hydra-maester/config/crd/bases/hydra.ory.sh_oauth2clients.yaml

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.2.9
  creationTimestamp: null
  name: oauth2clients.hydra.ory.sh
spec:
  group: hydra.ory.sh
  names:
    kind: OAuth2Client
    listKind: OAuth2ClientList
    plural: oauth2clients
    singular: oauth2client
  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
        description: OAuth2Client is the Schema for the oauth2clients API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: OAuth2ClientSpec defines the desired state of OAuth2Client
            properties:
              allowedCorsOrigins:
                description: AllowedCorsOrigins is an array of allowed CORS origins
                items:
                  description: RedirectURI represents a redirect URI for the client
                  pattern: \w+:/?/?[^\s]+
                  type: string
                type: array
              audience:
                description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
                items:
                  type: string
                type: array
              clientName:
                description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
                type: string
              grantTypes:
                description: GrantTypes is an array of grant types the client is allowed to use.
                items:
                  description: GrantType represents an OAuth 2.0 grant type
                  enum:
                  - client_credentials
                  - authorization_code
                  - implicit
                  - refresh_token
                  type: string
                maxItems: 4
                minItems: 1
                type: array
              hydraAdmin:
                description: HydraAdmin is the optional configuration to use for managing this client
                properties:
                  endpoint:
                    description: Endpoint is the endpoint for the hydra instance on which to set up the client. This value will override the value provided to `--endpoint` (defaults to `"/clients"` in the application)
                    pattern: (^$|^/.*)
                    type: string
                  forwardedProto:
                    description: ForwardedProto overrides the `--forwarded-proto` flag. The value "off" will force this to be off even if `--forwarded-proto` is specified
                    pattern: (^$|https?|off)
                    type: string
                  port:
                    description: Port is the port for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-port`
                    maximum: 65535
                    type: integer
                  url:
                    description: URL is the URL for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-url`
                    maxLength: 64
                    pattern: (^$|^https?://.*)
                    type: string
                type: object
              metadata:
                description: Metadata is abritrary data
                nullable: true
                type: object
                x-kubernetes-preserve-unknown-fields: true
              postLogoutRedirectUris:
                description: PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
                items:
                  description: RedirectURI represents a redirect URI for the client
                  pattern: \w+:/?/?[^\s]+
                  type: string
                type: array
              redirectUris:
                description: RedirectURIs is an array of the redirect URIs allowed for the application
                items:
                  description: RedirectURI represents a redirect URI for the client
                  pattern: \w+:/?/?[^\s]+
                  type: string
                type: array
              responseTypes:
                description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
                items:
                  description: ResponseType represents an OAuth 2.0 response type strings
                  enum:
                  - id_token
                  - code
                  - token
                  - code token
                  - code id_token
                  - id_token token
                  - code id_token token
                  type: string
                maxItems: 3
                minItems: 1
                type: array
              scope:
                description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
                pattern: ([a-zA-Z0-9\.\*]+\s?)+
                type: string
              secretName:
                description: SecretName points to the K8s secret that contains this client's ID and password
                maxLength: 253
                minLength: 1
                pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
                type: string
              tokenEndpointAuthMethod:
                allOf:
                - enum:
                  - client_secret_basic
                  - client_secret_post
                  - private_key_jwt
                  - none
                - enum:
                  - client_secret_basic
                  - client_secret_post
                  - private_key_jwt
                  - none
                description: Indication which authentication method shoud be used for the token endpoint
                type: string
            required:
            - grantTypes
            - scope
            - secretName
            type: object
          status:
            description: OAuth2ClientStatus defines the observed state of OAuth2Client
            properties:
              observedGeneration:
                description: ObservedGeneration represents the most recent generation observed by the daemon set controller.
                format: int64
                type: integer
              reconciliationError:
                description: ReconciliationError represents an error that occurred during the reconciliation process
                properties:
                  description:
                    description: Description is the description of the reconciliation error
                    type: string
                  statusCode:
                    description: Code is the status code of the reconciliation error
                    type: string
                type: object
            type: object
        type: object
    served: true
    storage: true
    subresources:
      status: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []