v1alpha1

package
v0.0.0-...-da21d03 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

+kubebuilder:object:generate=true +groupName=jwtauth.vault.upbound.io +versionName=v1alpha1

Index

Constants

View Source 
const (
	CRDGroup   = "jwtauth.vault.upbound.io"
	CRDVersion = "v1alpha1"
)

Package type metadata.

Variables

View Source 
var (
	AuthBackend_Kind             = "AuthBackend"
	AuthBackend_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: AuthBackend_Kind}.String()
	AuthBackend_KindAPIVersion   = AuthBackend_Kind + "." + CRDGroupVersion.String()
	AuthBackend_GroupVersionKind = CRDGroupVersion.WithKind(AuthBackend_Kind)
)

Repository type metadata.

View Source 
var (
	AuthBackendRole_Kind             = "AuthBackendRole"
	AuthBackendRole_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: AuthBackendRole_Kind}.String()
	AuthBackendRole_KindAPIVersion   = AuthBackendRole_Kind + "." + CRDGroupVersion.String()
	AuthBackendRole_GroupVersionKind = CRDGroupVersion.WithKind(AuthBackendRole_Kind)
)

Repository type metadata.

View Source 
var (
	// CRDGroupVersion is the API Group Version used to register the objects
	CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AuthBackend 

type AuthBackend struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              AuthBackendSpec   `json:"spec"`
	Status            AuthBackendStatus `json:"status,omitempty"`
}

AuthBackend is the Schema for the AuthBackends API. <no value> +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*AuthBackend) DeepCopy 

func (in *AuthBackend) DeepCopy() *AuthBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackend.

func (*AuthBackend) DeepCopyInto 

func (in *AuthBackend) DeepCopyInto(out *AuthBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthBackend) DeepCopyObject 

func (in *AuthBackend) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthBackend) GetCondition 

func (mg *AuthBackend) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this AuthBackend.

func (*AuthBackend) GetConnectionDetailsMapping 

func (tr *AuthBackend) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this AuthBackend

func (*AuthBackend) GetDeletionPolicy 

func (mg *AuthBackend) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this AuthBackend.

func (*AuthBackend) GetID 

func (tr *AuthBackend) GetID() string

GetID returns ID of underlying Terraform resource of this AuthBackend

func (*AuthBackend) GetObservation 

func (tr *AuthBackend) GetObservation() (map[string]any, error)

GetObservation of this AuthBackend

func (*AuthBackend) GetParameters 

func (tr *AuthBackend) GetParameters() (map[string]any, error)

GetParameters of this AuthBackend

func (*AuthBackend) GetProviderConfigReference 

func (mg *AuthBackend) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this AuthBackend.

func (*AuthBackend) GetProviderReference 

func (mg *AuthBackend) GetProviderReference() *xpv1.Reference

GetProviderReference of this AuthBackend. Deprecated: Use GetProviderConfigReference.

func (*AuthBackend) GetPublishConnectionDetailsTo 

func (mg *AuthBackend) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this AuthBackend.

func (*AuthBackend) GetTerraformResourceType 

func (mg *AuthBackend) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this AuthBackend

func (*AuthBackend) GetTerraformSchemaVersion 

func (tr *AuthBackend) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*AuthBackend) GetWriteConnectionSecretToReference 

func (mg *AuthBackend) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this AuthBackend.

func (*AuthBackend) LateInitialize 

func (tr *AuthBackend) LateInitialize(attrs []byte) (bool, error)

LateInitialize this AuthBackend using its observed tfState. returns True if there are any spec changes for the resource.

func (*AuthBackend) SetConditions 

func (mg *AuthBackend) SetConditions(c ...xpv1.Condition)

SetConditions of this AuthBackend.

func (*AuthBackend) SetDeletionPolicy 

func (mg *AuthBackend) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this AuthBackend.

func (*AuthBackend) SetObservation 

func (tr *AuthBackend) SetObservation(obs map[string]any) error

SetObservation for this AuthBackend

func (*AuthBackend) SetParameters 

func (tr *AuthBackend) SetParameters(params map[string]any) error

SetParameters for this AuthBackend

func (*AuthBackend) SetProviderConfigReference 

func (mg *AuthBackend) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this AuthBackend.

func (*AuthBackend) SetProviderReference 

func (mg *AuthBackend) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this AuthBackend. Deprecated: Use SetProviderConfigReference.

func (*AuthBackend) SetPublishConnectionDetailsTo 

func (mg *AuthBackend) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this AuthBackend.

func (*AuthBackend) SetWriteConnectionSecretToReference 

func (mg *AuthBackend) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this AuthBackend.

type AuthBackendList 

type AuthBackendList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthBackend `json:"items"`
}

AuthBackendList contains a list of AuthBackends

func (*AuthBackendList) DeepCopy 

func (in *AuthBackendList) DeepCopy() *AuthBackendList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendList.

func (*AuthBackendList) DeepCopyInto 

func (in *AuthBackendList) DeepCopyInto(out *AuthBackendList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthBackendList) DeepCopyObject 

func (in *AuthBackendList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthBackendList) GetItems 

func (l *AuthBackendList) GetItems() []resource.Managed

GetItems of this AuthBackendList.

type AuthBackendObservation 

type AuthBackendObservation struct {

	// The accessor of the JWT auth backend
	Accessor *string `json:"accessor,omitempty" tf:"accessor,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`
}

func (*AuthBackendObservation) DeepCopy 

func (in *AuthBackendObservation) DeepCopy() *AuthBackendObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendObservation.

func (*AuthBackendObservation) DeepCopyInto 

func (in *AuthBackendObservation) DeepCopyInto(out *AuthBackendObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendParameters 

type AuthBackendParameters struct {

	// The value against which to match the iss claim in a JWT
	// +kubebuilder:validation:Optional
	BoundIssuer *string `json:"boundIssuer,omitempty" tf:"bound_issuer,omitempty"`

	// The default role to use if none is provided during login
	// +kubebuilder:validation:Optional
	DefaultRole *string `json:"defaultRole,omitempty" tf:"default_role,omitempty"`

	// The description of the auth backend
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// If set, opts out of mount migration on path updates.
	// +kubebuilder:validation:Optional
	DisableRemount *bool `json:"disableRemount,omitempty" tf:"disable_remount,omitempty"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the JWKS URL. If not set, system certificates are used.
	// +kubebuilder:validation:Optional
	JwksCAPem *string `json:"jwksCaPem,omitempty" tf:"jwks_ca_pem,omitempty"`

	// JWKS URL to use to authenticate signatures. Cannot be used with 'oidc_discovery_url' or 'jwt_validation_pubkeys'.
	// +kubebuilder:validation:Optional
	JwksURL *string `json:"jwksUrl,omitempty" tf:"jwks_url,omitempty"`

	// A list of supported signing algorithms. Defaults to [RS256]
	// +kubebuilder:validation:Optional
	JwtSupportedAlgs []*string `json:"jwtSupportedAlgs,omitempty" tf:"jwt_supported_algs,omitempty"`

	// A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with 'jwks_url' or 'oidc_discovery_url'.
	// +kubebuilder:validation:Optional
	JwtValidationPubkeys []*string `json:"jwtValidationPubkeys,omitempty" tf:"jwt_validation_pubkeys,omitempty"`

	// Specifies if the auth method is local only
	// +kubebuilder:validation:Optional
	Local *bool `json:"local,omitempty" tf:"local,omitempty"`

	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// Pass namespace in the OIDC state parameter instead of as a separate query parameter. With this setting, the allowed redirect URL(s) in Vault and on the provider side should not contain a namespace query parameter. This means only one redirect URL entry needs to be maintained on the OIDC provider side for all vault namespaces that will be authenticating against it. Defaults to true for new configs.
	// +kubebuilder:validation:Optional
	NamespaceInState *bool `json:"namespaceInState,omitempty" tf:"namespace_in_state,omitempty"`

	// Client ID used for OIDC
	// +kubebuilder:validation:Optional
	OidcClientID *string `json:"oidcClientId,omitempty" tf:"oidc_client_id,omitempty"`

	// Client Secret used for OIDC
	// +kubebuilder:validation:Optional
	OidcClientSecretSecretRef *v1.SecretKeySelector `json:"oidcClientSecretSecretRef,omitempty" tf:"-"`

	// The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used
	// +kubebuilder:validation:Optional
	OidcDiscoveryCAPem *string `json:"oidcDiscoveryCaPem,omitempty" tf:"oidc_discovery_ca_pem,omitempty"`

	// The OIDC Discovery URL, without any .well-known component (base path). Cannot be used with 'jwks_url' or 'jwt_validation_pubkeys'.
	// +kubebuilder:validation:Optional
	OidcDiscoveryURL *string `json:"oidcDiscoveryUrl,omitempty" tf:"oidc_discovery_url,omitempty"`

	// The response mode to be used in the OAuth2 request. Allowed values are 'query' and 'form_post'. Defaults to 'query'. If using Vault namespaces, and oidc_response_mode is 'form_post', then 'namespace_in_state' should be set to false.
	// +kubebuilder:validation:Optional
	OidcResponseMode *string `json:"oidcResponseMode,omitempty" tf:"oidc_response_mode,omitempty"`

	// The response types to request. Allowed values are 'code' and 'id_token'. Defaults to 'code'. Note: 'id_token' may only be used if 'oidc_response_mode' is set to 'form_post'.
	// +kubebuilder:validation:Optional
	OidcResponseTypes []*string `json:"oidcResponseTypes,omitempty" tf:"oidc_response_types,omitempty"`

	// path to mount the backend
	// +kubebuilder:validation:Optional
	Path *string `json:"path,omitempty" tf:"path,omitempty"`

	// Provider specific handling configuration
	// +kubebuilder:validation:Optional
	ProviderConfig map[string]*string `json:"providerConfig,omitempty" tf:"provider_config,omitempty"`

	// +kubebuilder:validation:Optional
	Tune []TuneParameters `json:"tune,omitempty" tf:"tune,omitempty"`

	// Type of backend. Can be either 'jwt' or 'oidc'
	// +kubebuilder:validation:Optional
	Type *string `json:"type,omitempty" tf:"type,omitempty"`
}

func (*AuthBackendParameters) DeepCopy 

func (in *AuthBackendParameters) DeepCopy() *AuthBackendParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendParameters.

func (*AuthBackendParameters) DeepCopyInto 

func (in *AuthBackendParameters) DeepCopyInto(out *AuthBackendParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRole 

type AuthBackendRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              AuthBackendRoleSpec   `json:"spec"`
	Status            AuthBackendRoleStatus `json:"status,omitempty"`
}

AuthBackendRole is the Schema for the AuthBackendRoles API. <no value> +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:subresource:status +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,vault}

func (*AuthBackendRole) DeepCopy 

func (in *AuthBackendRole) DeepCopy() *AuthBackendRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRole.

func (*AuthBackendRole) DeepCopyInto 

func (in *AuthBackendRole) DeepCopyInto(out *AuthBackendRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthBackendRole) DeepCopyObject 

func (in *AuthBackendRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthBackendRole) GetCondition 

func (mg *AuthBackendRole) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this AuthBackendRole.

func (*AuthBackendRole) GetConnectionDetailsMapping 

func (tr *AuthBackendRole) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this AuthBackendRole

func (*AuthBackendRole) GetDeletionPolicy 

func (mg *AuthBackendRole) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this AuthBackendRole.

func (*AuthBackendRole) GetID 

func (tr *AuthBackendRole) GetID() string

GetID returns ID of underlying Terraform resource of this AuthBackendRole

func (*AuthBackendRole) GetObservation 

func (tr *AuthBackendRole) GetObservation() (map[string]any, error)

GetObservation of this AuthBackendRole

func (*AuthBackendRole) GetParameters 

func (tr *AuthBackendRole) GetParameters() (map[string]any, error)

GetParameters of this AuthBackendRole

func (*AuthBackendRole) GetProviderConfigReference 

func (mg *AuthBackendRole) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this AuthBackendRole.

func (*AuthBackendRole) GetProviderReference 

func (mg *AuthBackendRole) GetProviderReference() *xpv1.Reference

GetProviderReference of this AuthBackendRole. Deprecated: Use GetProviderConfigReference.

func (*AuthBackendRole) GetPublishConnectionDetailsTo 

func (mg *AuthBackendRole) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this AuthBackendRole.

func (*AuthBackendRole) GetTerraformResourceType 

func (mg *AuthBackendRole) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this AuthBackendRole

func (*AuthBackendRole) GetTerraformSchemaVersion 

func (tr *AuthBackendRole) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*AuthBackendRole) GetWriteConnectionSecretToReference 

func (mg *AuthBackendRole) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this AuthBackendRole.

func (*AuthBackendRole) LateInitialize 

func (tr *AuthBackendRole) LateInitialize(attrs []byte) (bool, error)

LateInitialize this AuthBackendRole using its observed tfState. returns True if there are any spec changes for the resource.

func (*AuthBackendRole) ResolveReferences 

func (mg *AuthBackendRole) ResolveReferences(ctx context.Context, c client.Reader) error

ResolveReferences of this AuthBackendRole.

func (*AuthBackendRole) SetConditions 

func (mg *AuthBackendRole) SetConditions(c ...xpv1.Condition)

SetConditions of this AuthBackendRole.

func (*AuthBackendRole) SetDeletionPolicy 

func (mg *AuthBackendRole) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this AuthBackendRole.

func (*AuthBackendRole) SetObservation 

func (tr *AuthBackendRole) SetObservation(obs map[string]any) error

SetObservation for this AuthBackendRole

func (*AuthBackendRole) SetParameters 

func (tr *AuthBackendRole) SetParameters(params map[string]any) error

SetParameters for this AuthBackendRole

func (*AuthBackendRole) SetProviderConfigReference 

func (mg *AuthBackendRole) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this AuthBackendRole.

func (*AuthBackendRole) SetProviderReference 

func (mg *AuthBackendRole) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this AuthBackendRole. Deprecated: Use SetProviderConfigReference.

func (*AuthBackendRole) SetPublishConnectionDetailsTo 

func (mg *AuthBackendRole) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this AuthBackendRole.

func (*AuthBackendRole) SetWriteConnectionSecretToReference 

func (mg *AuthBackendRole) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this AuthBackendRole.

type AuthBackendRoleList 

type AuthBackendRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthBackendRole `json:"items"`
}

AuthBackendRoleList contains a list of AuthBackendRoles

func (*AuthBackendRoleList) DeepCopy 

func (in *AuthBackendRoleList) DeepCopy() *AuthBackendRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleList.

func (*AuthBackendRoleList) DeepCopyInto 

func (in *AuthBackendRoleList) DeepCopyInto(out *AuthBackendRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthBackendRoleList) DeepCopyObject 

func (in *AuthBackendRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthBackendRoleList) GetItems 

func (l *AuthBackendRoleList) GetItems() []resource.Managed

GetItems of this AuthBackendRoleList.

type AuthBackendRoleObservation 

type AuthBackendRoleObservation struct {
	ID *string `json:"id,omitempty" tf:"id,omitempty"`
}

func (*AuthBackendRoleObservation) DeepCopy 

func (in *AuthBackendRoleObservation) DeepCopy() *AuthBackendRoleObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleObservation.

func (*AuthBackendRoleObservation) DeepCopyInto 

func (in *AuthBackendRoleObservation) DeepCopyInto(out *AuthBackendRoleObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRoleParameters 

type AuthBackendRoleParameters struct {

	// The list of allowed values for redirect_uri during OIDC logins.
	// +kubebuilder:validation:Optional
	AllowedRedirectUris []*string `json:"allowedRedirectUris,omitempty" tf:"allowed_redirect_uris,omitempty"`

	// Unique name of the auth backend to configure.
	// +crossplane:generate:reference:type=AuthBackend
	// +kubebuilder:validation:Optional
	Backend *string `json:"backend,omitempty" tf:"backend,omitempty"`

	// Reference to a AuthBackend to populate backend.
	// +kubebuilder:validation:Optional
	BackendRef *v1.Reference `json:"backendRef,omitempty" tf:"-"`

	// Selector for a AuthBackend to populate backend.
	// +kubebuilder:validation:Optional
	BackendSelector *v1.Selector `json:"backendSelector,omitempty" tf:"-"`

	// List of aud claims to match against. Any match is sufficient.
	// +kubebuilder:validation:Optional
	BoundAudiences []*string `json:"boundAudiences,omitempty" tf:"bound_audiences,omitempty"`

	// Map of claims/values to match against. The expected value may be a single string or a comma-separated string list.
	// +kubebuilder:validation:Optional
	BoundClaims map[string]*string `json:"boundClaims,omitempty" tf:"bound_claims,omitempty"`

	// How to interpret values in the claims/values map: can be either "string" (exact match) or "glob" (wildcard match).
	// +kubebuilder:validation:Optional
	BoundClaimsType *string `json:"boundClaimsType,omitempty" tf:"bound_claims_type,omitempty"`

	// If set, requires that the sub claim matches this value.
	// +kubebuilder:validation:Optional
	BoundSubject *string `json:"boundSubject,omitempty" tf:"bound_subject,omitempty"`

	// Map of claims (keys) to be copied to specified metadata fields (values).
	// +kubebuilder:validation:Optional
	ClaimMappings map[string]*string `json:"claimMappings,omitempty" tf:"claim_mappings,omitempty"`

	// The amount of leeway to add to all claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
	// +kubebuilder:validation:Optional
	ClockSkewLeeway *float64 `json:"clockSkewLeeway,omitempty" tf:"clock_skew_leeway,omitempty"`

	// Disable bound claim value parsing. Useful when values contain commas.
	// +kubebuilder:validation:Optional
	DisableBoundClaimsParsing *bool `json:"disableBoundClaimsParsing,omitempty" tf:"disable_bound_claims_parsing,omitempty"`

	// The amount of leeway to add to expiration (exp) claims to account for clock skew, in seconds. Defaults to 60 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
	// +kubebuilder:validation:Optional
	ExpirationLeeway *float64 `json:"expirationLeeway,omitempty" tf:"expiration_leeway,omitempty"`

	// The claim to use to uniquely identify the set of groups to which the user belongs; this will be used as the names for the Identity group aliases created due to a successful login. The claim value must be a list of strings.
	// +kubebuilder:validation:Optional
	GroupsClaim *string `json:"groupsClaim,omitempty" tf:"groups_claim,omitempty"`

	// Specifies the allowable elapsed time in seconds since the last time the user was actively authenticated.
	// +kubebuilder:validation:Optional
	MaxAge *float64 `json:"maxAge,omitempty" tf:"max_age,omitempty"`

	// Target namespace. (requires Enterprise)
	// +kubebuilder:validation:Optional
	Namespace *string `json:"namespace,omitempty" tf:"namespace,omitempty"`

	// The amount of leeway to add to not before (nbf) claims to account for clock skew, in seconds. Defaults to 150 seconds if set to 0 and can be disabled if set to -1. Only applicable with 'jwt' roles.
	// +kubebuilder:validation:Optional
	NotBeforeLeeway *float64 `json:"notBeforeLeeway,omitempty" tf:"not_before_leeway,omitempty"`

	// List of OIDC scopes to be used with an OIDC role. The standard scope "openid" is automatically included and need not be specified.
	// +kubebuilder:validation:Optional
	OidcScopes []*string `json:"oidcScopes,omitempty" tf:"oidc_scopes,omitempty"`

	// Name of the role.
	// +kubebuilder:validation:Required
	RoleName *string `json:"roleName" tf:"role_name,omitempty"`

	// Type of role, either "oidc" (default) or "jwt"
	// +kubebuilder:validation:Optional
	RoleType *string `json:"roleType,omitempty" tf:"role_type,omitempty"`

	// Specifies the blocks of IP addresses which are allowed to use the generated token
	// +kubebuilder:validation:Optional
	TokenBoundCidrs []*string `json:"tokenBoundCidrs,omitempty" tf:"token_bound_cidrs,omitempty"`

	// Generated Token's Explicit Maximum TTL in seconds
	// +kubebuilder:validation:Optional
	TokenExplicitMaxTTL *float64 `json:"tokenExplicitMaxTtl,omitempty" tf:"token_explicit_max_ttl,omitempty"`

	// The maximum lifetime of the generated token
	// +kubebuilder:validation:Optional
	TokenMaxTTL *float64 `json:"tokenMaxTtl,omitempty" tf:"token_max_ttl,omitempty"`

	// If true, the 'default' policy will not automatically be added to generated tokens
	// +kubebuilder:validation:Optional
	TokenNoDefaultPolicy *bool `json:"tokenNoDefaultPolicy,omitempty" tf:"token_no_default_policy,omitempty"`

	// The maximum number of times a token may be used, a value of zero means unlimited
	// +kubebuilder:validation:Optional
	TokenNumUses *float64 `json:"tokenNumUses,omitempty" tf:"token_num_uses,omitempty"`

	// Generated Token's Period
	// +kubebuilder:validation:Optional
	TokenPeriod *float64 `json:"tokenPeriod,omitempty" tf:"token_period,omitempty"`

	// Generated Token's Policies
	// +kubebuilder:validation:Optional
	TokenPolicies []*string `json:"tokenPolicies,omitempty" tf:"token_policies,omitempty"`

	// The initial ttl of the token to generate in seconds
	// +kubebuilder:validation:Optional
	TokenTTL *float64 `json:"tokenTtl,omitempty" tf:"token_ttl,omitempty"`

	// The type of token to generate, service or batch
	// +kubebuilder:validation:Optional
	TokenType *string `json:"tokenType,omitempty" tf:"token_type,omitempty"`

	// The claim to use to uniquely identify the user; this will be used as the name for the Identity entity alias created due to a successful login.
	// +kubebuilder:validation:Required
	UserClaim *string `json:"userClaim" tf:"user_claim,omitempty"`

	// Specifies if the user_claim value uses JSON pointer syntax for referencing claims. By default, the user_claim value will not use JSON pointer.
	// +kubebuilder:validation:Optional
	UserClaimJSONPointer *bool `json:"userClaimJsonPointer,omitempty" tf:"user_claim_json_pointer,omitempty"`

	// Log received OIDC tokens and claims when debug-level logging is active. Not recommended in production since sensitive information may be present in OIDC responses.
	// +kubebuilder:validation:Optional
	VerboseOidcLogging *bool `json:"verboseOidcLogging,omitempty" tf:"verbose_oidc_logging,omitempty"`
}

func (*AuthBackendRoleParameters) DeepCopy 

func (in *AuthBackendRoleParameters) DeepCopy() *AuthBackendRoleParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleParameters.

func (*AuthBackendRoleParameters) DeepCopyInto 

func (in *AuthBackendRoleParameters) DeepCopyInto(out *AuthBackendRoleParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRoleSpec 

type AuthBackendRoleSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     AuthBackendRoleParameters `json:"forProvider"`
}

AuthBackendRoleSpec defines the desired state of AuthBackendRole

func (*AuthBackendRoleSpec) DeepCopy 

func (in *AuthBackendRoleSpec) DeepCopy() *AuthBackendRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleSpec.

func (*AuthBackendRoleSpec) DeepCopyInto 

func (in *AuthBackendRoleSpec) DeepCopyInto(out *AuthBackendRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendRoleStatus 

type AuthBackendRoleStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        AuthBackendRoleObservation `json:"atProvider,omitempty"`
}

AuthBackendRoleStatus defines the observed state of AuthBackendRole.

func (*AuthBackendRoleStatus) DeepCopy 

func (in *AuthBackendRoleStatus) DeepCopy() *AuthBackendRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendRoleStatus.

func (*AuthBackendRoleStatus) DeepCopyInto 

func (in *AuthBackendRoleStatus) DeepCopyInto(out *AuthBackendRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendSpec 

type AuthBackendSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     AuthBackendParameters `json:"forProvider"`
}

AuthBackendSpec defines the desired state of AuthBackend

func (*AuthBackendSpec) DeepCopy 

func (in *AuthBackendSpec) DeepCopy() *AuthBackendSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendSpec.

func (*AuthBackendSpec) DeepCopyInto 

func (in *AuthBackendSpec) DeepCopyInto(out *AuthBackendSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthBackendStatus 

type AuthBackendStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        AuthBackendObservation `json:"atProvider,omitempty"`
}

AuthBackendStatus defines the observed state of AuthBackend.

func (*AuthBackendStatus) DeepCopy 

func (in *AuthBackendStatus) DeepCopy() *AuthBackendStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthBackendStatus.

func (*AuthBackendStatus) DeepCopyInto 

func (in *AuthBackendStatus) DeepCopyInto(out *AuthBackendStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TuneObservation 

type TuneObservation struct {
}

func (*TuneObservation) DeepCopy 

func (in *TuneObservation) DeepCopy() *TuneObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TuneObservation.

func (*TuneObservation) DeepCopyInto 

func (in *TuneObservation) DeepCopyInto(out *TuneObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TuneParameters 

type TuneParameters struct {

	// +kubebuilder:validation:Optional
	AllowedResponseHeaders []*string `json:"allowedResponseHeaders,omitempty" tf:"allowed_response_headers"`

	// +kubebuilder:validation:Optional
	AuditNonHMACRequestKeys []*string `json:"auditNonHmacRequestKeys,omitempty" tf:"audit_non_hmac_request_keys"`

	// +kubebuilder:validation:Optional
	AuditNonHMACResponseKeys []*string `json:"auditNonHmacResponseKeys,omitempty" tf:"audit_non_hmac_response_keys"`

	// +kubebuilder:validation:Optional
	DefaultLeaseTTL *string `json:"defaultLeaseTtl,omitempty" tf:"default_lease_ttl"`

	// +kubebuilder:validation:Optional
	ListingVisibility *string `json:"listingVisibility,omitempty" tf:"listing_visibility"`

	// +kubebuilder:validation:Optional
	MaxLeaseTTL *string `json:"maxLeaseTtl,omitempty" tf:"max_lease_ttl"`

	// +kubebuilder:validation:Optional
	PassthroughRequestHeaders []*string `json:"passthroughRequestHeaders,omitempty" tf:"passthrough_request_headers"`

	// +kubebuilder:validation:Optional
	TokenType *string `json:"tokenType,omitempty" tf:"token_type"`
}

func (*TuneParameters) DeepCopy 

func (in *TuneParameters) DeepCopy() *TuneParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TuneParameters.

func (*TuneParameters) DeepCopyInto 

func (in *TuneParameters) DeepCopyInto(out *TuneParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.