kcr_authentication_stackable_tech 3.20260114.154607

Kubernetes Custom Resource Bindings
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

// WARNING: generated by kopium - manual changes will be overwritten
// kopium command: kopium --docs --derive=Default --derive=PartialEq --smart-derive-elision --filename crd-catalog/stackabletech/commons-operator/authentication.stackable.tech/v1alpha1/authenticationclasses.yaml
// kopium version: 0.22.5

#[allow(unused_imports)]
mod prelude {
    pub use kube::CustomResource;
    pub use serde::{Serialize, Deserialize};
}
use self::prelude::*;

#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[kube(group = "authentication.stackable.tech", version = "v1alpha1", kind = "AuthenticationClass", plural = "authenticationclasses")]
#[kube(schema = "disabled")]
#[kube(derive="Default")]
#[kube(derive="PartialEq")]
pub struct AuthenticationClassSpec {
    /// Protocol used for authentication
    pub protocol: AuthenticationClassProtocol,
}

/// Protocol used for authentication
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocol {
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub ldap: Option<AuthenticationClassProtocolLdap>,
}

#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdap {
    /// In case you need a special account for searching the LDAP server you can specify it here
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "bindCredentials")]
    pub bind_credentials: Option<AuthenticationClassProtocolLdapBindCredentials>,
    /// The name of the email field
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "emailField")]
    pub email_field: Option<String>,
    /// The name of the firstname field
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "firstnameField")]
    pub firstname_field: Option<String>,
    /// The name of the group field
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "groupField")]
    pub group_field: Option<String>,
    /// Hostname of the LDAP server
    pub hostname: String,
    /// The name of the lastname field
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastnameField")]
    pub lastname_field: Option<String>,
    /// Port of the LDAP server
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub port: Option<u16>,
    /// LDAP search base
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "searchBase")]
    pub search_base: Option<String>,
    /// LDAP query to filter users
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "searchFilter")]
    pub search_filter: Option<String>,
    /// Use a TLS connection. If not specified no TLS will be used
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub tls: Option<AuthenticationClassProtocolLdapTls>,
    /// The name of the username field
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "uidField")]
    pub uid_field: Option<String>,
}

/// In case you need a special account for searching the LDAP server you can specify it here
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdapBindCredentials {
    /// [Scope](<https://docs.stackable.tech/secret-operator/scope.html)> of the [SecretClass](<https://docs.stackable.tech/secret-operator/secretclass.html)>
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub scope: Option<AuthenticationClassProtocolLdapBindCredentialsScope>,
    /// [SecretClass](<https://docs.stackable.tech/secret-operator/secretclass.html)> containing the LDAP bind credentials
    #[serde(rename = "secretClass")]
    pub secret_class: String,
}

/// [Scope](<https://docs.stackable.tech/secret-operator/scope.html)> of the [SecretClass](<https://docs.stackable.tech/secret-operator/secretclass.html)>
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdapBindCredentialsScope {
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub node: Option<bool>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub pod: Option<bool>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub services: Option<Vec<String>>,
}

/// Use a TLS connection. If not specified no TLS will be used
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdapTls {
    /// Use TLS but don't verify certificates. We have to use an empty struct instead of an empty Enum because of limitations of [kube-rs](<https://github.com/kube-rs/kube-rs/)>
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub insecure: Option<AuthenticationClassProtocolLdapTlsInsecure>,
    /// Use TLS and ca certificate to verify the server and the client
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "mutualVerification")]
    pub mutual_verification: Option<AuthenticationClassProtocolLdapTlsMutualVerification>,
    /// Use TLS and ca certificate to verify the server
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "serverVerification")]
    pub server_verification: Option<AuthenticationClassProtocolLdapTlsServerVerification>,
    /// Use TLS and the ca certificates provided by the system - in this case the Docker image - to verify the server. This can be useful when you e.g. use public AWS S3 or other public available services.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemProvided")]
    pub system_provided: Option<AuthenticationClassProtocolLdapTlsSystemProvided>,
}

/// Use TLS but don't verify certificates. We have to use an empty struct instead of an empty Enum because of limitations of [kube-rs](<https://github.com/kube-rs/kube-rs/)>
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdapTlsInsecure {
}

/// Use TLS and ca certificate to verify the server and the client
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdapTlsMutualVerification {
    /// [SecretClass](<https://docs.stackable.tech/secret-operator/secretclass.html)> which will provide ca.crt, tls.crt and tls.key
    #[serde(rename = "secretClass")]
    pub secret_class: String,
}

/// Use TLS and ca certificate to verify the server
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdapTlsServerVerification {
    /// Ca cert to verify the server
    #[serde(rename = "serverCaCert")]
    pub server_ca_cert: AuthenticationClassProtocolLdapTlsServerVerificationServerCaCert,
}

/// Ca cert to verify the server
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdapTlsServerVerificationServerCaCert {
    /// Name of the ConfigMap containing the ca cert. Key must be "ca.crt".
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub configmap: Option<String>,
    /// Path to the ca cert
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub path: Option<String>,
    /// Name of the Secret containing the ca cert. Key must be "ca.crt".
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub secret: Option<String>,
    /// Name of the SecretClass which will provide the ca cert
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretClass")]
    pub secret_class: Option<String>,
}

/// Use TLS and the ca certificates provided by the system - in this case the Docker image - to verify the server. This can be useful when you e.g. use public AWS S3 or other public available services.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct AuthenticationClassProtocolLdapTlsSystemProvided {
}