import { IObjectMeta } from "@soft-stech/apimachinery/apis/meta/v1/ObjectMeta";
import { Model, ModelData } from "@soft-stech/base";
/**
 * ClusterTriggerAuthentication defines how a trigger can authenticate globally
 */
export interface IClusterTriggerAuthentication {
    /**
     * APIVersion defines the versioned schema of this representation of an object.
     * Servers should convert recognized schemas to the latest internal value, and
     * may reject unrecognized values.
     * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
     */
    "apiVersion": "keda.sh/v1alpha1";
    /**
     * Kind is a string value representing the REST resource this object represents.
     * Servers may infer this from the endpoint the client submits requests to.
     * Cannot be updated.
     * In CamelCase.
     * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
     */
    "kind": "ClusterTriggerAuthentication";
    "metadata"?: IObjectMeta;
    /**
     * TriggerAuthenticationSpec defines the various ways to authenticate
     */
    "spec": {
        /**
         * AwsSecretManager is used to authenticate using AwsSecretManager
         */
        "awsSecretManager"?: {
            "credentials"?: {
                "accessKey": {
                    "valueFrom": {
                        "secretKeyRef": {
                            "key": string;
                            "name": string;
                        };
                    };
                };
                "accessSecretKey": {
                    "valueFrom": {
                        "secretKeyRef": {
                            "key": string;
                            "name": string;
                        };
                    };
                };
                "accessToken"?: {
                    "valueFrom": {
                        "secretKeyRef": {
                            "key": string;
                            "name": string;
                        };
                    };
                };
            };
            /**
             * AuthPodIdentity allows users to select the platform native identity
             * mechanism
             */
            "podIdentity"?: {
                /**
                 * Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set
                 */
                "identityAuthorityHost"?: string;
                "identityId"?: string;
                /**
                 * IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn
                 */
                "identityOwner"?: "keda" | "workload";
                /**
                 * Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set
                 */
                "identityTenantId"?: string;
                /**
                 * PodIdentityProvider contains the list of providers
                 */
                "provider": "azure-workload" | "gcp" | "aws" | "aws-eks" | "none";
                /**
                 * RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner
                 */
                "roleArn"?: string;
            };
            "region"?: string;
            "secrets": Array<{
                "name": string;
                "parameter": string;
                "versionId"?: string;
                "versionStage"?: string;
            }>;
        };
        /**
         * AzureKeyVault is used to authenticate using Azure Key Vault
         */
        "azureKeyVault"?: {
            "cloud"?: {
                "activeDirectoryEndpoint"?: string;
                "keyVaultResourceURL"?: string;
                "type": string;
            };
            "credentials"?: {
                "clientId": string;
                "clientSecret": {
                    "valueFrom": {
                        "secretKeyRef": {
                            "key": string;
                            "name": string;
                        };
                    };
                };
                "tenantId": string;
            };
            /**
             * AuthPodIdentity allows users to select the platform native identity
             * mechanism
             */
            "podIdentity"?: {
                /**
                 * Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set
                 */
                "identityAuthorityHost"?: string;
                "identityId"?: string;
                /**
                 * IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn
                 */
                "identityOwner"?: "keda" | "workload";
                /**
                 * Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set
                 */
                "identityTenantId"?: string;
                /**
                 * PodIdentityProvider contains the list of providers
                 */
                "provider": "azure-workload" | "gcp" | "aws" | "aws-eks" | "none";
                /**
                 * RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner
                 */
                "roleArn"?: string;
            };
            "secrets": Array<{
                "name": string;
                "parameter": string;
                "version"?: string;
            }>;
            "vaultUri": string;
        };
        "configMapTargetRef"?: Array<{
            "key": string;
            "name": string;
            "parameter": string;
        }>;
        "env"?: Array<{
            "containerName"?: string;
            "name": string;
            "parameter": string;
        }>;
        "gcpSecretManager"?: {
            "credentials"?: {
                "clientSecret": {
                    "valueFrom": {
                        "secretKeyRef": {
                            "key": string;
                            "name": string;
                        };
                    };
                };
            };
            /**
             * AuthPodIdentity allows users to select the platform native identity
             * mechanism
             */
            "podIdentity"?: {
                /**
                 * Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set
                 */
                "identityAuthorityHost"?: string;
                "identityId"?: string;
                /**
                 * IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn
                 */
                "identityOwner"?: "keda" | "workload";
                /**
                 * Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set
                 */
                "identityTenantId"?: string;
                /**
                 * PodIdentityProvider contains the list of providers
                 */
                "provider": "azure-workload" | "gcp" | "aws" | "aws-eks" | "none";
                /**
                 * RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner
                 */
                "roleArn"?: string;
            };
            "secrets": Array<{
                "id": string;
                "parameter": string;
                "version"?: string;
            }>;
        };
        /**
         * HashiCorpVault is used to authenticate using Hashicorp Vault
         */
        "hashiCorpVault"?: {
            "address": string;
            /**
             * VaultAuthentication contains the list of Hashicorp Vault authentication methods
             */
            "authentication": string;
            /**
             * Credential defines the Hashicorp Vault credentials depending on the authentication method
             */
            "credential"?: {
                "serviceAccount"?: string;
                "token"?: string;
            };
            "mount"?: string;
            "namespace"?: string;
            "role"?: string;
            "secrets": Array<{
                "key": string;
                "parameter": string;
                "path": string;
                "pkiData"?: {
                    "altNames"?: string;
                    "commonName"?: string;
                    "format"?: string;
                    "ipSans"?: string;
                    "otherSans"?: string;
                    "ttl"?: string;
                    "uriSans"?: string;
                };
                /**
                 * VaultSecretType defines the type of vault secret
                 */
                "type"?: string;
            }>;
        };
        /**
         * AuthPodIdentity allows users to select the platform native identity
         * mechanism
         */
        "podIdentity"?: {
            /**
             * Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set
             */
            "identityAuthorityHost"?: string;
            "identityId"?: string;
            /**
             * IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn
             */
            "identityOwner"?: "keda" | "workload";
            /**
             * Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set
             */
            "identityTenantId"?: string;
            /**
             * PodIdentityProvider contains the list of providers
             */
            "provider": "azure-workload" | "gcp" | "aws" | "aws-eks" | "none";
            /**
             * RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner
             */
            "roleArn"?: string;
        };
        "secretTargetRef"?: Array<{
            "key": string;
            "name": string;
            "parameter": string;
        }>;
    };
    /**
     * TriggerAuthenticationStatus defines the observed state of TriggerAuthentication
     */
    "status"?: {
        "scaledjobs"?: string;
        "scaledobjects"?: string;
    };
}
/**
 * ClusterTriggerAuthentication defines how a trigger can authenticate globally
 */
export declare class ClusterTriggerAuthentication extends Model<IClusterTriggerAuthentication> implements IClusterTriggerAuthentication {
    "apiVersion": IClusterTriggerAuthentication["apiVersion"];
    "kind": IClusterTriggerAuthentication["kind"];
    "metadata"?: IClusterTriggerAuthentication["metadata"];
    "spec": IClusterTriggerAuthentication["spec"];
    "status"?: IClusterTriggerAuthentication["status"];
    static apiVersion: IClusterTriggerAuthentication["apiVersion"];
    static kind: IClusterTriggerAuthentication["kind"];
    static is: import("@soft-stech/base").TypeMetaGuard<IClusterTriggerAuthentication>;
    constructor(data?: ModelData<IClusterTriggerAuthentication>);
}
