summaryrefslogtreecommitdiff
path: root/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml')
-rw-r--r--vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml123
1 files changed, 123 insertions, 0 deletions
diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml
new file mode 100644
index 000000000..f21ac7ea8
--- /dev/null
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml
@@ -0,0 +1,123 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: authentications.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Authentication
+ listKind: AuthenticationList
+ plural: authentications
+ singular: authentication
+ scope: Cluster
+ preserveUnknownFields: false
+ subresources:
+ status: {}
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ "validation":
+ "openAPIV3Schema":
+ description: Authentication specifies cluster-wide settings for authentication
+ (like OAuth and webhook token authenticators). The canonical name of an instance
+ is `cluster`.
+ type: object
+ required:
+ - spec
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ type: object
+ properties:
+ oauthMetadata:
+ description: 'oauthMetadata contains the discovery endpoint data for
+ OAuth 2.0 Authorization Server Metadata for an external OAuth server.
+ This discovery document can be viewed from its served location: oc
+ get --raw ''/.well-known/oauth-authorization-server'' For further
+ details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
+ If oauthMetadata.name is non-empty, this value has precedence over
+ any metadata reference stored in status. The key "oauthMetadata" is
+ used to locate the data. If specified and the config map or expected
+ key is not found, no metadata is served. If the specified metadata
+ is not valid, no metadata is served. The namespace for this config
+ map is openshift-config.'
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ type:
+ description: type identifies the cluster managed, user facing authentication
+ mode in use. Specifically, it manages the component that responds
+ to login attempts. The default is IntegratedOAuth.
+ type: string
+ webhookTokenAuthenticators:
+ description: webhookTokenAuthenticators configures remote token reviewers.
+ These remote authentication webhooks can be used to verify bearer
+ tokens via the tokenreviews.authentication.k8s.io REST API. This
+ is required to honor bearer tokens that are provisioned by an external
+ authentication service. The namespace for these secrets is openshift-config.
+ type: array
+ items:
+ description: webhookTokenAuthenticator holds the necessary configuration
+ options for a remote token authenticator
+ type: object
+ properties:
+ kubeConfig:
+ description: 'kubeConfig contains kube config file data which
+ describes how to access the remote webhook service. For further
+ details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
+ The key "kubeConfig" is used to locate the data. If the secret
+ or expected key is not found, the webhook is not honored. If
+ the specified kube config data is not valid, the webhook is
+ not honored. The namespace for this secret is determined by
+ the point of use.'
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: name is the metadata.name of the referenced secret
+ type: string
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ type: object
+ properties:
+ integratedOAuthMetadata:
+ description: 'integratedOAuthMetadata contains the discovery endpoint
+ data for OAuth 2.0 Authorization Server Metadata for the in-cluster
+ integrated OAuth server. This discovery document can be viewed from
+ its served location: oc get --raw ''/.well-known/oauth-authorization-server''
+ For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
+ This contains the observed value based on cluster state. An explicitly
+ set value in spec.oauthMetadata has precedence over this field. This
+ field has no meaning if authentication spec.type is not set to IntegratedOAuth.
+ The key "oauthMetadata" is used to locate the data. If the config
+ map or expected key is not found, no metadata is served. If the specified
+ metadata is not valid, no metadata is served. The namespace for this
+ config map is openshift-config-managed.'
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-20 08:31:07 +0000