Spec schema
UserDefinedAuthenticationSpec defines the desired state of UserDefinedAuthentication.
dbclusterRef: string
keytabSecretRef: string
pgHbaEntries:
- string
pgIdentEntries:
- string
ldapConfiguration:
cacheTTLSeconds: integer
enableGroupMapping: boolean
enableLdapOptReferrals: boolean
ldapBaseDN: string
ldapBindDN: string
ldapBindPasswordSecretRef:
name: string
ldapURI: string
ldapsCertificateSecretRef:
name: string
Field TypeRequired or optional |
Description |
---|---|
dbclusterRef
| |
object Required | DBClusterRef is a reference to the target DBCluster in the same namespace to which these authentication settings apply. |
dbclusterRef.name
| |
string Required | Name of the referent. For more information, see Names. |
keytabSecretRef
| |
object Required | KeytabSecretRef is a reference to the Secret resource in the same namespace containing the Kerberos keytab file. The Secret must have a data field named 'krb5.keytab'. |
keytabSecretRef.name
| |
string Required | Name of the referent. For more information, see Names. |
pgHbaEntries
| |
list (string) Required | PgHbaEntries is a list of pg_hba.conf entries that will be applied to the target DBCluster for this authentication method. Each string in the list represents a separate line in the pg_hba.conf file. |
pgIdentEntries
| |
list (string) Optional | PgIdentEntries is an optional list of pg_ident.conf entries (user name maps) that will be applied to the target DBCluster. Each string in the list represents a separate line in the pg_ident.conf file. |
ldapConfiguration
| |
object Optional | LDAPConfiguration holds the settings for group mapping. These settings configure the google_pg_auth extension to perform LDAP lookups for AD group synchronization after a successful GSSAPI login. |
ldapConfiguration.cacheTTLSeconds
| |
integer Optional | CacheTTLSeconds is the time-to-live for the user-to-group mapping cache in seconds. |
ldapConfiguration.enableGroupMapping
| |
boolean Optional | EnableGroupMapping is the switch to turn the AD group synchronization feature on or off. |
ldapConfiguration.enableLdapOptReferrals
| |
boolean Optional | EnableLdapOptReferrals determines whether to enable the LDAP referrals option. |
ldapConfiguration.ldapBaseDN
| |
string Optional | LDAPBaseDN is the Base Distinguished Name for LDAP searches. e.g., "DC=my-corp,DC=com" |
ldapConfiguration.ldapBindDN
| |
string Optional | LDAPBindDN is the Distinguished Name to bind as for the LDAP search. This is the service account user that will perform the group lookups. e.g., "setupadmin@ad-controller.my-corp.com" |
ldapConfiguration.ldapBindPasswordSecretRef
| |
object Optional | LDAPBindPasswordSecretRef is a reference to the Secret in the same namespace that contains the password for the LDAP bind user. The Secret must have a data field named 'password'. |
ldapConfiguration.ldapBindPasswordSecretRef.name
| |
string Optional | Name of the referent. For more information, see Names. |
ldapConfiguration.ldapURI
| |
string Optional | LDAPURI is the URI for the LDAPS or LDAP server. e.g., "ldap://ad-controller.my-corp.com" |
ldapConfiguration.ldapsCertificateSecretRef
| |
object Optional | LDAPSCertificateSecretRef is an optional reference to the Secret in the same namespace that contains the CA certificate for LDAPS. The Secret must have a data field named 'ldap.crt'. |
ldapConfiguration.ldapsCertificateSecretRef.name
| |
string Optional | Name of the referent. For more information, see Names. |
Status schema
UserDefinedAuthenticationStatus defines the observed state of UserDefinedAuthentication.
conditions:
- lastTransitionTime: string
message: string
observedGeneration: integer
reason: string
status: string
type: string
criticalIncidents:
- code: string
createTime: string
message: string
messageTemplateParams: object
resource:
component: string
location:
cluster: string
group: string
kind: string
name: string
namespace: string
version: string
stackTrace:
- component: string
message: string
transientUntil: string
message: string
observedGeneration: integer
reconciled: boolean
state: string
Field TypeRequired or optional |
Description |
---|---|
conditions[]
| |
object Optional | Conditions represents the latest available observations of the entity's current state. |
conditions[].lastTransitionTime
| |
string Required | lastTransitionTime is the last time the condition transitioned from one status to another, which occurs when the underlying condition changed. If the time when the underlying condition changed is unknown, use the time when the API field changed. |
conditions[].message
| |
string Required | message is a human readable message indicating details about the transition. This can be an empty string. |
conditions[].observedGeneration
| |
integer Optional | observedGeneration represents the .metadata.generation that the condition was set based upon. For example, if .metadata.generation is 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
conditions[].reason
| |
string Required | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types can define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value must be a CamelCase string. This field might not be empty. |
conditions[].status
| |
string Required | status of the condition, one of True, False, Unknown. |
conditions[].type
| |
string Required | type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available. Because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regular expression that it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt). |
criticalIncidents[]
| |
object Optional | CriticalIncidents is a flat list of all active Critical Incidents. |
criticalIncidents[].code
| |
string Required |
Code is the error code of this particular error. Error codes are
DBSE+numeric strings, like DBSE1012 .
|
criticalIncidents[].createTime
| |
string Required | CreateTime is the timestamp when this Incident was created at the origin. |
criticalIncidents[].message
| |
string Optional | Message describes the incident or error that occurred. |
criticalIncidents[].messageTemplateParams
| |
object Optional | MessageTemplateParams contains key-value pairs necessary for generating a user-friendly data-driven version of Message in the user interface. |
criticalIncidents[].resource
| |
object Required | Resource contains information about the Database Service component that reported the incident, as well as information about the Kubernetes resource. |
criticalIncidents[].resource.component
| |
string Required | Component is an internal identifier of the Database Service subsystem that reported the incident. |
criticalIncidents[].resource.location
| |
object Optional | Location. |
criticalIncidents[].resource.location.cluster
| |
string Optional | The name of the cluster of the affected Kubernetes resource. |
criticalIncidents[].resource.location.group
| |
string Optional | The Group name of the Kubernetes resource. |
criticalIncidents[].resource.location.kind
| |
string Optional | The Kind of the Kubernetes resource. |
criticalIncidents[].resource.location.name
| |
string Optional | The name of the affected Kubernetes resource. |
criticalIncidents[].resource.location.namespace
| |
string Optional | The namespace of the affected Kubernetes resource. |
criticalIncidents[].resource.location.version
| |
string Optional | The Version of the Kubernetes resource. |
criticalIncidents[].stackTrace[]
| |
object Optional | An unstructured list of messages from the stack trace. |
criticalIncidents[].stackTrace[].component
| |
string Optional | The name of a Database Service component that logged the message. |
criticalIncidents[].stackTrace.message
| |
string Optional | Logged message. |
criticalIncidents[].transientUntil
| |
string Optional | TransientUntil, if present, indicates that the issue must be considered transient until the specified time. |
message
| |
string Optional | Message provides a human-readable message detailing the current state or any errors. |
observedGeneration
| |
integer Optional | Internal: The generation observed by the controller. |
reconciled
| |
boolean Optional | Internal: Whether the resource was reconciled by the controller. |
state
| |
string Optional | State represents the current state of the UserDefinedAuthentication resource. The values are: `Processing`, `Ready`, `Failed`, and `Unknown`. |