UNPKG

@soft-stech/keda

Version:
105 lines (104 loc) 4.24 kB
import { z } from "zod"; import { iObjectMetaSchema } from "@soft-stech/apimachinery/apis/meta/v1/ObjectMeta.schema"; /** * TriggerAuthentication defines how a trigger can authenticate */ export const ITriggerAuthenticationSchema = z.object({ /** * APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources */ "apiVersion": z.literal("keda.sh/v1alpha1"), /** * Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ "kind": z.literal("TriggerAuthentication"), "metadata": iObjectMetaSchema.optional(), /** * TriggerAuthenticationSpec defines the various ways to authenticate */ "spec": z.object({ /** * AzureKeyVault is used to authenticate using Azure Key Vault */ "azureKeyVault": z.object({ "cloud": z.object({ "activeDirectoryEndpoint": z.string().optional(), "keyVaultResourceURL": z.string().optional(), "type": z.string() }).optional(), "credentials": z.object({ "clientId": z.string(), "clientSecret": z.object({ "valueFrom": z.object({ "secretKeyRef": z.object({ "key": z.string(), "name": z.string() }) }) }), "tenantId": z.string() }).optional(), /** * AuthPodIdentity allows users to select the platform native identity mechanism */ "podIdentity": z.object({ "identityId": z.string().optional(), /** * PodIdentityProvider contains the list of providers */ "provider": z.string() }).optional(), "secrets": z.array(z.object({ "name": z.string(), "parameter": z.string(), "version": z.string().optional() })), "vaultUri": z.string() }).optional(), "env": z.array(z.object({ "containerName": z.string().optional(), "name": z.string(), "parameter": z.string() })).optional(), /** * HashiCorpVault is used to authenticate using Hashicorp Vault */ "hashiCorpVault": z.object({ "address": z.string(), /** * VaultAuthentication contains the list of Hashicorp Vault authentication methods */ "authentication": z.string(), /** * Credential defines the Hashicorp Vault credentials depending on the authentication method */ "credential": z.object({ "serviceAccount": z.string().optional(), "token": z.string().optional() }).optional(), "mount": z.string().optional(), "namespace": z.string().optional(), "role": z.string().optional(), "secrets": z.array(z.object({ "key": z.string(), "parameter": z.string(), "path": z.string() })) }).optional(), /** * AuthPodIdentity allows users to select the platform native identity mechanism */ "podIdentity": z.object({ "identityId": z.string().optional(), /** * PodIdentityProvider contains the list of providers */ "provider": z.string() }).optional(), "secretTargetRef": z.array(z.object({ "key": z.string(), "name": z.string(), "parameter": z.string() })).optional() }) });