277 lines
7.9 KiB
YAML
277 lines
7.9 KiB
YAML
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: oidcgatewayusers.codemowers.io
|
|
spec:
|
|
group: codemowers.io
|
|
names:
|
|
plural: oidcgatewayusers
|
|
singular: oidcgatewayuser
|
|
kind: OIDCGWUser
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: { }
|
|
schema:
|
|
openAPIV3Schema:
|
|
required:
|
|
- spec
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
email:
|
|
type: string
|
|
customGroups:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
prefix:
|
|
type: string
|
|
name:
|
|
type: string
|
|
customProfile:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
company:
|
|
type: string
|
|
githubEmails:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
email:
|
|
type: string
|
|
primary:
|
|
type: boolean
|
|
default: false
|
|
githubGroups:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
prefix:
|
|
type: string
|
|
enum: [ 'github.com' ]
|
|
name:
|
|
type: string
|
|
githubProfile:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
company:
|
|
type: string
|
|
id:
|
|
type: integer
|
|
login:
|
|
type: string
|
|
slackId:
|
|
type: string
|
|
status:
|
|
type: object
|
|
properties:
|
|
primaryEmail:
|
|
type: string
|
|
emails:
|
|
type: array
|
|
items:
|
|
type: string
|
|
groups:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
prefix:
|
|
type: string
|
|
name:
|
|
type: string
|
|
profile:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
company:
|
|
type: string
|
|
slackId:
|
|
type: string
|
|
conditions:
|
|
type: array
|
|
items:
|
|
type: object
|
|
x-kubernetes-embedded-resource: true
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
additionalPrinterColumns:
|
|
- name: Name
|
|
type: string
|
|
jsonPath: .status.profile.name
|
|
- name: Emails
|
|
type: string
|
|
jsonPath: .status.emails
|
|
- name: Groups
|
|
type: string
|
|
jsonPath: .status.groups
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: oidcgatewayclients.codemowers.io
|
|
spec:
|
|
group: codemowers.io
|
|
names:
|
|
plural: oidcgatewayclients
|
|
singular: oidcgatewayclient
|
|
kind: OIDCGWClient
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: { }
|
|
schema:
|
|
openAPIV3Schema:
|
|
required:
|
|
- spec
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
required:
|
|
- redirectUris # TODO: add validation
|
|
- grantTypes
|
|
- responseTypes
|
|
properties:
|
|
uri:
|
|
type: string
|
|
displayName:
|
|
type: string
|
|
redirectUris:
|
|
type: array
|
|
items:
|
|
type: string
|
|
grantTypes:
|
|
type: array
|
|
items:
|
|
type: string
|
|
enum: [ 'implicit', 'authorization_code', 'refresh_token' ]
|
|
responseTypes:
|
|
type: array
|
|
items:
|
|
type: string
|
|
enum: [ 'code id_token', 'code', 'id_token', 'none' ]
|
|
tokenEndpointAuthMethod:
|
|
type: string
|
|
enum: [ 'client_secret_basic', 'client_secret_jwt', 'client_secret_post', 'private_key_jwt', 'none' ]
|
|
idTokenSignedResponseAlg:
|
|
type: string
|
|
enum: [ 'PS256','RS256', 'ES256' ]
|
|
allowedGroups:
|
|
type: array
|
|
items:
|
|
type: string
|
|
availableScopes:
|
|
type: array
|
|
items:
|
|
type: string
|
|
enum: [ 'openid', 'profile', 'offline_access' ]
|
|
default: [ 'openid' ]
|
|
pkce:
|
|
type: boolean
|
|
default: true
|
|
status:
|
|
type: object
|
|
properties:
|
|
gateway:
|
|
type: string
|
|
additionalPrinterColumns:
|
|
- name: Gateway
|
|
type: string
|
|
description: 'OIDC gateway deployment which manages this client'
|
|
jsonPath: .status.gateway
|
|
- name: Uris
|
|
type: string
|
|
description: 'Redirect URLs configured for this client'
|
|
jsonPath: .spec.redirectUris
|
|
- name: Allowed groups
|
|
type: string
|
|
description: 'Groups allowed to this client'
|
|
jsonPath: .spec.allowedGroups
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: oidcgatewaymiddlewareclients.codemowers.io
|
|
spec:
|
|
group: codemowers.io
|
|
names:
|
|
plural: oidcgatewaymiddlewareclients
|
|
singular: oidcgatewaymiddlewareclient
|
|
kind: OIDCGWMiddlewareClient
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: { }
|
|
schema:
|
|
openAPIV3Schema:
|
|
required:
|
|
- spec
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
uri:
|
|
type: string
|
|
displayName:
|
|
type: string
|
|
allowedGroups:
|
|
type: array
|
|
items:
|
|
type: string
|
|
headerMapping:
|
|
type: object
|
|
default:
|
|
user: 'Remote-User'
|
|
name: 'Remote-Name'
|
|
email: 'Remote-Email'
|
|
groups: 'Remote-Groups'
|
|
properties:
|
|
user:
|
|
type: string
|
|
name:
|
|
type: string
|
|
email:
|
|
type: string
|
|
groups:
|
|
type: string
|
|
status:
|
|
type: object
|
|
properties:
|
|
gateway:
|
|
type: string
|
|
additionalPrinterColumns:
|
|
- name: Gateway
|
|
type: string
|
|
description: 'OIDC gateway deployment which manages this client'
|
|
jsonPath: .status.gateway
|
|
- name: Uri
|
|
type: string
|
|
description: 'URL configured for this client'
|
|
jsonPath: .spec.uri
|
|
- name: Allowed groups
|
|
type: string
|
|
description: 'Groups allowed to this client'
|
|
jsonPath: .spec.allowedGroups
|