From d1e9419a95f816d09d29e9f900506af8ee68ef75 Mon Sep 17 00:00:00 2001 From: iromli Date: Fri, 24 May 2024 22:05:58 +0700 Subject: [PATCH] chore(charts): reformat values.schema.json for readability Signed-off-by: iromli --- charts/gluu/values.schema.json | 5266 ++++++++++++++++---------------- 1 file changed, 2620 insertions(+), 2646 deletions(-) diff --git a/charts/gluu/values.schema.json b/charts/gluu/values.schema.json index aac5f944a..3f3b5d911 100644 --- a/charts/gluu/values.schema.json +++ b/charts/gluu/values.schema.json @@ -1,2697 +1,2671 @@ { - "$schema":"https://json-schema.org/draft/2020-12/schema#", - "type":"object", - "properties":{ - "admin-ui":{ - "description":"Admin GUI for configuration of the auth-server", - "type":"object", - "properties":{ - - } - }, - "auth-server":{ - "description":"OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.", - "type":"object", - "properties":{ - - } - }, - "auth-server-key-rotation":{ - "description":"Responsible for regenerating auth-keys per x hours", - "type":"object", - "properties":{ - - } - }, - "casa":{ - "description":"Gluu Casa (\"Casa\") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.", - "type":"object", - "properties":{ - - } - }, - "config":{ - "description":"Configuration parameters for setup and initial configuration secret annd config layers used by Gluu services.", - "type":"object", - "properties":{ - "adminPass":{ - "description":"Admin password to login to the UI", - "$ref":"#/definitions/password" - }, - "city":{ - "description":"City of the company or individual. Used in generating the self-signed certificate", - "type":"string", - "pattern":"^[a-zA-Z]+$" - }, - "configmap":{ - "description":"Configuration parameters mapped to envs in a ConfigMap", - "type":"object", - "properties":{ - "cnSqlDbDialect":{ - "description":"SQL dialect", - "type":"string", - "pattern":"^(mysql)$" - }, - "cnSqlDbHost":{ - "description":"SQL server address or ip", - "anyOf":[ - { - "$ref":"#/definitions/url-pattern" - }, - { - "$ref":"#/definitions/ip-pattern" - } - ] - }, - "cnSqlDbPort":{ - "description":"SQL server port", - "type":"integer" - }, - "cnSqlDbName":{ - "description":"SQL server database name for Jans", - "type":"string", - "pattern":"^[a-z-0-9]+$" - }, - "cnSqlDbUser":{ - "description":"SQL database Jans username", - "type":"string", - "pattern":"^[a-z-0-9]+$" - }, - "cnSqlDbTimezone":{ - "description":"SQL database timezone", - "type":"string", - "pattern":"^(GMT|UTC|ECT|EET|ART|EAT|MET|NET|PLT|IST|BST|VST|CTT|JST|ACT|AET|SST|NST|MIT|HST|AST|PST|PNT|MST|CST|EST|IET|PRT|CNT|AGT|BET|CAT)$" - }, - "cnSqldbUserPassword":{ - "description":"Password for user config.configmap.cnSqlDbUser.", - "$ref":"#/definitions/password" - }, - "cnCacheType":{ - "description":"Cache type. NATIVE_PERSISTENCE, REDIS. or IN_MEMORY. Defaults to NATIVE_PERSISTENCE", - "type":"string", - "pattern":"^(NATIVE_PERSISTENCE|REDIS|IN_MEMORY)$" - }, - "cnConfigKubernetesConfigMap":{ - "description":"The name of the ConfigMap that will hold the configuration layer", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnCouchbaseBucketPrefix":{ - "description":"The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnCouchbaseCrt":{ - "description":"Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnCouchbaseIndexNumReplica":{ - "description":"The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1.", - "type":"integer" - }, - "cnCouchbasePass":{ - "description":"Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", - "$ref":"#/definitions/password" - }, - "cnCouchbaseSuperUser":{ - "description":"The Couchbase super user (admin) user name. This user is used during initialization only.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnCouchbaseSuperUserPass":{ - "description":"Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", - "$ref":"#/definitions/password" - }, - "cnCouchbaseSuperUserPassFile":{ - "description":"The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", - "type":"string", - "pattern":".*couchbase_superuser_password\\b.*" - }, - "cnCouchbaseUrl":{ - "description":"Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster", - "$ref":"#/definitions/fqdn-pattern" - }, - "cnCouchbaseUser":{ - "description":"Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnGoogleSecretManagerServiceAccount":{ - "description":"Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnGoogleProjectId":{ - "description":"Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "type":"string", - "pattern":"" - }, - "cnGoogleSpannerInstanceId":{ - "description":"Google Spanner ID. Used only when global.cnPersistenceType is spanner.", - "type":"string", - "pattern":"^([a-z0-9\\-])*$" - }, - "cnGoogleSpannerDatabaseId":{ - "description":"Google Spanner Database ID. Used only when global.cnPersistenceType is spanner.", - "type":"string", - "pattern":"^[a-z0-9\\-]*$" - }, - "cnGoogleSecretVersionId":{ - "description":"Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "type":"string", - "pattern":"^([0-9]|latest)*$" - }, - "cnGoogleSecretNamePrefix":{ - "description":"Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "cnGoogleSecretManagerPassPhrase":{ - "description":"Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", - "$ref":"#/definitions/password" - }, - "cnLdapUrl":{ - "description":"OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`.", - "type":"string", - "pattern":"^[a-z0-9-:]+$" - }, - "cnMaxRamPercent":{ - "description":"Value passed to Java option -XX:MaxRAMPercentage", - "type":"string", - "pattern":"^(\\d{0,2}(\\.\\d{1,2})?|100(\\.0?)?)$" - }, - "cnScimProtectionMode":{ - "description":"SCIM protection mode OAUTH|TEST|UMA", - "type":"string", - "pattern":"^(OAUTH|TEST|UMA)$" - }, - "cnPersistenceHybridMapping":{ - "description":"Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`.", - "type":"string" - }, - "cnRedisSentinelGroup":{ - "description":"Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "type":"string" - }, - "cnRedisSslTruststore":{ - "description":"Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "type":"string" - }, - "cnRedisType":{ - "description":"Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "type":"string", - "pattern":"^(SHARDED|STANDALONE|CLUSTER|SENTINEL)$" - }, - "cnRedisUrl":{ - "description":"Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "$ref":"#/definitions/url-pattern" - }, - "cnRedisUseSsl":{ - "description":"Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", - "type":"boolean" - }, - "cnSecretKubernetesSecret":{ - "description":"Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default.", - "type":"string", - "pattern":"^[a-z]+$" - }, - "lbAddr":{ - "description":"Loadbalancer address for AWS if the FQDN is not registered.", - "$ref":"#/definitions/url-pattern" - }, - "cnLdapCrt": { - "description": "OpenDJ certificate string. This must be encoded using base64.", - "type": "string", - "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnLdapKey": { - "description": "OpenDJ key string. This must be encoded using base64.", + "$schema": "https://json-schema.org/draft/2020-12/schema#", + "type": "object", + "properties": { + "admin-ui": { + "description": "Admin GUI for configuration of the auth-server", + "type": "object", + "properties": {} + }, + "auth-server": { + "description": "OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.", + "type": "object", + "properties": {} + }, + "auth-server-key-rotation": { + "description": "Responsible for regenerating auth-keys per x hours", + "type": "object", + "properties": {} + }, + "casa": { + "description": "Gluu Casa (\"Casa\") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.", + "type": "object", + "properties": {} + }, + "config": { + "description": "Configuration parameters for setup and initial configuration secret annd config layers used by Gluu services.", + "type": "object", + "properties": { + "adminPass": { + "description": "Admin password to login to the UI", + "$ref": "#/definitions/password" + }, + "city": { + "description": "City of the company or individual. Used in generating the self-signed certificate", "type": "string", - "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - } - } - }, - "countryCode":{ - "description":"Country code. Used for certificate creation.", - "type":"string", - "pattern":"^[A-Z]+$" - }, - "email":{ - "description":"Email address of the administrator usually. Used for certificate creation.", - "$ref":"#/definitions/email-format" - }, - "image":{ - "type":"object", - "properties":{ - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "ldapPassword":{ - "description":"LDAP admin password if OpennDJ is used for persistence.", - "$ref":"#/definitions/password" - }, - "orgName":{ - "description":"Organization name. Used for certificate creation.", - "type":"string", - "pattern":"^[a-zA-Z]+$" - }, - "redisPassword":{ - "description":"Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`", - "$ref":"#/definitions/password" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - }, - "state":{ - "description":"State code. Used for certificate creation.", - "type":"string", - "pattern":"^[a-zA-Z]+$" - } - } - }, - "config-api":{ - "description":"Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS).", - "type":"object", - "properties":{ - - } - }, - "fido2":{ - "description":"FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.", - "type":"object", - "properties":{ - - } - }, - "global":{ - "description":"Parameters used globally across all services helm charts.", - "type":"object", - "properties":{ - "alb":{ - "type":"object", - "properties":{ - "ingress":{ - "description":"Activates ALB ingress", - "type":"boolean" - } - } - }, - "auth-server":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable auth-server chart. You should never set this to false.", - "type":"boolean" - }, - "authServerServiceName":{ - "description":"Name of the auth-server service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "appLoggers":{ - "type":"object", - "properties":{ - "authLogTarget":{ - "description":"jans-auth.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "authLogLevel":{ - "description":"jans-auth.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "httpLogTarget":{ - "description":"http_request_response target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "httpLogLevel":{ - "description":"http_request_response level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceLogTarget":{ - "description":"jans-auth_persistence.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceLogLevel":{ - "description":"jans-auth_persistence.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceDurationLogTarget":{ - "description":"jans-auth_persistence_duration.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceDurationLogLevel":{ - "description":"jans-auth_persistence_duration.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "ldapStatsLogTarget":{ - "description":"jans-auth_persistence_ldap_statistics.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "ldapStatsLogLevel":{ - "description":"jans-auth_persistence_ldap_statistics.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "scriptLogTarget":{ - "description":"jans-auth_script.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "scriptLogLevel":{ - "description":"jans-auth_script.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "auditStatsLogTarget":{ - "description":"jans-auth_audit.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "auditStatsLogLevel":{ - "description":"jans-auth_audit.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "authServerEnabled":{ - "description":"Enable Auth server endpoints /jans-auth", - "type":"boolean" - }, - "openidConfigEnabled":{ - "description":"Enable endpoint /.well-known/openid-configuration", - "type":"boolean" - }, - "deviceCodeEnabled":{ - "description":"Enable endpoint /device-code", - "type":"boolean" - }, - "firebaseMessagingEnabled":{ - "description":"Enable endpoint /firebase-messaging-sw.js", - "type":"boolean" - }, - "uma2ConfigEnabled":{ - "description":"Enable endpoint /.well-known/uma2-configuration", - "type":"boolean" - }, - "webfingerEnabled":{ - "description":"Enable endpoint /.well-known/webfinger", - "type":"boolean" - }, - "webdiscoveryEnabled":{ - "description":"Enable endpoint /.well-known/simple-web-discovery", - "type":"boolean" - }, - "u2fConfigEnabled":{ - "description":"Enable endpoint /.well-known/fido-configuration", - "type":"boolean" - }, - "authServerProtectedToken":{ - "description":"Enable mTLS on Auth server endpoint /jans-auth/restv1/token", - "type":"boolean" - }, - "authServerProtectedRegister":{ - "description":"Enable mTLS onn Auth server endpoint /jans-auth/restv1/register", - "type":"boolean" - } - } - } - - } - }, - "admin-ui":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable admin-ui chart. You should never set this to false.", - "type":"boolean" - }, - "adminUiServiceName":{ - "description":"Name of the admin service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "adminUiEnabled":{ - "description":"Enable Admin UI endpoints.", - "type":"boolean" - } - } - } - } - }, - - "auth-server-key-rotation":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the auth-server-key rotation cronjob chart.", - "type":"boolean" - } - } - }, - "awsStorageType":{ - "description":"Volume stroage type if using AWS volumes.", - "type":"string", - "pattern":"^(io1|io2|gp2|st1|sc1)$" - }, - "azureStorageAccountType":{ - "description":"Volume storage type if using Azure disks.", - "type":"string", - "pattern":"^(Standard_LRS|Premium_LRS|StandardSSD_LRS|UltraSSD_LRS)$" - }, - "azureStorageKind":{ - "description":"Azure storage kind if using Azure disks", - "type":"string", - "pattern":"^(Managed)$" - }, - "cloud":{ - "type":"object", - "properties":{ - "testEnviroment":{ - "description":"Boolean flag if enabled will strip resources requests and limits from all services.", - "type":"boolean" - } - } - }, - "cnPersistenceType":{ - "description":"Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner.", - "type":"string", - "pattern":"^(ldap|couchbase|hybrid|sql|spanner)$" - }, - "cnDocumentStoreType":{ - "description":"Document store type to use for shibboleth files DB.", - "type":"string", - "pattern":"^(DB)$" - }, - "cnObExtSigningJwksUri":{ - "description":"Open banking external signing jwks uri. Used in SSA Validation.", - "type":"string" - }, - "cnObExtSigningJwksCrt":{ - "description":"Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObExtSigningJwksKey":{ - "description":"Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObExtSigningJwksKeyPassPhrase":{ - "description":"Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObExtSigningAlias":{ - "description":"Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G", - "type":"string" - }, - "cnObStaticSigningKeyKid":{ - "description":"Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G", - "type":"string" - }, - "cnObTransportCrt":{ - "description":"Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObTransportKey":{ - "description":"Open banking AS transport key. Used in SSA Validation. This must be encoded using base64.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObTransportKeyPassPhrase":{ - "description":"Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "cnObTransportAlias":{ - "description":"Open banking transport Alias used inside the JVM.", - "type":"string" - }, - "cnObTransportTrustStore":{ - "description":"Open banking AS transport truststore in .p12 format. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64.", - "type":"string", - "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" - }, - "config":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the configuration chart. This normally should always be true", - "type":"boolean" - } - } - }, - "configAdapterName":{ - "description":"The config backend adapter that will hold Gluu configuration layer. google|kubernetes|aws", - "type":"string", - "pattern":"^(kubernetes|google|aws)$" - }, - "configSecretAdapter":{ - "description":"The config backend adapter that will hold Gluu secret layer. google|kubernetes|aws", - "type":"string", - "pattern":"^(kubernetes|google|aws|vault)$" - }, - "cnGoogleApplicationCredentials":{ - "description":"Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner.", - "type":"string", - "pattern":".*google-credentials.json\\b.*" - }, - "casa":{ - "type":"object", - "properties":{ - "casaServiceName":{ - "description":"Name of the casa service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "enabled":{ - "description":"Boolean flag to enable/disable the casa chart.", - "type":"boolean" - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "casaEnabled":{ - "description":" Enable casa endpoints /casa", - "type":"boolean" - } - } - } - } - }, - "config-api":{ - "type":"object", - "properties":{ - "configApiServerServiceName":{ - "description":"Name of the config-api service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "enabled":{ - "description":"Boolean flag to enable/disable the config-api chart.", - "type":"boolean" - }, - "appLoggers":{ - "type":"object", - "properties":{ - "configApiLogTarget":{ - "description":"configapi.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "configApiLogLevel":{ - "description":"configapi.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "adminUiAppLoggers":{ - "type":"object", - "properties":{ - "adminUiLogTarget":{ - "description":"config-api admin-ui plugin log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "adminUiLogLevel":{ - "description":"config-api admin-ui plugin log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "adminUiAuditLogTarget":{ - "description":"config-api admin-ui plugin audit log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "adminUiAuditLogLevel":{ - "description":"config-api admin-ui plugin audit log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "configApiEnabled":{ - "description":"Enable config API endpoints /jans-config-api", - "type":"boolean" - } - } - } - - - } - }, - "fqdn":{ - "description":"Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services.", - "$ref":"#/definitions/fqdn-pattern" - }, - "fido2":{ - "type":"object", - "properties":{ - "fido2ServiceName":{ - "description":"Name of the fido2 service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "enabled":{ - "description":"Boolean flag to enable/disable the fido2 chart.", - "type":"boolean" - }, - "appLoggers":{ - "type":"object", - "properties":{ - "fido2LogTarget":{ - "description":"fido2.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "fido2LogLevel":{ - "description":"fido2.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceLogTarget":{ - "description":"fido2_persistence.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceLogLevel":{ - "description":"fido2_persistence.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "fido2ConfigEnabled":{ - "description":"Enable endpoint /.well-known/fido2-configuration", - "type":"boolean" - } - } - } - - } - }, - "gcePdStorageType":{ - "description":"GCE storage kind if using Google disks", - "type":"string", - "pattern":"^(pd-standard|pd-balanced|pd-ssd)$" - }, - "isFqdnRegistered":{ - "description":"Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically.", - "type":"boolean" - }, - "istio":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag that enables using istio side cars with Gluu services.", - "type":"boolean" - }, - "ingress":{ - "description":"Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.", - "type":"boolean" - }, - "namespace":{ - "description":"The namespace istio is deployed in. The is normally istio-system.", - "type":"string", - "pattern":"^[a-z0-9-_/]+$" - } - } - }, - "lbIp":{ - "description":"The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable.", - "$ref":"#/definitions/ip-pattern" - }, - "nginx-ingress":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the nginx-ingress definitions chart.", - "type":"boolean" - } - } - }, - "opendj":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the OpenDJ chart.", - "type":"boolean" - }, - "ldapServiceName":{ - "description":"Name of the OpenDJ service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - } - } - }, - "distribution":{ - "description":"Gluu distributions supported are: default|openbanking.", - "type":"string", - "pattern":"^(default|openbanking)$" - }, - "persistence":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the persistence chart.", - "type":"boolean" - } - } - }, - "scim":{ - "type":"object", - "properties":{ - "enabled":{ - "description":"Boolean flag to enable/disable the SCIM chart.", - "type":"boolean" - }, - "scimServiceName":{ - "description":"Name of the scim service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - }, - "appLoggers":{ - "type":"object", - "properties":{ - "authLogTarget":{ - "description":"jans-scim.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "authLogLevel":{ - "description":"jans-scim.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceLogTarget":{ - "description":"jans-scim_persistence.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceLogLevel":{ - "description":"jans-scim_persistence.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "persistenceDurationLogTarget":{ - "description":"jans-scim_persistence_duration.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "persistenceDurationLogLevel":{ - "description":"jans-scim_persistence_duration.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "ldapStatsLogTarget":{ - "description":"jans-scim_persistence_ldap_statistics.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "ldapStatsLogLevel":{ - "description":"jans-scim_persistence_ldap_statistics.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - }, - "scriptLogTarget":{ - "description":"jans-scim_script.log target", - "type":"string", - "pattern":"^(STDOUT|FILE)$" - }, - "scriptLogLevel":{ - "description":"jans-scim_script.log level", - "type":"string", - "pattern":"^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" - } - } - }, - "ingress":{ - "description":"Endpoint control", - "type":"object", - "properties": { - "scimEnabled":{ - "description":"Enable SCIM endpoints /jans-scim", - "type":"boolean" - }, - "scimConfigEnabled":{ - "description":"Enable endpoint /.well-known/scim-configuration", - "type":"boolean" - } - } - } - - } - }, - "storageClass":{ - "description":"StorageClass section for OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed.", - "type":"object", - "properties":{ - "allowVolumeExpansion":{ - "type":"boolean" - }, - "allowedTopologies":{ - "type":"array", - "items":{ - "type":"string" - } - }, - "mountOptions":{ - "type":"array", - "items":{ - "type":"string" - } - }, - "parameters":{ - "type":"object", - "properties":{ - "fsType":{ - "type":"string" - }, - "kind":{ - "type":"string" - }, - "pool":{ - "type":"string" - }, - "storageAccountType":{ - "type":"string" - }, - "type":{ - "type":"string" - } - } - }, - "provisioner":{ - "type":"string" - }, - "reclaimPolicy":{ - "type":"string" - }, - "volumeBindingMode":{ - "type":"string" - } - } - }, - "cnSqlPasswordFile": { - "description": "The location of file contains password for the SQL user config.configmap.cnSqlDbUser. The file path must end with sql_password.", - "type": "string", - "pattern": ".*sql_password\\b.*" - }, - "cnCouchbasePasswordFile": { - "description": "The location of the Couchbase user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password.", - "type": "string", - "pattern": ".*couchbase_password\\b.*" - }, - "cnCouchbaseSuperuserPasswordFile": { - "description": "The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", - "type": "string", - "pattern": ".*couchbase_superuser_password\\b.*" - }, - "cnLdapPasswordFile": { - "description": "The location of the OpenDJ user password. The file path must end with ldap_password.", - "type": "string", - "pattern": ".*ldap_password\\b.*" - }, - "cnLdapTruststorePasswordFile": { - "description": "The location of the OpenDJ truststore password file. The file path must end with ldap_truststore_password.", - "type": "string", - "pattern": ".*ldap_truststore_password\\b.*" - }, - "cnLdapCertFile": { - "description": "The location of the OpenDJ certificate file. The file path must end with opendj.crt.", - "type": "string", - "pattern": ".*opendj.crt\\b.*" - }, - "cnLdapKeyFile": { - "description": "The location of the OpenDJ certificate file. The file path must end with opendj.key.", - "type": "string", - "pattern": ".*opendj.key\\b.*" - }, - "cnLdapCacertFile": { - "description": "The location of the OpenDJ certificate file. The file path must end with opendj.pem.", - "type": "string", - "pattern": ".*opendj.pem\\b.*" - }, - "cnLdapTruststoreFile": { - "description": "The location of the OpenDJ truststore file. The file path must end with opendj.pkcs12.", - "type": "string", - "pattern": ".*opendj.pkcs12\\b.*" - } - } - }, - "nginx-ingress":{ - "description":"Nginx ingress definitions chart", - "type":"object", - "properties":{ - - } - }, - "opendj":{ - "description":"OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.", - "type":"object", - "properties":{ - - } - }, - "persistence":{ - "description":"Job to generate data and intial config for Gluu Server persistence layer.", - "type":"object", - "properties":{ - - } - }, - "scim":{ - "description":"System for Cross-domain Identity Management (SCIM) version 2.0", - "type":"object", - "properties":{ - - } - }, - "kc-scheduler": { - "description": "Responsible for synchronizing Keycloak SAML clients", - "type": "object", - "properties": {} - } - }, - "allOf":[ - { - "$ref":"#/definitions/admin-ui-enabled" - }, - { - "$ref":"#/definitions/auth-server-enabled" - }, - { - "$ref":"#/definitions/auth-server-key-rotation-enabled" - }, - { - "$ref":"#/definitions/casa-enabled" - }, - { - "$ref":"#/definitions/config-api-enabled" - }, - { - "$ref":"#/definitions/fido2-enabled" - }, - { - "$ref":"#/definitions/nginx-ingress-enabled" - }, - { - "$ref":"#/definitions/opendj-enabled" - }, - { - "$ref":"#/definitions/persistence-enabled" - }, - { - "$ref":"#/definitions/scim-enabled" - }, - { - "$ref": "#/definitions/kc-scheduler-enabled" - } - ], - "definitions":{ - "password":{ - "anyOf":[ - { - "type":"string", - "minLength":8, - "pattern":"", - "description":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol", - "errors":{ - "minLength":"Password minimum 6 character", - "pattern":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" - } - }, - { - "type":"string", - "maxLength":0 - } - ] - }, - "password-pattern":{ - "type":"string", - "minLength":6, - "pattern":"", - "errors":{ - "minLength":"Password minimum 6 character", - "pattern":"Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" - } - }, - "email-format":{ - "type":"string", - "format":"email" - }, - "fqdn-pattern":{ - "anyOf":[ - { - "type":"string", - "errors":{ - "pattern":"Setting not FQDN structured. Please enter a FQDN with the format demoexample.gluu.org" - } - }, - { - "type":"string", - "maxLength":0 - } - ] - }, - "url-pattern":{ - "anyOf":[ - { - "type":"string", - "pattern":"(^|\\s)((https?:\\/\\/)?[\\w-]+(\\.[\\w-]+)+\\.?(:\\d+)?(\\/\\S*)?)", - "errors":{ - "pattern":"URL pattern is not meeting standards." - } - }, - { - "type":"string", - "maxLength":0 - } - ] - }, - "ip-pattern":{ - "anyOf":[ - { - "type":"string", - "pattern":"^(\\*|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))$", - "errors":{ - "pattern":"Not a valid IP." - } - }, - { - "type":"string", - "maxLength":0 - } - ] - }, - "admin-ui-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "admin-ui":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "admin-ui":{ - "required":[ - "image", - "replicas", - "resources" - ], - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } - } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } - } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - } - } - } - } - }, - "else":true - }, - "auth-server-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "auth-server":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "auth-server":{ - "required":[ - "image", - "replicas", - "resources" - ], - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } - } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + "pattern": "^[a-zA-Z]+$" + }, + "configmap": { + "description": "Configuration parameters mapped to envs in a ConfigMap", + "type": "object", + "properties": { + "cnSqlDbDialect": { + "description": "SQL dialect", + "type": "string", + "pattern": "^(mysql)$" + }, + "cnSqlDbHost": { + "description": "SQL server address or ip", + "anyOf": [ + { + "$ref": "#/definitions/url-pattern" + }, + { + "$ref": "#/definitions/ip-pattern" + } + ] + }, + "cnSqlDbPort": { + "description": "SQL server port", + "type": "integer" + }, + "cnSqlDbName": { + "description": "SQL server database name for Jans", + "type": "string", + "pattern": "^[a-z-0-9]+$" + }, + "cnSqlDbUser": { + "description": "SQL database Jans username", + "type": "string", + "pattern": "^[a-z-0-9]+$" + }, + "cnSqlDbTimezone": { + "description": "SQL database timezone", + "type": "string", + "pattern": "^(GMT|UTC|ECT|EET|ART|EAT|MET|NET|PLT|IST|BST|VST|CTT|JST|ACT|AET|SST|NST|MIT|HST|AST|PST|PNT|MST|CST|EST|IET|PRT|CNT|AGT|BET|CAT)$" + }, + "cnSqldbUserPassword": { + "description": "Password for user config.configmap.cnSqlDbUser.", + "$ref": "#/definitions/password" + }, + "cnCacheType": { + "description": "Cache type. NATIVE_PERSISTENCE, REDIS. or IN_MEMORY. Defaults to NATIVE_PERSISTENCE", + "type": "string", + "pattern": "^(NATIVE_PERSISTENCE|REDIS|IN_MEMORY)$" + }, + "cnConfigKubernetesConfigMap": { + "description": "The name of the ConfigMap that will hold the configuration layer", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnCouchbaseBucketPrefix": { + "description": "The prefix of couchbase buckets. This helps with separation in between different environments and allows for the same couchbase cluster to be used by different setups of Gluu.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnCouchbaseCrt": { + "description": "Couchbase certificate authority string. This must be encoded using base64. This can also be found in your couchbase UI Security > Root Certificate. In mTLS setups this is not required.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnCouchbaseIndexNumReplica": { + "description": "The number of replicas per index created. Please note that the number of index nodes must be one greater than the number of index replicas. That means if your couchbase cluster only has 2 index nodes you cannot place the number of replicas to be higher than 1.", + "type": "integer" + }, + "cnCouchbasePass": { + "description": "Couchbase password for the restricted user config.configmap.cnCouchbaseUser that is often used inside the services. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", + "$ref": "#/definitions/password" + }, + "cnCouchbaseSuperUser": { + "description": "The Couchbase super user (admin) user name. This user is used during initialization only.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnCouchbaseSuperUserPass": { + "description": "Couchbase password for the super user config.configmap.cnCouchbaseSuperUser that is used during the initialization process. The password must contain one digit, one uppercase letter, one lower case letter and one symbol ", + "$ref": "#/definitions/password" + }, + "cnCouchbaseSuperUserPassFile": { + "description": "The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", + "type": "string", + "pattern": ".*couchbase_superuser_password\\b.*" + }, + "cnCouchbaseUrl": { + "description": "Couchbase URL. Used only when global.cnPersistenceType is hybrid or couchbase. This should be in FQDN format for either remote or local Couchbase clusters. The address can be an internal address inside the kubernetes cluster", + "$ref": "#/definitions/fqdn-pattern" + }, + "cnCouchbaseUser": { + "description": "Couchbase restricted user. Used only when global.cnPersistenceType is hybrid or couchbase.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnGoogleSecretManagerServiceAccount": { + "description": "Service account with roles roles/secretmanager.admin base64 encoded string. This is used often inside the services to reach the configuration layer. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnGoogleProjectId": { + "description": "Project id of the google project the secret manager belongs to. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type": "string", + "pattern": "" + }, + "cnGoogleSpannerInstanceId": { + "description": "Google Spanner ID. Used only when global.cnPersistenceType is spanner.", + "type": "string", + "pattern": "^([a-z0-9\\-])*$" + }, + "cnGoogleSpannerDatabaseId": { + "description": "Google Spanner Database ID. Used only when global.cnPersistenceType is spanner.", + "type": "string", + "pattern": "^[a-z0-9\\-]*$" + }, + "cnGoogleSecretVersionId": { + "description": "Secret version to be used for secret configuration. Defaults to latest and should normally always stay that way. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type": "string", + "pattern": "^([0-9]|latest)*$" + }, + "cnGoogleSecretNamePrefix": { + "description": "Prefix for Gluu secret in Google Secret Manager. Defaults to gluu. If left gluu-secret secret will be created. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "cnGoogleSecretManagerPassPhrase": { + "description": "Passphrase for Gluu secret in Google Secret Manager. This is used for encrypting and decrypting data from the Google Secret Manager. Used only when global.configAdapterName and global.configSecretAdapter is set to google.", + "$ref": "#/definitions/password" + }, + "cnLdapUrl": { + "description": "OpenDJ internal address. Leave as default. Used when `global.cnPersistenceType` is set to `ldap`.", + "type": "string", + "pattern": "^[a-z0-9-:]+$" + }, + "cnMaxRamPercent": { + "description": "Value passed to Java option -XX:MaxRAMPercentage", + "type": "string", + "pattern": "^(\\d{0,2}(\\.\\d{1,2})?|100(\\.0?)?)$" + }, + "cnScimProtectionMode": { + "description": "SCIM protection mode OAUTH|TEST|UMA", + "type": "string", + "pattern": "^(OAUTH|TEST|UMA)$" + }, + "cnPersistenceHybridMapping": { + "description": "Specify data that should be saved in LDAP (one of default, user, cache, site, token, or session; default to default). Note this environment only takes effect when `global.cnPersistenceType` is set to `hybrid`.", + "type": "string" + }, + "cnRedisSentinelGroup": { + "description": "Redis Sentinel Group. Often set when `config.configmap.cnRedisType` is set to `SENTINEL`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type": "string" + }, + "cnRedisSslTruststore": { + "description": "Redis SSL truststore. Optional. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type": "string" + }, + "cnRedisType": { + "description": "Redis service type. `STANDALONE` or `CLUSTER`. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type": "string", + "pattern": "^(SHARDED|STANDALONE|CLUSTER|SENTINEL)$" + }, + "cnRedisUrl": { + "description": "Redis URL and port number :. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "$ref": "#/definitions/url-pattern" + }, + "cnRedisUseSsl": { + "description": "Boolean to use SSL in Redis. Can be used when `config.configmap.cnCacheType` is set to `REDIS`.", + "type": "boolean" + }, + "cnSecretKubernetesSecret": { + "description": "Kubernetes secret name holding configuration keys. Used when global.configSecretAdapter is set to kubernetes which is the default.", + "type": "string", + "pattern": "^[a-z]+$" + }, + "lbAddr": { + "description": "Loadbalancer address for AWS if the FQDN is not registered.", + "$ref": "#/definitions/url-pattern" + }, + "cnLdapCrt": { + "description": "OpenDJ certificate string. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnLdapKey": { + "description": "OpenDJ key string. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + }, + "countryCode": { + "description": "Country code. Used for certificate creation.", + "type": "string", + "pattern": "^[A-Z]+$" + }, + "email": { + "description": "Email address of the administrator usually. Used for certificate creation.", + "$ref": "#/definitions/email-format" + }, + "image": { + "type": "object", + "properties": { + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + }, + "ldapPassword": { + "description": "LDAP admin password if OpennDJ is used for persistence.", + "$ref": "#/definitions/password" + }, + "orgName": { + "description": "Organization name. Used for certificate creation.", + "type": "string", + "pattern": "^[a-zA-Z]+$" + }, + "redisPassword": { + "description": "Redis admin password if `config.configmap.cnCacheType` is set to `REDIS`", + "$ref": "#/definitions/password" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } } - } - } - } + } + }, + "state": { + "description": "State code. Used for certificate creation.", + "type": "string", + "pattern": "^[a-zA-Z]+$" + } } - }, - "else":true - }, - "auth-server-key-rotation-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "auth-server-key-rotation":{ - "properties":{ - "enabled":{ - "const":"true" - } + }, + "config-api": { + "description": "Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS).", + "type": "object", + "properties": {} + }, + "fido2": { + "description": "FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.", + "type": "object", + "properties": {} + }, + "global": { + "description": "Parameters used globally across all services helm charts.", + "type": "object", + "properties": { + "alb": { + "type": "object", + "properties": { + "ingress": { + "description": "Activates ALB ingress", + "type": "boolean" } - } - } - } - } - }, - "then":{ - "properties":{ - "auth-server-key-rotation":{ - "properties":{ - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + } + }, + "auth-server": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable auth-server chart. You should never set this to false.", + "type": "boolean" + }, + "authServerServiceName": { + "description": "Name of the auth-server service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "appLoggers": { + "type": "object", + "properties": { + "authLogTarget": { + "description": "jans-auth.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "authLogLevel": { + "description": "jans-auth.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "httpLogTarget": { + "description": "http_request_response target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "httpLogLevel": { + "description": "http_request_response level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget": { + "description": "jans-auth_persistence.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceLogLevel": { + "description": "jans-auth_persistence.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceDurationLogTarget": { + "description": "jans-auth_persistence_duration.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceDurationLogLevel": { + "description": "jans-auth_persistence_duration.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "ldapStatsLogTarget": { + "description": "jans-auth_persistence_ldap_statistics.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "ldapStatsLogLevel": { + "description": "jans-auth_persistence_ldap_statistics.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "scriptLogTarget": { + "description": "jans-auth_script.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "scriptLogLevel": { + "description": "jans-auth_script.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "auditStatsLogTarget": { + "description": "jans-auth_audit.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "auditStatsLogLevel": { + "description": "jans-auth_audit.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "authServerEnabled": { + "description": "Enable Auth server endpoints /jans-auth", + "type": "boolean" + }, + "openidConfigEnabled": { + "description": "Enable endpoint /.well-known/openid-configuration", + "type": "boolean" + }, + "deviceCodeEnabled": { + "description": "Enable endpoint /device-code", + "type": "boolean" + }, + "firebaseMessagingEnabled": { + "description": "Enable endpoint /firebase-messaging-sw.js", + "type": "boolean" + }, + "uma2ConfigEnabled": { + "description": "Enable endpoint /.well-known/uma2-configuration", + "type": "boolean" + }, + "webfingerEnabled": { + "description": "Enable endpoint /.well-known/webfinger", + "type": "boolean" + }, + "webdiscoveryEnabled": { + "description": "Enable endpoint /.well-known/simple-web-discovery", + "type": "boolean" + }, + "u2fConfigEnabled": { + "description": "Enable endpoint /.well-known/fido-configuration", + "type": "boolean" + }, + "authServerProtectedToken": { + "description": "Enable mTLS on Auth server endpoint /jans-auth/restv1/token", + "type": "boolean" + }, + "authServerProtectedRegister": { + "description": "Enable mTLS onn Auth server endpoint /jans-auth/restv1/register", + "type": "boolean" + } + } } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + }, + "admin-ui": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable admin-ui chart. You should never set this to false.", + "type": "boolean" + }, + "adminUiServiceName": { + "description": "Name of the admin service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "adminUiEnabled": { + "description": "Enable Admin UI endpoints.", + "type": "boolean" + } + } } - }, - "keysLife":{ - "description":"Auth server key rotation keys life in hours", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + }, + "auth-server-key-rotation": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the auth-server-key rotation cronjob chart.", + "type": "boolean" } - } - }, - "required":[ - "image", - "resources", - "keysLife" - ] - } - } - }, - "else":true - }, - "casa-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "casa":{ - "properties":{ - "enabled":{ - "const":"true" - } + } + }, + "awsStorageType": { + "description": "Volume stroage type if using AWS volumes.", + "type": "string", + "pattern": "^(io1|io2|gp2|st1|sc1)$" + }, + "azureStorageAccountType": { + "description": "Volume storage type if using Azure disks.", + "type": "string", + "pattern": "^(Standard_LRS|Premium_LRS|StandardSSD_LRS|UltraSSD_LRS)$" + }, + "azureStorageKind": { + "description": "Azure storage kind if using Azure disks", + "type": "string", + "pattern": "^(Managed)$" + }, + "cloud": { + "type": "object", + "properties": { + "testEnviroment": { + "description": "Boolean flag if enabled will strip resources requests and limits from all services.", + "type": "boolean" } - } - } - } - } - }, - "then":{ - "properties":{ - "casa":{ - "required":[ - "image", - "replicas", - "resources" - ], - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } + } + }, + "cnPersistenceType": { + "description": "Persistence backend to run Gluu with ldap|couchbase|hybrid|sql|spanner.", + "type": "string", + "pattern": "^(ldap|couchbase|hybrid|sql|spanner)$" + }, + "cnDocumentStoreType": { + "description": "Document store type to use for shibboleth files DB.", + "type": "string", + "pattern": "^(DB)$" + }, + "cnObExtSigningJwksUri": { + "description": "Open banking external signing jwks uri. Used in SSA Validation.", + "type": "string" + }, + "cnObExtSigningJwksCrt": { + "description": "Open banking external signing jwks AS certificate authority string. Used in SSA Validation. This must be encoded using base64.. Used when `.global.cnObExtSigningJwksUri` is set.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObExtSigningJwksKey": { + "description": "Open banking external signing jwks AS key string. Used in SSA Validation. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObExtSigningJwksKeyPassPhrase": { + "description": "Open banking external signing jwks AS key passphrase to unlock provided key. This must be encoded using base64. Used when `.global.cnObExtSigningJwksUri` is set.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObExtSigningAlias": { + "description": "Open banking external signing AS Alias. This is a kid value.Used in SSA Validation, kid used while encoding a JWT sent to token URL i.e XkwIzWy44xWSlcWnMiEc8iq9s2G", + "type": "string" + }, + "cnObStaticSigningKeyKid": { + "description": "Open banking signing AS kid to force the AS to use a specific signing key. i.e Wy44xWSlcWnMiEc8iq9s2G", + "type": "string" + }, + "cnObTransportCrt": { + "description": "Open banking AS transport crt. Used in SSA Validation. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportKey": { + "description": "Open banking AS transport key. Used in SSA Validation. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportKeyPassPhrase": { + "description": "Open banking AS transport key passphrase to unlock AS transport key. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "cnObTransportAlias": { + "description": "Open banking transport Alias used inside the JVM.", + "type": "string" + }, + "cnObTransportTrustStore": { + "description": "Open banking AS transport truststore in .p12 format. This is normally generated from the OB issuing CA, OB Root CA and Signing CA. Used when .global.cnObExtSigningJwksUri is set. Used in SSA Validation. This must be encoded using base64.", + "type": "string", + "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$" + }, + "config": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the configuration chart. This normally should always be true", + "type": "boolean" } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + } + }, + "configAdapterName": { + "description": "The config backend adapter that will hold Gluu configuration layer. google|kubernetes|aws", + "type": "string", + "pattern": "^(kubernetes|google|aws)$" + }, + "configSecretAdapter": { + "description": "The config backend adapter that will hold Gluu secret layer. google|kubernetes|aws", + "type": "string", + "pattern": "^(kubernetes|google|aws|vault)$" + }, + "cnGoogleApplicationCredentials": { + "description": "Base64 encoded service account. The sa must have roles/secretmanager.admin to use Google secrets and roles/spanner.databaseUser to use Spanner.", + "type": "string", + "pattern": ".*google-credentials.json\\b.*" + }, + "casa": { + "type": "object", + "properties": { + "casaServiceName": { + "description": "Name of the casa service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "enabled": { + "description": "Boolean flag to enable/disable the casa chart.", + "type": "boolean" + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "casaEnabled": { + "description": " Enable casa endpoints /casa", + "type": "boolean" + } + } } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + }, + "config-api": { + "type": "object", + "properties": { + "configApiServerServiceName": { + "description": "Name of the config-api service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "enabled": { + "description": "Boolean flag to enable/disable the config-api chart.", + "type": "boolean" + }, + "appLoggers": { + "type": "object", + "properties": { + "configApiLogTarget": { + "description": "configapi.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "configApiLogLevel": { + "description": "configapi.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + }, + "adminUiAppLoggers": { + "type": "object", + "properties": { + "adminUiLogTarget": { + "description": "config-api admin-ui plugin log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "adminUiLogLevel": { + "description": "config-api admin-ui plugin log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "adminUiAuditLogTarget": { + "description": "config-api admin-ui plugin audit log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "adminUiAuditLogLevel": { + "description": "config-api admin-ui plugin audit log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "configApiEnabled": { + "description": "Enable config API endpoints /jans-config-api", + "type": "boolean" + } + } } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + }, + "fqdn": { + "description": "Fully qualified domain name to be used for Gluu installation. This address will be used to reach Gluu services.", + "$ref": "#/definitions/fqdn-pattern" + }, + "fido2": { + "type": "object", + "properties": { + "fido2ServiceName": { + "description": "Name of the fido2 service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "enabled": { + "description": "Boolean flag to enable/disable the fido2 chart.", + "type": "boolean" + }, + "appLoggers": { + "type": "object", + "properties": { + "fido2LogTarget": { + "description": "fido2.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "fido2LogLevel": { + "description": "fido2.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget": { + "description": "fido2_persistence.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceLogLevel": { + "description": "fido2_persistence.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "fido2ConfigEnabled": { + "description": "Enable endpoint /.well-known/fido2-configuration", + "type": "boolean" + } + } } - } - } - } - } - }, - "else":true - }, - "config-api-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "config-api":{ - "properties":{ - "enabled":{ - "const":"true" - } + } + }, + "gcePdStorageType": { + "description": "GCE storage kind if using Google disks", + "type": "string", + "pattern": "^(pd-standard|pd-balanced|pd-ssd)$" + }, + "isFqdnRegistered": { + "description": "Boolean flag to enable mapping global.lbIp to global.fqdn inside pods on clouds that provide static ip for loadbalancers. On cloud that provide only addresses to the LB this flag will enable a script to actively scan config.configmap.lbAddr and update the hosts file inside the pods automatically.", + "type": "boolean" + }, + "istio": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag that enables using istio side cars with Gluu services.", + "type": "boolean" + }, + "ingress": { + "description": "Boolean flag that enables using istio gateway for Gluu. This assumes istio ingress is installed and hence the LB is available.", + "type": "boolean" + }, + "namespace": { + "description": "The namespace istio is deployed in. The is normally istio-system.", + "type": "string", + "pattern": "^[a-z0-9-_/]+$" } - } - } - } - } - }, - "then":{ - "properties":{ - "config-api":{ - "required":[ - "image", - "replicas", - "resources" - ], - "type":"object", - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } + } + }, + "lbIp": { + "description": "The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable.", + "$ref": "#/definitions/ip-pattern" + }, + "nginx-ingress": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the nginx-ingress definitions chart.", + "type": "boolean" } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + } + }, + "opendj": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the OpenDJ chart.", + "type": "boolean" + }, + "ldapServiceName": { + "description": "Name of the OpenDJ service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + }, + "distribution": { + "description": "Gluu distributions supported are: default|openbanking.", + "type": "string", + "pattern": "^(default|openbanking)$" + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the persistence chart.", + "type": "boolean" } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + }, + "scim": { + "type": "object", + "properties": { + "enabled": { + "description": "Boolean flag to enable/disable the SCIM chart.", + "type": "boolean" + }, + "scimServiceName": { + "description": "Name of the scim service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + }, + "appLoggers": { + "type": "object", + "properties": { + "authLogTarget": { + "description": "jans-scim.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "authLogLevel": { + "description": "jans-scim.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceLogTarget": { + "description": "jans-scim_persistence.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceLogLevel": { + "description": "jans-scim_persistence.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "persistenceDurationLogTarget": { + "description": "jans-scim_persistence_duration.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "persistenceDurationLogLevel": { + "description": "jans-scim_persistence_duration.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "ldapStatsLogTarget": { + "description": "jans-scim_persistence_ldap_statistics.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "ldapStatsLogLevel": { + "description": "jans-scim_persistence_ldap_statistics.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + }, + "scriptLogTarget": { + "description": "jans-scim_script.log target", + "type": "string", + "pattern": "^(STDOUT|FILE)$" + }, + "scriptLogLevel": { + "description": "jans-scim_script.log level", + "type": "string", + "pattern": "^(FATAL|ERROR|WARN|INFO|DEBUG|TRACE)$" + } + } + }, + "ingress": { + "description": "Endpoint control", + "type": "object", + "properties": { + "scimEnabled": { + "description": "Enable SCIM endpoints /jans-scim", + "type": "boolean" + }, + "scimConfigEnabled": { + "description": "Enable endpoint /.well-known/scim-configuration", + "type": "boolean" + } + } } - } - } - } - } - }, - "else":true - }, - "fido2-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "fido2":{ - "properties":{ - "enabled":{ - "const":"true" - } + } + }, + "storageClass": { + "description": "StorageClass section for OpenDJ charts. This is not currently used by the openbanking distribution. You may specify custom parameters as needed.", + "type": "object", + "properties": { + "allowVolumeExpansion": { + "type": "boolean" + }, + "allowedTopologies": { + "type": "array", + "items": { + "type": "string" + } + }, + "mountOptions": { + "type": "array", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "pool": { + "type": "string" + }, + "storageAccountType": { + "type": "string" + }, + "type": { + "type": "string" + } + } + }, + "provisioner": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string" + }, + "volumeBindingMode": { + "type": "string" } - } - } - } + } + }, + "cnSqlPasswordFile": { + "description": "The location of file contains password for the SQL user config.configmap.cnSqlDbUser. The file path must end with sql_password.", + "type": "string", + "pattern": ".*sql_password\\b.*" + }, + "cnCouchbasePasswordFile": { + "description": "The location of the Couchbase user config.configmap.cnCouchbaseUser password. The file path must end with couchbase_password.", + "type": "string", + "pattern": ".*couchbase_password\\b.*" + }, + "cnCouchbaseSuperuserPasswordFile": { + "description": "The location of the Couchbase restricted user config.configmap.cnCouchbaseSuperUser password. The file path must end with couchbase_superuser_password.", + "type": "string", + "pattern": ".*couchbase_superuser_password\\b.*" + }, + "cnLdapPasswordFile": { + "description": "The location of the OpenDJ user password. The file path must end with ldap_password.", + "type": "string", + "pattern": ".*ldap_password\\b.*" + }, + "cnLdapTruststorePasswordFile": { + "description": "The location of the OpenDJ truststore password file. The file path must end with ldap_truststore_password.", + "type": "string", + "pattern": ".*ldap_truststore_password\\b.*" + }, + "cnLdapCertFile": { + "description": "The location of the OpenDJ certificate file. The file path must end with opendj.crt.", + "type": "string", + "pattern": ".*opendj.crt\\b.*" + }, + "cnLdapKeyFile": { + "description": "The location of the OpenDJ certificate file. The file path must end with opendj.key.", + "type": "string", + "pattern": ".*opendj.key\\b.*" + }, + "cnLdapCacertFile": { + "description": "The location of the OpenDJ certificate file. The file path must end with opendj.pem.", + "type": "string", + "pattern": ".*opendj.pem\\b.*" + }, + "cnLdapTruststoreFile": { + "description": "The location of the OpenDJ truststore file. The file path must end with opendj.pkcs12.", + "type": "string", + "pattern": ".*opendj.pkcs12\\b.*" + } } - }, - "then":{ - "properties":{ - "fido2":{ - "required":[ - "image", - "replicas", - "resources", - "service" - ], - "type":"object", - "properties":{ - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } - } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } - } - }, - "service":{ - "type":"object", - "properties":{ - "fido2ServiceName":{ - "description":"Name of the Fido2 service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - } - } - } - } - } + }, + "nginx-ingress": { + "description": "Nginx ingress definitions chart", + "type": "object", + "properties": {} + }, + "opendj": { + "description": "OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.", + "type": "object", + "properties": {} + }, + "persistence": { + "description": "Job to generate data and intial config for Gluu Server persistence layer.", + "type": "object", + "properties": {} + }, + "scim": { + "description": "System for Cross-domain Identity Management (SCIM) version 2.0", + "type": "object", + "properties": {} + }, + "kc-scheduler": { + "description": "Responsible for synchronizing Keycloak SAML clients", + "type": "object", + "properties": {} + } + }, + "allOf": [ + { + "$ref": "#/definitions/admin-ui-enabled" + }, + { + "$ref": "#/definitions/auth-server-enabled" + }, + { + "$ref": "#/definitions/auth-server-key-rotation-enabled" + }, + { + "$ref": "#/definitions/casa-enabled" + }, + { + "$ref": "#/definitions/config-api-enabled" + }, + { + "$ref": "#/definitions/fido2-enabled" + }, + { + "$ref": "#/definitions/nginx-ingress-enabled" + }, + { + "$ref": "#/definitions/opendj-enabled" + }, + { + "$ref": "#/definitions/persistence-enabled" + }, + { + "$ref": "#/definitions/scim-enabled" + }, + { + "$ref": "#/definitions/kc-scheduler-enabled" + } + ], + "definitions": { + "password": { + "anyOf": [ + { + "type": "string", + "minLength": 8, + "pattern": "", + "description": "Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol", + "errors": { + "minLength": "Password minimum 6 character", + "pattern": "Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "password-pattern": { + "type": "string", + "minLength": 6, + "pattern": "", + "errors": { + "minLength": "Password minimum 6 character", + "pattern": "Password does not meet requirements. The password must contain one digit, one uppercase letter, one lower case letter and one symbol" } - }, - "else":true - }, - "nginx-ingress-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "nginx-ingress":{ - "properties":{ - "enabled":{ - "const":"true" - } + }, + "email-format": { + "type": "string", + "format": "email" + }, + "fqdn-pattern": { + "anyOf": [ + { + "type": "string", + "errors": { + "pattern": "Setting not FQDN structured. Please enter a FQDN with the format demoexample.gluu.org" + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "url-pattern": { + "anyOf": [ + { + "type": "string", + "pattern": "(^|\\s)((https?:\\/\\/)?[\\w-]+(\\.[\\w-]+)+\\.?(:\\d+)?(\\/\\S*)?)", + "errors": { + "pattern": "URL pattern is not meeting standards." + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "ip-pattern": { + "anyOf": [ + { + "type": "string", + "pattern": "^(\\*|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))$", + "errors": { + "pattern": "Not a valid IP." + } + }, + { + "type": "string", + "maxLength": 0 + } + ] + }, + "admin-ui-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "admin-ui": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - } - } - } - } - }, - "then":{ - "properties":{ - "nginx-ingress":{ - "type":"object", - "properties":{ - "ingress":{ - "type":"object", - "required":[ - "additionalAnnotations", - "path", - "hosts", - "tls" + } + } + }, + "then": { + "properties": { + "admin-ui": { + "required": [ + "image", + "replicas", + "resources" ], - "properties":{ - "adminUiLabels":{ - "description":"Admin UI ingress resource labels. key app is taken.", - "type":"object" - }, - "openidConfigLabels":{ - "description":"openid-configuration ingress resource labels. key app is taken", - "type":"object" - }, - "uma2ConfigLabels":{ - "description":"uma2 config ingress resource labels. key app is taken", - "type":"object" - }, - "webfingerLabels":{ - "description":"webfinger ingress resource labels. key app is taken", - "type":"object" - }, - "webdiscoveryLabels":{ - "description":"webdiscovery ingress resource labels. key app is taken", - "type":"object" - }, - "scimConfigEnabled":{ - "description":"Enable endpoint /.well-known/scim-configuration", - "type":"boolean" - }, - "scimConfigLabels":{ - "description":"SCIM config ingress resource labels. key app is taken", - "type":"object" - }, - "scimLabels":{ - "description":"SCIM ingress resource labels. key app is taken", - "type":"object" - }, - "configApiLabels":{ - "description":"configAPI ingress resource labels. key app is taken", - "type":"object" - }, - "u2fConfigLabels":{ - "description":"u2f ingress resource labels. key app is taken", - "type":"object" - }, - "fido2ConfigLabels":{ - "description":"fido2 ingress resource labels. key app is taken", - "type":"object" - }, - "authServerLabels":{ - "description":"Auth server config ingress resource labels. key app is taken", - "type":"object" - }, - "authServerProtectedTokenLabels":{ - "description":"Auth server protected token ingress resource labels. key app is taken", - "type":"object" - }, - "authServerProtectedRedisterLabels":{ - "description":"Auth server protected token ingress resource labels. key app is taken", - "type":"object" - }, - "additionalAnnotations":{ - "description":"Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: \"letsencrypt-prod\"}", - "type":"object" - }, - "hosts":{ - "type":"array", - "items":{ - "$ref":"#/definitions/fqdn-pattern" - } - }, - "path":{ - "type":"string" - }, - "tls":{ - "description":"Secret holding HTTPS CA cert and key.", - "type":"array", - "items":{ - "type":"object", - "properties":{ - "hosts":{ - "type":"array", - "items":{ - "$ref":"#/definitions/fqdn-pattern" - } - }, - "secretName":{ - "type":"string", - "pattern":"^[a-z-]+$" + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" } - } - } - } - } - } - } - } - } - }, - "else":true - }, - "opendj-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "opendj":{ - "properties":{ - "enabled":{ - "const":"true" - } - } - } - } - } - } - }, - "then":{ - "properties":{ - "opendj":{ - "required":[ - "image", - "replicas", - "resources", - "service" - ], - "type":"object", - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } - } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } - } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - }, - "persistence":{ - "type":"object", - "properties":{ - "size":{ - "description":"OpenDJ volume size", - "type":"string", - "pattern":"^[0-9]Gi+$" - } + } + } + }, + "else": true + }, + "auth-server-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "auth-server": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "ports":{ - "type":"object", - "properties":{ - "tcp-admin":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "tcp-ldap":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "tcp-ldaps":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "tcp-repl":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "tcp-serf":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - }, - "udp-serf":{ - "type":"object", - "properties":{ - "nodePort":{ - "type":"string" - }, - "port":{ - "type":"integer" - }, - "protocol":{ - "type":"string" - }, - "targetPort":{ - "type":"integer" - } - } - } + } + } + }, + "then": { + "properties": { + "auth-server": { + "required": [ + "image", + "replicas", + "resources" + ], + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + } + }, + "else": true + }, + "auth-server-key-rotation-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "auth-server-key-rotation": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - } - } - } - } - }, - "else":true - }, - "persistence-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "persistence":{ - "properties":{ - "enabled":{ - "const":"true" - } + } + } + }, + "then": { + "properties": { + "auth-server-key-rotation": { + "properties": { + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "keysLife": { + "description": "Auth server key rotation keys life in hours", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } + }, + "required": [ + "image", + "resources", + "keysLife" + ] + } + } + }, + "else": true + }, + "casa-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "casa": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - } - } - } - } - }, - "then":{ - "properties":{ - "persistence":{ - "required":[ - "image", - "resources" - ], - "type":"object", - "properties":{ - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + } + } + }, + "then": { + "properties": { + "casa": { + "required": [ + "image", + "replicas", + "resources" + ], + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + } + }, + "else": true + }, + "config-api-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "config-api": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + } + }, + "then": { + "properties": { + "config-api": { + "required": [ + "image", + "replicas", + "resources" + ], + "type": "object", + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - } - } - } - } - }, - "else":true - }, - "scim-enabled":{ - "if":{ - "properties":{ - "global":{ - "properties":{ - "scim":{ - "properties":{ - "enabled":{ - "const":"true" - } + } + } + }, + "else": true + }, + "fido2-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "fido2": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - } - } - } - } - }, - "then":{ - "properties":{ - "scim":{ - "required":[ - "image", - "replicas", - "resources", - "service" - ], - "type":"object", - "properties":{ - "hpa":{ - "description":"Configure the HorizontalPodAutoscaler", - "type":"object", - "properties":{ - "enabled":{ - "type":"boolean" - }, - "minReplicas":{ - "type":"integer" - }, - "maxReplicas":{ - "type":"integer" - }, - "targetCPUUtilizationPercentage":{ - "type":"integer" - }, - "metrics":{ - "description":"metrics if targetCPUUtilizationPercentage is not set", - "type":"array" - }, - "behavior":{ - "description":"Scaling Policies", - "type":"object" - } + } + } + }, + "then": { + "properties": { + "fido2": { + "required": [ + "image", + "replicas", + "resources", + "service" + ], + "type": "object", + "properties": { + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "fido2ServiceName": { + "description": "Name of the Fido2 service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + } + } + } } - }, - "usrEnvs":{ - "description":"Add custom normal and secret envs to the service", - "type":"object", - "properties":{ - "normal":{ - "description":"Add custom normal envs to the service", - "type":"object" - }, - "secret":{ - "description":"Add custom secret envs to the service", - "type":"object" - } + } + } + }, + "else": true + }, + "nginx-ingress-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "nginx-ingress": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "dnsPolicy":{ - "description":"Add custom dns policy", - "type":"string", - "pattern":"^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig":{ - "description":"Add custom dns config", - "type":"object" - }, - "image":{ - "type":"object", - "properties":{ - "pullPolicy":{ - "description":"Image pullPolicy to use for deploying.", - "type":"string", - "pattern":"^(Always|Never|IfNotPresent)$" - }, - "repository":{ - "description":"Image to use for deploying", - "type":"string" - }, - "tag":{ - "description":"Image tag to use for deploying.", - "type":"string", - "pattern":"^[a-z0-9-_.]+$" - } + } + } + }, + "then": { + "properties": { + "nginx-ingress": { + "type": "object", + "properties": { + "ingress": { + "type": "object", + "required": [ + "additionalAnnotations", + "path", + "hosts", + "tls" + ], + "properties": { + "adminUiLabels": { + "description": "Admin UI ingress resource labels. key app is taken.", + "type": "object" + }, + "openidConfigLabels": { + "description": "openid-configuration ingress resource labels. key app is taken", + "type": "object" + }, + "uma2ConfigLabels": { + "description": "uma2 config ingress resource labels. key app is taken", + "type": "object" + }, + "webfingerLabels": { + "description": "webfinger ingress resource labels. key app is taken", + "type": "object" + }, + "webdiscoveryLabels": { + "description": "webdiscovery ingress resource labels. key app is taken", + "type": "object" + }, + "scimConfigEnabled": { + "description": "Enable endpoint /.well-known/scim-configuration", + "type": "boolean" + }, + "scimConfigLabels": { + "description": "SCIM config ingress resource labels. key app is taken", + "type": "object" + }, + "scimLabels": { + "description": "SCIM ingress resource labels. key app is taken", + "type": "object" + }, + "configApiLabels": { + "description": "configAPI ingress resource labels. key app is taken", + "type": "object" + }, + "u2fConfigLabels": { + "description": "u2f ingress resource labels. key app is taken", + "type": "object" + }, + "fido2ConfigLabels": { + "description": "fido2 ingress resource labels. key app is taken", + "type": "object" + }, + "authServerLabels": { + "description": "Auth server config ingress resource labels. key app is taken", + "type": "object" + }, + "authServerProtectedTokenLabels": { + "description": "Auth server protected token ingress resource labels. key app is taken", + "type": "object" + }, + "authServerProtectedRedisterLabels": { + "description": "Auth server protected token ingress resource labels. key app is taken", + "type": "object" + }, + "additionalAnnotations": { + "description": "Additional annotations that will be added across all ingress definitions in the format of {cert-manager.io/issuer: \"letsencrypt-prod\"}", + "type": "object" + }, + "hosts": { + "type": "array", + "items": { + "$ref": "#/definitions/fqdn-pattern" + } + }, + "path": { + "type": "string" + }, + "tls": { + "description": "Secret holding HTTPS CA cert and key.", + "type": "array", + "items": { + "type": "object", + "properties": { + "hosts": { + "type": "array", + "items": { + "$ref": "#/definitions/fqdn-pattern" + } + }, + "secretName": { + "type": "string", + "pattern": "^[a-z-]+$" + } + } + } + } + } + } } - }, - "replicas":{ - "description":"Service replica number.", - "type":"integer" - }, - "resources":{ - "description":"Resource specs.", - "type":"object", - "properties":{ - "limits":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU limit.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory limit.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - }, - "requests":{ - "type":"object", - "properties":{ - "cpu":{ - "description":"CPU request.", - "type":"string", - "pattern":"^[0-9m]+$" - }, - "memory":{ - "description":"Memory request.", - "type":"string", - "pattern":"^[0-9Mi]+$" - } - } - } + } + } + }, + "else": true + }, + "opendj-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "opendj": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - }, - "service":{ - "type":"object", - "properties":{ - "scimServiceName":{ - "description":"Name of the SCIM service. Please keep it as default.", - "type":"string", - "pattern":"^[a-z0-9-]+$" - } + } + } + }, + "then": { + "properties": { + "opendj": { + "required": [ + "image", + "replicas", + "resources", + "service" + ], + "type": "object", + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "description": "OpenDJ volume size", + "type": "string", + "pattern": "^[0-9]Gi+$" + } + } + }, + "ports": { + "type": "object", + "properties": { + "tcp-admin": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "tcp-ldap": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "tcp-ldaps": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "tcp-repl": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "tcp-serf": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + }, + "udp-serf": { + "type": "object", + "properties": { + "nodePort": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } } - } - } - } - } - }, - "else":true - }, - "kc-scheduler-enabled": { - "if": { - "properties": { - "global": { - "properties": { - "kc-scheduler": { - "properties": { - "enabled": { - "const": "true" } - } } - } - } - } + }, + "else": true }, - "then": { - "properties": { - "kc-scheduler": { - "properties": { - "usrEnvs": { - "description": "Add custom normal and secret envs to the service", - "type": "object", - "properties": { - "normal": { - "description": "Add custom normal envs to the service", - "type": "object" - }, - "secret": { - "description": "Add custom secret envs to the service", - "type": "object" + "persistence-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "persistence": { + "properties": { + "enabled": { + "const": "true" + } + } + } + } } - } - }, - "dnsPolicy": { - "description": "Add custom dns policy", - "type": "string", - "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" - }, - "dnsConfig": { - "description": "Add custom dns config", - "type": "object" - }, - "image": { - "type": "object", - "properties": { - "pullPolicy": { - "description": "Image pullPolicy to use for deploying.", - "type": "string", - "pattern": "^(Always|Never|IfNotPresent)$" - }, - "repository": { - "description": "Image to use for deploying", - "type": "string" - }, - "tag": { - "description": "Image tag to use for deploying.", - "type": "string", - "pattern": "^[a-z0-9-_.]+$" + } + }, + "then": { + "properties": { + "persistence": { + "required": [ + "image", + "resources" + ], + "type": "object", + "properties": { + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } + } } - } - }, - "interval": { - "description": "Interval of running the scheduler (in minutes)", - "type": "integer" - }, - "resources": { - "description": "Resource specs.", - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "description": "CPU limit.", - "type": "string", - "pattern": "^[0-9m]+$" - }, - "memory": { - "description": "Memory limit.", - "type": "string", - "pattern": "^[0-9Mi]+$" + } + }, + "else": true + }, + "scim-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "scim": { + "properties": { + "enabled": { + "const": "true" + } + } + } } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "description": "CPU request.", - "type": "string", - "pattern": "^[0-9m]+$" - }, - "memory": { - "description": "Memory request.", - "type": "string", - "pattern": "^[0-9Mi]+$" + } + } + }, + "then": { + "properties": { + "scim": { + "required": [ + "image", + "replicas", + "resources", + "service" + ], + "type": "object", + "properties": { + "hpa": { + "description": "Configure the HorizontalPodAutoscaler", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minReplicas": { + "type": "integer" + }, + "maxReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "metrics": { + "description": "metrics if targetCPUUtilizationPercentage is not set", + "type": "array" + }, + "behavior": { + "description": "Scaling Policies", + "type": "object" + } + } + }, + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "replicas": { + "description": "Service replica number.", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + }, + "service": { + "type": "object", + "properties": { + "scimServiceName": { + "description": "Name of the SCIM service. Please keep it as default.", + "type": "string", + "pattern": "^[a-z0-9-]+$" + } + } + } } - } } - } } - }, - "required": [ - "image", - "resources", - "interval" - ] - } - } + }, + "else": true }, - "else": true - } - } + "kc-scheduler-enabled": { + "if": { + "properties": { + "global": { + "properties": { + "kc-scheduler": { + "properties": { + "enabled": { + "const": "true" + } + } + } + } + } + } + }, + "then": { + "properties": { + "kc-scheduler": { + "properties": { + "usrEnvs": { + "description": "Add custom normal and secret envs to the service", + "type": "object", + "properties": { + "normal": { + "description": "Add custom normal envs to the service", + "type": "object" + }, + "secret": { + "description": "Add custom secret envs to the service", + "type": "object" + } + } + }, + "dnsPolicy": { + "description": "Add custom dns policy", + "type": "string", + "pattern": "^(Default|ClusterFirst|ClusterFirstWithHostNet|None|)$" + }, + "dnsConfig": { + "description": "Add custom dns config", + "type": "object" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "description": "Image pullPolicy to use for deploying.", + "type": "string", + "pattern": "^(Always|Never|IfNotPresent)$" + }, + "repository": { + "description": "Image to use for deploying", + "type": "string" + }, + "tag": { + "description": "Image tag to use for deploying.", + "type": "string", + "pattern": "^[a-z0-9-_.]+$" + } + } + }, + "interval": { + "description": "Interval of running the scheduler (in minutes)", + "type": "integer" + }, + "resources": { + "description": "Resource specs.", + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory limit.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "description": "CPU request.", + "type": "string", + "pattern": "^[0-9m]+$" + }, + "memory": { + "description": "Memory request.", + "type": "string", + "pattern": "^[0-9Mi]+$" + } + } + } + } + } + }, + "required": [ + "image", + "resources", + "interval" + ] + } + } + }, + "else": true + } + } }