{ "description": "CephObjectStoreUser represents a Ceph Object Store Gateway User", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ObjectStoreUserSpec represent the spec of an Objectstoreuser", "properties": { "capabilities": { "description": "Additional admin-level capabilities for the Ceph object store user", "nullable": true, "properties": { "amz-cache": { "description": "Add capabilities for user to send request to RGW Cache API header. Documented in https://docs.ceph.com/en/latest/radosgw/rgw-cache/#cache-api", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "bilog": { "description": "Add capabilities for user to change bucket index logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "bucket": { "description": "Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "buckets": { "description": "Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "datalog": { "description": "Add capabilities for user to change data logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "info": { "description": "Admin capabilities to read/write information about the user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "mdlog": { "description": "Add capabilities for user to change metadata logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "metadata": { "description": "Admin capabilities to read/write Ceph object store metadata. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "oidc-provider": { "description": "Add capabilities for user to change oidc provider. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "ratelimit": { "description": "Add capabilities for user to set rate limiter for user and bucket. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "roles": { "description": "Admin capabilities to read/write roles for user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "usage": { "description": "Admin capabilities to read/write Ceph object store usage. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "user": { "description": "Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "user-policy": { "description": "Add capabilities for user to change user policies. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "users": { "description": "Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" }, "zone": { "description": "Admin capabilities to read/write Ceph object store zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities", "enum": [ "*", "read", "write", "read, write" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "clusterNamespace": { "description": "The namespace where the parent CephCluster and CephObjectStore are found", "type": "string" }, "displayName": { "description": "The display name for the ceph users", "type": "string" }, "keys": { "description": "Allows specifying credentials for the user. If not provided, the operator\nwill generate them.", "items": { "description": "ObjectUserKey defines a set of rgw user access credentials to be retrieved\nfrom secret resources.", "properties": { "accessKeyRef": { "description": "Secret key selector for the access_key (commonly referred to as AWS_ACCESS_KEY_ID).", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Secret key selector for the secret_key (commonly referred to as AWS_SECRET_ACCESS_KEY).", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "quotas": { "description": "ObjectUserQuotaSpec can be used to set quotas for the object store user to limit their usage. See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/?#quota-management) for more", "nullable": true, "properties": { "maxBuckets": { "description": "Maximum bucket limit for the ceph user", "nullable": true, "type": "integer" }, "maxObjects": { "description": "Maximum number of objects across all the user's buckets", "format": "int64", "nullable": true, "type": "integer" }, "maxSize": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Maximum size limit of all objects across all the user's buckets\nSee https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info.", "nullable": true, "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "type": "object", "additionalProperties": false }, "store": { "description": "The store the user will be created in", "type": "string" } }, "type": "object", "additionalProperties": false }, "status": { "description": "ObjectStoreUserStatus represents the status Ceph Object Store Gateway User", "properties": { "info": { "additionalProperties": { "type": "string" }, "nullable": true, "type": "object" }, "keys": { "items": { "properties": { "name": { "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { "description": "namespace defines the space within which the secret name must be unique.", "type": "string" }, "resourceVersion": { "type": "string" }, "uid": { "description": "UID is a type that holds unique ID values, including UUIDs. Because we\ndon't ONLY use UUIDs, this is an alias to string. Being a type captures\nintent and helps make sure that UIDs and names do not get conflated.", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "nullable": true, "type": "array" }, "observedGeneration": { "description": "ObservedGeneration is the latest generation observed by the controller.", "format": "int64", "type": "integer" }, "phase": { "type": "string" } }, "type": "object", "x-kubernetes-preserve-unknown-fields": true, "additionalProperties": false } }, "required": [ "metadata", "spec" ], "type": "object" }