github.com/argoproj/argo-cd/v2@v2.10.9/pkg/apis/application/v1alpha1/generated.proto

// This file was autogenerated by go-to-protobuf. Do not edit it manually!

syntax = "proto2";

package github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1;

import "k8s.io/api/core/v1/generated.proto";
import "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto";
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";

// Package-wide variables from generator "generated".
option go_package = "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1";

// AWSAuthConfig is an AWS IAM authentication configuration
message AWSAuthConfig {
  // ClusterName contains AWS cluster name
  optional string clusterName = 1;

  // RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
  optional string roleARN = 2;
}

// AppProject provides a logical grouping of applications, providing controls for:
// * where the apps may deploy to (cluster whitelist)
// * what may be deployed (repository whitelist, resource whitelist/blacklist)
// * who can access these applications (roles, OIDC group claims bindings)
// * and what they can do (RBAC policies)
// * automation access to these roles (JWT tokens)
// +genclient
// +genclient:noStatus
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:path=appprojects,shortName=appproj;appprojs
message AppProject {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;

  optional AppProjectSpec spec = 2;

  optional AppProjectStatus status = 3;
}

// AppProjectList is list of AppProject resources
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
message AppProjectList {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  repeated AppProject items = 2;
}

// AppProjectSpec is the specification of an AppProject
message AppProjectSpec {
  // SourceRepos contains list of repository URLs which can be used for deployment
  repeated string sourceRepos = 1;

  // Destinations contains list of destinations available for deployment
  repeated ApplicationDestination destinations = 2;

  // Description contains optional project description
  optional string description = 3;

  // Roles are user defined RBAC roles associated with this project
  repeated ProjectRole roles = 4;

  // ClusterResourceWhitelist contains list of whitelisted cluster level resources
  repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind clusterResourceWhitelist = 5;

  // NamespaceResourceBlacklist contains list of blacklisted namespace level resources
  repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceBlacklist = 6;

  // OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
  optional OrphanedResourcesMonitorSettings orphanedResources = 7;

  // SyncWindows controls when syncs can be run for apps in this project
  repeated SyncWindow syncWindows = 8;

  // NamespaceResourceWhitelist contains list of whitelisted namespace level resources
  repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceWhitelist = 9;

  // SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
  repeated SignatureKey signatureKeys = 10;

  // ClusterResourceBlacklist contains list of blacklisted cluster level resources
  repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind clusterResourceBlacklist = 11;

  // SourceNamespaces defines the namespaces application resources are allowed to be created in
  repeated string sourceNamespaces = 12;

  // PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped
  optional bool permitOnlyProjectScopedClusters = 13;
}

// AppProjectStatus contains status information for AppProject CRs
message AppProjectStatus {
  // JWTTokensByRole contains a list of JWT tokens issued for a given role
  map<string, JWTTokens> jwtTokensByRole = 1;
}

// Application is a definition of Application resource.
// +genclient
// +genclient:noStatus
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:path=applications,shortName=app;apps
// +kubebuilder:printcolumn:name="Sync Status",type=string,JSONPath=`.status.sync.status`
// +kubebuilder:printcolumn:name="Health Status",type=string,JSONPath=`.status.health.status`
// +kubebuilder:printcolumn:name="Revision",type=string,JSONPath=`.status.sync.revision`,priority=10
message Application {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;

  optional ApplicationSpec spec = 2;

  optional ApplicationStatus status = 3;

  optional Operation operation = 4;
}

// ApplicationCondition contains details about an application condition, which is usually an error or warning
message ApplicationCondition {
  // Type is an application condition type
  optional string type = 1;

  // Message contains human-readable message indicating details about condition
  optional string message = 2;

  // LastTransitionTime is the time the condition was last observed
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
}

// ApplicationDestination holds information about the application's destination
message ApplicationDestination {
  // Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.
  optional string server = 1;

  // Namespace specifies the target namespace for the application's resources.
  // The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
  optional string namespace = 2;

  // Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.
  optional string name = 3;
}

// ApplicationList is list of Application resources
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
message ApplicationList {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  repeated Application items = 2;
}

message ApplicationMatchExpression {
  optional string key = 1;

  optional string operator = 2;

  repeated string values = 3;
}

message ApplicationPreservedFields {
  repeated string annotations = 1;

  repeated string labels = 2;
}

// ApplicationSet is a set of Application resources
// +genclient
// +genclient:noStatus
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:path=applicationsets,shortName=appset;appsets
// +kubebuilder:subresource:status
message ApplicationSet {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;

  optional ApplicationSetSpec spec = 2;

  optional ApplicationSetStatus status = 3;
}

// ApplicationSetApplicationStatus contains details about each Application managed by the ApplicationSet
message ApplicationSetApplicationStatus {
  // Application contains the name of the Application resource
  optional string application = 1;

  // LastTransitionTime is the time the status was last updated
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 2;

  // Message contains human-readable message indicating details about the status
  optional string message = 3;

  // Status contains the AppSet's perceived status of the managed Application resource: (Waiting, Pending, Progressing, Healthy)
  optional string status = 4;

  // Step tracks which step this Application should be updated in
  optional string step = 5;
}

// ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning
message ApplicationSetCondition {
  // Type is an applicationset condition type
  optional string type = 1;

  // Message contains human-readable message indicating details about condition
  optional string message = 2;

  // LastTransitionTime is the time the condition was last observed
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;

  // True/False/Unknown
  optional string status = 4;

  // Single word camelcase representing the reason for the status eg ErrorOccurred
  optional string reason = 5;
}

// ApplicationSetGenerator represents a generator at the top level of an ApplicationSet.
message ApplicationSetGenerator {
  optional ListGenerator list = 1;

  optional ClusterGenerator clusters = 2;

  optional GitGenerator git = 3;

  optional SCMProviderGenerator scmProvider = 4;

  optional DuckTypeGenerator clusterDecisionResource = 5;

  optional PullRequestGenerator pullRequest = 6;

  optional MatrixGenerator matrix = 7;

  optional MergeGenerator merge = 8;

  // Selector allows to post-filter all generator.
  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9;

  optional PluginGenerator plugin = 10;
}

// ApplicationSetList contains a list of ApplicationSet
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:object:root=true
message ApplicationSetList {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  repeated ApplicationSet items = 2;
}

// ApplicationSetNestedGenerator represents a generator nested within a combination-type generator (MatrixGenerator or
// MergeGenerator).
message ApplicationSetNestedGenerator {
  optional ListGenerator list = 1;

  optional ClusterGenerator clusters = 2;

  optional GitGenerator git = 3;

  optional SCMProviderGenerator scmProvider = 4;

  optional DuckTypeGenerator clusterDecisionResource = 5;

  optional PullRequestGenerator pullRequest = 6;

  // Matrix should have the form of NestedMatrixGenerator
  optional k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON matrix = 7;

  // Merge should have the form of NestedMergeGenerator
  optional k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON merge = 8;

  // Selector allows to post-filter all generator.
  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9;

  optional PluginGenerator plugin = 10;
}

// ApplicationSetResourceIgnoreDifferences configures how the ApplicationSet controller will ignore differences in live
// applications when applying changes from generated applications.
message ApplicationSetResourceIgnoreDifferences {
  // Name is the name of the application to ignore differences for. If not specified, the rule applies to all applications.
  optional string name = 1;

  // JSONPointers is a list of JSON pointers to fields to ignore differences for.
  repeated string jsonPointers = 2;

  // JQPathExpressions is a list of JQ path expressions to fields to ignore differences for.
  repeated string jqPathExpressions = 3;
}

message ApplicationSetRolloutStep {
  repeated ApplicationMatchExpression matchExpressions = 1;

  optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUpdate = 2;
}

message ApplicationSetRolloutStrategy {
  repeated ApplicationSetRolloutStep steps = 1;
}

// ApplicationSetSpec represents a class of application set state.
message ApplicationSetSpec {
  optional bool goTemplate = 1;

  repeated ApplicationSetGenerator generators = 2;

  optional ApplicationSetTemplate template = 3;

  optional ApplicationSetSyncPolicy syncPolicy = 4;

  optional ApplicationSetStrategy strategy = 5;

  optional ApplicationPreservedFields preservedFields = 6;

  repeated string goTemplateOptions = 7;

  // ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators
  optional bool applyNestedSelectors = 8;

  repeated ApplicationSetResourceIgnoreDifferences ignoreApplicationDifferences = 9;

  optional string templatePatch = 10;
}

// ApplicationSetStatus defines the observed state of ApplicationSet
message ApplicationSetStatus {
  // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
  // Important: Run "make" to regenerate code after modifying this file
  repeated ApplicationSetCondition conditions = 1;

  repeated ApplicationSetApplicationStatus applicationStatus = 2;
}

// ApplicationSetStrategy configures how generated Applications are updated in sequence.
message ApplicationSetStrategy {
  optional string type = 1;

  optional ApplicationSetRolloutStrategy rollingSync = 2;
}

// ApplicationSetSyncPolicy configures how generated Applications will relate to their
// ApplicationSet.
message ApplicationSetSyncPolicy {
  // PreserveResourcesOnDeletion will preserve resources on deletion. If PreserveResourcesOnDeletion is set to true, these Applications will not be deleted.
  optional bool preserveResourcesOnDeletion = 1;

  // ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync
  // +kubebuilder:validation:Optional
  // +kubebuilder:validation:Enum=create-only;create-update;create-delete;sync
  optional string applicationsSync = 2;
}

// ApplicationSetTemplate represents argocd ApplicationSpec
message ApplicationSetTemplate {
  optional ApplicationSetTemplateMeta metadata = 1;

  optional ApplicationSpec spec = 2;
}

// ApplicationSetTemplateMeta represents the Argo CD application fields that may
// be used for Applications generated from the ApplicationSet (based on metav1.ObjectMeta)
message ApplicationSetTemplateMeta {
  optional string name = 1;

  optional string namespace = 2;

  map<string, string> labels = 3;

  map<string, string> annotations = 4;

  repeated string finalizers = 5;
}

// ApplicationSetTerminalGenerator represents a generator nested within a nested generator (for example, a list within
// a merge within a matrix). A generator at this level may not be a combination-type generator (MatrixGenerator or
// MergeGenerator). ApplicationSet enforces this nesting depth limit because CRDs do not support recursive types.
// https://github.com/kubernetes-sigs/controller-tools/issues/477
message ApplicationSetTerminalGenerator {
  optional ListGenerator list = 1;

  optional ClusterGenerator clusters = 2;

  optional GitGenerator git = 3;

  optional SCMProviderGenerator scmProvider = 4;

  optional DuckTypeGenerator clusterDecisionResource = 5;

  optional PullRequestGenerator pullRequest = 6;

  optional PluginGenerator plugin = 7;

  // Selector allows to post-filter all generator.
  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8;
}

// ApplicationSource contains all required information about the source of an application
message ApplicationSource {
  // RepoURL is the URL to the repository (Git or Helm) that contains the application manifests
  optional string repoURL = 1;

  // Path is a directory path within the Git repository, and is only valid for applications sourced from Git.
  optional string path = 2;

  // TargetRevision defines the revision of the source to sync the application to.
  // In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
  // In case of Helm, this is a semver tag for the Chart's version.
  optional string targetRevision = 4;

  // Helm holds helm specific options
  optional ApplicationSourceHelm helm = 7;

  // Kustomize holds kustomize specific options
  optional ApplicationSourceKustomize kustomize = 8;

  // Directory holds path/directory specific options
  optional ApplicationSourceDirectory directory = 10;

  // Plugin holds config management plugin specific options
  optional ApplicationSourcePlugin plugin = 11;

  // Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.
  optional string chart = 12;

  // Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.
  optional string ref = 13;
}

// ApplicationSourceDirectory holds options for applications of type plain YAML or Jsonnet
message ApplicationSourceDirectory {
  // Recurse specifies whether to scan a directory recursively for manifests
  optional bool recurse = 1;

  // Jsonnet holds options specific to Jsonnet
  optional ApplicationSourceJsonnet jsonnet = 2;

  // Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation
  optional string exclude = 3;

  // Include contains a glob pattern to match paths against that should be explicitly included during manifest generation
  optional string include = 4;
}

// ApplicationSourceHelm holds helm specific options
message ApplicationSourceHelm {
  // ValuesFiles is a list of Helm value files to use when generating a template
  repeated string valueFiles = 1;

  // Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation
  repeated HelmParameter parameters = 2;

  // ReleaseName is the Helm release name to use. If omitted it will use the application name
  optional string releaseName = 3;

  // Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.
  // +patchStrategy=replace
  optional string values = 4;

  // FileParameters are file parameters to the helm template
  repeated HelmFileParameter fileParameters = 5;

  // Version is the Helm version to use for templating ("3")
  optional string version = 6;

  // PassCredentials pass credentials to all domains (Helm's --pass-credentials)
  optional bool passCredentials = 7;

  // IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values
  optional bool ignoreMissingValueFiles = 8;

  // SkipCrds skips custom resource definition installation step (Helm's --skip-crds)
  optional bool skipCrds = 9;

  // ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.
  // +kubebuilder:pruning:PreserveUnknownFields
  optional k8s.io.apimachinery.pkg.runtime.RawExtension valuesObject = 10;
}

// ApplicationSourceJsonnet holds options specific to applications of type Jsonnet
message ApplicationSourceJsonnet {
  // ExtVars is a list of Jsonnet External Variables
  repeated JsonnetVar extVars = 1;

  // TLAS is a list of Jsonnet Top-level Arguments
  repeated JsonnetVar tlas = 2;

  // Additional library search dirs
  repeated string libs = 3;
}

// ApplicationSourceKustomize holds options specific to an Application source specific to Kustomize
message ApplicationSourceKustomize {
  // NamePrefix is a prefix appended to resources for Kustomize apps
  optional string namePrefix = 1;

  // NameSuffix is a suffix appended to resources for Kustomize apps
  optional string nameSuffix = 2;

  // Images is a list of Kustomize image override specifications
  repeated string images = 3;

  // CommonLabels is a list of additional labels to add to rendered manifests
  map<string, string> commonLabels = 4;

  // Version controls which version of Kustomize to use for rendering manifests
  optional string version = 5;

  // CommonAnnotations is a list of additional annotations to add to rendered manifests
  map<string, string> commonAnnotations = 6;

  // ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
  optional bool forceCommonLabels = 7;

  // ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
  optional bool forceCommonAnnotations = 8;

  // Namespace sets the namespace that Kustomize adds to all resources
  optional string namespace = 9;

  // CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values
  optional bool commonAnnotationsEnvsubst = 10;

  // Replicas is a list of Kustomize Replicas override specifications
  repeated KustomizeReplica replicas = 11;

  // Patches is a list of Kustomize patches
  repeated KustomizePatch patches = 12;

  // Components specifies a list of kustomize components to add to the kustomization before building
  repeated string components = 13;
}

// ApplicationSourcePlugin holds options specific to config management plugins
message ApplicationSourcePlugin {
  optional string name = 1;

  repeated EnvEntry env = 2;

  repeated ApplicationSourcePluginParameter parameters = 3;
}

message ApplicationSourcePluginParameter {
  // Name is the name identifying a parameter.
  optional string name = 1;

  // String_ is the value of a string type parameter.
  optional string string = 5;

  // Map is the value of a map type parameter.
  optional OptionalMap map = 3;

  // Array is the value of an array type parameter.
  optional OptionalArray array = 4;
}

// ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision.
message ApplicationSpec {
  // Source is a reference to the location of the application's manifests or chart
  optional ApplicationSource source = 1;

  // Destination is a reference to the target Kubernetes server and namespace
  optional ApplicationDestination destination = 2;

  // Project is a reference to the project this application belongs to.
  // The empty string means that application belongs to the 'default' project.
  optional string project = 3;

  // SyncPolicy controls when and how a sync will be performed
  optional SyncPolicy syncPolicy = 4;

  // IgnoreDifferences is a list of resources and their fields which should be ignored during comparison
  repeated ResourceIgnoreDifferences ignoreDifferences = 5;

  // Info contains a list of information (URLs, email addresses, and plain text) that relates to the application
  repeated Info info = 6;

  // RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
  // This should only be changed in exceptional circumstances.
  // Setting to zero will store no history. This will reduce storage used.
  // Increasing will increase the space used to store the history, so we do not recommend increasing it.
  // Default is 10.
  optional int64 revisionHistoryLimit = 7;

  // Sources is a reference to the location of the application's manifests or chart
  repeated ApplicationSource sources = 8;
}

// ApplicationStatus contains status information for the application
message ApplicationStatus {
  // Resources is a list of Kubernetes resources managed by this application
  repeated ResourceStatus resources = 1;

  // Sync contains information about the application's current sync status
  optional SyncStatus sync = 2;

  // Health contains information about the application's current health status
  optional HealthStatus health = 3;

  // History contains information about the application's sync history
  repeated RevisionHistory history = 4;

  // Conditions is a list of currently observed application conditions
  repeated ApplicationCondition conditions = 5;

  // ReconciledAt indicates when the application state was reconciled using the latest git version
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time reconciledAt = 6;

  // OperationState contains information about any ongoing operations, such as a sync
  optional OperationState operationState = 7;

  // ObservedAt indicates when the application state was updated without querying latest git state
  // Deprecated: controller no longer updates ObservedAt field
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time observedAt = 8;

  // SourceType specifies the type of this application
  optional string sourceType = 9;

  // Summary contains a list of URLs and container images used by this application
  optional ApplicationSummary summary = 10;

  // ResourceHealthSource indicates where the resource health status is stored: inline if not set or appTree
  optional string resourceHealthSource = 11;

  // SourceTypes specifies the type of the sources included in the application
  repeated string sourceTypes = 12;

  // ControllerNamespace indicates the namespace in which the application controller is located
  optional string controllerNamespace = 13;
}

// ApplicationSummary contains information about URLs and container images used by an application
message ApplicationSummary {
  // ExternalURLs holds all external URLs of application child resources.
  repeated string externalURLs = 1;

  // Images holds all images of application child resources.
  repeated string images = 2;
}

// ApplicationTree holds nodes which belongs to the application
// TODO: describe purpose of this type
message ApplicationTree {
  // Nodes contains list of nodes which either directly managed by the application and children of directly managed nodes.
  repeated ResourceNode nodes = 1;

  // OrphanedNodes contains if or orphaned nodes: nodes which are not managed by the app but in the same namespace. List is populated only if orphaned resources enabled in app project.
  repeated ResourceNode orphanedNodes = 2;

  // Hosts holds list of Kubernetes nodes that run application related pods
  repeated HostInfo hosts = 3;
}

// ApplicationWatchEvent contains information about application change.
message ApplicationWatchEvent {
  optional string type = 1;

  // Application is:
  //  * If Type is Added or Modified: the new state of the object.
  //  * If Type is Deleted: the state of the object immediately before deletion.
  //  * If Type is Error: *api.Status is recommended; other types may make sense
  //    depending on context.
  optional Application application = 2;
}

// Backoff is the backoff strategy to use on subsequent retries for failing syncs
message Backoff {
  // Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
  optional string duration = 1;

  // Factor is a factor to multiply the base duration after each failed retry
  optional int64 factor = 2;

  // MaxDuration is the maximum amount of time allowed for the backoff strategy
  optional string maxDuration = 3;
}

// BasicAuthBitbucketServer defines the username/(password or personal access token) for Basic auth.
message BasicAuthBitbucketServer {
  // Username for Basic auth
  optional string username = 1;

  // Password (or personal access token) reference.
  optional SecretRef passwordRef = 2;
}

// BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth.
message BearerTokenBitbucketCloud {
  // Password (or personal access token) reference.
  optional SecretRef tokenRef = 1;
}

// ChartDetails contains helm chart metadata for a specific version
message ChartDetails {
  optional string description = 1;

  // The URL of this projects home page, e.g. "http://example.com"
  optional string home = 2;

  // List of maintainer details, name and email, e.g. ["John Doe <john_doe@my-company.com>"]
  repeated string maintainers = 3;
}

// Cluster is the definition of a cluster resource
message Cluster {
  // Server is the API server URL of the Kubernetes cluster
  optional string server = 1;

  // Name of the cluster. If omitted, will use the server address
  optional string name = 2;

  // Config holds cluster information for connecting to a cluster
  optional ClusterConfig config = 3;

  // DEPRECATED: use Info.ConnectionState field instead.
  // ConnectionState contains information about cluster connection state
  optional ConnectionState connectionState = 4;

  // DEPRECATED: use Info.ServerVersion field instead.
  // The server version
  optional string serverVersion = 5;

  // Holds list of namespaces which are accessible in that cluster. Cluster level resources will be ignored if namespace list is not empty.
  repeated string namespaces = 6;

  // RefreshRequestedAt holds time when cluster cache refresh has been requested
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time refreshRequestedAt = 7;

  // Info holds information about cluster cache and state
  optional ClusterInfo info = 8;

  // Shard contains optional shard number. Calculated on the fly by the application controller if not specified.
  optional int64 shard = 9;

  // Indicates if cluster level resources should be managed. This setting is used only if cluster is connected in a namespaced mode.
  optional bool clusterResources = 10;

  // Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity
  optional string project = 11;

  // Labels for cluster secret metadata
  map<string, string> labels = 12;

  // Annotations for cluster secret metadata
  map<string, string> annotations = 13;
}

// ClusterCacheInfo contains information about the cluster cache
message ClusterCacheInfo {
  // ResourcesCount holds number of observed Kubernetes resources
  optional int64 resourcesCount = 1;

  // APIsCount holds number of observed Kubernetes API count
  optional int64 apisCount = 2;

  // LastCacheSyncTime holds time of most recent cache synchronization
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastCacheSyncTime = 3;
}

// ClusterConfig is the configuration attributes. This structure is subset of the go-client
// rest.Config with annotations added for marshalling.
message ClusterConfig {
  // Server requires Basic authentication
  optional string username = 1;

  optional string password = 2;

  // Server requires Bearer authentication. This client will not attempt to use
  // refresh tokens for an OAuth2 flow.
  // TODO: demonstrate an OAuth2 compatible client.
  optional string bearerToken = 3;

  // TLSClientConfig contains settings to enable transport layer security
  optional TLSClientConfig tlsClientConfig = 4;

  // AWSAuthConfig contains IAM authentication configuration
  optional AWSAuthConfig awsAuthConfig = 5;

  // ExecProviderConfig contains configuration for an exec provider
  optional ExecProviderConfig execProviderConfig = 6;
}

// ClusterGenerator defines a generator to match against clusters registered with ArgoCD.
message ClusterGenerator {
  // Selector defines a label selector to match against all clusters registered with ArgoCD.
  // Clusters today are stored as Kubernetes Secrets, thus the Secret labels will be used
  // for matching the selector.
  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1;

  optional ApplicationSetTemplate template = 2;

  // Values contains key/value pairs which are passed directly as parameters to the template
  map<string, string> values = 3;
}

// ClusterInfo contains information about the cluster
message ClusterInfo {
  // ConnectionState contains information about the connection to the cluster
  optional ConnectionState connectionState = 1;

  // ServerVersion contains information about the Kubernetes version of the cluster
  optional string serverVersion = 2;

  // CacheInfo contains information about the cluster cache
  optional ClusterCacheInfo cacheInfo = 3;

  // ApplicationsCount is the number of applications managed by Argo CD on the cluster
  optional int64 applicationsCount = 4;

  // APIVersions contains list of API versions supported by the cluster
  repeated string apiVersions = 5;
}

// ClusterList is a collection of Clusters.
message ClusterList {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  repeated Cluster items = 2;
}

// Command holds binary path and arguments list
message Command {
  repeated string command = 1;

  repeated string args = 2;
}

// ComparedTo contains application source and target which was used for resources comparison
message ComparedTo {
  // Source is a reference to the application's source used for comparison
  optional ApplicationSource source = 1;

  // Destination is a reference to the application's destination used for comparison
  optional ApplicationDestination destination = 2;

  // Sources is a reference to the application's multiple sources used for comparison
  repeated ApplicationSource sources = 3;

  // IgnoreDifferences is a reference to the application's ignored differences used for comparison
  repeated ResourceIgnoreDifferences ignoreDifferences = 4;
}

// ComponentParameter contains information about component parameter value
message ComponentParameter {
  optional string component = 1;

  optional string name = 2;

  optional string value = 3;
}

// ConfigManagementPlugin contains config management plugin configuration
message ConfigManagementPlugin {
  optional string name = 1;

  optional Command init = 2;

  optional Command generate = 3;

  optional bool lockRepo = 4;
}

// ConnectionState contains information about remote resource connection state, currently used for clusters and repositories
message ConnectionState {
  // Status contains the current status indicator for the connection
  optional string status = 1;

  // Message contains human readable information about the connection status
  optional string message = 2;

  // ModifiedAt contains the timestamp when this connection status has been determined
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time attemptedAt = 3;
}

// DuckType defines a generator to match against clusters registered with ArgoCD.
message DuckTypeGenerator {
  // ConfigMapRef is a ConfigMap with the duck type definitions needed to retrieve the data
  //              this includes apiVersion(group/version), kind, matchKey and validation settings
  // Name is the resource name of the kind, group and version, defined in the ConfigMapRef
  // RequeueAfterSeconds is how long before the duckType will be rechecked for a change
  optional string configMapRef = 1;

  optional string name = 2;

  optional int64 requeueAfterSeconds = 3;

  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 4;

  optional ApplicationSetTemplate template = 5;

  // Values contains key/value pairs which are passed directly as parameters to the template
  map<string, string> values = 6;
}

// EnvEntry represents an entry in the application's environment
message EnvEntry {
  // Name is the name of the variable, usually expressed in uppercase
  optional string name = 1;

  // Value is the value of the variable
  optional string value = 2;
}

message ErrApplicationNotAllowedToUseProject {
}

// ExecProviderConfig is config used to call an external command to perform cluster authentication
// See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig
message ExecProviderConfig {
  // Command to execute
  optional string command = 1;

  // Arguments to pass to the command when executing it
  repeated string args = 2;

  // Env defines additional environment variables to expose to the process
  map<string, string> env = 3;

  // Preferred input version of the ExecInfo
  optional string apiVersion = 4;

  // This text is shown to the user when the executable doesn't seem to be present
  optional string installHint = 5;
}

message GitDirectoryGeneratorItem {
  optional string path = 1;

  optional bool exclude = 2;
}

message GitFileGeneratorItem {
  optional string path = 1;
}

message GitGenerator {
  optional string repoURL = 1;

  repeated GitDirectoryGeneratorItem directories = 2;

  repeated GitFileGeneratorItem files = 3;

  optional string revision = 4;

  optional int64 requeueAfterSeconds = 5;

  optional ApplicationSetTemplate template = 6;

  optional string pathParamPrefix = 7;

  // Values contains key/value pairs which are passed directly as parameters to the template
  map<string, string> values = 8;
}

// GnuPGPublicKey is a representation of a GnuPG public key
message GnuPGPublicKey {
  // KeyID specifies the key ID, in hexadecimal string format
  optional string keyID = 1;

  // Fingerprint is the fingerprint of the key
  optional string fingerprint = 2;

  // Owner holds the owner identification, e.g. a name and e-mail address
  optional string owner = 3;

  // Trust holds the level of trust assigned to this key
  optional string trust = 4;

  // SubType holds the key's sub type (e.g. rsa4096)
  optional string subType = 5;

  // KeyData holds the raw key data, in base64 encoded format
  optional string keyData = 6;
}

// GnuPGPublicKeyList is a collection of GnuPGPublicKey objects
message GnuPGPublicKeyList {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  repeated GnuPGPublicKey items = 2;
}

// HealthStatus contains information about the currently observed health state of an application or resource
message HealthStatus {
  // Status holds the status code of the application or resource
  optional string status = 1;

  // Message is a human-readable informational message describing the health status
  optional string message = 2;
}

// HelmFileParameter is a file parameter that's passed to helm template during manifest generation
message HelmFileParameter {
  // Name is the name of the Helm parameter
  optional string name = 1;

  // Path is the path to the file containing the values for the Helm parameter
  optional string path = 2;
}

// HelmOptions holds helm options
message HelmOptions {
  repeated string valuesFileSchemes = 1;
}

// HelmParameter is a parameter that's passed to helm template during manifest generation
message HelmParameter {
  // Name is the name of the Helm parameter
  optional string name = 1;

  // Value is the value for the Helm parameter
  optional string value = 2;

  // ForceString determines whether to tell Helm to interpret booleans and numbers as strings
  optional bool forceString = 3;
}

// HostInfo holds host name and resources metrics
// TODO: describe purpose of this type
// TODO: describe members of this type
message HostInfo {
  optional string name = 1;

  repeated HostResourceInfo resourcesInfo = 2;

  optional k8s.io.api.core.v1.NodeSystemInfo systemInfo = 3;
}

// TODO: describe this type
message HostResourceInfo {
  optional string resourceName = 1;

  optional int64 requestedByApp = 2;

  optional int64 requestedByNeighbors = 3;

  optional int64 capacity = 4;
}

message Info {
  optional string name = 1;

  optional string value = 2;
}

// InfoItem contains arbitrary, human readable information about an application
message InfoItem {
  // Name is a human readable title for this piece of information.
  optional string name = 1;

  // Value is human readable content.
  optional string value = 2;
}

// JWTToken holds the issuedAt and expiresAt values of a token
message JWTToken {
  optional int64 iat = 1;

  optional int64 exp = 2;

  optional string id = 3;
}

// JWTTokens represents a list of JWT tokens
message JWTTokens {
  repeated JWTToken items = 1;
}

// JsonnetVar represents a variable to be passed to jsonnet during manifest generation
message JsonnetVar {
  optional string name = 1;

  optional string value = 2;

  optional bool code = 3;
}

// KnownTypeField contains mapping between CRD field and known Kubernetes type.
// This is mainly used for unit conversion in unknown resources (e.g. 0.1 == 100mi)
// TODO: Describe the members of this type
message KnownTypeField {
  optional string field = 1;

  optional string type = 2;
}

message KustomizeGvk {
  optional string group = 1;

  optional string version = 2;

  optional string kind = 3;
}

// KustomizeOptions are options for kustomize to use when building manifests
message KustomizeOptions {
  // BuildOptions is a string of build parameters to use when calling `kustomize build`
  optional string buildOptions = 1;

  // BinaryPath holds optional path to kustomize binary
  optional string binaryPath = 2;
}

message KustomizePatch {
  optional string path = 1;

  optional string patch = 2;

  optional KustomizeSelector target = 3;

  map<string, bool> options = 4;
}

message KustomizeReplica {
  // Name of Deployment or StatefulSet
  optional string name = 1;

  // Number of replicas
  optional k8s.io.apimachinery.pkg.util.intstr.IntOrString count = 2;
}

message KustomizeResId {
  optional KustomizeGvk gvk = 1;

  optional string name = 2;

  optional string namespace = 3;
}

message KustomizeSelector {
  optional KustomizeResId resId = 1;

  optional string annotationSelector = 2;

  optional string labelSelector = 3;
}

// ListGenerator include items info
message ListGenerator {
  // +kubebuilder:validation:Optional
  repeated k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON elements = 1;

  optional ApplicationSetTemplate template = 2;

  optional string elementsYaml = 3;
}

message ManagedNamespaceMetadata {
  map<string, string> labels = 1;

  map<string, string> annotations = 2;
}

// MatrixGenerator generates the cartesian product of two sets of parameters. The parameters are defined by two nested
// generators.
message MatrixGenerator {
  repeated ApplicationSetNestedGenerator generators = 1;

  optional ApplicationSetTemplate template = 2;
}

// MergeGenerator merges the output of two or more generators. Where the values for all specified merge keys are equal
// between two sets of generated parameters, the parameter sets will be merged with the parameters from the latter
// generator taking precedence. Parameter sets with merge keys not present in the base generator's params will be
// ignored.
// For example, if the first generator produced [{a: '1', b: '2'}, {c: '1', d: '1'}] and the second generator produced
// [{'a': 'override'}], the united parameters for merge keys = ['a'] would be
// [{a: 'override', b: '1'}, {c: '1', d: '1'}].
//
// MergeGenerator supports template overriding. If a MergeGenerator is one of multiple top-level generators, its
// template will be merged with the top-level generator before the parameters are applied.
message MergeGenerator {
  repeated ApplicationSetNestedGenerator generators = 1;

  repeated string mergeKeys = 2;

  optional ApplicationSetTemplate template = 3;
}

// NestedMatrixGenerator is a MatrixGenerator nested under another combination-type generator (MatrixGenerator or
// MergeGenerator). NestedMatrixGenerator does not have an override template, because template overriding has no meaning
// within the constituent generators of combination-type generators.
//
// NOTE: Nested matrix generator is not included directly in the CRD struct, instead it is included
// as a generic 'apiextensionsv1.JSON' object, and then marshalled into a NestedMatrixGenerator
// when processed.
message NestedMatrixGenerator {
  repeated ApplicationSetTerminalGenerator generators = 1;
}

// NestedMergeGenerator is a MergeGenerator nested under another combination-type generator (MatrixGenerator or
// MergeGenerator). NestedMergeGenerator does not have an override template, because template overriding has no meaning
// within the constituent generators of combination-type generators.
//
// NOTE: Nested merge generator is not included directly in the CRD struct, instead it is included
// as a generic 'apiextensionsv1.JSON' object, and then marshalled into a NestedMergeGenerator
// when processed.
message NestedMergeGenerator {
  repeated ApplicationSetTerminalGenerator generators = 1;

  repeated string mergeKeys = 2;
}

// Operation contains information about a requested or running operation
message Operation {
  // Sync contains parameters for the operation
  optional SyncOperation sync = 1;

  // InitiatedBy contains information about who initiated the operations
  optional OperationInitiator initiatedBy = 2;

  // Info is a list of informational items for this operation
  repeated Info info = 3;

  // Retry controls the strategy to apply if a sync fails
  optional RetryStrategy retry = 4;
}

// OperationInitiator contains information about the initiator of an operation
message OperationInitiator {
  // Username contains the name of a user who started operation
  optional string username = 1;

  // Automated is set to true if operation was initiated automatically by the application controller.
  optional bool automated = 2;
}

// OperationState contains information about state of a running operation
message OperationState {
  // Operation is the original requested operation
  optional Operation operation = 1;

  // Phase is the current phase of the operation
  optional string phase = 2;

  // Message holds any pertinent messages when attempting to perform operation (typically errors).
  optional string message = 3;

  // SyncResult is the result of a Sync operation
  optional SyncOperationResult syncResult = 4;

  // StartedAt contains time of operation start
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 6;

  // FinishedAt contains time of operation completion
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7;

  // RetryCount contains time of operation retries
  optional int64 retryCount = 8;
}

message OptionalArray {
  // Array is the value of an array type parameter.
  // +optional
  repeated string array = 1;
}

message OptionalMap {
  // Map is the value of a map type parameter.
  // +optional
  map<string, string> map = 1;
}

// OrphanedResourceKey is a reference to a resource to be ignored from
message OrphanedResourceKey {
  optional string group = 1;

  optional string kind = 2;

  optional string name = 3;
}

// OrphanedResourcesMonitorSettings holds settings of orphaned resources monitoring
message OrphanedResourcesMonitorSettings {
  // Warn indicates if warning condition should be created for apps which have orphaned resources
  optional bool warn = 1;

  // Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
  repeated OrphanedResourceKey ignore = 2;
}

// OverrideIgnoreDiff contains configurations about how fields should be ignored during diffs between
// the desired state and live state
message OverrideIgnoreDiff {
  // JSONPointers is a JSON path list following the format defined in RFC4627 (https://datatracker.ietf.org/doc/html/rfc6902#section-3)
  repeated string jSONPointers = 1;

  // JQPathExpressions is a JQ path list that will be evaludated during the diff process
  repeated string jqPathExpressions = 2;

  // ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
  // desired state defined in the SCM and won't be displayed in diffs
  repeated string managedFieldsManagers = 3;
}

message PluginConfigMapRef {
  // Name of the ConfigMap
  optional string name = 1;
}

// PluginGenerator defines connection info specific to Plugin.
message PluginGenerator {
  optional PluginConfigMapRef configMapRef = 1;

  optional PluginInput input = 2;

  // RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again.
  optional int64 requeueAfterSeconds = 3;

  optional ApplicationSetTemplate template = 4;

  // Values contains key/value pairs which are passed directly as parameters to the template. These values will not be
  // sent as parameters to the plugin.
  map<string, string> values = 5;
}

message PluginInput {
  // Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the
  // values can be any type.
  map<string, k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON> parameters = 1;
}

// ProjectRole represents a role that has access to a project
message ProjectRole {
  // Name is a name for this role
  optional string name = 1;

  // Description is a description of the role
  optional string description = 2;

  // Policies Stores a list of casbin formatted strings that define access policies for the role in the project
  repeated string policies = 3;

  // JWTTokens are a list of generated JWT tokens bound to this role
  repeated JWTToken jwtTokens = 4;

  // Groups are a list of OIDC group claims bound to this role
  repeated string groups = 5;
}

// PullRequestGenerator defines a generator that scrapes a PullRequest API to find candidate pull requests.
message PullRequestGenerator {
  // Which provider to use and config for it.
  optional PullRequestGeneratorGithub github = 1;

  optional PullRequestGeneratorGitLab gitlab = 2;

  optional PullRequestGeneratorGitea gitea = 3;

  optional PullRequestGeneratorBitbucketServer bitbucketServer = 4;

  // Filters for which pull requests should be considered.
  repeated PullRequestGeneratorFilter filters = 5;

  // Standard parameters.
  optional int64 requeueAfterSeconds = 6;

  optional ApplicationSetTemplate template = 7;

  optional PullRequestGeneratorBitbucket bitbucket = 8;

  // Additional provider to use and config for it.
  optional PullRequestGeneratorAzureDevOps azuredevops = 9;
}

// PullRequestGeneratorAzureDevOps defines connection info specific to AzureDevOps.
message PullRequestGeneratorAzureDevOps {
  // Azure DevOps org to scan. Required.
  optional string organization = 1;

  // Azure DevOps project name to scan. Required.
  optional string project = 2;

  // Azure DevOps repo name to scan. Required.
  optional string repo = 3;

  // The Azure DevOps API URL to talk to. If blank, use https://dev.azure.com/.
  optional string api = 4;

  // Authentication token reference.
  optional SecretRef tokenRef = 5;

  // Labels is used to filter the PRs that you want to target
  repeated string labels = 6;
}

// PullRequestGeneratorBitbucket defines connection info specific to Bitbucket.
message PullRequestGeneratorBitbucket {
  // Workspace to scan. Required.
  optional string owner = 1;

  // Repo name to scan. Required.
  optional string repo = 2;

  // The Bitbucket REST API URL to talk to. If blank, uses https://api.bitbucket.org/2.0.
  optional string api = 3;

  // Credentials for Basic auth
  optional BasicAuthBitbucketServer basicAuth = 4;

  // Credentials for AppToken (Bearer auth)
  optional BearerTokenBitbucketCloud bearerToken = 5;
}

// PullRequestGeneratorBitbucketServer defines connection info specific to BitbucketServer.
message PullRequestGeneratorBitbucketServer {
  // Project to scan. Required.
  optional string project = 1;

  // Repo name to scan. Required.
  optional string repo = 2;

  // The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest Required.
  optional string api = 3;

  // Credentials for Basic auth
  optional BasicAuthBitbucketServer basicAuth = 4;
}

// PullRequestGeneratorFilter is a single pull request filter.
// If multiple filter types are set on a single struct, they will be AND'd together. All filters must
// pass for a pull request to be included.
message PullRequestGeneratorFilter {
  optional string branchMatch = 1;

  optional string targetBranchMatch = 2;
}

// PullRequestGeneratorGitLab defines connection info specific to GitLab.
message PullRequestGeneratorGitLab {
  // GitLab project to scan. Required.
  optional string project = 1;

  // The GitLab API URL to talk to. If blank, uses https://gitlab.com/.
  optional string api = 2;

  // Authentication token reference.
  optional SecretRef tokenRef = 3;

  // Labels is used to filter the MRs that you want to target
  repeated string labels = 4;

  // PullRequestState is an additional MRs filter to get only those with a certain state. Default: "" (all states)
  optional string pullRequestState = 5;

  // Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false
  optional bool insecure = 6;
}

// PullRequestGeneratorGitea defines connection info specific to Gitea.
message PullRequestGeneratorGitea {
  // Gitea org or user to scan. Required.
  optional string owner = 1;

  // Gitea repo name to scan. Required.
  optional string repo = 2;

  // The Gitea API URL to talk to. Required
  optional string api = 3;

  // Authentication token reference.
  optional SecretRef tokenRef = 4;

  // Allow insecure tls, for self-signed certificates; default: false.
  optional bool insecure = 5;
}

// PullRequestGenerator defines connection info specific to GitHub.
message PullRequestGeneratorGithub {
  // GitHub org or user to scan. Required.
  optional string owner = 1;

  // GitHub repo name to scan. Required.
  optional string repo = 2;

  // The GitHub API URL to talk to. If blank, use https://api.github.com/.
  optional string api = 3;

  // Authentication token reference.
  optional SecretRef tokenRef = 4;

  // AppSecretName is a reference to a GitHub App repo-creds secret with permission to access pull requests.
  optional string appSecretName = 5;

  // Labels is used to filter the PRs that you want to target
  repeated string labels = 6;
}

message RefTarget {
  optional Repository repo = 1;

  optional string targetRevision = 2;

  optional string chart = 3;
}

// RepoCreds holds the definition for repository credentials
message RepoCreds {
  // URL is the URL that this credentials matches to
  optional string url = 1;

  // Username for authenticating at the repo server
  optional string username = 2;

  // Password for authenticating at the repo server
  optional string password = 3;

  // SSHPrivateKey contains the private key data for authenticating at the repo server using SSH (only Git repos)
  optional string sshPrivateKey = 4;

  // TLSClientCertData specifies the TLS client cert data for authenticating at the repo server
  optional string tlsClientCertData = 5;

  // TLSClientCertKey specifies the TLS client cert key for authenticating at the repo server
  optional string tlsClientCertKey = 6;

  // GithubAppPrivateKey specifies the private key PEM data for authentication via GitHub app
  optional string githubAppPrivateKey = 7;

  // GithubAppId specifies the Github App ID of the app used to access the repo for GitHub app authentication
  optional int64 githubAppID = 8;

  // GithubAppInstallationId specifies the ID of the installed GitHub App for GitHub app authentication
  optional int64 githubAppInstallationID = 9;

  // GithubAppEnterpriseBaseURL specifies the GitHub API URL for GitHub app authentication. If empty will default to https://api.github.com
  optional string githubAppEnterpriseBaseUrl = 10;

  // EnableOCI specifies whether helm-oci support should be enabled for this repo
  optional bool enableOCI = 11;

  // Type specifies the type of the repoCreds. Can be either "git" or "helm. "git" is assumed if empty or absent.
  optional string type = 12;

  // GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos
  optional string gcpServiceAccountKey = 13;

  // Proxy specifies the HTTP/HTTPS proxy used to access repos at the repo server
  optional string proxy = 19;

  // ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections
  optional bool forceHttpBasicAuth = 20;
}

// RepositoryList is a collection of Repositories.
message RepoCredsList {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  repeated RepoCreds items = 2;
}

// Repository is a repository holding application configurations
message Repository {
  // Repo contains the URL to the remote repository
  optional string repo = 1;

  // Username contains the user name used for authenticating at the remote repository
  optional string username = 2;

  // Password contains the password or PAT used for authenticating at the remote repository
  optional string password = 3;

  // SSHPrivateKey contains the PEM data for authenticating at the repo server. Only used with Git repos.
  optional string sshPrivateKey = 4;

  // ConnectionState contains information about the current state of connection to the repository server
  optional ConnectionState connectionState = 5;

  // InsecureIgnoreHostKey should not be used anymore, Insecure is favoured
  // Used only for Git repos
  optional bool insecureIgnoreHostKey = 6;

  // Insecure specifies whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys
  optional bool insecure = 7;

  // EnableLFS specifies whether git-lfs support should be enabled for this repo. Only valid for Git repositories.
  optional bool enableLfs = 8;

  // TLSClientCertData contains a certificate in PEM format for authenticating at the repo server
  optional string tlsClientCertData = 9;

  // TLSClientCertKey contains a private key in PEM format for authenticating at the repo server
  optional string tlsClientCertKey = 10;

  // Type specifies the type of the repo. Can be either "git" or "helm. "git" is assumed if empty or absent.
  optional string type = 11;

  // Name specifies a name to be used for this repo. Only used with Helm repos
  optional string name = 12;

  // Whether credentials were inherited from a credential set
  optional bool inheritedCreds = 13;

  // EnableOCI specifies whether helm-oci support should be enabled for this repo
  optional bool enableOCI = 14;

  // Github App Private Key PEM data
  optional string githubAppPrivateKey = 15;

  // GithubAppId specifies the ID of the GitHub app used to access the repo
  optional int64 githubAppID = 16;

  // GithubAppInstallationId specifies the installation ID of the GitHub App used to access the repo
  optional int64 githubAppInstallationID = 17;

  // GithubAppEnterpriseBaseURL specifies the base URL of GitHub Enterprise installation. If empty will default to https://api.github.com
  optional string githubAppEnterpriseBaseUrl = 18;

  // Proxy specifies the HTTP/HTTPS proxy used to access the repo
  optional string proxy = 19;

  // Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity
  optional string project = 20;

  // GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos
  optional string gcpServiceAccountKey = 21;

  // ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections
  optional bool forceHttpBasicAuth = 22;
}

// A RepositoryCertificate is either SSH known hosts entry or TLS certificate
message RepositoryCertificate {
  // ServerName specifies the DNS name of the server this certificate is intended for
  optional string serverName = 1;

  // CertType specifies the type of the certificate - currently one of "https" or "ssh"
  optional string certType = 2;

  // CertSubType specifies the sub type of the cert, i.e. "ssh-rsa"
  optional string certSubType = 3;

  // CertData contains the actual certificate data, dependent on the certificate type
  optional bytes certData = 4;

  // CertInfo will hold additional certificate info, depdendent on the certificate type (e.g. SSH fingerprint, X509 CommonName)
  optional string certInfo = 5;
}

// RepositoryCertificateList is a collection of RepositoryCertificates
message RepositoryCertificateList {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  // List of certificates to be processed
  repeated RepositoryCertificate items = 2;
}

// RepositoryList is a collection of Repositories.
message RepositoryList {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;

  repeated Repository items = 2;
}

// TODO: describe this type
// TODO: describe members of this type
message ResourceAction {
  optional string name = 1;

  repeated ResourceActionParam params = 2;

  optional bool disabled = 3;

  optional string iconClass = 4;

  optional string displayName = 5;
}

// TODO: describe this type
// TODO: describe members of this type
message ResourceActionDefinition {
  optional string name = 1;

  optional string actionLua = 2;
}

// TODO: describe this type
// TODO: describe members of this type
message ResourceActionParam {
  optional string name = 1;

  optional string value = 2;

  optional string type = 3;

  optional string default = 4;
}

// TODO: describe this type
// TODO: describe members of this type
message ResourceActions {
  optional string actionDiscoveryLua = 1;

  repeated ResourceActionDefinition definitions = 2;
}

// ResourceDiff holds the diff of a live and target resource object
// TODO: describe members of this type
message ResourceDiff {
  optional string group = 1;

  optional string kind = 2;

  optional string namespace = 3;

  optional string name = 4;

  // TargetState contains the JSON serialized resource manifest defined in the Git/Helm
  optional string targetState = 5;

  // TargetState contains the JSON live resource manifest
  optional string liveState = 6;

  // Diff contains the JSON patch between target and live resource
  // Deprecated: use NormalizedLiveState and PredictedLiveState to render the difference
  optional string diff = 7;

  optional bool hook = 8;

  // NormalizedLiveState contains JSON serialized live resource state with applied normalizations
  optional string normalizedLiveState = 9;

  // PredictedLiveState contains JSON serialized resource state that is calculated based on normalized and target resource state
  optional string predictedLiveState = 10;

  optional string resourceVersion = 11;

  optional bool modified = 12;
}

// ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state.
message ResourceIgnoreDifferences {
  optional string group = 1;

  optional string kind = 2;

  optional string name = 3;

  optional string namespace = 4;

  repeated string jsonPointers = 5;

  repeated string jqPathExpressions = 6;

  // ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
  // desired state defined in the SCM and won't be displayed in diffs
  repeated string managedFieldsManagers = 7;
}

// ResourceNetworkingInfo holds networking resource related information
// TODO: describe members of this type
message ResourceNetworkingInfo {
  map<string, string> targetLabels = 1;

  repeated ResourceRef targetRefs = 2;

  map<string, string> labels = 3;

  repeated k8s.io.api.core.v1.LoadBalancerIngress ingress = 4;

  // ExternalURLs holds list of URLs which should be available externally. List is populated for ingress resources using rules hostnames.
  repeated string externalURLs = 5;
}

// ResourceNode contains information about live resource and its children
// TODO: describe members of this type
message ResourceNode {
  optional ResourceRef resourceRef = 1;

  repeated ResourceRef parentRefs = 2;

  repeated InfoItem info = 3;

  optional ResourceNetworkingInfo networkingInfo = 4;

  optional string resourceVersion = 5;

  repeated string images = 6;

  optional HealthStatus health = 7;

  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time createdAt = 8;
}

// ResourceOverride holds configuration to customize resource diffing and health assessment
// TODO: describe the members of this type
message ResourceOverride {
  optional string healthLua = 1;

  optional bool useOpenLibs = 5;

  optional string actions = 3;

  optional OverrideIgnoreDiff ignoreDifferences = 2;

  optional OverrideIgnoreDiff ignoreResourceUpdates = 6;

  repeated KnownTypeField knownTypeFields = 4;
}

// ResourceRef includes fields which uniquely identify a resource
message ResourceRef {
  optional string group = 1;

  optional string version = 2;

  optional string kind = 3;

  optional string namespace = 4;

  optional string name = 5;

  optional string uid = 6;
}

// ResourceResult holds the operation result details of a specific resource
message ResourceResult {
  // Group specifies the API group of the resource
  optional string group = 1;

  // Version specifies the API version of the resource
  optional string version = 2;

  // Kind specifies the API kind of the resource
  optional string kind = 3;

  // Namespace specifies the target namespace of the resource
  optional string namespace = 4;

  // Name specifies the name of the resource
  optional string name = 5;

  // Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks
  optional string status = 6;

  // Message contains an informational or error message for the last sync OR operation
  optional string message = 7;

  // HookType specifies the type of the hook. Empty for non-hook resources
  optional string hookType = 8;

  // HookPhase contains the state of any operation associated with this resource OR hook
  // This can also contain values for non-hook resources.
  optional string hookPhase = 9;

  // SyncPhase indicates the particular phase of the sync that this result was acquired in
  optional string syncPhase = 10;
}

// ResourceStatus holds the current sync and health status of a resource
// TODO: describe members of this type
message ResourceStatus {
  optional string group = 1;

  optional string version = 2;

  optional string kind = 3;

  optional string namespace = 4;

  optional string name = 5;

  optional string status = 6;

  optional HealthStatus health = 7;

  optional bool hook = 8;

  optional bool requiresPruning = 9;

  optional int64 syncWave = 10;
}

// RetryStrategy contains information about the strategy to apply when a sync failed
message RetryStrategy {
  // Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.
  optional int64 limit = 1;

  // Backoff controls how to backoff on subsequent retries of failed syncs
  optional Backoff backoff = 2;
}

// RevisionHistory contains history information about a previous sync
message RevisionHistory {
  // Revision holds the revision the sync was performed against
  optional string revision = 2;

  // DeployedAt holds the time the sync operation completed
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time deployedAt = 4;

  // ID is an auto incrementing identifier of the RevisionHistory
  optional int64 id = 5;

  // Source is a reference to the application source used for the sync operation
  optional ApplicationSource source = 6;

  // DeployStartedAt holds the time the sync operation started
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time deployStartedAt = 7;

  // Sources is a reference to the application sources used for the sync operation
  repeated ApplicationSource sources = 8;

  // Revisions holds the revision of each source in sources field the sync was performed against
  repeated string revisions = 9;
}

// RevisionMetadata contains metadata for a specific revision in a Git repository
message RevisionMetadata {
  // who authored this revision,
  // typically their name and email, e.g. "John Doe <john_doe@my-company.com>",
  // but might not match this example
  optional string author = 1;

  // Date specifies when the revision was authored
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time date = 2;

  // Tags specifies any tags currently attached to the revision
  // Floating tags can move from one revision to another
  repeated string tags = 3;

  // Message contains the message associated with the revision, most likely the commit message.
  optional string message = 4;

  // SignatureInfo contains a hint on the signer if the revision was signed with GPG, and signature verification is enabled.
  optional string signatureInfo = 5;
}

// SCMProviderGenerator defines a generator that scrapes a SCMaaS API to find candidate repos.
message SCMProviderGenerator {
  // Which provider to use and config for it.
  optional SCMProviderGeneratorGithub github = 1;

  optional SCMProviderGeneratorGitlab gitlab = 2;

  optional SCMProviderGeneratorBitbucket bitbucket = 3;

  optional SCMProviderGeneratorBitbucketServer bitbucketServer = 4;

  optional SCMProviderGeneratorGitea gitea = 5;

  optional SCMProviderGeneratorAzureDevOps azureDevOps = 6;

  // Filters for which repos should be considered.
  repeated SCMProviderGeneratorFilter filters = 7;

  // Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers
  // necessarily support all protocols.
  optional string cloneProtocol = 8;

  // Standard parameters.
  optional int64 requeueAfterSeconds = 9;

  optional ApplicationSetTemplate template = 10;

  // Values contains key/value pairs which are passed directly as parameters to the template
  map<string, string> values = 11;

  optional SCMProviderGeneratorAWSCodeCommit awsCodeCommit = 12;
}

// SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit.
message SCMProviderGeneratorAWSCodeCommit {
  // TagFilters provides the tag filter(s) for repo discovery
  repeated TagFilter tagFilters = 1;

  // Role provides the AWS IAM role to assume, for cross-account repo discovery
  // if not provided, AppSet controller will use its pod/node identity to discover.
  optional string role = 2;

  // Region provides the AWS region to discover repos.
  // if not provided, AppSet controller will infer the current region from environment.
  optional string region = 3;

  // Scan all branches instead of just the default branch.
  optional bool allBranches = 4;
}

// SCMProviderGeneratorAzureDevOps defines connection info specific to Azure DevOps.
message SCMProviderGeneratorAzureDevOps {
  // Azure Devops organization. Required. E.g. "my-organization".
  optional string organization = 5;

  // The URL to Azure DevOps. If blank, use https://dev.azure.com.
  optional string api = 6;

  // Azure Devops team project. Required. E.g. "my-team".
  optional string teamProject = 7;

  // The Personal Access Token (PAT) to use when connecting. Required.
  optional SecretRef accessTokenRef = 8;

  // Scan all branches instead of just the default branch.
  optional bool allBranches = 9;
}

// SCMProviderGeneratorBitbucket defines connection info specific to Bitbucket Cloud (API version 2).
message SCMProviderGeneratorBitbucket {
  // Bitbucket workspace to scan. Required.
  optional string owner = 1;

  // Bitbucket user to use when authenticating.  Should have a "member" role to be able to read all repositories and branches.  Required
  optional string user = 2;

  // The app password to use for the user.  Required. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/
  optional SecretRef appPasswordRef = 3;

  // Scan all branches instead of just the main branch.
  optional bool allBranches = 4;
}

// SCMProviderGeneratorBitbucketServer defines connection info specific to Bitbucket Server.
message SCMProviderGeneratorBitbucketServer {
  // Project to scan. Required.
  optional string project = 1;

  // The Bitbucket Server REST API URL to talk to. Required.
  optional string api = 2;

  // Credentials for Basic auth
  optional BasicAuthBitbucketServer basicAuth = 3;

  // Scan all branches instead of just the default branch.
  optional bool allBranches = 4;
}

// SCMProviderGeneratorFilter is a single repository filter.
// If multiple filter types are set on a single struct, they will be AND'd together. All filters must
// pass for a repo to be included.
message SCMProviderGeneratorFilter {
  // A regex for repo names.
  optional string repositoryMatch = 1;

  // An array of paths, all of which must exist.
  repeated string pathsExist = 2;

  // An array of paths, all of which must not exist.
  repeated string pathsDoNotExist = 3;

  // A regex which must match at least one label.
  optional string labelMatch = 4;

  // A regex which must match the branch name.
  optional string branchMatch = 5;
}

// SCMProviderGeneratorGitea defines a connection info specific to Gitea.
message SCMProviderGeneratorGitea {
  // Gitea organization or user to scan. Required.
  optional string owner = 1;

  // The Gitea URL to talk to. For example https://gitea.mydomain.com/.
  optional string api = 2;

  // Authentication token reference.
  optional SecretRef tokenRef = 3;

  // Scan all branches instead of just the default branch.
  optional bool allBranches = 4;

  // Allow self-signed TLS / Certificates; default: false
  optional bool insecure = 5;
}

// SCMProviderGeneratorGithub defines connection info specific to GitHub.
message SCMProviderGeneratorGithub {
  // GitHub org to scan. Required.
  optional string organization = 1;

  // The GitHub API URL to talk to. If blank, use https://api.github.com/.
  optional string api = 2;

  // Authentication token reference.
  optional SecretRef tokenRef = 3;

  // AppSecretName is a reference to a GitHub App repo-creds secret.
  optional string appSecretName = 4;

  // Scan all branches instead of just the default branch.
  optional bool allBranches = 5;
}

// SCMProviderGeneratorGitlab defines connection info specific to Gitlab.
message SCMProviderGeneratorGitlab {
  // Gitlab group to scan. Required.  You can use either the project id (recommended) or the full namespaced path.
  optional string group = 1;

  // Recurse through subgroups (true) or scan only the base group (false).  Defaults to "false"
  optional bool includeSubgroups = 2;

  // The Gitlab API URL to talk to.
  optional string api = 3;

  // Authentication token reference.
  optional SecretRef tokenRef = 4;

  // Scan all branches instead of just the default branch.
  optional bool allBranches = 5;

  // Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false
  optional bool insecure = 6;

  // When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false).  Defaults to "true"
  optional bool includeSharedProjects = 7;

  // Filter repos list based on Gitlab Topic.
  optional string topic = 8;
}

// Utility struct for a reference to a secret key.
message SecretRef {
  optional string secretName = 1;

  optional string key = 2;
}

// SignatureKey is the specification of a key required to verify commit signatures with
message SignatureKey {
  // The ID of the key in hexadecimal notation
  optional string keyID = 1;
}

// SyncOperation contains details about a sync operation.
message SyncOperation {
  // Revision is the revision (Git) or chart version (Helm) which to sync the application to
  // If omitted, will use the revision specified in app spec.
  optional string revision = 1;

  // Prune specifies to delete resources from the cluster that are no longer tracked in git
  optional bool prune = 2;

  // DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync
  optional bool dryRun = 3;

  // SyncStrategy describes how to perform the sync
  optional SyncStrategy syncStrategy = 4;

  // Resources describes which resources shall be part of the sync
  repeated SyncOperationResource resources = 6;

  // Source overrides the source definition set in the application.
  // This is typically set in a Rollback operation and is nil during a Sync operation
  optional ApplicationSource source = 7;

  // Manifests is an optional field that overrides sync source with a local directory for development
  repeated string manifests = 8;

  // SyncOptions provide per-sync sync-options, e.g. Validate=false
  repeated string syncOptions = 9;

  // Sources overrides the source definition set in the application.
  // This is typically set in a Rollback operation and is nil during a Sync operation
  repeated ApplicationSource sources = 10;

  // Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
  // If omitted, will use the revision specified in app spec.
  repeated string revisions = 11;
}

// SyncOperationResource contains resources to sync.
message SyncOperationResource {
  optional string group = 1;

  optional string kind = 2;

  optional string name = 3;

  optional string namespace = 4;
}

// SyncOperationResult represent result of sync operation
message SyncOperationResult {
  // Resources contains a list of sync result items for each individual resource in a sync operation
  repeated ResourceResult resources = 1;

  // Revision holds the revision this sync operation was performed to
  optional string revision = 2;

  // Source records the application source information of the sync, used for comparing auto-sync
  optional ApplicationSource source = 3;

  // Source records the application source information of the sync, used for comparing auto-sync
  repeated ApplicationSource sources = 4;

  // Revisions holds the revision this sync operation was performed for respective indexed source in sources field
  repeated string revisions = 5;

  // ManagedNamespaceMetadata contains the current sync state of managed namespace metadata
  optional ManagedNamespaceMetadata managedNamespaceMetadata = 6;
}

// SyncPolicy controls when a sync will be performed in response to updates in git
message SyncPolicy {
  // Automated will keep an application synced to the target revision
  optional SyncPolicyAutomated automated = 1;

  // Options allow you to specify whole app sync-options
  repeated string syncOptions = 2;

  // Retry controls failed sync retry behavior
  optional RetryStrategy retry = 3;

  // ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true)
  optional ManagedNamespaceMetadata managedNamespaceMetadata = 4;
}

// SyncPolicyAutomated controls the behavior of an automated sync
message SyncPolicyAutomated {
  // Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)
  optional bool prune = 1;

  // SelfHeal specifies whether to revert resources back to their desired state upon modification in the cluster (default: false)
  optional bool selfHeal = 2;

  // AllowEmpty allows apps have zero live resources (default: false)
  optional bool allowEmpty = 3;
}

// SyncStatus contains information about the currently observed live and desired states of an application
message SyncStatus {
  // Status is the sync state of the comparison
  optional string status = 1;

  // ComparedTo contains information about what has been compared
  optional ComparedTo comparedTo = 2;

  // Revision contains information about the revision the comparison has been performed to
  optional string revision = 3;

  // Revisions contains information about the revisions of multiple sources the comparison has been performed to
  repeated string revisions = 4;
}

// SyncStrategy controls the manner in which a sync is performed
message SyncStrategy {
  // Apply will perform a `kubectl apply` to perform the sync.
  optional SyncStrategyApply apply = 1;

  // Hook will submit any referenced resources to perform the sync. This is the default strategy
  optional SyncStrategyHook hook = 2;
}

// SyncStrategyApply uses `kubectl apply` to perform the apply
message SyncStrategyApply {
  // Force indicates whether or not to supply the --force flag to `kubectl apply`.
  // The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
  // retried for 5 times.
  optional bool force = 1;
}

// SyncStrategyHook will perform a sync using hooks annotations.
// If no hook annotation is specified falls back to `kubectl apply`.
message SyncStrategyHook {
  // Embed SyncStrategyApply type to inherit any `apply` options
  // +optional
  optional SyncStrategyApply syncStrategyApply = 1;
}

// SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
message SyncWindow {
  // Kind defines if the window allows or blocks syncs
  optional string kind = 1;

  // Schedule is the time the window will begin, specified in cron format
  optional string schedule = 2;

  // Duration is the amount of time the sync window will be open
  optional string duration = 3;

  // Applications contains a list of applications that the window will apply to
  repeated string applications = 4;

  // Namespaces contains a list of namespaces that the window will apply to
  repeated string namespaces = 5;

  // Clusters contains a list of clusters that the window will apply to
  repeated string clusters = 6;

  // ManualSync enables manual syncs when they would otherwise be blocked
  optional bool manualSync = 7;

  // TimeZone of the sync that will be applied to the schedule
  optional string timeZone = 8;
}

// TLSClientConfig contains settings to enable transport layer security
message TLSClientConfig {
  // Insecure specifies that the server should be accessed without verifying the TLS certificate. For testing only.
  optional bool insecure = 1;

  // ServerName is passed to the server for SNI and is used in the client to check server
  // certificates against. If ServerName is empty, the hostname used to contact the
  // server is used.
  optional string serverName = 2;

  // CertData holds PEM-encoded bytes (typically read from a client certificate file).
  // CertData takes precedence over CertFile
  optional bytes certData = 3;

  // KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
  // KeyData takes precedence over KeyFile
  optional bytes keyData = 4;

  // CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
  // CAData takes precedence over CAFile
  optional bytes caData = 5;
}

message TagFilter {
  optional string key = 1;

  optional string value = 2;
}