/* eslint-disable */ /** * This file was automatically generated by json-schema-to-typescript. * DO NOT MODIFY IT BY HAND. Instead, modify the source JSONSchema file, * and run json-schema-to-typescript to regenerate this file. */ /** * AppProject provides a logical grouping of applications, providing controls for: * * where the apps may deploy to (cluster whitelist) * * what may be deployed (repository whitelist, resource whitelist/blacklist) * * who can access these applications (roles, OIDC group claims bindings) * * and what they can do (RBAC policies) * * automation access to these roles (JWT tokens) */ export interface K8SAppProjectV1Alpha1 { /** * APIVersion defines the versioned schema of this representation of an object. * Servers should convert recognized schemas to the latest internal value, and * may reject unrecognized values. * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources */ apiVersion?: string; /** * Kind is a string value representing the REST resource this object represents. * Servers may infer this from the endpoint the client submits requests to. * Cannot be updated. * In CamelCase. * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ kind?: string; metadata: {}; /** * AppProjectSpec is the specification of an AppProject */ spec: { /** * ClusterResourceBlacklist contains list of blacklisted cluster level resources */ clusterResourceBlacklist?: { group: string; kind: string; }[]; /** * ClusterResourceWhitelist contains list of whitelisted cluster level resources */ clusterResourceWhitelist?: { group: string; kind: string; }[]; /** * Description contains optional project description */ description?: string; /** * DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination. */ destinationServiceAccounts?: { /** * DefaultServiceAccount to be used for impersonation during the sync operation */ defaultServiceAccount: string; /** * Namespace specifies the target namespace for the application's resources. */ namespace?: string; /** * Server specifies the URL of the target cluster's Kubernetes control plane API. */ server: string; }[]; /** * Destinations contains list of destinations available for deployment */ destinations?: { /** * Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. */ name?: string; /** * Namespace specifies the target namespace for the application's resources. * The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace */ namespace?: string; /** * Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. */ server?: string; }[]; /** * NamespaceResourceBlacklist contains list of blacklisted namespace level resources */ namespaceResourceBlacklist?: { group: string; kind: string; }[]; /** * NamespaceResourceWhitelist contains list of whitelisted namespace level resources */ namespaceResourceWhitelist?: { group: string; kind: string; }[]; /** * OrphanedResources specifies if controller should monitor orphaned resources of apps in this project */ orphanedResources?: { /** * Ignore contains a list of resources that are to be excluded from orphaned resources monitoring */ ignore?: { group?: string; kind?: string; name?: string; }[]; /** * Warn indicates if warning condition should be created for apps which have orphaned resources */ warn?: boolean; }; /** * PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped */ permitOnlyProjectScopedClusters?: boolean; /** * Roles are user defined RBAC roles associated with this project */ roles?: { /** * Description is a description of the role */ description?: string; /** * Groups are a list of OIDC group claims bound to this role */ groups?: string[]; /** * JWTTokens are a list of generated JWT tokens bound to this role */ jwtTokens?: { exp?: number; iat: number; id?: string; }[]; /** * Name is a name for this role */ name: string; /** * Policies Stores a list of casbin formatted strings that define access policies for the role in the project */ policies?: string[]; }[]; /** * SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync */ signatureKeys?: { /** * The ID of the key in hexadecimal notation */ keyID: string; }[]; /** * SourceNamespaces defines the namespaces application resources are allowed to be created in */ sourceNamespaces?: string[]; /** * SourceRepos contains list of repository URLs which can be used for deployment */ sourceRepos?: string[]; /** * SyncWindows controls when syncs can be run for apps in this project */ syncWindows?: { /** * UseAndOperator use AND operator for matching applications, namespaces and clusters instead of the default OR operator */ andOperator?: boolean; /** * Applications contains a list of applications that the window will apply to */ applications?: string[]; /** * Clusters contains a list of clusters that the window will apply to */ clusters?: string[]; /** * Duration is the amount of time the sync window will be open */ duration?: string; /** * Kind defines if the window allows or blocks syncs */ kind?: string; /** * ManualSync enables manual syncs when they would otherwise be blocked */ manualSync?: boolean; /** * Namespaces contains a list of namespaces that the window will apply to */ namespaces?: string[]; /** * Schedule is the time the window will begin, specified in cron format */ schedule?: string; /** * TimeZone of the sync that will be applied to the schedule */ timeZone?: string; }[]; }; /** * AppProjectStatus contains status information for AppProject CRs */ status?: { /** * JWTTokensByRole contains a list of JWT tokens issued for a given role */ jwtTokensByRole?: { /** * JWTTokens represents a list of JWT tokens */ [k: string]: { items?: { exp?: number; iat: number; id?: string; }[]; }; }; }; }