{
  "description": "CloudsmithAccessToken generates Cloudsmith access token using OIDC authentication",
  "properties": {
    "apiVersion": {
      "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
      "type": "string"
    },
    "kind": {
      "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
      "type": "string"
    },
    "metadata": {
      "type": "object"
    },
    "spec": {
      "description": "CloudsmithAccessTokenSpec defines the configuration for generating a Cloudsmith access token using OIDC authentication.",
      "properties": {
        "apiUrl": {
          "description": "APIURL configures the Cloudsmith API URL. Defaults to https://api.cloudsmith.io.",
          "type": "string"
        },
        "orgSlug": {
          "description": "OrgSlug is the organization slug in Cloudsmith",
          "type": "string"
        },
        "serviceAccountRef": {
          "description": "Name of the service account you are federating with",
          "properties": {
            "audiences": {
              "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list",
              "items": {
                "type": "string"
              },
              "type": "array"
            },
            "name": {
              "description": "The name of the ServiceAccount resource being referred to.",
              "maxLength": 253,
              "minLength": 1,
              "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
              "type": "string"
            },
            "namespace": {
              "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.",
              "maxLength": 63,
              "minLength": 1,
              "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
              "type": "string"
            }
          },
          "required": [
            "name"
          ],
          "type": "object",
          "additionalProperties": false
        },
        "serviceSlug": {
          "description": "ServiceSlug is the service slug in Cloudsmith for OIDC authentication",
          "type": "string"
        }
      },
      "required": [
        "orgSlug",
        "serviceAccountRef",
        "serviceSlug"
      ],
      "type": "object",
      "additionalProperties": false
    }
  },
  "type": "object"
}