2023-06-27 11:01:44 +00:00
|
|
|
---
|
|
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
|
|
kind: CustomResourceDefinition
|
|
|
|
metadata:
|
|
|
|
name: oidcgatewayusers.codemowers.io
|
|
|
|
spec:
|
|
|
|
group: codemowers.io
|
|
|
|
names:
|
|
|
|
plural: oidcgatewayusers
|
|
|
|
singular: oidcgatewayuser
|
|
|
|
kind: OIDCGWUser
|
|
|
|
scope: Namespaced
|
|
|
|
versions:
|
|
|
|
- name: v1alpha1
|
|
|
|
served: true
|
|
|
|
storage: true
|
|
|
|
subresources:
|
|
|
|
status: { }
|
|
|
|
schema:
|
|
|
|
openAPIV3Schema:
|
|
|
|
required:
|
|
|
|
- spec
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
spec:
|
|
|
|
type: object
|
2023-07-30 09:34:42 +00:00
|
|
|
required:
|
|
|
|
- type
|
2023-06-27 11:01:44 +00:00
|
|
|
properties:
|
2023-07-30 09:34:42 +00:00
|
|
|
type:
|
|
|
|
type: string
|
|
|
|
enum: [ 'person', 'org', 'service', 'banned' ]
|
|
|
|
default: person
|
2023-06-27 11:01:44 +00:00
|
|
|
email:
|
|
|
|
type: string
|
2023-07-26 17:25:39 +00:00
|
|
|
companyEmail:
|
|
|
|
type: string
|
2023-06-27 11:01:44 +00:00
|
|
|
customGroups:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
prefix:
|
|
|
|
type: string
|
|
|
|
name:
|
|
|
|
type: string
|
|
|
|
customProfile:
|
|
|
|
type: object
|
2023-07-28 17:45:37 +00:00
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
2023-06-27 11:01:44 +00:00
|
|
|
properties:
|
|
|
|
name:
|
|
|
|
type: string
|
|
|
|
company:
|
|
|
|
type: string
|
|
|
|
githubEmails:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
email:
|
|
|
|
type: string
|
|
|
|
primary:
|
|
|
|
type: boolean
|
|
|
|
default: false
|
|
|
|
githubGroups:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
prefix:
|
|
|
|
type: string
|
|
|
|
enum: [ 'github.com' ]
|
|
|
|
name:
|
|
|
|
type: string
|
|
|
|
githubProfile:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
name:
|
|
|
|
type: string
|
|
|
|
company:
|
|
|
|
type: string
|
|
|
|
id:
|
|
|
|
type: integer
|
|
|
|
login:
|
|
|
|
type: string
|
|
|
|
slackId:
|
|
|
|
type: string
|
|
|
|
status:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
primaryEmail:
|
|
|
|
type: string
|
|
|
|
emails:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: string
|
|
|
|
groups:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
prefix:
|
|
|
|
type: string
|
|
|
|
name:
|
|
|
|
type: string
|
|
|
|
profile:
|
|
|
|
type: object
|
2023-07-28 17:45:37 +00:00
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
2023-06-27 11:01:44 +00:00
|
|
|
properties:
|
|
|
|
name:
|
|
|
|
type: string
|
|
|
|
company:
|
|
|
|
type: string
|
|
|
|
slackId:
|
|
|
|
type: string
|
|
|
|
conditions:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: object
|
|
|
|
x-kubernetes-embedded-resource: true
|
|
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
|
|
additionalPrinterColumns:
|
2023-07-30 09:34:42 +00:00
|
|
|
- name: Type
|
|
|
|
type: string
|
|
|
|
jsonPath: .spec.type
|
2023-06-27 11:01:44 +00:00
|
|
|
- name: Name
|
|
|
|
type: string
|
|
|
|
jsonPath: .status.profile.name
|
2023-07-31 09:38:33 +00:00
|
|
|
- name: Display e-mail
|
2023-06-27 11:01:44 +00:00
|
|
|
type: string
|
2023-07-31 09:38:33 +00:00
|
|
|
jsonPath: .spec.companyEmail
|
|
|
|
- name: Upstream IdP e-mail
|
|
|
|
type: string
|
|
|
|
jsonPath: .spec.githubEmails[?(@.primary==true)].email
|
|
|
|
- name: GH ID
|
|
|
|
type: string
|
|
|
|
jsonPath: .spec.githubProfile.id
|
2023-06-27 11:01:44 +00:00
|
|
|
- name: Groups
|
|
|
|
type: string
|
|
|
|
jsonPath: .status.groups
|
|
|
|
---
|
|
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
|
|
kind: CustomResourceDefinition
|
|
|
|
metadata:
|
|
|
|
name: oidcgatewayclients.codemowers.io
|
|
|
|
spec:
|
|
|
|
group: codemowers.io
|
|
|
|
names:
|
|
|
|
plural: oidcgatewayclients
|
|
|
|
singular: oidcgatewayclient
|
|
|
|
kind: OIDCGWClient
|
|
|
|
scope: Namespaced
|
|
|
|
versions:
|
|
|
|
- name: v1alpha1
|
|
|
|
served: true
|
|
|
|
storage: true
|
|
|
|
subresources:
|
|
|
|
status: { }
|
|
|
|
schema:
|
|
|
|
openAPIV3Schema:
|
|
|
|
required:
|
|
|
|
- spec
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
spec:
|
|
|
|
type: object
|
|
|
|
required:
|
2023-07-26 17:25:39 +00:00
|
|
|
- redirectUris
|
2023-06-27 11:01:44 +00:00
|
|
|
- grantTypes
|
|
|
|
- responseTypes
|
|
|
|
properties:
|
|
|
|
uri:
|
|
|
|
type: string
|
|
|
|
displayName:
|
|
|
|
type: string
|
|
|
|
redirectUris:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: string
|
|
|
|
grantTypes:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: string
|
|
|
|
enum: [ 'implicit', 'authorization_code', 'refresh_token' ]
|
|
|
|
responseTypes:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: string
|
|
|
|
enum: [ 'code id_token', 'code', 'id_token', 'none' ]
|
|
|
|
tokenEndpointAuthMethod:
|
|
|
|
type: string
|
|
|
|
enum: [ 'client_secret_basic', 'client_secret_jwt', 'client_secret_post', 'private_key_jwt', 'none' ]
|
|
|
|
idTokenSignedResponseAlg:
|
|
|
|
type: string
|
|
|
|
enum: [ 'PS256','RS256', 'ES256' ]
|
|
|
|
allowedGroups:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: string
|
|
|
|
availableScopes:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: string
|
|
|
|
enum: [ 'openid', 'profile', 'offline_access' ]
|
|
|
|
default: [ 'openid' ]
|
|
|
|
pkce:
|
|
|
|
type: boolean
|
|
|
|
default: true
|
|
|
|
status:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
gateway:
|
|
|
|
type: string
|
|
|
|
additionalPrinterColumns:
|
|
|
|
- name: Gateway
|
|
|
|
type: string
|
|
|
|
description: 'OIDC gateway deployment which manages this client'
|
|
|
|
jsonPath: .status.gateway
|
|
|
|
- name: Uris
|
|
|
|
type: string
|
|
|
|
description: 'Redirect URLs configured for this client'
|
|
|
|
jsonPath: .spec.redirectUris
|
|
|
|
- name: Allowed groups
|
|
|
|
type: string
|
|
|
|
description: 'Groups allowed to this client'
|
|
|
|
jsonPath: .spec.allowedGroups
|
|
|
|
---
|
|
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
|
|
kind: CustomResourceDefinition
|
|
|
|
metadata:
|
|
|
|
name: oidcgatewaymiddlewareclients.codemowers.io
|
|
|
|
spec:
|
|
|
|
group: codemowers.io
|
|
|
|
names:
|
|
|
|
plural: oidcgatewaymiddlewareclients
|
|
|
|
singular: oidcgatewaymiddlewareclient
|
|
|
|
kind: OIDCGWMiddlewareClient
|
|
|
|
scope: Namespaced
|
|
|
|
versions:
|
|
|
|
- name: v1alpha1
|
|
|
|
served: true
|
|
|
|
storage: true
|
|
|
|
subresources:
|
|
|
|
status: { }
|
|
|
|
schema:
|
|
|
|
openAPIV3Schema:
|
|
|
|
required:
|
|
|
|
- spec
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
spec:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
uri:
|
|
|
|
type: string
|
|
|
|
displayName:
|
|
|
|
type: string
|
|
|
|
allowedGroups:
|
|
|
|
type: array
|
|
|
|
items:
|
|
|
|
type: string
|
|
|
|
headerMapping:
|
|
|
|
type: object
|
|
|
|
default:
|
|
|
|
user: 'Remote-User'
|
|
|
|
name: 'Remote-Name'
|
|
|
|
email: 'Remote-Email'
|
|
|
|
groups: 'Remote-Groups'
|
|
|
|
properties:
|
|
|
|
user:
|
|
|
|
type: string
|
|
|
|
name:
|
|
|
|
type: string
|
|
|
|
email:
|
|
|
|
type: string
|
|
|
|
groups:
|
|
|
|
type: string
|
|
|
|
status:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
gateway:
|
|
|
|
type: string
|
|
|
|
additionalPrinterColumns:
|
|
|
|
- name: Gateway
|
|
|
|
type: string
|
|
|
|
description: 'OIDC gateway deployment which manages this client'
|
|
|
|
jsonPath: .status.gateway
|
|
|
|
- name: Uri
|
|
|
|
type: string
|
|
|
|
description: 'URL configured for this client'
|
|
|
|
jsonPath: .spec.uri
|
|
|
|
- name: Allowed groups
|
|
|
|
type: string
|
|
|
|
description: 'Groups allowed to this client'
|
|
|
|
jsonPath: .spec.allowedGroups
|