{
  "description": "HCPAuth is the Schema for the hcpauths API",
  "properties": {
    "apiVersion": {
      "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
      "type": "string"
    },
    "kind": {
      "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
      "type": "string"
    },
    "metadata": {
      "type": "object"
    },
    "spec": {
      "description": "HCPAuthSpec defines the desired state of HCPAuth",
      "properties": {
        "allowedNamespaces": {
          "description": "AllowedNamespaces Kubernetes Namespaces which are allow-listed for use with this AuthMethod.\nThis field allows administrators to customize which Kubernetes namespaces are authorized to\nuse with this AuthMethod. While Vault will still enforce its own rules, this has the added\nconfigurability of restricting which HCPAuthMethods can be used by which namespaces.\nAccepted values:\n[]{\"*\"} - wildcard, all namespaces.\n[]{\"a\", \"b\"} - list of namespaces.\nunset - disallow all namespaces except the Operator's the HCPAuthMethod's namespace, this\nis the default behavior.",
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        "method": {
          "default": "servicePrincipal",
          "description": "Method to use when authenticating to Vault.",
          "enum": [
            "servicePrincipal"
          ],
          "type": "string"
        },
        "organizationID": {
          "description": "OrganizationID of the HCP organization.",
          "type": "string"
        },
        "projectID": {
          "description": "ProjectID of the HCP project.",
          "type": "string"
        },
        "servicePrincipal": {
          "description": "ServicePrincipal provides the necessary configuration for authenticating to\nHCP using a service principal. For security reasons, only project-level\nservice principals should ever be used.",
          "properties": {
            "secretRef": {
              "description": "SecretRef is the name of a Kubernetes secret in the consumer's\n(VDS/VSS/PKI/HCP) namespace which provides the HCP ServicePrincipal clientID,\nand clientSecret.\nThe secret data must have the following structure {\n  \"clientID\": \"clientID\",\n  \"clientSecret\": \"clientSecret\",\n}",
              "type": "string"
            }
          },
          "required": [
            "secretRef"
          ],
          "type": "object",
          "additionalProperties": false
        }
      },
      "required": [
        "organizationID",
        "projectID"
      ],
      "type": "object",
      "additionalProperties": false
    },
    "status": {
      "description": "HCPAuthStatus defines the observed state of HCPAuth",
      "properties": {
        "error": {
          "type": "string"
        },
        "valid": {
          "description": "Valid auth mechanism.",
          "type": "boolean"
        }
      },
      "required": [
        "error",
        "valid"
      ],
      "type": "object",
      "additionalProperties": false
    }
  },
  "type": "object"
}