UNPKG

@soft-stech/keda

Version:
350 lines (349 loc) 13.4 kB
import { z } from "zod"; import { iObjectMetaSchema } from "@soft-stech/apimachinery/apis/meta/v1/ObjectMeta.schema"; /** * TriggerAuthentication defines how a trigger can authenticate */ export const ITriggerAuthenticationSchema = z.object({ /** * APIVersion defines the versioned schema of this representation of an object. * Servers should convert recognized schemas to the latest internal value, and * may reject unrecognized values. * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources */ apiVersion: z.literal("keda.sh/v1alpha1"), /** * Kind is a string value representing the REST resource this object represents. * Servers may infer this from the endpoint the client submits requests to. * Cannot be updated. * In CamelCase. * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ kind: z.literal("TriggerAuthentication"), metadata: iObjectMetaSchema.optional(), /** * TriggerAuthenticationSpec defines the various ways to authenticate */ spec: z.object({ /** * AwsSecretManager is used to authenticate using AwsSecretManager */ awsSecretManager: z .object({ credentials: z .object({ accessKey: z.object({ valueFrom: z.object({ secretKeyRef: z.object({ key: z.string(), name: z.string() }) }) }), accessSecretKey: z.object({ valueFrom: z.object({ secretKeyRef: z.object({ key: z.string(), name: z.string() }) }) }), accessToken: z .object({ valueFrom: z.object({ secretKeyRef: z.object({ key: z.string(), name: z.string() }) }) }) .optional() }) .optional(), /** * AuthPodIdentity allows users to select the platform native identity * mechanism */ podIdentity: z .object({ /** * Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set */ identityAuthorityHost: z.string().optional(), identityId: z.string().optional(), /** * IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn */ identityOwner: z .union([z.literal("keda"), z.literal("workload")]) .optional(), /** * Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set */ identityTenantId: z.string().optional(), /** * PodIdentityProvider contains the list of providers */ provider: z.union([ z.literal("azure-workload"), z.literal("gcp"), z.literal("aws"), z.literal("aws-eks"), z.literal("none") ]), /** * RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner */ roleArn: z.string().optional() }) .optional(), region: z.string().optional(), secrets: z.array(z.object({ name: z.string(), parameter: z.string(), versionId: z.string().optional(), versionStage: z.string().optional() })) }) .optional(), /** * AzureKeyVault is used to authenticate using Azure Key Vault */ azureKeyVault: z .object({ cloud: z .object({ activeDirectoryEndpoint: z.string().optional(), keyVaultResourceURL: z.string().optional(), type: z.string() }) .optional(), credentials: z .object({ clientId: z.string(), clientSecret: z.object({ valueFrom: z.object({ secretKeyRef: z.object({ key: z.string(), name: z.string() }) }) }), tenantId: z.string() }) .optional(), /** * AuthPodIdentity allows users to select the platform native identity * mechanism */ podIdentity: z .object({ /** * Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set */ identityAuthorityHost: z.string().optional(), identityId: z.string().optional(), /** * IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn */ identityOwner: z .union([z.literal("keda"), z.literal("workload")]) .optional(), /** * Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set */ identityTenantId: z.string().optional(), /** * PodIdentityProvider contains the list of providers */ provider: z.union([ z.literal("azure-workload"), z.literal("gcp"), z.literal("aws"), z.literal("aws-eks"), z.literal("none") ]), /** * RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner */ roleArn: z.string().optional() }) .optional(), secrets: z.array(z.object({ name: z.string(), parameter: z.string(), version: z.string().optional() })), vaultUri: z.string() }) .optional(), configMapTargetRef: z .array(z.object({ key: z.string(), name: z.string(), parameter: z.string() })) .optional(), env: z .array(z.object({ containerName: z.string().optional(), name: z.string(), parameter: z.string() })) .optional(), gcpSecretManager: z .object({ credentials: z .object({ clientSecret: z.object({ valueFrom: z.object({ secretKeyRef: z.object({ key: z.string(), name: z.string() }) }) }) }) .optional(), /** * AuthPodIdentity allows users to select the platform native identity * mechanism */ podIdentity: z .object({ /** * Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set */ identityAuthorityHost: z.string().optional(), identityId: z.string().optional(), /** * IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn */ identityOwner: z .union([z.literal("keda"), z.literal("workload")]) .optional(), /** * Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set */ identityTenantId: z.string().optional(), /** * PodIdentityProvider contains the list of providers */ provider: z.union([ z.literal("azure-workload"), z.literal("gcp"), z.literal("aws"), z.literal("aws-eks"), z.literal("none") ]), /** * RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner */ roleArn: z.string().optional() }) .optional(), secrets: z.array(z.object({ id: z.string(), parameter: z.string(), version: z.string().optional() })) }) .optional(), /** * HashiCorpVault is used to authenticate using Hashicorp Vault */ hashiCorpVault: z .object({ address: z.string(), /** * VaultAuthentication contains the list of Hashicorp Vault authentication methods */ authentication: z.string(), /** * Credential defines the Hashicorp Vault credentials depending on the authentication method */ credential: z .object({ serviceAccount: z.string().optional(), token: z.string().optional() }) .optional(), mount: z.string().optional(), namespace: z.string().optional(), role: z.string().optional(), secrets: z.array(z.object({ key: z.string(), parameter: z.string(), path: z.string(), pkiData: z .object({ altNames: z.string().optional(), commonName: z.string().optional(), format: z.string().optional(), ipSans: z.string().optional(), otherSans: z.string().optional(), ttl: z.string().optional(), uriSans: z.string().optional() }) .optional(), /** * VaultSecretType defines the type of vault secret */ type: z.string().optional() })) }) .optional(), /** * AuthPodIdentity allows users to select the platform native identity * mechanism */ podIdentity: z .object({ /** * Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set */ identityAuthorityHost: z.string().optional(), identityId: z.string().optional(), /** * IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn */ identityOwner: z .union([z.literal("keda"), z.literal("workload")]) .optional(), /** * Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set */ identityTenantId: z.string().optional(), /** * PodIdentityProvider contains the list of providers */ provider: z.union([ z.literal("azure-workload"), z.literal("gcp"), z.literal("aws"), z.literal("aws-eks"), z.literal("none") ]), /** * RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner */ roleArn: z.string().optional() }) .optional(), secretTargetRef: z .array(z.object({ key: z.string(), name: z.string(), parameter: z.string() })) .optional() }), /** * TriggerAuthenticationStatus defines the observed state of TriggerAuthentication */ status: z .object({ scaledjobs: z.string().optional(), scaledobjects: z.string().optional() }) .optional() });