---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: oidcgatewayusers.codemowers.io
spec:
  group: codemowers.io
  names:
    plural: oidcgatewayusers
    singular: oidcgatewayuser
    kind: OIDCGWUser
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: { }
      schema:
        openAPIV3Schema:
          required:
            - spec
          type: object
          properties:
            spec:
              type: object
              required:
                - type
              properties:
                type:
                  type: string
                  enum: [ 'person', 'org', 'service', 'banned' ]
                  default: person
                email:
                  type: string
                companyEmail:
                  type: string
                customGroups:
                  type: array
                  items:
                    type: object
                    properties:
                      prefix:
                        type: string
                      name:
                        type: string
                customProfile:
                  type: object
                  x-kubernetes-preserve-unknown-fields: true
                  properties:
                    name:
                      type: string
                    company:
                      type: string
                githubEmails:
                  type: array
                  items:
                    type: object
                    properties:
                      email:
                        type: string
                      primary:
                        type: boolean
                        default: false
                githubGroups:
                  type: array
                  items:
                    type: object
                    properties:
                      prefix:
                        type: string
                        enum: [ 'github.com' ]
                      name:
                        type: string
                githubProfile:
                  type: object
                  properties:
                    name:
                      type: string
                    company:
                      type: string
                    id:
                      type: integer
                    login:
                      type: string
                slackId:
                  type: string
            status:
              type: object
              properties:
                primaryEmail:
                  type: string
                emails:
                  type: array
                  items:
                    type: string
                groups:
                  type: array
                  items:
                    type: object
                    properties:
                      prefix:
                        type: string
                      name:
                        type: string
                profile:
                  type: object
                  x-kubernetes-preserve-unknown-fields: true
                  properties:
                    name:
                      type: string
                    company:
                      type: string
                slackId:
                  type: string
                conditions:
                  type: array
                  items:
                    type: object
                    x-kubernetes-embedded-resource: true
                    x-kubernetes-preserve-unknown-fields: true
      additionalPrinterColumns:
        - name: Type
          type: string
          jsonPath: .spec.type
        - name: Name
          type: string
          jsonPath: .status.profile.name
        - name: Display e-mail
          type: string
          jsonPath: .spec.companyEmail
        - name: Upstream IdP e-mail
          type: string
          jsonPath: .spec.githubEmails[?(@.primary==true)].email
        - name: GH ID
          type: string
          jsonPath: .spec.githubProfile.id
        - name: Groups
          type: string
          jsonPath: .status.groups
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: oidcgatewayclients.codemowers.io
spec:
  group: codemowers.io
  names:
    plural: oidcgatewayclients
    singular: oidcgatewayclient
    kind: OIDCGWClient
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: { }
      schema:
        openAPIV3Schema:
          required:
            - spec
          type: object
          properties:
            spec:
              type: object
              required:
                - redirectUris
                - grantTypes
                - responseTypes
              properties:
                uri:
                  type: string
                displayName:
                  type: string
                redirectUris:
                  type: array
                  items:
                    type: string
                grantTypes:
                  type: array
                  items:
                    type: string
                    enum: [ 'implicit', 'authorization_code', 'refresh_token' ]
                responseTypes:
                  type: array
                  items:
                    type: string
                    enum: [ 'code id_token', 'code', 'id_token', 'none' ]
                tokenEndpointAuthMethod:
                  type: string
                  enum: [ 'client_secret_basic', 'client_secret_jwt', 'client_secret_post', 'private_key_jwt', 'none' ]
                idTokenSignedResponseAlg:
                  type: string
                  enum: [ 'PS256','RS256', 'ES256' ]
                allowedGroups:
                  type: array
                  items:
                    type: string
                overrideIncomingScopes:
                  type: boolean
                  default: false
                availableScopes:
                  type: array
                  items:
                    type: string
                    enum: [ 'openid', 'profile', 'offline_access' ]
                  default: [ 'openid' ]
                pkce:
                  type: boolean
                  default: true
            status:
              type: object
              properties:
                gateway:
                  type: string
      additionalPrinterColumns:
        - name: Gateway
          type: string
          description: 'OIDC gateway deployment which manages this client'
          jsonPath: .status.gateway
        - name: Uris
          type: string
          description: 'Redirect URLs configured for this client'
          jsonPath: .spec.redirectUris
        - name: Allowed groups
          type: string
          description: 'Groups allowed to this client'
          jsonPath: .spec.allowedGroups
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: oidcgatewaymiddlewareclients.codemowers.io
spec:
  group: codemowers.io
  names:
    plural: oidcgatewaymiddlewareclients
    singular: oidcgatewaymiddlewareclient
    kind: OIDCGWMiddlewareClient
  scope: Namespaced
  versions:
    - name: v1alpha1
      served: true
      storage: true
      subresources:
        status: { }
      schema:
        openAPIV3Schema:
          required:
            - spec
          type: object
          properties:
            spec:
              type: object
              properties:
                uri:
                  type: string
                displayName:
                  type: string
                allowedGroups:
                  type: array
                  items:
                    type: string
                headerMapping:
                  type: object
                  default:
                    user: 'Remote-User'
                    name: 'Remote-Name'
                    email: 'Remote-Email'
                    groups: 'Remote-Groups'
                  properties:
                    user:
                      type: string
                    name:
                      type: string
                    email:
                      type: string
                    groups:
                      type: string
            status:
              type: object
              properties:
                gateway:
                  type: string
      additionalPrinterColumns:
        - name: Gateway
          type: string
          description: 'OIDC gateway deployment which manages this client'
          jsonPath: .status.gateway
        - name: Uri
          type: string
          description: 'URL configured for this client'
          jsonPath: .spec.uri
        - name: Allowed groups
          type: string
          description: 'Groups allowed to this client'
          jsonPath: .spec.allowedGroups