{ "description": "ClusterTriggerAuthentication defines how a trigger can authenticate globally", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "TriggerAuthenticationSpec defines the various ways to authenticate", "properties": { "awsSecretManager": { "description": "AwsSecretManager is used to authenticate using AwsSecretManager", "properties": { "credentials": { "properties": { "accessKey": { "properties": { "valueFrom": { "properties": { "secretKeyRef": { "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secretKeyRef" ], "type": "object", "additionalProperties": false } }, "required": [ "valueFrom" ], "type": "object", "additionalProperties": false }, "accessSecretKey": { "properties": { "valueFrom": { "properties": { "secretKeyRef": { "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secretKeyRef" ], "type": "object", "additionalProperties": false } }, "required": [ "valueFrom" ], "type": "object", "additionalProperties": false }, "accessToken": { "properties": { "valueFrom": { "properties": { "secretKeyRef": { "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secretKeyRef" ], "type": "object", "additionalProperties": false } }, "required": [ "valueFrom" ], "type": "object", "additionalProperties": false } }, "required": [ "accessKey", "accessSecretKey" ], "type": "object", "additionalProperties": false }, "podIdentity": { "description": "AuthPodIdentity allows users to select the platform native identity\nmechanism", "properties": { "identityAuthorityHost": { "description": "Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set", "type": "string" }, "identityId": { "type": "string" }, "identityOwner": { "description": "IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn", "enum": [ "keda", "workload" ], "type": "string" }, "identityTenantId": { "description": "Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set", "type": "string" }, "provider": { "description": "PodIdentityProvider contains the list of providers", "enum": [ "azure-workload", "gcp", "aws", "aws-eks", "none" ], "type": "string" }, "roleArn": { "description": "RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner", "type": "string" } }, "required": [ "provider" ], "type": "object", "additionalProperties": false }, "region": { "type": "string" }, "secrets": { "items": { "properties": { "name": { "type": "string" }, "parameter": { "type": "string" }, "secretKey": { "type": "string" }, "versionId": { "type": "string" }, "versionStage": { "type": "string" } }, "required": [ "name", "parameter" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "secrets" ], "type": "object", "additionalProperties": false }, "azureKeyVault": { "description": "AzureKeyVault is used to authenticate using Azure Key Vault", "properties": { "cloud": { "properties": { "activeDirectoryEndpoint": { "type": "string" }, "keyVaultResourceURL": { "type": "string" }, "type": { "type": "string" } }, "required": [ "type" ], "type": "object", "additionalProperties": false }, "credentials": { "properties": { "clientId": { "type": "string" }, "clientSecret": { "properties": { "valueFrom": { "properties": { "secretKeyRef": { "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secretKeyRef" ], "type": "object", "additionalProperties": false } }, "required": [ "valueFrom" ], "type": "object", "additionalProperties": false }, "tenantId": { "type": "string" } }, "required": [ "clientId", "clientSecret", "tenantId" ], "type": "object", "additionalProperties": false }, "podIdentity": { "description": "AuthPodIdentity allows users to select the platform native identity\nmechanism", "properties": { "identityAuthorityHost": { "description": "Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set", "type": "string" }, "identityId": { "type": "string" }, "identityOwner": { "description": "IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn", "enum": [ "keda", "workload" ], "type": "string" }, "identityTenantId": { "description": "Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set", "type": "string" }, "provider": { "description": "PodIdentityProvider contains the list of providers", "enum": [ "azure-workload", "gcp", "aws", "aws-eks", "none" ], "type": "string" }, "roleArn": { "description": "RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner", "type": "string" } }, "required": [ "provider" ], "type": "object", "additionalProperties": false }, "secrets": { "items": { "properties": { "name": { "type": "string" }, "parameter": { "type": "string" }, "version": { "type": "string" } }, "required": [ "name", "parameter" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vaultUri": { "type": "string" } }, "required": [ "secrets", "vaultUri" ], "type": "object", "additionalProperties": false }, "boundServiceAccountToken": { "items": { "properties": { "parameter": { "type": "string" }, "serviceAccountName": { "type": "string" } }, "required": [ "parameter", "serviceAccountName" ], "type": "object", "additionalProperties": false }, "type": "array" }, "configMapTargetRef": { "items": { "description": "AuthConfigMapTargetRef is used to authenticate using a reference to a config map", "properties": { "key": { "type": "string" }, "name": { "type": "string" }, "parameter": { "type": "string" } }, "required": [ "key", "name", "parameter" ], "type": "object", "additionalProperties": false }, "type": "array" }, "env": { "items": { "description": "AuthEnvironment is used to authenticate using environment variables\nin the destination ScaleTarget spec", "properties": { "containerName": { "type": "string" }, "name": { "type": "string" }, "parameter": { "type": "string" } }, "required": [ "name", "parameter" ], "type": "object", "additionalProperties": false }, "type": "array" }, "filePath": { "description": "FilePath specifies a file containing auth parameters as JSON map[string]string.\nWhen set, auth params are read directly from this file instead.", "type": "string" }, "gcpSecretManager": { "properties": { "credentials": { "properties": { "clientSecret": { "properties": { "valueFrom": { "properties": { "secretKeyRef": { "properties": { "key": { "type": "string" }, "name": { "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "secretKeyRef" ], "type": "object", "additionalProperties": false } }, "required": [ "valueFrom" ], "type": "object", "additionalProperties": false } }, "required": [ "clientSecret" ], "type": "object", "additionalProperties": false }, "podIdentity": { "description": "AuthPodIdentity allows users to select the platform native identity\nmechanism", "properties": { "identityAuthorityHost": { "description": "Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set", "type": "string" }, "identityId": { "type": "string" }, "identityOwner": { "description": "IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn", "enum": [ "keda", "workload" ], "type": "string" }, "identityTenantId": { "description": "Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set", "type": "string" }, "provider": { "description": "PodIdentityProvider contains the list of providers", "enum": [ "azure-workload", "gcp", "aws", "aws-eks", "none" ], "type": "string" }, "roleArn": { "description": "RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner", "type": "string" } }, "required": [ "provider" ], "type": "object", "additionalProperties": false }, "secrets": { "items": { "properties": { "id": { "type": "string" }, "parameter": { "type": "string" }, "version": { "type": "string" } }, "required": [ "id", "parameter" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "secrets" ], "type": "object", "additionalProperties": false }, "hashiCorpVault": { "description": "HashiCorpVault is used to authenticate using Hashicorp Vault", "properties": { "address": { "type": "string" }, "authentication": { "description": "VaultAuthentication contains the list of Hashicorp Vault authentication methods", "type": "string" }, "credential": { "description": "Credential defines the Hashicorp Vault credentials depending on the authentication method", "properties": { "serviceAccount": { "type": "string" }, "serviceAccountName": { "type": "string" }, "token": { "type": "string" } }, "type": "object", "additionalProperties": false }, "mount": { "type": "string" }, "namespace": { "type": "string" }, "role": { "type": "string" }, "secrets": { "items": { "description": "VaultSecret defines the mapping between the path of the secret in Vault to the parameter", "properties": { "key": { "type": "string" }, "parameter": { "type": "string" }, "path": { "type": "string" }, "pkiData": { "properties": { "altNames": { "type": "string" }, "commonName": { "type": "string" }, "format": { "type": "string" }, "ipSans": { "type": "string" }, "otherSans": { "type": "string" }, "ttl": { "type": "string" }, "uriSans": { "type": "string" } }, "type": "object", "additionalProperties": false }, "type": { "description": "VaultSecretType defines the type of vault secret", "type": "string" } }, "required": [ "key", "parameter", "path" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "address", "authentication", "secrets" ], "type": "object", "additionalProperties": false }, "podIdentity": { "description": "AuthPodIdentity allows users to select the platform native identity\nmechanism", "properties": { "identityAuthorityHost": { "description": "Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set", "type": "string" }, "identityId": { "type": "string" }, "identityOwner": { "description": "IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn", "enum": [ "keda", "workload" ], "type": "string" }, "identityTenantId": { "description": "Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set", "type": "string" }, "provider": { "description": "PodIdentityProvider contains the list of providers", "enum": [ "azure-workload", "gcp", "aws", "aws-eks", "none" ], "type": "string" }, "roleArn": { "description": "RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner", "type": "string" } }, "required": [ "provider" ], "type": "object", "additionalProperties": false }, "secretTargetRef": { "items": { "description": "AuthSecretTargetRef is used to authenticate using a reference to a secret", "properties": { "key": { "type": "string" }, "name": { "type": "string" }, "parameter": { "type": "string" } }, "required": [ "key", "name", "parameter" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "status": { "description": "TriggerAuthenticationStatus defines the observed state of TriggerAuthentication", "properties": { "scaledjobs": { "type": "string" }, "scaledobjects": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }