@datatr-ux/ovhcloud-types
Version:
TypeScript types for OVHCloud projects
23 lines • 1.96 kB
TypeScript
import { OpenIdConnectSigningAlgorithmsEnum } from './kube/OpenIdConnectSigningAlgorithmsEnum';
/** Update model for OIDC */
export interface ProjectKubeOpenIdConnectUpdate {
/** Content of the certificate for the CA, in base64 format, that signed your identity provider's web certificate. Defaults to the host's root CAs. */
caContent?: string;
/** Client ID */
clientId: string;
/** JWT claim to use as the user's group. If the claim is present it must be an array of strings. */
groupsClaim?: string[];
/** Prefix prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: will create group names like oidc:engineering and oidc:infra. */
groupsPrefix?: string;
/** Issuer URL */
issuerUrl: string;
/** key=value pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with a matching value. */
requiredClaim?: string[];
/** The signing algorithms accepted. Default is "RS256". */
signingAlgorithms?: OpenIdConnectSigningAlgorithmsEnum[];
/** JWT claim to use as the user name. By default sub, which is expected to be a unique identifier of the end user. Admins can choose other claims, such as email or name, depending on their provider. However, claims other than email will be prefixed with the issuer URL to prevent naming clashes with other plugins. */
usernameClaim?: string;
/** Prefix prepended to username claims to prevent clashes with existing names (such as system: users). For example, the value oidc: will create usernames like oidc:jane.doe. If this field isn't set and oidcUsernameClaim is a value other than email the prefix defaults to ( Issuer URL )# where ( Issuer URL ) is the value of oidcIssuerUrl. The value - can be used to disable all prefixing. */
usernamePrefix?: string;
}
//# sourceMappingURL=ProjectKubeOpenIdConnectUpdate.d.ts.map