mirror of
https://github.com/morten-olsen/homelab-operator.git
synced 2026-02-08 01:36:28 +01:00
lot more stuff
This commit is contained in:
Morten Olsen
369
src/__generated__/resources/K8SRequestAuthenticationV1beta1.json
generated
Normal file
369
src/__generated__/resources/K8SRequestAuthenticationV1beta1.json
generated
Normal file
@@ -0,0 +1,369 @@
|
||||
{
|
||||
"properties": {
|
||||
"spec": {
|
||||
"description": "Request authentication configuration for workloads. See more details at: https://istio.io/docs/reference/config/security/request_authentication.html",
|
||||
"properties": {
|
||||
"jwtRules": {
|
||||
"description": "Define the list of JWTs that can be validated at the selected workloads' proxy.",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"issuer"
|
||||
],
|
||||
"properties": {
|
||||
"audiences": {
|
||||
"description": "The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) that are allowed to access.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
}
|
||||
},
|
||||
"forwardOriginalToken": {
|
||||
"description": "If set to true, the original token will be kept for the upstream request.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"fromCookies": {
|
||||
"description": "List of cookie names from which JWT is expected.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
}
|
||||
},
|
||||
"fromHeaders": {
|
||||
"description": "List of header locations from which JWT is expected.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"name"
|
||||
],
|
||||
"properties": {
|
||||
"name": {
|
||||
"description": "The HTTP header name.",
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
},
|
||||
"prefix": {
|
||||
"description": "The prefix that should be stripped before decoding the token.",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"fromParams": {
|
||||
"description": "List of query parameters from which JWT is expected.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
}
|
||||
},
|
||||
"issuer": {
|
||||
"description": "Identifies the issuer that issued the JWT.",
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
},
|
||||
"jwks": {
|
||||
"description": "JSON Web Key Set of public keys to validate signature of the JWT.",
|
||||
"type": "string"
|
||||
},
|
||||
"jwksUri": {
|
||||
"description": "URL of the provider's public key set to validate signature of the JWT.",
|
||||
"type": "string",
|
||||
"maxLength": 2048,
|
||||
"minLength": 1,
|
||||
"x-kubernetes-validations": [
|
||||
{
|
||||
"rule": "url(self).getScheme() in ['http', 'https']",
|
||||
"message": "url must have scheme http:// or https://"
|
||||
}
|
||||
]
|
||||
},
|
||||
"jwks_uri": {
|
||||
"description": "URL of the provider's public key set to validate signature of the JWT.",
|
||||
"type": "string",
|
||||
"maxLength": 2048,
|
||||
"minLength": 1,
|
||||
"x-kubernetes-validations": [
|
||||
{
|
||||
"rule": "url(self).getScheme() in ['http', 'https']",
|
||||
"message": "url must have scheme http:// or https://"
|
||||
}
|
||||
]
|
||||
},
|
||||
"outputClaimToHeaders": {
|
||||
"description": "This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"header",
|
||||
"claim"
|
||||
],
|
||||
"properties": {
|
||||
"claim": {
|
||||
"description": "The name of the claim to be copied from.",
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
},
|
||||
"header": {
|
||||
"description": "The name of the header to be created.",
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
"pattern": "^[-_A-Za-z0-9]+$"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"outputPayloadToHeader": {
|
||||
"description": "This field specifies the header name to output a successfully verified JWT payload to the backend.",
|
||||
"type": "string"
|
||||
},
|
||||
"timeout": {
|
||||
"description": "The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched.",
|
||||
"type": "string",
|
||||
"x-kubernetes-validations": [
|
||||
{
|
||||
"rule": "duration(self) >= duration('1ms')",
|
||||
"message": "must be a valid duration greater than 1ms"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"x-kubernetes-validations": [
|
||||
{
|
||||
"rule": "(has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1",
|
||||
"message": "only one of jwks or jwksUri can be set"
|
||||
}
|
||||
]
|
||||
},
|
||||
"maxItems": 4096,
|
||||
"type": "array"
|
||||
},
|
||||
"selector": {
|
||||
"description": "Optional.",
|
||||
"properties": {
|
||||
"matchLabels": {
|
||||
"additionalProperties": {
|
||||
"type": "string",
|
||||
"maxLength": 63,
|
||||
"x-kubernetes-validations": [
|
||||
{
|
||||
"rule": "!self.contains('*')",
|
||||
"message": "wildcard not allowed in label value match"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.",
|
||||
"maxProperties": 4096,
|
||||
"type": "object",
|
||||
"x_kubernetes_validations": [
|
||||
{
|
||||
"message": "wildcard not allowed in label key match",
|
||||
"rule": "self.all(key, !key.contains('*'))"
|
||||
},
|
||||
{
|
||||
"message": "key must not be empty",
|
||||
"rule": "self.all(key, key.size() != 0)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
},
|
||||
"targetRef": {
|
||||
"properties": {
|
||||
"group": {
|
||||
"description": "group is the group of the target resource.",
|
||||
"maxLength": 253,
|
||||
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
|
||||
"type": "string"
|
||||
},
|
||||
"kind": {
|
||||
"description": "kind is kind of the target resource.",
|
||||
"maxLength": 63,
|
||||
"minLength": 1,
|
||||
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
|
||||
"type": "string"
|
||||
},
|
||||
"name": {
|
||||
"description": "name is the name of the target resource.",
|
||||
"maxLength": 253,
|
||||
"minLength": 1,
|
||||
"type": "string"
|
||||
},
|
||||
"namespace": {
|
||||
"description": "namespace is the namespace of the referent.",
|
||||
"type": "string",
|
||||
"x_kubernetes_validations": [
|
||||
{
|
||||
"message": "cross namespace referencing is not currently supported",
|
||||
"rule": "self.size() == 0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
"kind",
|
||||
"name"
|
||||
],
|
||||
"type": "object",
|
||||
"x_kubernetes_validations": [
|
||||
{
|
||||
"message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway",
|
||||
"rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
|
||||
}
|
||||
]
|
||||
},
|
||||
"targetRefs": {
|
||||
"description": "Optional.",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"kind",
|
||||
"name"
|
||||
],
|
||||
"properties": {
|
||||
"group": {
|
||||
"description": "group is the group of the target resource.",
|
||||
"type": "string",
|
||||
"maxLength": 253,
|
||||
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
|
||||
},
|
||||
"kind": {
|
||||
"description": "kind is kind of the target resource.",
|
||||
"type": "string",
|
||||
"maxLength": 63,
|
||||
"minLength": 1,
|
||||
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$"
|
||||
},
|
||||
"name": {
|
||||
"description": "name is the name of the target resource.",
|
||||
"type": "string",
|
||||
"maxLength": 253,
|
||||
"minLength": 1
|
||||
},
|
||||
"namespace": {
|
||||
"description": "namespace is the namespace of the referent.",
|
||||
"type": "string",
|
||||
"x-kubernetes-validations": [
|
||||
{
|
||||
"rule": "self.size() == 0",
|
||||
"message": "cross namespace referencing is not currently supported"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"x-kubernetes-validations": [
|
||||
{
|
||||
"rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]",
|
||||
"message": "Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway"
|
||||
}
|
||||
]
|
||||
},
|
||||
"maxItems": 16,
|
||||
"type": "array"
|
||||
}
|
||||
},
|
||||
"type": "object",
|
||||
"x_kubernetes_validations": [
|
||||
{
|
||||
"message": "only one of targetRefs or selector can be set",
|
||||
"rule": "(has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1"
|
||||
}
|
||||
]
|
||||
},
|
||||
"status": {
|
||||
"properties": {
|
||||
"conditions": {
|
||||
"description": "Current service state of the resource.",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"lastProbeTime": {
|
||||
"description": "Last time we probed the condition.",
|
||||
"type": "string",
|
||||
"format": "date-time"
|
||||
},
|
||||
"lastTransitionTime": {
|
||||
"description": "Last time the condition transitioned from one status to another.",
|
||||
"type": "string",
|
||||
"format": "date-time"
|
||||
},
|
||||
"message": {
|
||||
"description": "Human-readable message indicating details about last transition.",
|
||||
"type": "string"
|
||||
},
|
||||
"reason": {
|
||||
"description": "Unique, one-word, CamelCase reason for the condition's last transition.",
|
||||
"type": "string"
|
||||
},
|
||||
"status": {
|
||||
"description": "Status is the status of the condition.",
|
||||
"type": "string"
|
||||
},
|
||||
"type": {
|
||||
"description": "Type is the type of the condition.",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"type": "array"
|
||||
},
|
||||
"observedGeneration": {
|
||||
"anyOf": [
|
||||
{
|
||||
"type": "integer"
|
||||
},
|
||||
{
|
||||
"type": "string"
|
||||
}
|
||||
],
|
||||
"description": "Resource Generation to which the Reconciled Condition refers.",
|
||||
"x_kubernetes_int_or_string": true
|
||||
},
|
||||
"validationMessages": {
|
||||
"description": "Includes any errors or warnings detected by Istio's analyzers.",
|
||||
"items": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"documentationUrl": {
|
||||
"description": "A url pointing to the Istio documentation for this specific error type.",
|
||||
"type": "string"
|
||||
},
|
||||
"level": {
|
||||
"description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO",
|
||||
"type": "string",
|
||||
"enum": [
|
||||
"UNKNOWN",
|
||||
"ERROR",
|
||||
"WARNING",
|
||||
"INFO"
|
||||
]
|
||||
},
|
||||
"type": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"code": {
|
||||
"description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.",
|
||||
"type": "string"
|
||||
},
|
||||
"name": {
|
||||
"description": "A human-readable name for the message type.",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"type": "array"
|
||||
}
|
||||
},
|
||||
"type": "object",
|
||||
"x_kubernetes_preserve_unknown_fields": true
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
}
|
||||
Reference in New Issue
Block a user