Skip to content

Commit 3889fb8

Browse files
fgiorgettifgiorgetti
authored
Add documentation to AccessGrant CRD (skupperproject#2226)
* Add documentation to AccessGrant CRD * Addressed review feedback * Feedback on redemptionsAllowed description
1 parent cdbea16 commit 3889fb8

1 file changed

Lines changed: 48 additions & 1 deletion

File tree

config/crd/bases/skupper_access_grant_crd.yaml

Lines changed: 48 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,44 +10,91 @@ spec:
1010
storage: true
1111
schema:
1212
openAPIV3Schema:
13-
description: "Permission to redeem access tokens for links to the local site"
13+
description: |-
14+
Permission to redeem access tokens for links to the local site.
15+
A remote site can use a token containing the grant URL and secret
16+
code to obtain a certificate signed by the grant's certificate authority (CA),
17+
within a certain expiration window and for a limited number of redemptions.
18+
19+
The code, url, and ca properties of the resource status are used to generate access tokens from the grant.
1420
type: object
1521
properties:
1622
spec:
1723
type: object
1824
properties:
1925
redemptionsAllowed:
26+
description: |-
27+
The maximum number of times an access token for this grant can be redeemed.
28+
The default value is `1`.
2029
type: integer
2130
expirationWindow:
31+
description: |-
32+
The period of time in which an access token for this grant can be redeemed.
33+
The default value is `15m`.
2234
type: string
2335
format: duration
2436
code:
37+
description: |-
38+
Advanced. The secret code to use to authenticate access tokens submitted for redemption.
39+
If not set, a value is generated and placed in the code status property.
2540
type: string
2641
issuer:
42+
description: |-
43+
Advanced. The name of a Kubernetes secret used to generate a certificate when redeeming a token for this grant.
44+
If not set, `defaultIssuer` on the Site resource is used.
2745
type: string
2846
settings:
47+
description: |-
48+
Advanced. A map containing additional settings. Each map
49+
entry has a string name and a string value.
50+
51+
**Note:** In general, we recommend not changing `settings`
52+
from their default values.
2953
type: object
3054
additionalProperties:
3155
type: string
3256
status:
3357
type: object
3458
properties:
3559
url:
60+
description: |-
61+
The URL of the token-redemption service for this grant.
3662
type: string
3763
code:
64+
description: |-
65+
The secret code used to authenticate access tokens submitted for redemption.
3866
type: string
3967
ca:
68+
description: |-
69+
The trusted server certificate of the token-redemption service for this grant.
4070
type: string
4171
redemptions:
72+
description: |-
73+
The number of times a token for this grant has been redeemed.
4274
type: integer
4375
expirationTime:
76+
description: |-
77+
The point in time when the grant expires.
4478
type: string
4579
format: date-time
4680
status:
81+
description: |-
82+
The current state of the resource.
83+
- `Pending`: The resource is being processed.
84+
- `Error`: There was an error processing the resource. See `message` for more information.
85+
- `Ready`: The resource is ready to use.
4786
type: string
4887
message:
88+
description: |-
89+
A human-readable status message. Error messages are reported here.
4990
type: string
5091
conditions:
92+
description: |-
93+
A set of named conditions describing the current state of the resource.
94+
95+
- `Processed`: The controller has accepted the grant.
96+
- `Resolved`: The grant service is available to process tokens for this grant.
97+
- `Ready`: The grant is ready to use. All other conditions are true.
5198
type: array
5299
items:
53100
type: object

0 commit comments

Comments
 (0)