@soft-stech/keda
Version:
KEDA(Kubernetes Event-driven Autoscaling) models
350 lines (349 loc) • 13.4 kB
JavaScript
import { z } from "zod";
import { iObjectMetaSchema } from "@soft-stech/apimachinery/apis/meta/v1/ObjectMeta.schema";
/**
* TriggerAuthentication defines how a trigger can authenticate
*/
export const ITriggerAuthenticationSchema = z.object({
/**
* APIVersion defines the versioned schema of this representation of an object.
* Servers should convert recognized schemas to the latest internal value, and
* may reject unrecognized values.
* More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
*/
apiVersion: z.literal("keda.sh/v1alpha1"),
/**
* Kind is a string value representing the REST resource this object represents.
* Servers may infer this from the endpoint the client submits requests to.
* Cannot be updated.
* In CamelCase.
* More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
*/
kind: z.literal("TriggerAuthentication"),
metadata: iObjectMetaSchema.optional(),
/**
* TriggerAuthenticationSpec defines the various ways to authenticate
*/
spec: z.object({
/**
* AwsSecretManager is used to authenticate using AwsSecretManager
*/
awsSecretManager: z
.object({
credentials: z
.object({
accessKey: z.object({
valueFrom: z.object({
secretKeyRef: z.object({
key: z.string(),
name: z.string()
})
})
}),
accessSecretKey: z.object({
valueFrom: z.object({
secretKeyRef: z.object({
key: z.string(),
name: z.string()
})
})
}),
accessToken: z
.object({
valueFrom: z.object({
secretKeyRef: z.object({
key: z.string(),
name: z.string()
})
})
})
.optional()
})
.optional(),
/**
* AuthPodIdentity allows users to select the platform native identity
* mechanism
*/
podIdentity: z
.object({
/**
* Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set
*/
identityAuthorityHost: z.string().optional(),
identityId: z.string().optional(),
/**
* IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn
*/
identityOwner: z
.union([z.literal("keda"), z.literal("workload")])
.optional(),
/**
* Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set
*/
identityTenantId: z.string().optional(),
/**
* PodIdentityProvider contains the list of providers
*/
provider: z.union([
z.literal("azure-workload"),
z.literal("gcp"),
z.literal("aws"),
z.literal("aws-eks"),
z.literal("none")
]),
/**
* RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner
*/
roleArn: z.string().optional()
})
.optional(),
region: z.string().optional(),
secrets: z.array(z.object({
name: z.string(),
parameter: z.string(),
versionId: z.string().optional(),
versionStage: z.string().optional()
}))
})
.optional(),
/**
* AzureKeyVault is used to authenticate using Azure Key Vault
*/
azureKeyVault: z
.object({
cloud: z
.object({
activeDirectoryEndpoint: z.string().optional(),
keyVaultResourceURL: z.string().optional(),
type: z.string()
})
.optional(),
credentials: z
.object({
clientId: z.string(),
clientSecret: z.object({
valueFrom: z.object({
secretKeyRef: z.object({
key: z.string(),
name: z.string()
})
})
}),
tenantId: z.string()
})
.optional(),
/**
* AuthPodIdentity allows users to select the platform native identity
* mechanism
*/
podIdentity: z
.object({
/**
* Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set
*/
identityAuthorityHost: z.string().optional(),
identityId: z.string().optional(),
/**
* IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn
*/
identityOwner: z
.union([z.literal("keda"), z.literal("workload")])
.optional(),
/**
* Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set
*/
identityTenantId: z.string().optional(),
/**
* PodIdentityProvider contains the list of providers
*/
provider: z.union([
z.literal("azure-workload"),
z.literal("gcp"),
z.literal("aws"),
z.literal("aws-eks"),
z.literal("none")
]),
/**
* RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner
*/
roleArn: z.string().optional()
})
.optional(),
secrets: z.array(z.object({
name: z.string(),
parameter: z.string(),
version: z.string().optional()
})),
vaultUri: z.string()
})
.optional(),
configMapTargetRef: z
.array(z.object({
key: z.string(),
name: z.string(),
parameter: z.string()
}))
.optional(),
env: z
.array(z.object({
containerName: z.string().optional(),
name: z.string(),
parameter: z.string()
}))
.optional(),
gcpSecretManager: z
.object({
credentials: z
.object({
clientSecret: z.object({
valueFrom: z.object({
secretKeyRef: z.object({
key: z.string(),
name: z.string()
})
})
})
})
.optional(),
/**
* AuthPodIdentity allows users to select the platform native identity
* mechanism
*/
podIdentity: z
.object({
/**
* Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set
*/
identityAuthorityHost: z.string().optional(),
identityId: z.string().optional(),
/**
* IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn
*/
identityOwner: z
.union([z.literal("keda"), z.literal("workload")])
.optional(),
/**
* Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set
*/
identityTenantId: z.string().optional(),
/**
* PodIdentityProvider contains the list of providers
*/
provider: z.union([
z.literal("azure-workload"),
z.literal("gcp"),
z.literal("aws"),
z.literal("aws-eks"),
z.literal("none")
]),
/**
* RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner
*/
roleArn: z.string().optional()
})
.optional(),
secrets: z.array(z.object({
id: z.string(),
parameter: z.string(),
version: z.string().optional()
}))
})
.optional(),
/**
* HashiCorpVault is used to authenticate using Hashicorp Vault
*/
hashiCorpVault: z
.object({
address: z.string(),
/**
* VaultAuthentication contains the list of Hashicorp Vault authentication methods
*/
authentication: z.string(),
/**
* Credential defines the Hashicorp Vault credentials depending on the authentication method
*/
credential: z
.object({
serviceAccount: z.string().optional(),
token: z.string().optional()
})
.optional(),
mount: z.string().optional(),
namespace: z.string().optional(),
role: z.string().optional(),
secrets: z.array(z.object({
key: z.string(),
parameter: z.string(),
path: z.string(),
pkiData: z
.object({
altNames: z.string().optional(),
commonName: z.string().optional(),
format: z.string().optional(),
ipSans: z.string().optional(),
otherSans: z.string().optional(),
ttl: z.string().optional(),
uriSans: z.string().optional()
})
.optional(),
/**
* VaultSecretType defines the type of vault secret
*/
type: z.string().optional()
}))
})
.optional(),
/**
* AuthPodIdentity allows users to select the platform native identity
* mechanism
*/
podIdentity: z
.object({
/**
* Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set
*/
identityAuthorityHost: z.string().optional(),
identityId: z.string().optional(),
/**
* IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn
*/
identityOwner: z
.union([z.literal("keda"), z.literal("workload")])
.optional(),
/**
* Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set
*/
identityTenantId: z.string().optional(),
/**
* PodIdentityProvider contains the list of providers
*/
provider: z.union([
z.literal("azure-workload"),
z.literal("gcp"),
z.literal("aws"),
z.literal("aws-eks"),
z.literal("none")
]),
/**
* RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner
*/
roleArn: z.string().optional()
})
.optional(),
secretTargetRef: z
.array(z.object({
key: z.string(),
name: z.string(),
parameter: z.string()
}))
.optional()
}),
/**
* TriggerAuthenticationStatus defines the observed state of TriggerAuthentication
*/
status: z
.object({
scaledjobs: z.string().optional(),
scaledobjects: z.string().optional()
})
.optional()
});