{
  "description": "AzureClusterIdentity is the Schema for the azureclustersidentities API.",
  "properties": {
    "apiVersion": {
      "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
      "type": "string"
    },
    "kind": {
      "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
      "type": "string"
    },
    "metadata": {
      "type": "object"
    },
    "spec": {
      "description": "AzureClusterIdentitySpec defines the parameters that are used to create an AzureIdentity.",
      "properties": {
        "allowedNamespaces": {
          "description": "AllowedNamespaces is an array of namespaces that AzureClusters can use this Identity from. \n An empty list (default) indicates that AzureClusters can use this Identity from any namespace. This field is intentionally not a pointer because the nil behavior (no namespaces) is undesirable here.",
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        "clientID": {
          "description": "Both User Assigned MSI and SP can use this field.",
          "type": "string"
        },
        "clientSecret": {
          "description": "ClientSecret is a secret reference which should contain either a Service Principal password or certificate secret.",
          "properties": {
            "name": {
              "description": "name is unique within a namespace to reference a secret resource.",
              "type": "string"
            },
            "namespace": {
              "description": "namespace defines the space within which the secret name must be unique.",
              "type": "string"
            }
          },
          "type": "object",
          "x-kubernetes-map-type": "atomic",
          "additionalProperties": false
        },
        "resourceID": {
          "description": "User assigned MSI resource id.",
          "type": "string"
        },
        "tenantID": {
          "description": "Service principal primary tenant id.",
          "type": "string"
        },
        "type": {
          "description": "UserAssignedMSI or Service Principal",
          "enum": [
            "ServicePrincipal",
            "UserAssignedMSI"
          ],
          "type": "string"
        }
      },
      "required": [
        "clientID",
        "tenantID",
        "type"
      ],
      "type": "object",
      "additionalProperties": false
    },
    "status": {
      "description": "AzureClusterIdentityStatus defines the observed state of AzureClusterIdentity.",
      "properties": {
        "conditions": {
          "description": "Conditions defines current service state of the AzureClusterIdentity.",
          "items": {
            "description": "Condition defines an observation of a Cluster API resource operational state.",
            "properties": {
              "lastTransitionTime": {
                "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
                "format": "date-time",
                "type": "string"
              },
              "message": {
                "description": "A human readable message indicating details about the transition. This field may be empty.",
                "type": "string"
              },
              "reason": {
                "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.",
                "type": "string"
              },
              "severity": {
                "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.",
                "type": "string"
              },
              "status": {
                "description": "Status of the condition, one of True, False, Unknown.",
                "type": "string"
              },
              "type": {
                "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.",
                "type": "string"
              }
            },
            "required": [
              "status",
              "type"
            ],
            "type": "object",
            "additionalProperties": false
          },
          "type": "array"
        }
      },
      "type": "object",
      "additionalProperties": false
    }
  },
  "type": "object"
}