UserDefinedAuthentication v1.5.0 custom resource definition

Spec schema

UserDefinedAuthenticationSpec defines the desired state of UserDefinedAuthentication.

dbclusterRef: string
keytabSecretRef: string
pgHbaEntries:
- string
pgIdentEntries:
- string
ldapConfiguration:
  cacheTTLSeconds: integer
  enableGroupMapping: boolean
  enableLdapOptReferrals: boolean
  ldapBaseDN: string
  ldapBindDN: string
  ldapBindPasswordSecretRef:
    name: string
  ldapURI: string
  ldapsCertificateSecretRef:
    name: string

Field

Type
Required or optional

 

Description
dbclusterRef
object
Required
DBClusterRef is a reference to the target DBCluster in the same namespace to which these authentication settings apply.
dbclusterRef.name
string
Required
Name of the referent. For more information, see Names.
keytabSecretRef
object
Required
KeytabSecretRef is a reference to the Secret resource in the same namespace containing the Kerberos keytab file. The Secret must have a data field named 'krb5.keytab'.
keytabSecretRef.name
string
Required
Name of the referent. For more information, see Names.
pgHbaEntries
list (string)
Required
PgHbaEntries is a list of pg_hba.conf entries that will be applied to the target DBCluster for this authentication method. Each string in the list represents a separate line in the pg_hba.conf file.
pgIdentEntries
list (string)
Optional
PgIdentEntries is an optional list of pg_ident.conf entries (user name maps) that will be applied to the target DBCluster. Each string in the list represents a separate line in the pg_ident.conf file.
ldapConfiguration
object
Optional
LDAPConfiguration holds the settings for group mapping. These settings configure the google_pg_auth extension to perform LDAP lookups for AD group synchronization after a successful GSSAPI login.
ldapConfiguration.cacheTTLSeconds
integer
Optional
CacheTTLSeconds is the time-to-live for the user-to-group mapping cache in seconds.
ldapConfiguration.enableGroupMapping
boolean
Optional
EnableGroupMapping is the switch to turn the AD group synchronization feature on or off.
ldapConfiguration.enableLdapOptReferrals
boolean
Optional
EnableLdapOptReferrals determines whether to enable the LDAP referrals option.
ldapConfiguration.ldapBaseDN
string
Optional
LDAPBaseDN is the Base Distinguished Name for LDAP searches. e.g., "DC=my-corp,DC=com"
ldapConfiguration.ldapBindDN
string
Optional
LDAPBindDN is the Distinguished Name to bind as for the LDAP search. This is the service account user that will perform the group lookups. e.g., "setupadmin@ad-controller.my-corp.com"
ldapConfiguration.ldapBindPasswordSecretRef
object
Optional
LDAPBindPasswordSecretRef is a reference to the Secret in the same namespace that contains the password for the LDAP bind user. The Secret must have a data field named 'password'.
ldapConfiguration.ldapBindPasswordSecretRef.name
string
Optional
Name of the referent. For more information, see Names.
ldapConfiguration.ldapURI
string
Optional
LDAPURI is the URI for the LDAPS or LDAP server. e.g., "ldap://ad-controller.my-corp.com"
ldapConfiguration.ldapsCertificateSecretRef
object
Optional
LDAPSCertificateSecretRef is an optional reference to the Secret in the same namespace that contains the CA certificate for LDAPS. The Secret must have a data field named 'ldap.crt'.
ldapConfiguration.ldapsCertificateSecretRef.name
string
Optional
Name of the referent. For more information, see Names.

Status schema

UserDefinedAuthenticationStatus defines the observed state of UserDefinedAuthentication.

conditions:
- lastTransitionTime: string
  message: string
  observedGeneration: integer
  reason: string
  status: string
  type: string
criticalIncidents:
- code: string
  createTime: string
  message: string
  messageTemplateParams: object
  resource:
    component: string
    location:
      cluster: string
      group: string
      kind: string
      name: string
      namespace: string
      version: string
  stackTrace:
  - component: string
    message: string
  transientUntil: string
message: string
observedGeneration: integer
reconciled: boolean
state: string

Field

Type
Required or optional

 

Description
conditions[]
object
Optional
Conditions represents the latest available observations of the entity's current state.
conditions[].lastTransitionTime
string
Required
lastTransitionTime is the last time the condition transitioned from one status to another, which occurs when the underlying condition changed. If the time when the underlying condition changed is unknown, use the time when the API field changed.
conditions[].message
string
Required
message is a human readable message indicating details about the transition. This can be an empty string.
conditions[].observedGeneration
integer
Optional
observedGeneration represents the .metadata.generation that the condition was set based upon. For example, if .metadata.generation is 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
conditions[].reason
string
Required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types can define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value must be a CamelCase string. This field might not be empty.
conditions[].status
string
Required
status of the condition, one of True, False, Unknown.
conditions[].type
string
Required
type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available. Because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regular expression that it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt).
criticalIncidents[]
object
Optional
CriticalIncidents is a flat list of all active Critical Incidents.
criticalIncidents[].code
string
Required
Code is the error code of this particular error. Error codes are DBSE+numeric strings, like DBSE1012.
criticalIncidents[].createTime
string
Required
CreateTime is the timestamp when this Incident was created at the origin.
criticalIncidents[].message
string
Optional
Message describes the incident or error that occurred.
criticalIncidents[].messageTemplateParams
object
Optional
MessageTemplateParams contains key-value pairs necessary for generating a user-friendly data-driven version of Message in the user interface.
criticalIncidents[].resource
object
Required
Resource contains information about the Database Service component that reported the incident, as well as information about the Kubernetes resource.
criticalIncidents[].resource.component
string
Required
Component is an internal identifier of the Database Service subsystem that reported the incident.
criticalIncidents[].resource.location
object
Optional
Location.
criticalIncidents[].resource.location.cluster
string
Optional
The name of the cluster of the affected Kubernetes resource.
criticalIncidents[].resource.location.group
string
Optional
The Group name of the Kubernetes resource.
criticalIncidents[].resource.location.kind
string
Optional
The Kind of the Kubernetes resource.
criticalIncidents[].resource.location.name
string
Optional
The name of the affected Kubernetes resource.
criticalIncidents[].resource.location.namespace
string
Optional
The namespace of the affected Kubernetes resource.
criticalIncidents[].resource.location.version
string
Optional
The Version of the Kubernetes resource.
criticalIncidents[].stackTrace[]
object
Optional
An unstructured list of messages from the stack trace.
criticalIncidents[].stackTrace[].component
string
Optional
The name of a Database Service component that logged the message.
criticalIncidents[].stackTrace.message
string
Optional
Logged message.
criticalIncidents[].transientUntil
string
Optional
TransientUntil, if present, indicates that the issue must be considered transient until the specified time.
message
string
Optional
Message provides a human-readable message detailing the current state or any errors.
observedGeneration
integer
Optional
Internal: The generation observed by the controller.
reconciled
boolean
Optional
Internal: Whether the resource was reconciled by the controller.
state
string
Optional
State represents the current state of the UserDefinedAuthentication resource. The values are: `Processing`, `Ready`, `Failed`, and `Unknown`.