{
  "description": "User is an Azure SQL user",
  "properties": {
    "apiVersion": {
      "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
      "type": "string"
    },
    "kind": {
      "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
      "type": "string"
    },
    "metadata": {
      "type": "object"
    },
    "spec": {
      "properties": {
        "azureName": {
          "description": "AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it\ndoesn't have to be.\nIf not specified, the default is the name of the Kubernetes object.\nWhen creating a local user, this will be the name of the user created.\nWhen creating an AAD user, this must have a specific format depending on the type of AAD user being created.\nFor managed identity: \"my-managed-identity-name\"\nFor standard AAD user: \"myuser@mydomain.onmicrosoft.com\"\nFor AAD group: \"my-group\"",
          "type": "string"
        },
        "localUser": {
          "description": "LocalUser contains details for creating a standard (non-aad) Azure SQL User",
          "properties": {
            "password": {
              "description": "Password is the password to use for the user",
              "properties": {
                "key": {
                  "description": "Key is the key in the Kubernetes secret being referenced",
                  "type": "string"
                },
                "name": {
                  "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource",
                  "type": "string"
                }
              },
              "required": [
                "key",
                "name"
              ],
              "type": "object",
              "additionalProperties": false
            },
            "serverAdminPassword": {
              "description": "ServerAdminPassword is a reference to a secret containing the servers administrator password.",
              "properties": {
                "key": {
                  "description": "Key is the key in the Kubernetes secret being referenced",
                  "type": "string"
                },
                "name": {
                  "description": "Name is the name of the Kubernetes secret being referenced.\nThe secret must be in the same namespace as the resource",
                  "type": "string"
                }
              },
              "required": [
                "key",
                "name"
              ],
              "type": "object",
              "additionalProperties": false
            },
            "serverAdminUsername": {
              "description": "ServerAdminUsername is the username of the Server administrator. If the\nadministrator is a group, the ServerAdminUsername should be the group name, not the actual username of the\nidentity to log in with. For example if the administrator group is \"admin-group\" and identity \"my-identity\" is\na member of that group, the ServerAdminUsername should be \"admin-group\".",
              "type": "string"
            }
          },
          "required": [
            "password",
            "serverAdminPassword",
            "serverAdminUsername"
          ],
          "type": "object",
          "additionalProperties": false
        },
        "owner": {
          "description": "Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also\ncontrols the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a\nreference to an sql.azure.com/ServersDatabase resource",
          "properties": {
            "armId": {
              "pattern": "(?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$)",
              "type": "string"
            },
            "name": {
              "description": "This is the name of the Kubernetes resource to reference.",
              "type": "string"
            }
          },
          "type": "object",
          "additionalProperties": false
        },
        "roles": {
          "description": "The roles assigned to the user.\nSee https://learn.microsoft.com/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver16#fixed-database-roles\nfor the fixed set of roles supported by Azure SQL.\nRoles include the following: db_owner, db_securityadmin, db_accessadmin, db_backupoperator,\ndb_ddladmin, db_datawriter, db_datareader, db_denydatawriter, and db_denydatareader.",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      },
      "required": [
        "localUser",
        "owner"
      ],
      "type": "object",
      "additionalProperties": false
    },
    "status": {
      "properties": {
        "conditions": {
          "description": "Conditions: The observed state of the resource",
          "items": {
            "description": "Condition defines an extension to status (an observation) of a resource",
            "properties": {
              "lastTransitionTime": {
                "description": "LastTransitionTime is the last time the condition transitioned from one status to another.",
                "format": "date-time",
                "type": "string"
              },
              "message": {
                "description": "Message is a human readable message indicating details about the transition. This field may be empty.",
                "type": "string"
              },
              "observedGeneration": {
                "description": "ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if\n.metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.",
                "format": "int64",
                "type": "integer"
              },
              "reason": {
                "description": "Reason for the condition's last transition.\nReasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty.",
                "type": "string"
              },
              "severity": {
                "description": "Severity with which to treat failures of this type of condition.\nFor conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True\nFor conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False.\nThis is omitted in all cases when Status == Unknown",
                "type": "string"
              },
              "status": {
                "description": "Status of the condition, one of True, False, or Unknown.",
                "type": "string"
              },
              "type": {
                "description": "Type of condition.",
                "type": "string"
              }
            },
            "required": [
              "lastTransitionTime",
              "reason",
              "status",
              "type"
            ],
            "type": "object",
            "additionalProperties": false
          },
          "type": "array"
        }
      },
      "type": "object",
      "additionalProperties": false
    }
  },
  "type": "object"
}