---
# Source: external-secrets/charts/external-secrets/templates/crds/mfa.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.19.0
  labels:
    external-secrets.io/component: controller
  name: mfas.generators.external-secrets.io
spec:
  group: generators.external-secrets.io
  names:
    categories:
      - external-secrets
      - external-secrets-generators
    kind: MFA
    listKind: MFAList
    plural: mfas
    singular: mfa
  scope: Namespaced
  versions:
    - name: v1alpha1
      schema:
        openAPIV3Schema:
          description: MFA generates a new TOTP token that is compliant with RFC 6238.
          properties:
            apiVersion:
              description: |-
                APIVersion defines the versioned schema of this representation of an object.
                Servers should convert recognized schemas to the latest internal value, and
                may reject unrecognized values.
                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
              type: string
            kind:
              description: |-
                Kind is a string value representing the REST resource this object represents.
                Servers may infer this from the endpoint the client submits requests to.
                Cannot be updated.
                In CamelCase.
                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
              type: string
            metadata:
              type: object
            spec:
              description: MFASpec controls the behavior of the mfa generator.
              properties:
                algorithm:
                  description: Algorithm to use for encoding. Defaults to SHA1 as per the RFC.
                  type: string
                length:
                  description: Length defines the token length. Defaults to 6 characters.
                  type: integer
                secret:
                  description: Secret is a secret selector to a secret containing the seed secret to generate the TOTP value from.
                  properties:
                    key:
                      description: |-
                        A key in the referenced Secret.
                        Some instances of this field may be defaulted, in others it may be required.
                      maxLength: 253
                      minLength: 1
                      pattern: ^[-._a-zA-Z0-9]+$
                      type: string
                    name:
                      description: The name of the Secret resource being referred to.
                      maxLength: 253
                      minLength: 1
                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                      type: string
                    namespace:
                      description: |-
                        The namespace of the Secret resource being referred to.
                        Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
                      maxLength: 63
                      minLength: 1
                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                      type: string
                  type: object
                timePeriod:
                  description: TimePeriod defines how long the token can be active. Defaults to 30 seconds.
                  type: integer
                when:
                  description: When defines a time parameter that can be used to pin the origin time of the generated token.
                  format: date-time
                  type: string
              required:
                - secret
              type: object
          type: object
      served: true
      storage: true
      subresources:
        status: {}