{ "description": "AzureClusterIdentity is the Schema for the azureclustersidentities API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AzureClusterIdentitySpec defines the parameters that are used to create an AzureIdentity.", "properties": { "allowedNamespaces": { "description": "AllowedNamespaces is used to identify the namespaces the clusters are allowed to use the identity from.\nNamespaces can be selected either using an array of namespaces or with label selector.\nAn empty allowedNamespaces object indicates that AzureClusters can use this identity from any namespace.\nIf this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided)\nA namespace should be either in the NamespaceList or match with Selector to use the identity.", "nullable": true, "properties": { "list": { "description": "A nil or empty list indicates that AzureCluster cannot use the identity from any namespace.", "items": { "type": "string" }, "nullable": true, "type": "array" }, "selector": { "description": "Selector is a selector of namespaces that AzureCluster can\nuse this Identity from. This is a standard Kubernetes LabelSelector,\na label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed.\n\n\nA nil or empty selector indicates that AzureCluster cannot use this\nAzureClusterIdentity from any namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "clientID": { "description": "ClientID is the service principal client ID.\nBoth User Assigned MSI and SP can use this field.", "type": "string" }, "clientSecret": { "description": "ClientSecret is a secret reference which should contain either a Service Principal password or certificate secret.", "properties": { "name": { "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceID": { "description": "ResourceID is the Azure resource ID for the User Assigned MSI resource.\nOnly applicable when type is UserAssignedMSI.\n\n\nDeprecated: This field no longer has any effect.", "type": "string" }, "tenantID": { "description": "TenantID is the service principal primary tenant id.", "type": "string" }, "type": { "description": "Type is the type of Azure Identity used.\nServicePrincipal, ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal or WorkloadIdentity.", "enum": [ "ServicePrincipal", "UserAssignedMSI", "ManualServicePrincipal", "ServicePrincipalCertificate", "WorkloadIdentity" ], "type": "string" } }, "required": [ "clientID", "tenantID", "type" ], "type": "object", "additionalProperties": false }, "status": { "description": "AzureClusterIdentityStatus defines the observed state of AzureClusterIdentity.", "properties": { "conditions": { "description": "Conditions defines current service state of the AzureClusterIdentity.", "items": { "description": "Condition defines an observation of a Cluster API resource operational state.", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "A human readable message indicating details about the transition.\nThis field may be empty.", "type": "string" }, "reason": { "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", "type": "string" }, "severity": { "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, "required": [ "lastTransitionTime", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object" }