4141 metadata :
4242 type : object
4343 spec :
44- <<<<<<< HEAD
4544 description : ROSARoleConfigSpec defines the desired state of ROSARoleConfig
4645 properties :
4746 accountRoleConfig :
@@ -77,31 +76,29 @@ spec:
7776 version :
7877 description : ' Version of OpenShift that will be used to setup
7978 policy tag, for example "4.11"'
80- =======
81- properties :
82- accountRoleConfig :
83- properties :
84- path :
85- type : string
86- permissionsBoundaryARN :
87- type : string
88- prefix :
89- maxLength : 4
90- type : string
91- sharedVPCConfig :
92- properties :
93- routeRoleARN :
94- type : string
95- vpcEndpointRoleArn :
96- type : string
97- type : object
98- version :
99- >>>>>>> 7c770d9ae (Add RosaRoleConfig API and CRD.)
10079 type : string
10180 required :
10281 - prefix
10382 - version
10483 type : object
84+ credentialsSecretRef :
85+ description : |-
86+ CredentialsSecretRef references a secret with necessary credentials to connect to the OCM API.
87+ The secret should contain the following data keys:
88+ - ocmToken: eyJhbGciOiJIUzI1NiIsI....
89+ - ocmApiUrl: Optional, defaults to 'https://api.openshift.com'
90+ properties :
91+ name :
92+ default : " "
93+ description : |-
94+ Name of the referent.
95+ This field is effectively required, but due to backwards compatibility is
96+ allowed to be empty. Instances of this type with an empty value here are
97+ almost certainly wrong.
98+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
99+ type : string
100+ type : object
101+ x-kubernetes-map-type : atomic
105102 identityRef :
106103 description : AWSIdentityReference specifies a identity.
107104 properties :
@@ -121,7 +118,6 @@ spec:
121118 - name
122119 type : object
123120 oidcConfig :
124- <<<<<<< HEAD
125121 description : |-
126122 OIDCConfig creates OIDC config in a S3 bucket for the client AWS account and populates it to be compliant with OIDC protocol.
127123 It also creates a Secret in Secrets Manager containing the private key.
@@ -132,10 +128,6 @@ spec:
132128 Can only be set if "enableExternalAuthProviders" is set to "True".
133129
134130 At most one provider can be configured.
135- =======
136- properties :
137- externalAuthProviders :
138- >>>>>>> 7c770d9ae (Add RosaRoleConfig API and CRD.)
139131items :
140132 description : ExternalAuthProvider is an external OIDC identity
141133 provider that can issue tokens for this cluster
@@ -369,34 +361,47 @@ spec:
369361 - issuer
370362 - name
371363 type : object
372- <<<<<<< HEAD
373364 maxItems : 1
374365 type : array
375366 x-kubernetes-list-map-keys :
376367 - name
377368 x-kubernetes-list-type : map
369+ identityRef :
370+ description : AWSIdentityReference specifies a identity.
371+ properties :
372+ kind :
373+ description : Kind of the identity.
374+ enum :
375+ - AWSClusterControllerIdentity
376+ - AWSClusterRoleIdentity
377+ - AWSClusterStaticIdentity
378+ type : string
379+ name :
380+ description : Name of the identity.
381+ minLength : 1
382+ type : string
383+ required :
384+ - kind
385+ - name
386+ type : object
378387 managedOIDC :
379388 default : true
380389 description : ManagedOIDC indicates whether it is a Red Hat managed
381390 or unmanaged (Customer hosted) OIDC Configuration. Default is
382391 true.
383- =======
384- type : array
385- managedOIDC :
386- >>>>>>> 7c770d9ae (Add RosaRoleConfig API and CRD.)
387392 type : boolean
393+ prefix :
394+ type : string
395+ region :
396+ type : string
388397 required :
389398 - managedOIDC
399+ - prefix
390400 type : object
391401 operatorRoleConfig :
392- <<<<<<< HEAD
393402 description : OperatorRoleConfig defines cluster-specific operator
394403 IAM roles based on your cluster configuration.
395404 properties :
396- oidcConfigId :
397- description : Registered OIDC configuration ID to add its issuer
398- URL as the trusted relationship to the operator roles.''
399- type : string
400405 permissionsBoundaryARN :
401406 description : The ARN of the policy that is used to set the permissions
402407 boundary for the operator roles.
@@ -418,25 +423,9 @@ spec:
418423 description : ' Role ARN associated with the shared VPC used
419424 for Hosted Control Plane clusters, this role contains policies
420425 to be used with the VPC endpoint'
421- =======
422- properties :
423- oidcConfigId :
424- type : string
425- permissionsBoundaryARN :
426- type : string
427- prefix :
428- maxLength : 4
429- type : string
430- sharedVPCConfig :
431- properties :
432- routeRoleARN :
433- type : string
434- vpcEndpointRoleArn :
435- >>>>>>> 7c770d9ae (Add RosaRoleConfig API and CRD.)
436426 type : string
437427 type : object
438428 required :
439- - oidcConfigId
440429 - prefix
441430 type : object
442431 region :
@@ -450,7 +439,6 @@ spec:
450439 description : ROSARoleConfigStatus defines the observed state of ROSARoleConfig
451440 properties :
452441 accountRolesRef :
453- <<<<<<< HEAD
454442 description : Created Account roles that can be used to
455443 properties :
456444 installerRoleARN :
@@ -466,18 +454,6 @@ spec:
466454 description : WorkerRoleARN is an AWS IAM role that will be attached
467455 to worker instances.
468456 type : string
469- required :
470- - installerRoleARN
471- - supportRoleARN
472- =======
473- properties :
474- installerRoleARN :
475- type : string
476- supportRoleARN :
477- type : string
478- workerRoleARN :
479- type : string
480- >>>>>>> 7c770d9ae (Add RosaRoleConfig API and CRD.)
481457 type : object
482458 conditions :
483459 description : Conditions provide observations of the operational state
@@ -533,7 +509,6 @@ spec:
533509 type : object
534510 type : array
535511 oidcID :
536- <<<<<<< HEAD
537512 description : ID of created OIDC config
538513 type : string
539514 oidcProviderARN :
@@ -577,23 +552,10 @@ spec:
577552 \" *\"\n\t\t },\n\t\t {\n\t\t\t\" Effect\" : \" Allow\" ,\n\t\t\t\" Action\" :
578553 [\n\t\t\t\t\" route53:ChangeResourceRecordSets\"\n\t\t\t ],\n\t\t\t\" Resource\" :
579554 [\n\t\t\t\t\" arn:aws:route53:::PUBLIC_ZONE_ID\" ,\n\t\t\t\t\" arn:aws:route53:::PRIVATE_ZONE_ID\"\n\t\t\t ]\n\t\t }\n\t ]\n }"
580- =======
581- type : string
582- oidcProviderARN :
583- type : string
584- operatorRolesRef :
585- properties :
586- controlPlaneOperatorARN :
587- type : string
588- imageRegistryARN :
589- type : string
590- ingressARN :
591- >>>>>>> 7c770d9ae (Add RosaRoleConfig API and CRD.)
592555 type : string
593556 kmsProviderARN :
594557 type : string
595558 kubeCloudControllerARN :
596- <<<<<<< HEAD
597559 description : |-
598560 KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC.
599561 Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies
@@ -744,18 +706,6 @@ spec:
744706 - nodePoolManagementARN
745707 - storageARN
746708 type : object
747- required :
748- - operatorRolesRef
749- =======
750- type : string
751- networkARN :
752- type : string
753- nodePoolManagementARN :
754- type : string
755- storageARN :
756- type : string
757- type : object
758- >>>>>>> 7c770d9ae (Add RosaRoleConfig API and CRD.)
759709 type : object
760710 type : object
761711 served : true
0 commit comments