diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2020-05-23 06:48:18 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-05-23 06:48:57 -0400 |
commit | 935a716418a5b7e7b33ac0c53048d57e28b910af (patch) | |
tree | 6b8dafc6b243e96555d1dcff53ca223842eb6e30 /vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml | |
parent | e323d3e92d618f76efe63a29ae53150c943e1fbe (diff) | |
download | podman-935a716418a5b7e7b33ac0c53048d57e28b910af.tar.gz podman-935a716418a5b7e7b33ac0c53048d57e28b910af.tar.bz2 podman-935a716418a5b7e7b33ac0c53048d57e28b910af.zip |
Vendor in latest containers/buildah
This will take a significant size away from the podman-remote executables.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml')
-rw-r--r-- | vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml | 661 |
1 files changed, 0 insertions, 661 deletions
diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml deleted file mode 100644 index fd763d047..000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ /dev/null @@ -1,661 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: oauths.config.openshift.io -spec: - group: config.openshift.io - names: - kind: OAuth - listKind: OAuthList - plural: oauths - singular: oauth - scope: Cluster - preserveUnknownFields: false - subresources: - status: {} - versions: - - name: v1 - served: true - storage: true - "validation": - "openAPIV3Schema": - description: OAuth holds cluster-wide information about OAuth. The canonical - name is `cluster`. It is used to configure the integrated OAuth server. This - configuration is only honored when the top level Authentication config has - type set to IntegratedOAuth. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OAuthSpec contains desired cluster auth configuration - type: object - properties: - identityProviders: - description: identityProviders is an ordered list of ways for a user - to identify themselves. When this list is empty, no identities are - provisioned for users. - type: array - items: - description: IdentityProvider provides identities for users authenticating - using credentials - type: object - properties: - basicAuth: - description: basicAuth contains configuration options for the - BasicAuth IdP - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - to present when connecting to the server. The key "tls.crt" - is used to locate the data. If specified and the secret - or expected key is not found, the identity provider is not - honored. If the specified certificate data is not valid, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a secret - by name that contains the PEM-encoded TLS private key for - the client certificate referenced in tlsClientCert. The - key "tls.key" is used to locate the data. If specified and - the secret or expected key is not found, the identity provider - is not honored. If the specified certificate data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - url: - description: url is the remote URL to connect to - type: string - github: - description: github enables user authentication using GitHub credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - This can only be configured when hostname is set to a non-empty - value. The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - hostname: - description: hostname is the optional domain (e.g. "mycompany.com") - for use with a hosted instance of GitHub Enterprise. It - must match the GitHub Enterprise settings value configured - at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts which organizations - are allowed to log in - type: array - items: - type: string - teams: - description: teams optionally restricts which teams are allowed - to log in. Format is <org>/<team>. - type: array - items: - type: string - gitlab: - description: gitlab enables user authentication using GitLab credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - url: - description: url is the oauth server base URL - type: string - google: - description: google enables user authentication using Google credentials - type: object - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - hostedDomain: - description: hostedDomain is the optional Google App domain - (e.g. "mycompany.com") to restrict logins to - type: string - htpasswd: - description: htpasswd enables user authentication using an HTPasswd - file to validate credentials - type: object - properties: - fileData: - description: fileData is a required reference to a secret - by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. If the secret - or expected key is not found, the identity provider is not - honored. If the specified htpasswd data is not valid, the - identity provider is not honored. The namespace for this - secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - keystone: - description: keystone enables user authentication using keystone - password credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - domainName: - description: domainName is required for keystone v3 - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - to present when connecting to the server. The key "tls.crt" - is used to locate the data. If specified and the secret - or expected key is not found, the identity provider is not - honored. If the specified certificate data is not valid, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a secret - by name that contains the PEM-encoded TLS private key for - the client certificate referenced in tlsClientCert. The - key "tls.key" is used to locate the data. If specified and - the secret or expected key is not found, the identity provider - is not honored. If the specified certificate data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - url: - description: url is the remote URL to connect to - type: string - ldap: - description: ldap enables user authentication using LDAP credentials - type: object - properties: - attributes: - description: attributes maps LDAP attributes to identities - type: object - properties: - email: - description: email is the list of attributes whose values - should be used as the email address. Optional. If unspecified, - no email is set for the identity - type: array - items: - type: string - id: - description: id is the list of attributes whose values - should be used as the user ID. Required. First non-empty - attribute is used. At least one attribute is required. - If none of the listed attribute have a value, authentication - fails. LDAP standard identity attribute is "dn" - type: array - items: - type: string - name: - description: name is the list of attributes whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity LDAP standard - display name attribute is "cn" - type: array - items: - type: string - preferredUsername: - description: preferredUsername is the list of attributes - whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - type: array - items: - type: string - bindDN: - description: bindDN is an optional DN to bind with during - the search phase. - type: string - bindPassword: - description: bindPassword is an optional reference to a secret - by name containing a password to bind with during the search - phase. The key "bindPassword" is used to locate the data. - If specified and the secret or expected key is not found, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - insecure: - description: 'insecure, if true, indicates the connection - should not use TLS WARNING: Should not be set to `true` - with the URL scheme "ldaps://" as "ldaps://" URLs always attempt - to connect using TLS, even when `insecure` is set to `true` - When `true`, "ldap://" URLS connect insecurely. When `false`, - "ldap://" URLs are upgraded to a TLS connection using StartTLS - as specified in https://tools.ietf.org/html/rfc2830.' - type: boolean - url: - description: 'url is an RFC 2255 URL which specifies the LDAP - search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter' - type: string - mappingMethod: - description: mappingMethod determines how identities from this - provider are mapped to users Defaults to "claim" - type: string - name: - description: 'name is used to qualify the identities returned - by this provider. - It MUST be unique and not shared by any - other identity provider used - It MUST be a valid path segment: - name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: - https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' - type: string - openID: - description: openID enables user authentication using OpenID credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - claims: - description: claims mappings - type: object - properties: - email: - description: email is the list of claims whose values - should be used as the email address. Optional. If unspecified, - no email is set for the identity - type: array - items: - type: string - name: - description: name is the list of claims whose values should - be used as the display name. Optional. If unspecified, - no display name is set for the identity - type: array - items: - type: string - preferredUsername: - description: preferredUsername is the list of claims whose - values should be used as the preferred username. If - unspecified, the preferred username is determined from - the value of the sub claim - type: array - items: - type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - extraAuthorizeParameters: - description: extraAuthorizeParameters are any custom parameters - to add to the authorize request. - type: object - additionalProperties: - type: string - extraScopes: - description: extraScopes are any scopes to request in addition - to the standard "openid" scope. - type: array - items: - type: string - issuer: - description: issuer is the URL that the OpenID Provider asserts - as its Issuer Identifier. It must use the https scheme with - no query or fragment component. - type: string - requestHeader: - description: requestHeader enables user authentication using request - header credentials - type: object - properties: - ca: - description: ca is a required reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. Specifically, it allows verification - of incoming requests to prevent header spoofing. The key - "ca.crt" is used to locate the data. If the config map or - expected key is not found, the identity provider is not - honored. If the specified ca data is not valid, the identity - provider is not honored. The namespace for this config map - is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - challengeURL: - description: challengeURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect WWW-Authenticate challenges will be - redirected here. ${url} is replaced with the current URL, - escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: clientCommonNames is an optional list of common - names to require a match from. If empty, any client certificate - validated against the clientCA bundle is considered authoritative. - type: array - items: - type: string - emailHeaders: - description: emailHeaders is the set of headers to check for - the email address - type: array - items: - type: string - headers: - description: headers is the set of headers to check for identity - information - type: array - items: - type: string - loginURL: - description: loginURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect interactive logins will be redirected - here ${url} is replaced with the current URL, escaped to - be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to check for - the display name - type: array - items: - type: string - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set of headers - to check for the preferred username - type: array - items: - type: string - type: - description: type identifies the identity provider type for this - entry. - type: string - templates: - description: templates allow you to customize pages like the login page. - type: object - properties: - error: - description: error is the name of a secret that specifies a go template - to use to render error pages during the authentication or grant - flow. The key "errors.html" is used to locate the template data. - If specified and the secret or expected key is not found, the - default error page is used. If the specified template is not valid, - the default error page is used. If unspecified, the default error - page is used. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - login: - description: login is the name of a secret that specifies a go template - to use to render the login page. The key "login.html" is used - to locate the template data. If specified and the secret or expected - key is not found, the default login page is used. If the specified - template is not valid, the default login page is used. If unspecified, - the default login page is used. The namespace for this secret - is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - providerSelection: - description: providerSelection is the name of a secret that specifies - a go template to use to render the provider selection page. The - key "providers.html" is used to locate the template data. If specified - and the secret or expected key is not found, the default provider - selection page is used. If the specified template is not valid, - the default provider selection page is used. If unspecified, the - default provider selection page is used. The namespace for this - secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - tokenConfig: - description: tokenConfig contains options for authorization and access - tokens - type: object - properties: - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds defines the default - token inactivity timeout for tokens granted by any client. The - value represents the maximum amount of time that can occur between - consecutive uses of the token. Tokens become invalid if they are - not used within this temporal window. The user will need to acquire - a new token to regain access once a token times out. Valid values - are integer values: x < 0 Tokens time out is enabled but tokens - never timeout unless configured per client (e.g. `-1`) x = 0 Tokens - time out is disabled (default) x > 0 Tokens time out if there - is no activity for x seconds The current minimum allowed value - for X is 300 (5 minutes)' - type: integer - format: int32 - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum age of - access tokens - type: integer - format: int32 - status: - description: OAuthStatus shows current known state of OAuth server in the - cluster - type: object |