublicURL and the other fields have functionality that matches their docs. in the standalone configuration, the fields are used as: loginURL is the URL required to login to the cluster: oc login --server=<loginURL> masterPublicURL is the issuer URL it is accessible from inside (service network) and outside (ingress) of the cluster masterURL is the loopback variation of the token_endpoint URL with no path component it is only accessible from inside (service network) of the cluster masterCA is used to perform TLS verification for connections made to masterURL For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2",
150 "assetPublicURL": "assetPublicURL is used for building valid client redirect URLs for external access",
151 "alwaysShowProviderSelection": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.",
152 "identityProviders": "identityProviders is an ordered list of ways for a user to identify themselves",
153 "grantConfig": "grantConfig describes how to handle grants",
154 "sessionConfig": "sessionConfig hold information about configuring sessions.",
155 "tokenConfig": "tokenConfig contains options for authorization and access tokens",
156 "templates": "templates allow you to customize pages like the login page.",
157 }
158
159 func (OAuthConfig) SwaggerDoc() map[string]string {
160 return map_OAuthConfig
161 }
162
163 var map_OAuthTemplates = map[string]string{
164 "": "OAuthTemplates allow for customization of pages like the login page",
165 "login": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.",
166 "providerSelection": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.",
167 "error": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.",
168 }
169
170 func (OAuthTemplates) SwaggerDoc() map[string]string {
171 return map_OAuthTemplates
172 }
173
174 var map_OpenIDClaims = map[string]string{
175 "": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider",
176 "id": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"",
177 "preferredUsername": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim",
178 "name": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity",
179 "email": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity",
180 "groups": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user",
181 }
182
183 func (OpenIDClaims) SwaggerDoc() map[string]string {
184 return map_OpenIDClaims
185 }
186
187 var map_OpenIDIdentityProvider = map[string]string{
188 "": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
189 "ca": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used",
190 "clientID": "clientID is the oauth client ID",
191 "clientSecret": "clientSecret is the oauth client secret",
192 "extraScopes": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.",
193 "extraAuthorizeParameters": "extraAuthorizeParameters are any custom parameters to add to the authorize request.",
194 "urls": "urls to use to authenticate",
195 "claims": "claims mappings",
196 }
197
198 func (OpenIDIdentityProvider) SwaggerDoc() map[string]string {
199 return map_OpenIDIdentityProvider
200 }
201
202 var map_OpenIDURLs = map[string]string{
203 "": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider",
204 "authorize": "authorize is the oauth authorization URL",
205 "token": "token is the oauth token granting URL",
206 "userInfo": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims",
207 }
208
209 func (OpenIDURLs) SwaggerDoc() map[string]string {
210 return map_OpenIDURLs
211 }
212
213 var map_OsinServerConfig = map[string]string{
214 "": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
215 "oauthConfig": "oauthConfig holds the necessary configuration options for OAuth authentication",
216 }
217
218 func (OsinServerConfig) SwaggerDoc() map[string]string {
219 return map_OsinServerConfig
220 }
221
222 var map_RequestHeaderIdentityProvider = map[string]string{
223 "": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
224 "loginURL": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}",
225 "challengeURL": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}",
226 "clientCA": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.",
227 "clientCommonNames": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.",
228 "headers": "headers is the set of headers to check for identity information",
229 "preferredUsernameHeaders": "preferredUsernameHeaders is the set of headers to check for the preferred username",
230 "nameHeaders": "nameHeaders is the set of headers to check for the display name",
231 "emailHeaders": "emailHeaders is the set of headers to check for the email address",
232 }
233
234 func (RequestHeaderIdentityProvider) SwaggerDoc() map[string]string {
235 return map_RequestHeaderIdentityProvider
236 }
237
238 var map_SessionConfig = map[string]string{
239 "": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession",
240 "sessionSecretsFile": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start",
241 "sessionMaxAgeSeconds": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession",
242 "sessionName": "sessionName is the cookie name used to store the session",
243 }
244
245 func (SessionConfig) SwaggerDoc() map[string]string {
246 return map_SessionConfig
247 }
248
249 var map_SessionSecret = map[string]string{
250 "": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions",
251 "authentication": "Authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.",
252 "encryption": "Encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-",
253 }
254
255 func (SessionSecret) SwaggerDoc() map[string]string {
256 return map_SessionSecret
257 }
258
259 var map_SessionSecrets = map[string]string{
260 "": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.",
261 "secrets": "Secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.",
262 }
263
264 func (SessionSecrets) SwaggerDoc() map[string]string {
265 return map_SessionSecrets
266 }
267
268 var map_TokenConfig = map[string]string{
269 "": "TokenConfig holds the necessary configuration options for authorization and access tokens",
270 "authorizeTokenMaxAgeSeconds": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens",
271 "accessTokenMaxAgeSeconds": "accessTokenMaxAgeSeconds defines the maximum age of access tokens",
272 "accessTokenInactivityTimeoutSeconds": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.",
273 "accessTokenInactivityTimeout": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.",
274 }
275
276 func (TokenConfig) SwaggerDoc() map[string]string {
277 return map_TokenConfig
278 }
279
280
281
View as plain text