apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 labels: app.kubernetes.io/name: airlock-microgateway-operator app.kubernetes.io/version: 4.3.1 name: accesscontrols.microgateway.airlock.com spec: group: microgateway.airlock.com names: categories: - airlock-microgateway kind: AccessControl listKind: AccessControlList plural: accesscontrols singular: accesscontrol scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha1 schema: openAPIV3Schema: description: AccessControl specifies the options to perform access control with a Microgateway Engine container. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: Specifies how the Airlock Microgateway Engine performs access control. properties: policies: description: Policies configures access control policies. items: properties: authorization: description: Authorization configures how requests are authorized. An empty object value {} disables authorization. properties: authentication: description: Authentication specifies that clients need to be authenticated with the provided method. properties: oidc: description: OIDC configures client authentication using OpenID Connect. properties: oidcRelyingPartyRef: description: OIDCRelyingPartyRef configures how the Airlock Microgateway Engine interacts with the OpenID provider. properties: name: description: Name of the resource minLength: 1 type: string required: - name type: object required: - oidcRelyingPartyRef type: object type: object type: object identityPropagation: description: IdentityPropagation configures how the authenticated user's identity is communicated to the protected application. properties: actions: description: Actions specifies the propagation actions. items: properties: identityPropagationRef: description: IdentityPropagationRef selects an IdentityPropagation to apply. properties: name: description: Name of the resource minLength: 1 type: string required: - name type: object required: - identityPropagationRef type: object type: array onFailure: description: |- OnFailure configures what should happen, if an identity propagation fails. Meaning of the possible values: _Pass_: The request should be forwarded to the upstream, without including the information from the failed identity propagations. enum: - Pass type: string required: - actions - onFailure type: object required: - authorization type: object maxItems: 1 minItems: 1 type: array required: - policies type: object required: - spec type: object served: true storage: true subresources: {}