{ "description": "IntegrationConfig is the Schema for the integrationConfigs API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "IntegrationConfigSpec defines the desired state of IntegrationConfig", "properties": { "argocd": { "description": "ArgoCD contains details about argocd Applications and AppProjects", "properties": { "clusterResourceWhitelist": { "description": "ClusterResourceWhitelist contains list of whitelisted cluster level resources", "items": { "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", "properties": { "group": { "type": "string" }, "kind": { "type": "string" } }, "required": [ "group", "kind" ], "type": "object", "additionalProperties": false }, "type": "array" }, "namespace": { "description": "Namespace should contain the name of the namespace in which to deploy ArgoCD AppProjects", "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])$", "type": "string" }, "namespaceResourceBlacklist": { "description": "NamespaceResourceBlacklist contains list of blacklisted namespace level resources", "items": { "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", "properties": { "group": { "type": "string" }, "kind": { "type": "string" } }, "required": [ "group", "kind" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "namespace" ], "type": "object", "additionalProperties": false }, "nexus": { "description": "Nexus is the config for a managed application.", "properties": { "enabled": { "default": false, "type": "boolean" }, "endpoint": { "description": "Endpoint is used to connect to an application", "properties": { "secretReference": { "description": "SecretReference contains details of a secret", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false }, "url": { "type": "string" } }, "type": "object", "additionalProperties": false }, "sso": { "description": "SSO contains details for single sign on", "properties": { "accessorID": { "type": "string" }, "clientName": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "enabled" ], "type": "object", "additionalProperties": false }, "openshift": { "description": "Openshift is the config containing labels and annotations", "properties": { "clusterAdminGroups": { "description": "ClusterAdminGroups contains groups which are admins of tenants", "items": { "type": "string" }, "type": "array" }, "group": { "description": "Group contains labels and annotations applied to the group", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "additionalProperties": false }, "namespaceAccessPolicy": { "description": "NamespaceAccessPolicy contains groups/users which are denied access over managed namespaces", "properties": { "deny": { "description": "Policy contains policies relating to privilegedNamespaces", "properties": { "privilegedNamespaces": { "description": "PrivilegedNamespaces contains groups/users", "properties": { "groups": { "items": { "type": "string" }, "type": "array" }, "users": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "privilegedNamespaces": { "description": "PrivilegedNamespaces contains list of privileged namespaces regex", "items": { "type": "string" }, "type": "array" }, "privilegedServiceAccounts": { "description": "PrivilegedServiceAccounts contains list of privileged serviceAccounts regex", "items": { "type": "string" }, "type": "array" }, "project": { "description": "Project contains labels and annotations applied to the namespace", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "additionalProperties": false }, "sandbox": { "description": "Sandbox contains labels and annotations applied to the sandbox", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, "type": "object" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "rhsso": { "description": "Nexus is the config for a managed application.", "properties": { "enabled": { "default": false, "type": "boolean" }, "endpoint": { "description": "Endpoint is used to connect to an application", "properties": { "secretReference": { "description": "SecretReference contains details of a secret", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false }, "url": { "type": "string" } }, "type": "object", "additionalProperties": false }, "sso": { "description": "SSO contains details for single sign on", "properties": { "accessorID": { "type": "string" }, "clientName": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "enabled" ], "type": "object", "additionalProperties": false }, "tenantRoles": { "default": { "default": { "editor": { "clusterRoles": [ "edit" ] }, "owner": { "clusterRoles": [ "admin" ] }, "viewer": { "clusterRoles": [ "view" ] } } }, "description": "TenantRoles sets the default Owner/Editor/Viewer and/or custom roles for each tenant", "properties": { "custom": { "description": "CustomRoles is an optional Label selector method to apply roles to specific namespaces. These roles will override the existing Default Roles", "items": { "properties": { "editor": { "description": "EditorRoles apply to the tenant Editors", "properties": { "clusterRoles": { "description": "ClusterRoles is a string slice/array of ClusterRoles", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "labelSelector": { "description": "LabelSelector is the label selector that will be used to find namespaces to apply roles to", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "items": { "type": "string" }, "type": "array" } }, "required": [ "key", "operator" ], "type": "object", "additionalProperties": false }, "type": "array" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "owner": { "description": "OwnerRoles apply to the tenant Owners", "properties": { "clusterRoles": { "description": "ClusterRoles is a string slice/array of ClusterRoles", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "viewer": { "description": "ViewerRoles apply to the tenant Viewers", "properties": { "clusterRoles": { "description": "ClusterRoles is a string slice/array of ClusterRoles", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "required": [ "labelSelector" ], "type": "object", "additionalProperties": false }, "type": "array" }, "default": { "default": { "editor": { "clusterRoles": [ "edit" ] }, "owner": { "clusterRoles": [ "admin" ] }, "viewer": { "clusterRoles": [ "view" ] } }, "description": "DefaultRoles contains the default roles that will be applied to each tenant. Required field.", "properties": { "editor": { "description": "EditorRoles apply to the tenant Editors", "properties": { "clusterRoles": { "description": "ClusterRoles is a string slice/array of ClusterRoles", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "owner": { "description": "OwnerRoles apply to the tenant Owners", "properties": { "clusterRoles": { "description": "ClusterRoles is a string slice/array of ClusterRoles", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "viewer": { "description": "ViewerRoles apply to the tenant Viewers", "properties": { "clusterRoles": { "description": "ClusterRoles is a string slice/array of ClusterRoles", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "default" ], "type": "object", "additionalProperties": false }, "vault": { "description": "Nexus is the config for a managed application.", "properties": { "enabled": { "default": false, "type": "boolean" }, "endpoint": { "description": "Endpoint is used to connect to an application", "properties": { "secretReference": { "description": "SecretReference contains details of a secret", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false }, "url": { "type": "string" } }, "type": "object", "additionalProperties": false }, "sso": { "description": "SSO contains details for single sign on", "properties": { "accessorID": { "type": "string" }, "clientName": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "enabled" ], "type": "object", "additionalProperties": false } }, "required": [ "tenantRoles" ], "type": "object", "additionalProperties": false }, "status": { "description": "IntegrationConfigStatus defines the observed state of IntegrationConfig", "properties": { "roleBindingsToDelete": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "description": "RoleBindingsToDelete contains all of the rolebindings that have been whenever the roles cache config map gets updated", "type": "object" } }, "type": "object", "additionalProperties": false } }, "type": "object" }