--- # Source: rook-ceph/charts/rook-ceph/templates/resources.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.19.0 helm.sh/resource-policy: keep name: cephobjectstoreusers.ceph.rook.io spec: group: ceph.rook.io names: kind: CephObjectStoreUser listKind: CephObjectStoreUserList plural: cephobjectstoreusers shortNames: - rcou - objectuser - cephosu singular: cephobjectstoreuser scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.phase name: Phase type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1 schema: openAPIV3Schema: description: CephObjectStoreUser represents a Ceph Object Store Gateway User properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ObjectStoreUserSpec represent the spec of an Objectstoreuser properties: capabilities: description: Additional admin-level capabilities for the Ceph object store user nullable: true properties: amz-cache: description: Add capabilities for user to send request to RGW Cache API header. Documented in https://docs.ceph.com/en/latest/radosgw/rgw-cache/#cache-api enum: - '*' - read - write - read, write type: string bilog: description: Add capabilities for user to change bucket index logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string bucket: description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string buckets: description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string datalog: description: Add capabilities for user to change data logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string info: description: Admin capabilities to read/write information about the user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string mdlog: description: Add capabilities for user to change metadata logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string metadata: description: Admin capabilities to read/write Ceph object store metadata. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string oidc-provider: description: Add capabilities for user to change oidc provider. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string ratelimit: description: Add capabilities for user to set rate limiter for user and bucket. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string roles: description: Admin capabilities to read/write roles for user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string usage: description: Admin capabilities to read/write Ceph object store usage. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string user: description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string user-policy: description: Add capabilities for user to change user policies. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string users: description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string zone: description: Admin capabilities to read/write Ceph object store zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' - read - write - read, write type: string type: object clusterNamespace: description: The namespace where the parent CephCluster and CephObjectStore are found type: string displayName: description: The display name for the ceph user. type: string keys: description: |- Allows specifying credentials for the user. If not provided, the operator will generate them. items: description: |- ObjectUserKey defines a set of rgw user access credentials to be retrieved from secret resources. properties: accessKeyRef: description: Secret key selector for the access_key (commonly referred to as AWS_ACCESS_KEY_ID). properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secretKeyRef: description: Secret key selector for the secret_key (commonly referred to as AWS_SECRET_ACCESS_KEY). properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object type: array quotas: description: ObjectUserQuotaSpec can be used to set quotas for the object store user to limit their usage. See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/?#quota-management) for more nullable: true properties: maxBuckets: description: Maximum bucket limit for the ceph user nullable: true type: integer maxObjects: description: Maximum number of objects across all the user's buckets format: int64 nullable: true type: integer maxSize: anyOf: - type: integer - type: string description: |- Maximum size limit of all objects across all the user's buckets See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info. nullable: true pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object store: description: The store the user will be created in type: string type: object status: description: ObjectStoreUserStatus represents the status Ceph Object Store Gateway User properties: info: additionalProperties: type: string nullable: true type: object keys: items: properties: name: description: name is unique within a namespace to reference a secret resource. type: string namespace: description: namespace defines the space within which the secret name must be unique. type: string resourceVersion: type: string uid: description: |- UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. type: string type: object x-kubernetes-map-type: atomic nullable: true type: array observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer phase: type: string type: object x-kubernetes-preserve-unknown-fields: true required: - metadata - spec type: object served: true storage: true subresources: status: {}