diff --git a/CHANGELOG.md b/CHANGELOG.md index 749c849e..e0abf753 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,40 @@ - Add `KafkaTopic` field `config.local_retention_bytes`, type `integer`: local.retention.bytes value - Add `KafkaTopic` field `config.local_retention_ms`, type `integer`: local.retention.ms value - Add `KafkaTopic` field `config.remote_storage_enable`, type `boolean`: remote_storage_enable +- Change `Cassandra` field `userConfig.cassandra_version`: pattern `^[0-9]+(\.[0-9]+)?$` +- Change `Cassandra` field `userConfig.project_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `Cassandra` field `userConfig.service_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `Cassandra` field `userConfig.service_to_join_with`: pattern `^[a-z][-a-z0-9]{0,63}$` +- Change `Clickhouse` field `userConfig.project_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `Clickhouse` field `userConfig.service_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `Grafana` field `userConfig.project_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `Grafana` field `userConfig.service_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `Kafka` field `userConfig.kafka.sasl_oauthbearer_expected_audience`: pattern `^[^\r\n]*$` +- Change `Kafka` field `userConfig.kafka.sasl_oauthbearer_expected_issuer`: pattern `^[^\r\n]*$` +- Change `Kafka` field `userConfig.kafka.sasl_oauthbearer_sub_claim_name`: pattern `^[^\r\n]*$` +- Change `MySQL` field `userConfig.mysql.default_time_zone`: pattern `^([-+][\d:]*|[\w/]*)$` +- Change `MySQL` field `userConfig.project_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `MySQL` field `userConfig.service_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `OpenSearch` field `userConfig.openid.client_id`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.openid.client_secret`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.openid.header`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.openid.jwt_header`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.openid.jwt_url_parameter`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.openid.roles_key`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.openid.scope`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.openid.subject_key`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.project_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `OpenSearch` field `userConfig.saml.idp_entity_id`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.saml.roles_key`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.saml.sp_entity_id`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.saml.subject_key`: pattern `^[^\r\n]*$` +- Change `OpenSearch` field `userConfig.service_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `PostgreSQL` field `userConfig.pg.timezone`: pattern `^[\w/]*$` +- Change `PostgreSQL` field `userConfig.pg_service_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `PostgreSQL` field `userConfig.project_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `PostgreSQL` field `userConfig.service_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `Redis` field `userConfig.project_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` +- Change `Redis` field `userConfig.service_to_fork_from`: pattern `^[a-z][-a-z0-9]{0,63}$|^$` ## v0.17.0 - 2024-02-01 diff --git a/api/v1alpha1/userconfig/service/cassandra/cassandra.go b/api/v1alpha1/userconfig/service/cassandra/cassandra.go index e9d85136..70a31c8c 100644 --- a/api/v1alpha1/userconfig/service/cassandra/cassandra.go +++ b/api/v1alpha1/userconfig/service/cassandra/cassandra.go @@ -61,6 +61,7 @@ type CassandraUserConfig struct { // cassandra configuration values Cassandra *Cassandra `groups:"create,update" json:"cassandra,omitempty"` + // +kubebuilder:validation:Pattern=`^[0-9]+(\.[0-9]+)?$` // +kubebuilder:validation:Enum="4";"4.1" // Cassandra version CassandraVersion *string `groups:"create,update" json:"cassandra_version,omitempty"` @@ -76,6 +77,7 @@ type CassandraUserConfig struct { PrivateAccess *PrivateAccess `groups:"create,update" json:"private_access,omitempty"` // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another project to fork a service from. This has effect only when a new service is being created. ProjectToForkFrom *string `groups:"create" json:"project_to_fork_from,omitempty"` @@ -87,11 +89,13 @@ type CassandraUserConfig struct { ServiceLog *bool `groups:"create,update" json:"service_log,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another service to fork from. This has effect only when a new service is being created. ServiceToForkFrom *string `groups:"create" json:"service_to_fork_from,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$` // When bootstrapping, instead of creating a new Cassandra cluster try to join an existing one from another service. Can only be set on service creation. ServiceToJoinWith *string `groups:"create,update" json:"service_to_join_with,omitempty"` diff --git a/api/v1alpha1/userconfig/service/clickhouse/clickhouse.go b/api/v1alpha1/userconfig/service/clickhouse/clickhouse.go index 7d3b0358..6495871b 100644 --- a/api/v1alpha1/userconfig/service/clickhouse/clickhouse.go +++ b/api/v1alpha1/userconfig/service/clickhouse/clickhouse.go @@ -75,6 +75,7 @@ type ClickhouseUserConfig struct { PrivatelinkAccess *PrivatelinkAccess `groups:"create,update" json:"privatelink_access,omitempty"` // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another project to fork a service from. This has effect only when a new service is being created. ProjectToForkFrom *string `groups:"create" json:"project_to_fork_from,omitempty"` @@ -86,6 +87,7 @@ type ClickhouseUserConfig struct { ServiceLog *bool `groups:"create,update" json:"service_log,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another service to fork from. This has effect only when a new service is being created. ServiceToForkFrom *string `groups:"create" json:"service_to_fork_from,omitempty"` diff --git a/api/v1alpha1/userconfig/service/grafana/grafana.go b/api/v1alpha1/userconfig/service/grafana/grafana.go index 0919db9b..8b2d72d3 100644 --- a/api/v1alpha1/userconfig/service/grafana/grafana.go +++ b/api/v1alpha1/userconfig/service/grafana/grafana.go @@ -402,6 +402,7 @@ type GrafanaUserConfig struct { PrivatelinkAccess *PrivatelinkAccess `groups:"create,update" json:"privatelink_access,omitempty"` // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another project to fork a service from. This has effect only when a new service is being created. ProjectToForkFrom *string `groups:"create" json:"project_to_fork_from,omitempty"` @@ -418,6 +419,7 @@ type GrafanaUserConfig struct { ServiceLog *bool `groups:"create,update" json:"service_log,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another service to fork from. This has effect only when a new service is being created. ServiceToForkFrom *string `groups:"create" json:"service_to_fork_from,omitempty"` diff --git a/api/v1alpha1/userconfig/service/kafka/kafka.go b/api/v1alpha1/userconfig/service/kafka/kafka.go index 7182298c..fb48831a 100644 --- a/api/v1alpha1/userconfig/service/kafka/kafka.go +++ b/api/v1alpha1/userconfig/service/kafka/kafka.go @@ -187,10 +187,12 @@ type Kafka struct { ReplicaFetchResponseMaxBytes *int `groups:"create,update" json:"replica_fetch_response_max_bytes,omitempty"` // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences. SaslOauthbearerExpectedAudience *string `groups:"create,update" json:"sasl_oauthbearer_expected_audience,omitempty"` // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // Optional setting for the broker to use to verify that the JWT was created by the expected issuer. SaslOauthbearerExpectedIssuer *string `groups:"create,update" json:"sasl_oauthbearer_expected_issuer,omitempty"` @@ -199,6 +201,7 @@ type Kafka struct { SaslOauthbearerJwksEndpointUrl *string `groups:"create,update" json:"sasl_oauthbearer_jwks_endpoint_url,omitempty"` // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // Name of the scope from which to extract the subject claim from the JWT. Defaults to sub. SaslOauthbearerSubClaimName *string `groups:"create,update" json:"sasl_oauthbearer_sub_claim_name,omitempty"` diff --git a/api/v1alpha1/userconfig/service/mysql/mysql.go b/api/v1alpha1/userconfig/service/mysql/mysql.go index ff1016c3..217eb4e5 100644 --- a/api/v1alpha1/userconfig/service/mysql/mysql.go +++ b/api/v1alpha1/userconfig/service/mysql/mysql.go @@ -58,6 +58,7 @@ type Mysql struct { // +kubebuilder:validation:MinLength=2 // +kubebuilder:validation:MaxLength=100 + // +kubebuilder:validation:Pattern=`^([-+][\d:]*|[\w/]*)$` // Default server time zone as an offset from UTC (from -12:00 to +12:00), a time zone name, or 'SYSTEM' to use the MySQL server default. DefaultTimeZone *string `groups:"create,update" json:"default_time_zone,omitempty"` @@ -281,6 +282,7 @@ type MysqlUserConfig struct { PrivatelinkAccess *PrivatelinkAccess `groups:"create,update" json:"privatelink_access,omitempty"` // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another project to fork a service from. This has effect only when a new service is being created. ProjectToForkFrom *string `groups:"create" json:"project_to_fork_from,omitempty"` @@ -297,6 +299,7 @@ type MysqlUserConfig struct { ServiceLog *bool `groups:"create,update" json:"service_log,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another service to fork from. This has effect only when a new service is being created. ServiceToForkFrom *string `groups:"create" json:"service_to_fork_from,omitempty"` diff --git a/api/v1alpha1/userconfig/service/opensearch/opensearch.go b/api/v1alpha1/userconfig/service/opensearch/opensearch.go index 8e52b318..446c3116 100644 --- a/api/v1alpha1/userconfig/service/opensearch/opensearch.go +++ b/api/v1alpha1/userconfig/service/opensearch/opensearch.go @@ -52,11 +52,13 @@ type IpFilter struct { type Openid struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The ID of the OpenID Connect client configured in your IdP. Required. ClientId string `groups:"create,update" json:"client_id"` // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The client secret of the OpenID Connect client configured in your IdP. Required. ClientSecret string `groups:"create,update" json:"client_secret"` @@ -69,16 +71,19 @@ type Openid struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // HTTP header name of the JWT token. Optional. Default is Authorization. Header *string `groups:"create,update" json:"header,omitempty"` // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer . Optional. Default is Authorization. JwtHeader *string `groups:"create,update" json:"jwt_header,omitempty"` // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional. JwtUrlParameter *string `groups:"create,update" json:"jwt_url_parameter,omitempty"` @@ -92,16 +97,19 @@ type Openid struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT RolesKey *string `groups:"create,update" json:"roles_key,omitempty"` // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone. Scope *string `groups:"create,update" json:"scope,omitempty"` // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional. SubjectKey *string `groups:"create,update" json:"subject_key,omitempty"` } @@ -433,6 +441,7 @@ type Saml struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP. IdpEntityId string `groups:"create,update" json:"idp_entity_id"` @@ -447,16 +456,19 @@ type Saml struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions. RolesKey *string `groups:"create,update" json:"roles_key,omitempty"` // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP. SpEntityId string `groups:"create,update" json:"sp_entity_id"` // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Pattern=`^[^\r\n]*$` // Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default. SubjectKey *string `groups:"create,update" json:"subject_key,omitempty"` } @@ -511,6 +523,7 @@ type OpensearchUserConfig struct { PrivatelinkAccess *PrivatelinkAccess `groups:"create,update" json:"privatelink_access,omitempty"` // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another project to fork a service from. This has effect only when a new service is being created. ProjectToForkFrom *string `groups:"create" json:"project_to_fork_from,omitempty"` @@ -530,6 +543,7 @@ type OpensearchUserConfig struct { ServiceLog *bool `groups:"create,update" json:"service_log,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another service to fork from. This has effect only when a new service is being created. ServiceToForkFrom *string `groups:"create" json:"service_to_fork_from,omitempty"` diff --git a/api/v1alpha1/userconfig/service/pg/pg.go b/api/v1alpha1/userconfig/service/pg/pg.go index e884a7a2..3257b1c5 100644 --- a/api/v1alpha1/userconfig/service/pg/pg.go +++ b/api/v1alpha1/userconfig/service/pg/pg.go @@ -254,6 +254,7 @@ type Pg struct { TempFileLimit *int `groups:"create,update" json:"temp_file_limit,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[\w/]*$` // PostgreSQL service timezone Timezone *string `groups:"create,update" json:"timezone,omitempty"` @@ -451,6 +452,7 @@ type PgUserConfig struct { PgReadReplica *bool `groups:"create,update" json:"pg_read_replica,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created. PgServiceToForkFrom *string `groups:"create" json:"pg_service_to_fork_from,omitempty"` @@ -475,6 +477,7 @@ type PgUserConfig struct { PrivatelinkAccess *PrivatelinkAccess `groups:"create,update" json:"privatelink_access,omitempty"` // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another project to fork a service from. This has effect only when a new service is being created. ProjectToForkFrom *string `groups:"create" json:"project_to_fork_from,omitempty"` @@ -491,6 +494,7 @@ type PgUserConfig struct { ServiceLog *bool `groups:"create,update" json:"service_log,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another service to fork from. This has effect only when a new service is being created. ServiceToForkFrom *string `groups:"create" json:"service_to_fork_from,omitempty"` diff --git a/api/v1alpha1/userconfig/service/redis/redis.go b/api/v1alpha1/userconfig/service/redis/redis.go index f9e2a989..faa11e71 100644 --- a/api/v1alpha1/userconfig/service/redis/redis.go +++ b/api/v1alpha1/userconfig/service/redis/redis.go @@ -95,6 +95,7 @@ type RedisUserConfig struct { PrivatelinkAccess *PrivatelinkAccess `groups:"create,update" json:"privatelink_access,omitempty"` // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another project to fork a service from. This has effect only when a new service is being created. ProjectToForkFrom *string `groups:"create" json:"project_to_fork_from,omitempty"` @@ -165,6 +166,7 @@ type RedisUserConfig struct { ServiceLog *bool `groups:"create,update" json:"service_log,omitempty"` // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`^[a-z][-a-z0-9]{0,63}$|^$` // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable" // Name of another service to fork from. This has effect only when a new service is being created. ServiceToForkFrom *string `groups:"create" json:"service_to_fork_from,omitempty"` diff --git a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml index bd7921ab..162e0f01 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml @@ -273,6 +273,7 @@ spec: enum: - "4" - "4.1" + pattern: ^[0-9]+(\.[0-9]+)?$ type: string ip_filter: description: @@ -319,6 +320,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -345,6 +347,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -355,6 +358,7 @@ spec: cluster try to join an existing one from another service. Can only be set on service creation. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$ type: string static_ips: description: Use static public IP addresses diff --git a/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml b/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml index df6d2af8..aa63e029 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_clickhouses.yaml @@ -288,6 +288,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -332,6 +333,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml b/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml index b7ce60f1..2898ab2f 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml @@ -705,6 +705,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -736,6 +737,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml b/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml index a65917c1..2b3df0a3 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_kafkas.yaml @@ -552,12 +552,14 @@ spec: broker to use to verify that the JWT was issued for one of the expected audiences. maxLength: 128 + pattern: ^[^\r\n]*$ type: string sasl_oauthbearer_expected_issuer: description: Optional setting for the broker to use to verify that the JWT was created by the expected issuer. maxLength: 128 + pattern: ^[^\r\n]*$ type: string sasl_oauthbearer_jwks_endpoint_url: description: @@ -571,6 +573,7 @@ spec: Name of the scope from which to extract the subject claim from the JWT. Defaults to sub. maxLength: 128 + pattern: ^[^\r\n]*$ type: string socket_request_max_bytes: description: diff --git a/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml b/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml index 8b4e5852..a578b08c 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_mysqls.yaml @@ -367,6 +367,7 @@ spec: use the MySQL server default. maxLength: 100 minLength: 2 + pattern: ^([-+][\d:]*|[\w/]*)$ type: string group_concat_max_len: description: @@ -623,6 +624,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -670,6 +672,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml b/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml index f209c715..b84b45b1 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_opensearches.yaml @@ -329,6 +329,7 @@ spec: in your IdP. Required. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string client_secret: description: @@ -336,6 +337,7 @@ spec: configured in your IdP. Required. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string connect_url: description: @@ -355,6 +357,7 @@ spec: Default is Authorization. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string jwt_header: description: @@ -363,6 +366,7 @@ spec: Bearer . Optional. Default is Authorization." maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string jwt_url_parameter: description: @@ -371,6 +375,7 @@ spec: here. Optional. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string refresh_rate_limit_count: description: @@ -393,6 +398,7 @@ spec: JWT maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string scope: description: @@ -400,6 +406,7 @@ spec: IdP. Optional. Default is openid profile email address phone. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string subject_key: description: @@ -408,6 +415,7 @@ spec: Most IdP providers use the preferred_username claim. Optional. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string required: - client_id @@ -875,6 +883,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -924,6 +933,7 @@ spec: value is typically provided by the IdP. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string idp_metadata_url: description: @@ -951,6 +961,7 @@ spec: Providers (IdPs) to determine user access levels or permissions. maxLength: 256 minLength: 1 + pattern: ^[^\r\n]*$ type: string sp_entity_id: description: @@ -959,6 +970,7 @@ spec: is typically provided by the SP. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string subject_key: description: @@ -967,6 +979,7 @@ spec: configured, the NameID attribute is used by default. maxLength: 256 minLength: 1 + pattern: ^[^\r\n]*$ type: string required: - enabled @@ -984,6 +997,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml b/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml index a9358229..9d2020f3 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_postgresqls.yaml @@ -664,6 +664,7 @@ spec: timezone: description: PostgreSQL service timezone maxLength: 64 + pattern: ^[\w/]*$ type: string track_activity_query_size: description: @@ -752,6 +753,7 @@ spec: use service_to_fork_from). This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -897,6 +899,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -944,6 +947,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml index c8f61836..29134443 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_redis.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_redis.yaml @@ -325,6 +325,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -449,6 +450,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/config/crd/bases/aiven.io_cassandras.yaml b/config/crd/bases/aiven.io_cassandras.yaml index bd7921ab..162e0f01 100644 --- a/config/crd/bases/aiven.io_cassandras.yaml +++ b/config/crd/bases/aiven.io_cassandras.yaml @@ -273,6 +273,7 @@ spec: enum: - "4" - "4.1" + pattern: ^[0-9]+(\.[0-9]+)?$ type: string ip_filter: description: @@ -319,6 +320,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -345,6 +347,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -355,6 +358,7 @@ spec: cluster try to join an existing one from another service. Can only be set on service creation. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$ type: string static_ips: description: Use static public IP addresses diff --git a/config/crd/bases/aiven.io_clickhouses.yaml b/config/crd/bases/aiven.io_clickhouses.yaml index df6d2af8..aa63e029 100644 --- a/config/crd/bases/aiven.io_clickhouses.yaml +++ b/config/crd/bases/aiven.io_clickhouses.yaml @@ -288,6 +288,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -332,6 +333,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/config/crd/bases/aiven.io_grafanas.yaml b/config/crd/bases/aiven.io_grafanas.yaml index b7ce60f1..2898ab2f 100644 --- a/config/crd/bases/aiven.io_grafanas.yaml +++ b/config/crd/bases/aiven.io_grafanas.yaml @@ -705,6 +705,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -736,6 +737,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/config/crd/bases/aiven.io_kafkas.yaml b/config/crd/bases/aiven.io_kafkas.yaml index a65917c1..2b3df0a3 100644 --- a/config/crd/bases/aiven.io_kafkas.yaml +++ b/config/crd/bases/aiven.io_kafkas.yaml @@ -552,12 +552,14 @@ spec: broker to use to verify that the JWT was issued for one of the expected audiences. maxLength: 128 + pattern: ^[^\r\n]*$ type: string sasl_oauthbearer_expected_issuer: description: Optional setting for the broker to use to verify that the JWT was created by the expected issuer. maxLength: 128 + pattern: ^[^\r\n]*$ type: string sasl_oauthbearer_jwks_endpoint_url: description: @@ -571,6 +573,7 @@ spec: Name of the scope from which to extract the subject claim from the JWT. Defaults to sub. maxLength: 128 + pattern: ^[^\r\n]*$ type: string socket_request_max_bytes: description: diff --git a/config/crd/bases/aiven.io_mysqls.yaml b/config/crd/bases/aiven.io_mysqls.yaml index 8b4e5852..a578b08c 100644 --- a/config/crd/bases/aiven.io_mysqls.yaml +++ b/config/crd/bases/aiven.io_mysqls.yaml @@ -367,6 +367,7 @@ spec: use the MySQL server default. maxLength: 100 minLength: 2 + pattern: ^([-+][\d:]*|[\w/]*)$ type: string group_concat_max_len: description: @@ -623,6 +624,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -670,6 +672,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/config/crd/bases/aiven.io_opensearches.yaml b/config/crd/bases/aiven.io_opensearches.yaml index f209c715..b84b45b1 100644 --- a/config/crd/bases/aiven.io_opensearches.yaml +++ b/config/crd/bases/aiven.io_opensearches.yaml @@ -329,6 +329,7 @@ spec: in your IdP. Required. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string client_secret: description: @@ -336,6 +337,7 @@ spec: configured in your IdP. Required. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string connect_url: description: @@ -355,6 +357,7 @@ spec: Default is Authorization. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string jwt_header: description: @@ -363,6 +366,7 @@ spec: Bearer . Optional. Default is Authorization." maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string jwt_url_parameter: description: @@ -371,6 +375,7 @@ spec: here. Optional. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string refresh_rate_limit_count: description: @@ -393,6 +398,7 @@ spec: JWT maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string scope: description: @@ -400,6 +406,7 @@ spec: IdP. Optional. Default is openid profile email address phone. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string subject_key: description: @@ -408,6 +415,7 @@ spec: Most IdP providers use the preferred_username claim. Optional. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string required: - client_id @@ -875,6 +883,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -924,6 +933,7 @@ spec: value is typically provided by the IdP. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string idp_metadata_url: description: @@ -951,6 +961,7 @@ spec: Providers (IdPs) to determine user access levels or permissions. maxLength: 256 minLength: 1 + pattern: ^[^\r\n]*$ type: string sp_entity_id: description: @@ -959,6 +970,7 @@ spec: is typically provided by the SP. maxLength: 1024 minLength: 1 + pattern: ^[^\r\n]*$ type: string subject_key: description: @@ -967,6 +979,7 @@ spec: configured, the NameID attribute is used by default. maxLength: 256 minLength: 1 + pattern: ^[^\r\n]*$ type: string required: - enabled @@ -984,6 +997,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/config/crd/bases/aiven.io_postgresqls.yaml b/config/crd/bases/aiven.io_postgresqls.yaml index a9358229..9d2020f3 100644 --- a/config/crd/bases/aiven.io_postgresqls.yaml +++ b/config/crd/bases/aiven.io_postgresqls.yaml @@ -664,6 +664,7 @@ spec: timezone: description: PostgreSQL service timezone maxLength: 64 + pattern: ^[\w/]*$ type: string track_activity_query_size: description: @@ -752,6 +753,7 @@ spec: use service_to_fork_from). This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -897,6 +899,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -944,6 +947,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/config/crd/bases/aiven.io_redis.yaml b/config/crd/bases/aiven.io_redis.yaml index c8f61836..29134443 100644 --- a/config/crd/bases/aiven.io_redis.yaml +++ b/config/crd/bases/aiven.io_redis.yaml @@ -325,6 +325,7 @@ spec: Name of another project to fork a service from. This has effect only when a new service is being created. maxLength: 63 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable @@ -449,6 +450,7 @@ spec: Name of another service to fork from. This has effect only when a new service is being created. maxLength: 64 + pattern: ^[a-z][-a-z0-9]{0,63}$|^$ type: string x-kubernetes-validations: - message: Value is immutable diff --git a/docs/docs/api-reference/cassandra.md b/docs/docs/api-reference/cassandra.md index e4641a4a..3a8cf86c 100644 --- a/docs/docs/api-reference/cassandra.md +++ b/docs/docs/api-reference/cassandra.md @@ -152,15 +152,15 @@ Cassandra specific user configuration options. - [`backup_hour`](#spec.userConfig.backup_hour-property){: name='spec.userConfig.backup_hour-property'} (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed. - [`backup_minute`](#spec.userConfig.backup_minute-property){: name='spec.userConfig.backup_minute-property'} (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed. - [`cassandra`](#spec.userConfig.cassandra-property){: name='spec.userConfig.cassandra-property'} (object). cassandra configuration values. See below for [nested schema](#spec.userConfig.cassandra). -- [`cassandra_version`](#spec.userConfig.cassandra_version-property){: name='spec.userConfig.cassandra_version-property'} (string, Enum: `4`, `4.1`). Cassandra version. +- [`cassandra_version`](#spec.userConfig.cassandra_version-property){: name='spec.userConfig.cassandra_version-property'} (string, Enum: `4`, `4.1`, Pattern: `^[0-9]+(\.[0-9]+)?$`). Cassandra version. - [`ip_filter`](#spec.userConfig.ip_filter-property){: name='spec.userConfig.ip_filter-property'} (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`. See below for [nested schema](#spec.userConfig.ip_filter). - [`migrate_sstableloader`](#spec.userConfig.migrate_sstableloader-property){: name='spec.userConfig.migrate_sstableloader-property'} (boolean). Sets the service into migration mode enabling the sstableloader utility to be used to upload Cassandra data files. Available only on service create. - [`private_access`](#spec.userConfig.private_access-property){: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for [nested schema](#spec.userConfig.private_access). -- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. +- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. - [`public_access`](#spec.userConfig.public_access-property){: name='spec.userConfig.public_access-property'} (object). Allow access to selected service ports from the public Internet. See below for [nested schema](#spec.userConfig.public_access). - [`service_log`](#spec.userConfig.service_log-property){: name='spec.userConfig.service_log-property'} (boolean). Store logs for the service so that they are available in the HTTP API and console. -- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. -- [`service_to_join_with`](#spec.userConfig.service_to_join_with-property){: name='spec.userConfig.service_to_join_with-property'} (string, MaxLength: 64). When bootstrapping, instead of creating a new Cassandra cluster try to join an existing one from another service. Can only be set on service creation. +- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. +- [`service_to_join_with`](#spec.userConfig.service_to_join_with-property){: name='spec.userConfig.service_to_join_with-property'} (string, Pattern: `^[a-z][-a-z0-9]{0,63}$`, MaxLength: 64). When bootstrapping, instead of creating a new Cassandra cluster try to join an existing one from another service. Can only be set on service creation. - [`static_ips`](#spec.userConfig.static_ips-property){: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses. ### cassandra {: #spec.userConfig.cassandra } diff --git a/docs/docs/api-reference/clickhouse.md b/docs/docs/api-reference/clickhouse.md index 2d1e5d0c..72b92e94 100644 --- a/docs/docs/api-reference/clickhouse.md +++ b/docs/docs/api-reference/clickhouse.md @@ -143,10 +143,10 @@ OpenSearch specific user configuration options. - [`ip_filter`](#spec.userConfig.ip_filter-property){: name='spec.userConfig.ip_filter-property'} (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`. See below for [nested schema](#spec.userConfig.ip_filter). - [`private_access`](#spec.userConfig.private_access-property){: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for [nested schema](#spec.userConfig.private_access). - [`privatelink_access`](#spec.userConfig.privatelink_access-property){: name='spec.userConfig.privatelink_access-property'} (object). Allow access to selected service components through Privatelink. See below for [nested schema](#spec.userConfig.privatelink_access). -- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. +- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. - [`public_access`](#spec.userConfig.public_access-property){: name='spec.userConfig.public_access-property'} (object). Allow access to selected service ports from the public Internet. See below for [nested schema](#spec.userConfig.public_access). - [`service_log`](#spec.userConfig.service_log-property){: name='spec.userConfig.service_log-property'} (boolean). Store logs for the service so that they are available in the HTTP API and console. -- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. +- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. - [`static_ips`](#spec.userConfig.static_ips-property){: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses. ### ip_filter {: #spec.userConfig.ip_filter } diff --git a/docs/docs/api-reference/grafana.md b/docs/docs/api-reference/grafana.md index acc790b6..1fcf757c 100644 --- a/docs/docs/api-reference/grafana.md +++ b/docs/docs/api-reference/grafana.md @@ -176,11 +176,11 @@ Cassandra specific user configuration options. - [`oauth_allow_insecure_email_lookup`](#spec.userConfig.oauth_allow_insecure_email_lookup-property){: name='spec.userConfig.oauth_allow_insecure_email_lookup-property'} (boolean). Enforce user lookup based on email instead of the unique ID provided by the IdP. - [`private_access`](#spec.userConfig.private_access-property){: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for [nested schema](#spec.userConfig.private_access). - [`privatelink_access`](#spec.userConfig.privatelink_access-property){: name='spec.userConfig.privatelink_access-property'} (object). Allow access to selected service components through Privatelink. See below for [nested schema](#spec.userConfig.privatelink_access). -- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. +- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. - [`public_access`](#spec.userConfig.public_access-property){: name='spec.userConfig.public_access-property'} (object). Allow access to selected service ports from the public Internet. See below for [nested schema](#spec.userConfig.public_access). - [`recovery_basebackup_name`](#spec.userConfig.recovery_basebackup_name-property){: name='spec.userConfig.recovery_basebackup_name-property'} (string, Pattern: `^[a-zA-Z0-9-_:.]+$`, MaxLength: 128). Name of the basebackup to restore in forked service. - [`service_log`](#spec.userConfig.service_log-property){: name='spec.userConfig.service_log-property'} (boolean). Store logs for the service so that they are available in the HTTP API and console. -- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. +- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. - [`smtp_server`](#spec.userConfig.smtp_server-property){: name='spec.userConfig.smtp_server-property'} (object). SMTP server settings. See below for [nested schema](#spec.userConfig.smtp_server). - [`static_ips`](#spec.userConfig.static_ips-property){: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses. - [`unified_alerting_enabled`](#spec.userConfig.unified_alerting_enabled-property){: name='spec.userConfig.unified_alerting_enabled-property'} (boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ for more details. diff --git a/docs/docs/api-reference/kafka.md b/docs/docs/api-reference/kafka.md index 9d1a2d56..068524c8 100644 --- a/docs/docs/api-reference/kafka.md +++ b/docs/docs/api-reference/kafka.md @@ -221,10 +221,10 @@ Kafka broker configuration values. - [`producer_purgatory_purge_interval_requests`](#spec.userConfig.kafka.producer_purgatory_purge_interval_requests-property){: name='spec.userConfig.kafka.producer_purgatory_purge_interval_requests-property'} (integer, Minimum: 10, Maximum: 10000). The purge interval (in number of requests) of the producer request purgatory(defaults to 1000). - [`replica_fetch_max_bytes`](#spec.userConfig.kafka.replica_fetch_max_bytes-property){: name='spec.userConfig.kafka.replica_fetch_max_bytes-property'} (integer, Minimum: 1048576, Maximum: 104857600). The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. - [`replica_fetch_response_max_bytes`](#spec.userConfig.kafka.replica_fetch_response_max_bytes-property){: name='spec.userConfig.kafka.replica_fetch_response_max_bytes-property'} (integer, Minimum: 10485760, Maximum: 1048576000). Maximum bytes expected for the entire fetch response (defaults to 10485760). Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum. -- [`sasl_oauthbearer_expected_audience`](#spec.userConfig.kafka.sasl_oauthbearer_expected_audience-property){: name='spec.userConfig.kafka.sasl_oauthbearer_expected_audience-property'} (string, MaxLength: 128). The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences. -- [`sasl_oauthbearer_expected_issuer`](#spec.userConfig.kafka.sasl_oauthbearer_expected_issuer-property){: name='spec.userConfig.kafka.sasl_oauthbearer_expected_issuer-property'} (string, MaxLength: 128). Optional setting for the broker to use to verify that the JWT was created by the expected issuer. +- [`sasl_oauthbearer_expected_audience`](#spec.userConfig.kafka.sasl_oauthbearer_expected_audience-property){: name='spec.userConfig.kafka.sasl_oauthbearer_expected_audience-property'} (string, Pattern: `^[^\r\n]*$`, MaxLength: 128). The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences. +- [`sasl_oauthbearer_expected_issuer`](#spec.userConfig.kafka.sasl_oauthbearer_expected_issuer-property){: name='spec.userConfig.kafka.sasl_oauthbearer_expected_issuer-property'} (string, Pattern: `^[^\r\n]*$`, MaxLength: 128). Optional setting for the broker to use to verify that the JWT was created by the expected issuer. - [`sasl_oauthbearer_jwks_endpoint_url`](#spec.userConfig.kafka.sasl_oauthbearer_jwks_endpoint_url-property){: name='spec.userConfig.kafka.sasl_oauthbearer_jwks_endpoint_url-property'} (string, MaxLength: 2048). OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled. See also other options for SASL OAuth2/OIDC. -- [`sasl_oauthbearer_sub_claim_name`](#spec.userConfig.kafka.sasl_oauthbearer_sub_claim_name-property){: name='spec.userConfig.kafka.sasl_oauthbearer_sub_claim_name-property'} (string, MaxLength: 128). Name of the scope from which to extract the subject claim from the JWT. Defaults to sub. +- [`sasl_oauthbearer_sub_claim_name`](#spec.userConfig.kafka.sasl_oauthbearer_sub_claim_name-property){: name='spec.userConfig.kafka.sasl_oauthbearer_sub_claim_name-property'} (string, Pattern: `^[^\r\n]*$`, MaxLength: 128). Name of the scope from which to extract the subject claim from the JWT. Defaults to sub. - [`socket_request_max_bytes`](#spec.userConfig.kafka.socket_request_max_bytes-property){: name='spec.userConfig.kafka.socket_request_max_bytes-property'} (integer, Minimum: 10485760, Maximum: 209715200). The maximum number of bytes in a socket request (defaults to 104857600). - [`transaction_partition_verification_enable`](#spec.userConfig.kafka.transaction_partition_verification_enable-property){: name='spec.userConfig.kafka.transaction_partition_verification_enable-property'} (boolean). Enable verification that checks that the partition has been added to the transaction before writing transactional records to the partition. - [`transaction_remove_expired_transaction_cleanup_interval_ms`](#spec.userConfig.kafka.transaction_remove_expired_transaction_cleanup_interval_ms-property){: name='spec.userConfig.kafka.transaction_remove_expired_transaction_cleanup_interval_ms-property'} (integer, Minimum: 600000, Maximum: 3600000). The interval at which to remove transactions that have expired due to transactional.id.expiration.ms passing (defaults to 3600000 (1 hour)). diff --git a/docs/docs/api-reference/mysql.md b/docs/docs/api-reference/mysql.md index 4f618009..1bc1ebf4 100644 --- a/docs/docs/api-reference/mysql.md +++ b/docs/docs/api-reference/mysql.md @@ -159,11 +159,11 @@ MySQL specific user configuration options. - [`mysql_version`](#spec.userConfig.mysql_version-property){: name='spec.userConfig.mysql_version-property'} (string, Enum: `8`). MySQL major version. - [`private_access`](#spec.userConfig.private_access-property){: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for [nested schema](#spec.userConfig.private_access). - [`privatelink_access`](#spec.userConfig.privatelink_access-property){: name='spec.userConfig.privatelink_access-property'} (object). Allow access to selected service components through Privatelink. See below for [nested schema](#spec.userConfig.privatelink_access). -- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. +- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. - [`public_access`](#spec.userConfig.public_access-property){: name='spec.userConfig.public_access-property'} (object). Allow access to selected service ports from the public Internet. See below for [nested schema](#spec.userConfig.public_access). - [`recovery_target_time`](#spec.userConfig.recovery_target_time-property){: name='spec.userConfig.recovery_target_time-property'} (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created. - [`service_log`](#spec.userConfig.service_log-property){: name='spec.userConfig.service_log-property'} (boolean). Store logs for the service so that they are available in the HTTP API and console. -- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. +- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. - [`static_ips`](#spec.userConfig.static_ips-property){: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses. ### ip_filter {: #spec.userConfig.ip_filter } @@ -209,7 +209,7 @@ mysql.conf configuration values. **Optional** - [`connect_timeout`](#spec.userConfig.mysql.connect_timeout-property){: name='spec.userConfig.mysql.connect_timeout-property'} (integer, Minimum: 2, Maximum: 3600). The number of seconds that the mysqld server waits for a connect packet before responding with Bad handshake. -- [`default_time_zone`](#spec.userConfig.mysql.default_time_zone-property){: name='spec.userConfig.mysql.default_time_zone-property'} (string, MinLength: 2, MaxLength: 100). Default server time zone as an offset from UTC (from -12:00 to +12:00), a time zone name, or `SYSTEM` to use the MySQL server default. +- [`default_time_zone`](#spec.userConfig.mysql.default_time_zone-property){: name='spec.userConfig.mysql.default_time_zone-property'} (string, Pattern: `^([-+][\d:]*|[\w/]*)$`, MinLength: 2, MaxLength: 100). Default server time zone as an offset from UTC (from -12:00 to +12:00), a time zone name, or `SYSTEM` to use the MySQL server default. - [`group_concat_max_len`](#spec.userConfig.mysql.group_concat_max_len-property){: name='spec.userConfig.mysql.group_concat_max_len-property'} (integer, Minimum: 4). The maximum permitted result length in bytes for the GROUP_CONCAT() function. - [`information_schema_stats_expiry`](#spec.userConfig.mysql.information_schema_stats_expiry-property){: name='spec.userConfig.mysql.information_schema_stats_expiry-property'} (integer, Minimum: 900, Maximum: 31536000). The time, in seconds, before cached statistics expire. - [`innodb_change_buffer_max_size`](#spec.userConfig.mysql.innodb_change_buffer_max_size-property){: name='spec.userConfig.mysql.innodb_change_buffer_max_size-property'} (integer, Minimum: 0, Maximum: 50). Maximum size for the InnoDB change buffer, as a percentage of the total size of the buffer pool. Default is 25. diff --git a/docs/docs/api-reference/opensearch.md b/docs/docs/api-reference/opensearch.md index dfdfc0fb..bcbf9597 100644 --- a/docs/docs/api-reference/opensearch.md +++ b/docs/docs/api-reference/opensearch.md @@ -154,12 +154,12 @@ OpenSearch specific user configuration options. - [`opensearch_version`](#spec.userConfig.opensearch_version-property){: name='spec.userConfig.opensearch_version-property'} (string, Enum: `1`, `2`). OpenSearch major version. - [`private_access`](#spec.userConfig.private_access-property){: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for [nested schema](#spec.userConfig.private_access). - [`privatelink_access`](#spec.userConfig.privatelink_access-property){: name='spec.userConfig.privatelink_access-property'} (object). Allow access to selected service components through Privatelink. See below for [nested schema](#spec.userConfig.privatelink_access). -- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. +- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. - [`public_access`](#spec.userConfig.public_access-property){: name='spec.userConfig.public_access-property'} (object). Allow access to selected service ports from the public Internet. See below for [nested schema](#spec.userConfig.public_access). - [`recovery_basebackup_name`](#spec.userConfig.recovery_basebackup_name-property){: name='spec.userConfig.recovery_basebackup_name-property'} (string, Pattern: `^[a-zA-Z0-9-_:.]+$`, MaxLength: 128). Name of the basebackup to restore in forked service. - [`saml`](#spec.userConfig.saml-property){: name='spec.userConfig.saml-property'} (object). OpenSearch SAML configuration. See below for [nested schema](#spec.userConfig.saml). - [`service_log`](#spec.userConfig.service_log-property){: name='spec.userConfig.service_log-property'} (boolean). Store logs for the service so that they are available in the HTTP API and console. -- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. +- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. - [`static_ips`](#spec.userConfig.static_ips-property){: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses. ### index_patterns {: #spec.userConfig.index_patterns } @@ -211,21 +211,21 @@ OpenSearch OpenID Connect Configuration. **Required** -- [`client_id`](#spec.userConfig.openid.client_id-property){: name='spec.userConfig.openid.client_id-property'} (string, MinLength: 1, MaxLength: 1024). The ID of the OpenID Connect client configured in your IdP. Required. -- [`client_secret`](#spec.userConfig.openid.client_secret-property){: name='spec.userConfig.openid.client_secret-property'} (string, MinLength: 1, MaxLength: 1024). The client secret of the OpenID Connect client configured in your IdP. Required. +- [`client_id`](#spec.userConfig.openid.client_id-property){: name='spec.userConfig.openid.client_id-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). The ID of the OpenID Connect client configured in your IdP. Required. +- [`client_secret`](#spec.userConfig.openid.client_secret-property){: name='spec.userConfig.openid.client_secret-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). The client secret of the OpenID Connect client configured in your IdP. Required. - [`connect_url`](#spec.userConfig.openid.connect_url-property){: name='spec.userConfig.openid.connect_url-property'} (string, MaxLength: 2048). The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings. - [`enabled`](#spec.userConfig.openid.enabled-property){: name='spec.userConfig.openid.enabled-property'} (boolean). Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider. **Optional** -- [`header`](#spec.userConfig.openid.header-property){: name='spec.userConfig.openid.header-property'} (string, MinLength: 1, MaxLength: 1024). HTTP header name of the JWT token. Optional. Default is Authorization. -- [`jwt_header`](#spec.userConfig.openid.jwt_header-property){: name='spec.userConfig.openid.jwt_header-property'} (string, MinLength: 1, MaxLength: 1024). The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer . Optional. Default is Authorization. -- [`jwt_url_parameter`](#spec.userConfig.openid.jwt_url_parameter-property){: name='spec.userConfig.openid.jwt_url_parameter-property'} (string, MinLength: 1, MaxLength: 1024). If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional. +- [`header`](#spec.userConfig.openid.header-property){: name='spec.userConfig.openid.header-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). HTTP header name of the JWT token. Optional. Default is Authorization. +- [`jwt_header`](#spec.userConfig.openid.jwt_header-property){: name='spec.userConfig.openid.jwt_header-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer . Optional. Default is Authorization. +- [`jwt_url_parameter`](#spec.userConfig.openid.jwt_url_parameter-property){: name='spec.userConfig.openid.jwt_url_parameter-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional. - [`refresh_rate_limit_count`](#spec.userConfig.openid.refresh_rate_limit_count-property){: name='spec.userConfig.openid.refresh_rate_limit_count-property'} (integer, Minimum: 10). The maximum number of unknown key IDs in the time frame. Default is 10. Optional. - [`refresh_rate_limit_time_window_ms`](#spec.userConfig.openid.refresh_rate_limit_time_window_ms-property){: name='spec.userConfig.openid.refresh_rate_limit_time_window_ms-property'} (integer, Minimum: 10000). The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds). -- [`roles_key`](#spec.userConfig.openid.roles_key-property){: name='spec.userConfig.openid.roles_key-property'} (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT. -- [`scope`](#spec.userConfig.openid.scope-property){: name='spec.userConfig.openid.scope-property'} (string, MinLength: 1, MaxLength: 1024). The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone. -- [`subject_key`](#spec.userConfig.openid.subject_key-property){: name='spec.userConfig.openid.subject_key-property'} (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional. +- [`roles_key`](#spec.userConfig.openid.roles_key-property){: name='spec.userConfig.openid.roles_key-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT. +- [`scope`](#spec.userConfig.openid.scope-property){: name='spec.userConfig.openid.scope-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone. +- [`subject_key`](#spec.userConfig.openid.subject_key-property){: name='spec.userConfig.openid.subject_key-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional. ### opensearch {: #spec.userConfig.opensearch } @@ -374,12 +374,12 @@ OpenSearch SAML configuration. **Required** - [`enabled`](#spec.userConfig.saml.enabled-property){: name='spec.userConfig.saml.enabled-property'} (boolean). Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider. -- [`idp_entity_id`](#spec.userConfig.saml.idp_entity_id-property){: name='spec.userConfig.saml.idp_entity_id-property'} (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP. +- [`idp_entity_id`](#spec.userConfig.saml.idp_entity_id-property){: name='spec.userConfig.saml.idp_entity_id-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP. - [`idp_metadata_url`](#spec.userConfig.saml.idp_metadata_url-property){: name='spec.userConfig.saml.idp_metadata_url-property'} (string, MinLength: 1, MaxLength: 2048). The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP. -- [`sp_entity_id`](#spec.userConfig.saml.sp_entity_id-property){: name='spec.userConfig.saml.sp_entity_id-property'} (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP. +- [`sp_entity_id`](#spec.userConfig.saml.sp_entity_id-property){: name='spec.userConfig.saml.sp_entity_id-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 1024). The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP. **Optional** - [`idp_pemtrustedcas_content`](#spec.userConfig.saml.idp_pemtrustedcas_content-property){: name='spec.userConfig.saml.idp_pemtrustedcas_content-property'} (string, MaxLength: 16384). This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server. -- [`roles_key`](#spec.userConfig.saml.roles_key-property){: name='spec.userConfig.saml.roles_key-property'} (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions. -- [`subject_key`](#spec.userConfig.saml.subject_key-property){: name='spec.userConfig.saml.subject_key-property'} (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default. +- [`roles_key`](#spec.userConfig.saml.roles_key-property){: name='spec.userConfig.saml.roles_key-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions. +- [`subject_key`](#spec.userConfig.saml.subject_key-property){: name='spec.userConfig.saml.subject_key-property'} (string, Pattern: `^[^\r\n]*$`, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default. diff --git a/docs/docs/api-reference/postgresql.md b/docs/docs/api-reference/postgresql.md index 78102789..db775bf9 100644 --- a/docs/docs/api-reference/postgresql.md +++ b/docs/docs/api-reference/postgresql.md @@ -153,18 +153,18 @@ PostgreSQL specific user configuration options. - [`pg`](#spec.userConfig.pg-property){: name='spec.userConfig.pg-property'} (object). postgresql.conf configuration values. See below for [nested schema](#spec.userConfig.pg). - [`pg_qualstats`](#spec.userConfig.pg_qualstats-property){: name='spec.userConfig.pg_qualstats-property'} (object). Deprecated. System-wide settings for the pg_qualstats extension. See below for [nested schema](#spec.userConfig.pg_qualstats). - [`pg_read_replica`](#spec.userConfig.pg_read_replica-property){: name='spec.userConfig.pg_read_replica-property'} (boolean). Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead). -- [`pg_service_to_fork_from`](#spec.userConfig.pg_service_to_fork_from-property){: name='spec.userConfig.pg_service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created. +- [`pg_service_to_fork_from`](#spec.userConfig.pg_service_to_fork_from-property){: name='spec.userConfig.pg_service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created. - [`pg_stat_monitor_enable`](#spec.userConfig.pg_stat_monitor_enable-property){: name='spec.userConfig.pg_stat_monitor_enable-property'} (boolean). Enable the pg_stat_monitor extension. Enabling this extension will cause the cluster to be restarted.When this extension is enabled, pg_stat_statements results for utility commands are unreliable. - [`pg_version`](#spec.userConfig.pg_version-property){: name='spec.userConfig.pg_version-property'} (string, Enum: `12`, `13`, `14`, `15`, `16`). PostgreSQL major version. - [`pgbouncer`](#spec.userConfig.pgbouncer-property){: name='spec.userConfig.pgbouncer-property'} (object). PGBouncer connection pooling settings. See below for [nested schema](#spec.userConfig.pgbouncer). - [`pglookout`](#spec.userConfig.pglookout-property){: name='spec.userConfig.pglookout-property'} (object). System-wide settings for pglookout. See below for [nested schema](#spec.userConfig.pglookout). - [`private_access`](#spec.userConfig.private_access-property){: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for [nested schema](#spec.userConfig.private_access). - [`privatelink_access`](#spec.userConfig.privatelink_access-property){: name='spec.userConfig.privatelink_access-property'} (object). Allow access to selected service components through Privatelink. See below for [nested schema](#spec.userConfig.privatelink_access). -- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. +- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. - [`public_access`](#spec.userConfig.public_access-property){: name='spec.userConfig.public_access-property'} (object). Allow access to selected service ports from the public Internet. See below for [nested schema](#spec.userConfig.public_access). - [`recovery_target_time`](#spec.userConfig.recovery_target_time-property){: name='spec.userConfig.recovery_target_time-property'} (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created. - [`service_log`](#spec.userConfig.service_log-property){: name='spec.userConfig.service_log-property'} (boolean). Store logs for the service so that they are available in the HTTP API and console. -- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. +- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. - [`shared_buffers_percentage`](#spec.userConfig.shared_buffers_percentage-property){: name='spec.userConfig.shared_buffers_percentage-property'} (number, Minimum: 20, Maximum: 60). Percentage of total RAM that the database server uses for shared memory buffers. Valid range is 20-60 (float), which corresponds to 20% - 60%. This setting adjusts the shared_buffers configuration value. - [`static_ips`](#spec.userConfig.static_ips-property){: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses. - [`synchronous_replication`](#spec.userConfig.synchronous_replication-property){: name='spec.userConfig.synchronous_replication-property'} (string, Enum: `quorum`, `off`). Synchronous replication type. Note that the service plan also needs to support synchronous replication. @@ -256,7 +256,7 @@ postgresql.conf configuration values. - [`pg_stat_monitor.pgsm_max_buckets`](#spec.userConfig.pg.pg_stat_monitor.pgsm_max_buckets-property){: name='spec.userConfig.pg.pg_stat_monitor.pgsm_max_buckets-property'} (integer, Minimum: 1, Maximum: 10). Sets the maximum number of buckets. - [`pg_stat_statements.track`](#spec.userConfig.pg.pg_stat_statements.track-property){: name='spec.userConfig.pg.pg_stat_statements.track-property'} (string, Enum: `all`, `top`, `none`). Controls which statements are counted. Specify top to track top-level statements (those issued directly by clients), all to also track nested statements (such as statements invoked within functions), or none to disable statement statistics collection. The default value is top. - [`temp_file_limit`](#spec.userConfig.pg.temp_file_limit-property){: name='spec.userConfig.pg.temp_file_limit-property'} (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL temporary file limit in KiB, -1 for unlimited. -- [`timezone`](#spec.userConfig.pg.timezone-property){: name='spec.userConfig.pg.timezone-property'} (string, MaxLength: 64). PostgreSQL service timezone. +- [`timezone`](#spec.userConfig.pg.timezone-property){: name='spec.userConfig.pg.timezone-property'} (string, Pattern: `^[\w/]*$`, MaxLength: 64). PostgreSQL service timezone. - [`track_activity_query_size`](#spec.userConfig.pg.track_activity_query_size-property){: name='spec.userConfig.pg.track_activity_query_size-property'} (integer, Minimum: 1024, Maximum: 10240). Specifies the number of bytes reserved to track the currently executing command for each active session. - [`track_commit_timestamp`](#spec.userConfig.pg.track_commit_timestamp-property){: name='spec.userConfig.pg.track_commit_timestamp-property'} (string, Enum: `off`, `on`). Record commit time of transactions. - [`track_functions`](#spec.userConfig.pg.track_functions-property){: name='spec.userConfig.pg.track_functions-property'} (string, Enum: `all`, `pl`, `none`). Enables tracking of function call counts and time used. diff --git a/docs/docs/api-reference/redis.md b/docs/docs/api-reference/redis.md index f1542c6f..917d8256 100644 --- a/docs/docs/api-reference/redis.md +++ b/docs/docs/api-reference/redis.md @@ -147,7 +147,7 @@ Redis specific user configuration options. - [`migration`](#spec.userConfig.migration-property){: name='spec.userConfig.migration-property'} (object). Migrate data from existing server. See below for [nested schema](#spec.userConfig.migration). - [`private_access`](#spec.userConfig.private_access-property){: name='spec.userConfig.private_access-property'} (object). Allow access to selected service ports from private networks. See below for [nested schema](#spec.userConfig.private_access). - [`privatelink_access`](#spec.userConfig.privatelink_access-property){: name='spec.userConfig.privatelink_access-property'} (object). Allow access to selected service components through Privatelink. See below for [nested schema](#spec.userConfig.privatelink_access). -- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. +- [`project_to_fork_from`](#spec.userConfig.project_to_fork_from-property){: name='spec.userConfig.project_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created. - [`public_access`](#spec.userConfig.public_access-property){: name='spec.userConfig.public_access-property'} (object). Allow access to selected service ports from the public Internet. See below for [nested schema](#spec.userConfig.public_access). - [`recovery_basebackup_name`](#spec.userConfig.recovery_basebackup_name-property){: name='spec.userConfig.recovery_basebackup_name-property'} (string, Pattern: `^[a-zA-Z0-9-_:.]+$`, MaxLength: 128). Name of the basebackup to restore in forked service. - [`redis_acl_channels_default`](#spec.userConfig.redis_acl_channels_default-property){: name='spec.userConfig.redis_acl_channels_default-property'} (string, Enum: `allchannels`, `resetchannels`). Determines default pub/sub channels' ACL for new users if ACL is not supplied. When this option is not defined, all_channels is assumed to keep backward compatibility. This option doesn't affect Redis configuration acl-pubsub-default. @@ -163,7 +163,7 @@ Redis specific user configuration options. - [`redis_timeout`](#spec.userConfig.redis_timeout-property){: name='spec.userConfig.redis_timeout-property'} (integer, Minimum: 0, Maximum: 31536000). Redis idle connection timeout in seconds. - [`redis_version`](#spec.userConfig.redis_version-property){: name='spec.userConfig.redis_version-property'} (string, Enum: `7.0`). Redis major version. - [`service_log`](#spec.userConfig.service_log-property){: name='spec.userConfig.service_log-property'} (boolean). Store logs for the service so that they are available in the HTTP API and console. -- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. +- [`service_to_fork_from`](#spec.userConfig.service_to_fork_from-property){: name='spec.userConfig.service_to_fork_from-property'} (string, Immutable, Pattern: `^[a-z][-a-z0-9]{0,63}$|^$`, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created. - [`static_ips`](#spec.userConfig.static_ips-property){: name='spec.userConfig.static_ips-property'} (boolean). Use static public IP addresses. ### ip_filter {: #spec.userConfig.ip_filter } diff --git a/go.mod b/go.mod index 20b1fb41..2e323990 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/aiven/aiven-go-client/v2 v2.12.0 - github.com/aiven/go-api-schemas v1.60.0 + github.com/aiven/go-api-schemas v1.61.0 github.com/aiven/go-client-codegen v0.2.0 github.com/dave/jennifer v1.7.0 github.com/docker/go-units v0.5.0 diff --git a/go.sum b/go.sum index af70fa26..82b0805a 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/aiven/aiven-go-client/v2 v2.12.0 h1:VxOfn61AtfLjy2B+DdXF2/7OHyyFZ1aQaIlE3TOyIsE= github.com/aiven/aiven-go-client/v2 v2.12.0/go.mod h1:x0xhzxWEKAwKv0xY5FvECiI6tesWshcPHvjwl0B/1SU= -github.com/aiven/go-api-schemas v1.60.0 h1:R5p3V028HX2BLayO2E24SFs0GehJWTfo7L/vfrTa72Y= -github.com/aiven/go-api-schemas v1.60.0/go.mod h1:/bPxBUHza/2Aeer6hIIdB++GxKiw9K1KCBtRa2rtZ5I= +github.com/aiven/go-api-schemas v1.61.0 h1:is4grhtToRSHsYxXC37HxOoUMqHtnglBnYIRosH/KMg= +github.com/aiven/go-api-schemas v1.61.0/go.mod h1:/bPxBUHza/2Aeer6hIIdB++GxKiw9K1KCBtRa2rtZ5I= github.com/aiven/go-client-codegen v0.2.0 h1:f82CHhXCBbrBIUa3yworytXjiolp/Q73epnbRjQIwBk= github.com/aiven/go-client-codegen v0.2.0/go.mod h1:qQ5dwRfNnGS4eAYk7JdC5htQI85g7eA/e71ZLyY8pQw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=