- key: string
Provides a list of client IDs, also known as audiences. When a mobile or
web app registers with an OpenID Connect provider, they establish a value
that identifies the application. This is the value that’s sent as the client_id
parameter on OAuth requests.
You can register multiple client IDs with the same provider. For example,
you might have multiple applications that use the same OIDC provider. You
cannot register more than 100 client IDs with a single IAM OIDC provider.
There is no defined format for a client ID. The CreateOpenIDConnectProviderRequest
operation accepts client IDs up to 255 characters long.
A structure that represents user-provided metadata that can be associated
|with an IAM resource. For more information about tagging, see Tagging IAM
|in the IAM User Guide.
A list of server certificate thumbprints for the OpenID Connect (OIDC) identity
provider’s server certificates. Typically this list includes only one entry.
However, IAM lets you have up to five thumbprints for an OIDC provider. This
lets you maintain multiple thumbprints if the identity provider is rotating
The server certificate thumbprint is the hex-encoded SHA-1 hash value of
the X.509 certificate used by the domain where the OpenID Connect provider
makes its keys available. It is always a 40-character string.
You must provide at least one thumbprint when creating an IAM OIDC provider.
For example, assume that the OIDC provider is server.example.com and the
provider stores its keys at https://keys.server.example.com/openid-connect.
In that case, the thumbprint string would be the hex-encoded SHA-1 hash value
of the certificate used by https://keys.server.example.com.
For more information about obtaining the OIDC provider thumbprint, see Obtaining
the thumbprint for an OpenID Connect provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html)
in the IAM user Guide.
- lastTransitionTime: string
All CRs managed by ACK have a common
that is used to contain resource sync state, account ownership,
constructed ARN for the resource
ARN is the Amazon Resource Name for the resource. This is a
globally-unique identifier and is set only by the ACK service controller
once the controller has orchestrated the creation of the resource OR
when it has verified that an “adopted” resource (a resource where the
ARN annotation was set by the Kubernetes user on the CR) exists and
matches the supplied CR’s Spec field values.
TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse
OwnerAccountID is the AWS Account ID of the account that owns the
backend AWS service API resource.
Region is the AWS region in which the resource exists or will exist.
All CRS managed by ACK have a common
Status.Conditions member that
contains a collection of
ackv1alpha1.Condition objects that describe
the various terminal states of the CR and its backend AWS service API
Condition is the common struct used by all CRDs managed by ACK service
|controllers to indicate terminal states of the CR and its backend AWS
|service API resource
A human readable message indicating details about the transition.
The reason for the condition’s last transition.
Status of the condition, one of True, False, Unknown.
Type is the type of the Condition