-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
48e609f
commit 338bc61
Showing
483 changed files
with
139,282 additions
and
48,094 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
|
|
||
|
|
||
| # AllowedIpSettings | ||
|
|
||
|
|
||
| ## Properties | ||
|
|
||
| Name | Type | Description | Notes | ||
| ------------ | ------------- | ------------- | ------------- | ||
| **cidrWhitelist** | **String** | | [optional] | ||
| **lock** | **Boolean** | | [optional] | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
|
|
||
|
|
||
| # AuthMethodCreateApiKey | ||
|
|
||
| authMethodCreateApiKey is a command that creates Api Key auth method | ||
|
|
||
| ## Properties | ||
|
|
||
| Name | Type | Description | Notes | ||
| ------------ | ------------- | ------------- | ------------- | ||
| **accessExpires** | **Long** | Access expiration date in Unix timestamp (select 0 for access without expiry date) | [optional] | ||
| **auditLogsClaims** | **List<String>** | Subclaims to include in audit logs, e.g \"--audit-logs-claims email --audit-logs-claims username\" | [optional] | ||
| **boundIps** | **List<String>** | A CIDR whitelist with the IPs that the access is restricted to | [optional] | ||
| **description** | **String** | Auth Method description | [optional] | ||
| **forceSubClaims** | **Boolean** | if true: enforce role-association must include sub claims | [optional] | ||
| **gwBoundIps** | **List<String>** | A CIDR whitelist with the GW IPs that the access is restricted to | [optional] | ||
| **json** | **Boolean** | Set output format to JSON | [optional] | ||
| **jwtTtl** | **Long** | Jwt TTL | [optional] | ||
| **name** | **String** | Auth Method name | | ||
| **productType** | **List<String>** | Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] | [optional] | ||
| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] | ||
| **uidToken** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
|
|
||
|
|
||
| # AuthMethodCreateAwsIam | ||
|
|
||
| authMethodCreateAwsIam is a command that creates a new Auth Method that will be able to authenticate using AWS IAM credentials. | ||
|
|
||
| ## Properties | ||
|
|
||
| Name | Type | Description | Notes | ||
| ------------ | ------------- | ------------- | ------------- | ||
| **accessExpires** | **Long** | Access expiration date in Unix timestamp (select 0 for access without expiry date) | [optional] | ||
| **auditLogsClaims** | **List<String>** | Subclaims to include in audit logs, e.g \"--audit-logs-claims email --audit-logs-claims username\" | [optional] | ||
| **boundArn** | **List<String>** | A list of full arns that the access is restricted to | [optional] | ||
| **boundAwsAccountId** | **List<String>** | A list of AWS account-IDs that the access is restricted to | | ||
| **boundIps** | **List<String>** | A CIDR whitelist with the IPs that the access is restricted to | [optional] | ||
| **boundResourceId** | **List<String>** | A list of full resource ids that the access is restricted to | [optional] | ||
| **boundRoleId** | **List<String>** | A list of full role ids that the access is restricted to | [optional] | ||
| **boundRoleName** | **List<String>** | A list of full role-name that the access is restricted to | [optional] | ||
| **boundUserId** | **List<String>** | A list of full user ids that the access is restricted to | [optional] | ||
| **boundUserName** | **List<String>** | A list of full user-name that the access is restricted to | [optional] | ||
| **description** | **String** | Auth Method description | [optional] | ||
| **forceSubClaims** | **Boolean** | if true: enforce role-association must include sub claims | [optional] | ||
| **gwBoundIps** | **List<String>** | A CIDR whitelist with the GW IPs that the access is restricted to | [optional] | ||
| **json** | **Boolean** | Set output format to JSON | [optional] | ||
| **jwtTtl** | **Long** | Jwt TTL | [optional] | ||
| **name** | **String** | Auth Method name | | ||
| **productType** | **List<String>** | Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] | [optional] | ||
| **stsUrl** | **String** | sts URL | [optional] | ||
| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] | ||
| **uidToken** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
|
|
||
|
|
||
| # AuthMethodCreateAzureAD | ||
|
|
||
| authMethodCreateAzureAD is a command that creates a new auth method that will be able to authenticate using Azure Active Directory credentials. | ||
|
|
||
| ## Properties | ||
|
|
||
| Name | Type | Description | Notes | ||
| ------------ | ------------- | ------------- | ------------- | ||
| **accessExpires** | **Long** | Access expiration date in Unix timestamp (select 0 for access without expiry date) | [optional] | ||
| **audience** | **String** | Deprecated (Deprecated) The audience in the JWT | [optional] | ||
| **auditLogsClaims** | **List<String>** | Subclaims to include in audit logs, e.g \"--audit-logs-claims email --audit-logs-claims username\" | [optional] | ||
| **boundGroupId** | **List<String>** | A list of group ids that the access is restricted to | [optional] | ||
| **boundIps** | **List<String>** | A CIDR whitelist with the IPs that the access is restricted to | [optional] | ||
| **boundProviders** | **List<String>** | A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc) | [optional] | ||
| **boundResourceId** | **List<String>** | A list of full resource ids that the access is restricted to | [optional] | ||
| **boundResourceNames** | **List<String>** | A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc). | [optional] | ||
| **boundResourceTypes** | **List<String>** | A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc) | [optional] | ||
| **boundRgId** | **List<String>** | A list of resource groups that the access is restricted to | [optional] | ||
| **boundSpid** | **List<String>** | A list of service principal IDs that the access is restricted to | [optional] | ||
| **boundSubId** | **List<String>** | A list of subscription ids that the access is restricted to | [optional] | ||
| **boundTenantId** | **String** | The Azure tenant id that the access is restricted to | | ||
| **description** | **String** | Auth Method description | [optional] | ||
| **forceSubClaims** | **Boolean** | if true: enforce role-association must include sub claims | [optional] | ||
| **gwBoundIps** | **List<String>** | A CIDR whitelist with the GW IPs that the access is restricted to | [optional] | ||
| **issuer** | **String** | Issuer URL | [optional] | ||
| **json** | **Boolean** | Set output format to JSON | [optional] | ||
| **jwksUri** | **String** | The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server. | [optional] | ||
| **jwtTtl** | **Long** | Jwt TTL | [optional] | ||
| **name** | **String** | Auth Method name | | ||
| **productType** | **List<String>** | Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] | [optional] | ||
| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] | ||
| **uidToken** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
|
|
||
|
|
||
| # AuthMethodCreateCert | ||
|
|
||
| authMethodCreateCert is a command that creates a new auth method that will be able to authenticate using a client certificate | ||
|
|
||
| ## Properties | ||
|
|
||
| Name | Type | Description | Notes | ||
| ------------ | ------------- | ------------- | ------------- | ||
| **accessExpires** | **Long** | Access expiration date in Unix timestamp (select 0 for access without expiry date) | [optional] | ||
| **allowedCors** | **String** | Comma separated list of allowed CORS domains to be validated as part of the authentication flow. | [optional] | ||
| **auditLogsClaims** | **List<String>** | Subclaims to include in audit logs, e.g \"--audit-logs-claims email --audit-logs-claims username\" | [optional] | ||
| **boundCommonNames** | **List<String>** | A list of names. At least one must exist in the Common Name. Supports globbing. | [optional] | ||
| **boundDnsSans** | **List<String>** | A list of DNS names. At least one must exist in the SANs. Supports globbing. | [optional] | ||
| **boundEmailSans** | **List<String>** | A list of Email Addresses. At least one must exist in the SANs. Supports globbing. | [optional] | ||
| **boundExtensions** | **List<String>** | A list of extensions formatted as \"oid:value\". Expects the extension value to be some type of ASN1 encoded string. All values much match. Supports globbing on \"value\". | [optional] | ||
| **boundIps** | **List<String>** | A CIDR whitelist with the IPs that the access is restricted to | [optional] | ||
| **boundOrganizationalUnits** | **List<String>** | A list of Organizational Units names. At least one must exist in the OU field. | [optional] | ||
| **boundUriSans** | **List<String>** | A list of URIs. At least one must exist in the SANs. Supports globbing. | [optional] | ||
| **certificateData** | **String** | The certificate data in base64, if no file was provided | [optional] | ||
| **description** | **String** | Auth Method description | [optional] | ||
| **forceSubClaims** | **Boolean** | if true: enforce role-association must include sub claims | [optional] | ||
| **gwBoundIps** | **List<String>** | A CIDR whitelist with the GW IPs that the access is restricted to | [optional] | ||
| **json** | **Boolean** | Set output format to JSON | [optional] | ||
| **jwtTtl** | **Long** | Jwt TTL | [optional] | ||
| **name** | **String** | Auth Method name | | ||
| **productType** | **List<String>** | Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] | [optional] | ||
| **revokedCertIds** | **List<String>** | A list of revoked cert ids | [optional] | ||
| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] | ||
| **uidToken** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] | ||
| **uniqueIdentifier** | **String** | A unique identifier (ID) value should be configured, such as common_name or organizational_unit Whenever a user logs in with a token, these authentication types issue a \"sub claim\" that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization. | | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
|
|
||
|
|
||
| # AuthMethodCreateEmail | ||
|
|
||
| authMethodCreateEmail is a command that creates a new auth method that will be able to authenticate using email. | ||
|
|
||
| ## Properties | ||
|
|
||
| Name | Type | Description | Notes | ||
| ------------ | ------------- | ------------- | ------------- | ||
| **accessExpires** | **Long** | Access expiration date in Unix timestamp (select 0 for access without expiry date) | [optional] | ||
| **auditLogsClaims** | **List<String>** | Subclaims to include in audit logs, e.g \"--audit-logs-claims email --audit-logs-claims username\" | [optional] | ||
| **boundIps** | **List<String>** | A CIDR whitelist with the IPs that the access is restricted to | [optional] | ||
| **description** | **String** | Auth Method description | [optional] | ||
| **email** | **String** | An email address to be invited to have access | | ||
| **forceSubClaims** | **Boolean** | if true: enforce role-association must include sub claims | [optional] | ||
| **gwBoundIps** | **List<String>** | A CIDR whitelist with the GW IPs that the access is restricted to | [optional] | ||
| **json** | **Boolean** | Set output format to JSON | [optional] | ||
| **jwtTtl** | **Long** | Jwt TTL | [optional] | ||
| **name** | **String** | Auth Method name | | ||
| **productType** | **List<String>** | Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] | [optional] | ||
| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] | ||
| **uidToken** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
|
|
||
|
|
||
| # AuthMethodCreateGcp | ||
|
|
||
| authMethodCreateGcp is a command that creates a new auth method that will be able to authenticate using GCP IAM Service Account credentials or GCE instance credentials. | ||
|
|
||
| ## Properties | ||
|
|
||
| Name | Type | Description | Notes | ||
| ------------ | ------------- | ------------- | ------------- | ||
| **accessExpires** | **Long** | Access expiration date in Unix timestamp (select 0 for access without expiry date) | [optional] | ||
| **audience** | **String** | The audience to verify in the JWT received by the client | | ||
| **auditLogsClaims** | **List<String>** | Subclaims to include in audit logs, e.g \"--audit-logs-claims email --audit-logs-claims username\" | [optional] | ||
| **boundIps** | **List<String>** | A CIDR whitelist with the IPs that the access is restricted to | [optional] | ||
| **boundLabels** | **List<String>** | A comma-separated list of GCP labels formatted as \"key:value\" strings that must be set on authorized GCE instances. TODO: Because GCP labels are not currently ACL'd .... | [optional] | ||
| **boundProjects** | **List<String>** | === Human and Machine authentication section === Array of GCP project IDs. Only entities belonging to any of the provided projects can authenticate. | [optional] | ||
| **boundRegions** | **List<String>** | List of regions that a GCE instance must belong to in order to be authenticated. TODO: If bound_instance_groups is provided, it is assumed to be a regional group and the group must belong to this region. If bound_zones are provided, this attribute is ignored. | [optional] | ||
| **boundServiceAccounts** | **List<String>** | List of service accounts the service account must be part of in order to be authenticated. | [optional] | ||
| **boundZones** | **List<String>** | === Machine authentication section === List of zones that a GCE instance must belong to in order to be authenticated. TODO: If bound_instance_groups is provided, it is assumed to be a zonal group and the group must belong to this zone. | [optional] | ||
| **description** | **String** | Auth Method description | [optional] | ||
| **forceSubClaims** | **Boolean** | if true: enforce role-association must include sub claims | [optional] | ||
| **gwBoundIps** | **List<String>** | A CIDR whitelist with the GW IPs that the access is restricted to | [optional] | ||
| **json** | **Boolean** | Set output format to JSON | [optional] | ||
| **jwtTtl** | **Long** | Jwt TTL | [optional] | ||
| **name** | **String** | Auth Method name | | ||
| **productType** | **List<String>** | Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] | [optional] | ||
| **serviceAccountCredsData** | **String** | ServiceAccount credentials data instead of giving a file path, base64 encoded | [optional] | ||
| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] | ||
| **type** | **String** | Type of the GCP Access Rules | | ||
| **uidToken** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
|
|
||
|
|
||
| # AuthMethodCreateK8s | ||
|
|
||
| authMethodCreateK8s is a command that creates a new auth method that will be able to authenticate using K8S. | ||
|
|
||
| ## Properties | ||
|
|
||
| Name | Type | Description | Notes | ||
| ------------ | ------------- | ------------- | ------------- | ||
| **accessExpires** | **Long** | Access expiration date in Unix timestamp (select 0 for access without expiry date) | [optional] | ||
| **audience** | **String** | The audience in the Kubernetes JWT that the access is restricted to | [optional] | ||
| **auditLogsClaims** | **List<String>** | Subclaims to include in audit logs, e.g \"--audit-logs-claims email --audit-logs-claims username\" | [optional] | ||
| **boundIps** | **List<String>** | A CIDR whitelist with the IPs that the access is restricted to | [optional] | ||
| **boundNamespaces** | **List<String>** | A list of namespaces that the access is restricted to | [optional] | ||
| **boundPodNames** | **List<String>** | A list of pod names that the access is restricted to | [optional] | ||
| **boundSaNames** | **List<String>** | A list of service account names that the access is restricted to | [optional] | ||
| **description** | **String** | Auth Method description | [optional] | ||
| **forceSubClaims** | **Boolean** | if true: enforce role-association must include sub claims | [optional] | ||
| **genKey** | **String** | Automatically generate key-pair for K8S configuration. If set to false, a public key needs to be provided [true/false] | [optional] | ||
| **gwBoundIps** | **List<String>** | A CIDR whitelist with the GW IPs that the access is restricted to | [optional] | ||
| **json** | **Boolean** | Set output format to JSON | [optional] | ||
| **jwtTtl** | **Long** | Jwt TTL | [optional] | ||
| **name** | **String** | Auth Method name | | ||
| **productType** | **List<String>** | Choose the relevant product type for the auth method [sm, sra, pm, dp, ca] | [optional] | ||
| **publicKey** | **String** | Base64-encoded or PEM formatted public key data for K8S authentication method is required [RSA2048] | [optional] | ||
| **token** | **String** | Authentication token (see `/auth` and `/configure`) | [optional] | ||
| **uidToken** | **String** | The universal identity token, Required only for universal_identity authentication | [optional] | ||
|
|
||
|
|
||
|
|
Oops, something went wrong.