--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: oidcgatewayusers.codemowers.io spec: group: codemowers.io names: plural: oidcgatewayusers singular: oidcgatewayuser kind: OIDCGWUser scope: Namespaced versions: - name: v1alpha1 served: true storage: true subresources: status: { } schema: openAPIV3Schema: required: - spec type: object properties: spec: type: object properties: email: type: string customGroups: type: array items: type: object properties: prefix: type: string name: type: string customProfile: type: object properties: name: type: string company: type: string githubEmails: type: array items: type: object properties: email: type: string primary: type: boolean default: false githubGroups: type: array items: type: object properties: prefix: type: string enum: [ 'github.com' ] name: type: string githubProfile: type: object properties: name: type: string company: type: string id: type: integer login: type: string slackId: type: string status: type: object properties: primaryEmail: type: string emails: type: array items: type: string groups: type: array items: type: object properties: prefix: type: string name: type: string profile: type: object properties: name: type: string company: type: string slackId: type: string conditions: type: array items: type: object x-kubernetes-embedded-resource: true x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Name type: string jsonPath: .status.profile.name - name: Emails type: string jsonPath: .status.emails - name: Groups type: string jsonPath: .status.groups --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: oidcgatewayclients.codemowers.io spec: group: codemowers.io names: plural: oidcgatewayclients singular: oidcgatewayclient kind: OIDCGWClient scope: Namespaced versions: - name: v1alpha1 served: true storage: true subresources: status: { } schema: openAPIV3Schema: required: - spec type: object properties: spec: type: object required: - redirectUris # TODO: add validation - grantTypes - responseTypes properties: uri: type: string displayName: type: string redirectUris: type: array items: type: string grantTypes: type: array items: type: string enum: [ 'implicit', 'authorization_code', 'refresh_token' ] responseTypes: type: array items: type: string enum: [ 'code id_token', 'code', 'id_token', 'none' ] tokenEndpointAuthMethod: type: string enum: [ 'client_secret_basic', 'client_secret_jwt', 'client_secret_post', 'private_key_jwt', 'none' ] idTokenSignedResponseAlg: type: string enum: [ 'PS256','RS256', 'ES256' ] allowedGroups: type: array items: type: string availableScopes: type: array items: type: string enum: [ 'openid', 'profile', 'offline_access' ] default: [ 'openid' ] pkce: type: boolean default: true status: type: object properties: gateway: type: string additionalPrinterColumns: - name: Gateway type: string description: 'OIDC gateway deployment which manages this client' jsonPath: .status.gateway - name: Uris type: string description: 'Redirect URLs configured for this client' jsonPath: .spec.redirectUris - name: Allowed groups type: string description: 'Groups allowed to this client' jsonPath: .spec.allowedGroups --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: oidcgatewaymiddlewareclients.codemowers.io spec: group: codemowers.io names: plural: oidcgatewaymiddlewareclients singular: oidcgatewaymiddlewareclient kind: OIDCGWMiddlewareClient scope: Namespaced versions: - name: v1alpha1 served: true storage: true subresources: status: { } schema: openAPIV3Schema: required: - spec type: object properties: spec: type: object properties: uri: type: string displayName: type: string allowedGroups: type: array items: type: string headerMapping: type: object default: user: 'Remote-User' name: 'Remote-Name' email: 'Remote-Email' groups: 'Remote-Groups' properties: user: type: string name: type: string email: type: string groups: type: string status: type: object properties: gateway: type: string additionalPrinterColumns: - name: Gateway type: string description: 'OIDC gateway deployment which manages this client' jsonPath: .status.gateway - name: Uri type: string description: 'URL configured for this client' jsonPath: .spec.uri - name: Allowed groups type: string description: 'Groups allowed to this client' jsonPath: .spec.allowedGroups