software-engineering/zitadel-resources-operator
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update crd
All checks were successful
Build and Publish / build-release (push) Successful in 2m8s
Details

Browse Source
This commit is contained in:
HaimKortovich
2026-04-30 15:56:58 -05:00
parent 319acd90de
commit 7a4a52e917
13 changed files with 825 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
api/v1alpha1/zz_generated.deepcopy.go
View File

@@ -944,6 +944,7 @@ func (in *OrganizationList) DeepCopyObject() runtime.Object {
func (in *OrganizationRef) DeepCopyInto(out *OrganizationRef) { func (in *OrganizationRef) DeepCopyInto(out *OrganizationRef) {
*out = *in *out = *in
out.ObjectReference = in.ObjectReference out.ObjectReference = in.ObjectReference
out.ConnectionRef = in.ConnectionRef
} }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrganizationRef. // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrganizationRef.
@@ -1108,6 +1109,7 @@ func (in *ProjectList) DeepCopyObject() runtime.Object {
func (in *ProjectRef) DeepCopyInto(out *ProjectRef) { func (in *ProjectRef) DeepCopyInto(out *ProjectRef) {
*out = *in *out = *in
out.ObjectReference = in.ObjectReference out.ObjectReference = in.ObjectReference
out.ConnectionRef = in.ConnectionRef
} }
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectRef. // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectRef.
@@ -1190,6 +1192,21 @@ func (in *ProjectStatus) DeepCopy() *ProjectStatus {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResolvedReference) DeepCopyInto(out *ResolvedReference) {
*out = *in
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolvedReference.
func (in *ResolvedReference) DeepCopy() *ResolvedReference {
if in == nil {
return nil
}
out := new(ResolvedReference)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Resource) DeepCopyInto(out *Resource) { func (in *Resource) DeepCopyInto(out *Resource) {
*out = *in *out = *in

50
config/crd/bases/zitadel.github.com_actions.yaml
View File

@@ -50,6 +50,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -60,6 +102,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -87,6 +131,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
script: script:
type: string type: string
timeout: timeout:

50
config/crd/bases/zitadel.github.com_apiapps.yaml
View File

@@ -52,6 +52,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -62,6 +104,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -89,6 +133,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
required: required:
- authMethodType - authMethodType
- projectRef - projectRef

50
config/crd/bases/zitadel.github.com_flows.yaml
View File

@@ -99,6 +99,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -109,6 +151,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -136,6 +180,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
triggerType: triggerType:
enum: enum:
- TRIGGER_TYPE_POST_AUTHENTICATION - TRIGGER_TYPE_POST_AUTHENTICATION

102
config/crd/bases/zitadel.github.com_machineusers.yaml
View File

@@ -48,10 +48,54 @@ spec:
items: items:
properties: properties:
projectRef: projectRef:
description: ProjectRef can reference a project via K8s object
or direct Zitadel ID
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -62,6 +106,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -89,6 +135,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or
zitadel ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
roleKeys: roleKeys:
items: items:
type: string type: string
@@ -158,6 +210,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -168,6 +262,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -195,6 +291,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
username: username:
type: string type: string
required: required:

52
config/crd/bases/zitadel.github.com_oidcapps.yaml
View File

@@ -98,6 +98,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -108,6 +150,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -135,6 +179,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
redirectUris: redirectUris:
items: items:
type: string type: string
@@ -232,8 +282,6 @@ spec:
- type - type
type: object type: object
type: array type: array
required:
- appId
type: object type: object
type: object type: object
served: true served: true

102
config/crd/bases/zitadel.github.com_projects.yaml
View File

@@ -43,10 +43,54 @@ spec:
items: items:
properties: properties:
organizationRef: organizationRef:
description: OrganizationRef can reference an organization via
K8s object or direct Zitadel ID
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -57,6 +101,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -84,6 +130,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or
zitadel ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
roleKeys: roleKeys:
items: items:
type: string type: string
@@ -104,6 +156,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -114,6 +208,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -141,6 +237,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
projectName: projectName:
type: string type: string
projectRoleAssertion: projectRoleAssertion:

50
ops/chart/crds/action-crd.yaml
View File

@@ -49,6 +49,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -59,6 +101,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -86,6 +130,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
script: script:
type: string type: string
timeout: timeout:

50
ops/chart/crds/apiapp-crd.yaml
View File

@@ -51,6 +51,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -61,6 +103,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -88,6 +132,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
required: required:
- authMethodType - authMethodType
- projectRef - projectRef

50
ops/chart/crds/flow-crd.yaml
View File

@@ -98,6 +98,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -108,6 +150,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -135,6 +179,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
triggerType: triggerType:
enum: enum:
- TRIGGER_TYPE_POST_AUTHENTICATION - TRIGGER_TYPE_POST_AUTHENTICATION

102
ops/chart/crds/machineuser-crd.yaml
View File

@@ -47,10 +47,54 @@ spec:
items: items:
properties: properties:
projectRef: projectRef:
description: ProjectRef can reference a project via K8s object
or direct Zitadel ID
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -61,6 +105,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -88,6 +134,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or
zitadel ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
roleKeys: roleKeys:
items: items:
type: string type: string
@@ -157,6 +209,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -167,6 +261,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -194,6 +290,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
username: username:
type: string type: string
required: required:

52
ops/chart/crds/oidcapp-crd.yaml
View File

@@ -97,6 +97,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -107,6 +149,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -134,6 +178,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
redirectUris: redirectUris:
items: items:
type: string type: string
@@ -231,8 +281,6 @@ spec:
- type - type
type: object type: object
type: array type: array
required:
- appId
type: object type: object
type: object type: object
served: true served: true

102
ops/chart/crds/project-crd.yaml
View File

@@ -42,10 +42,54 @@ spec:
items: items:
properties: properties:
organizationRef: organizationRef:
description: OrganizationRef can reference an organization via
K8s object or direct Zitadel ID
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -56,6 +100,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -83,6 +129,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or
zitadel ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
roleKeys: roleKeys:
items: items:
type: string type: string
@@ -103,6 +155,48 @@ spec:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
type: string type: string
connectionRef:
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
fieldPath: fieldPath:
description: |- description: |-
If referring to a piece of an object instead of an entire object, this string If referring to a piece of an object instead of an entire object, this string
@@ -113,6 +207,8 @@ spec:
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
type: string type: string
id:
type: string
kind: kind:
description: |- description: |-
Kind of the referent. Kind of the referent.
@@ -140,6 +236,12 @@ spec:
type: string type: string
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: must provide either k8s object reference (name) or zitadel
ID reference (id), but not both
rule: has(self.name) == has(self.id)
- message: zitadel ID reference requires connectionRef.name
rule: '!has(self.id) || has(self.connectionRef.name)'
projectName: projectName:
type: string type: string
projectRoleAssertion: projectRoleAssertion: