{
  "description": "STSSessionToken uses the GetSessionToken API to retrieve an authorization token.\nThe authorization token is valid for 12 hours.\nThe authorizationToken returned is a base64 encoded string that can be decoded.\nFor more information, see GetSessionToken (https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html).",
  "properties": {
    "apiVersion": {
      "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
      "type": [
        "string",
        "null"
      ]
    },
    "kind": {
      "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
      "type": [
        "string",
        "null"
      ]
    },
    "metadata": {
      "type": [
        "object",
        "null"
      ]
    },
    "spec": {
      "additionalProperties": false,
      "properties": {
        "auth": {
          "additionalProperties": false,
          "description": "Auth defines how to authenticate with AWS",
          "properties": {
            "jwt": {
              "additionalProperties": false,
              "description": "Authenticate against AWS using service account tokens.",
              "properties": {
                "serviceAccountRef": {
                  "additionalProperties": false,
                  "description": "A reference to a ServiceAccount resource.",
                  "properties": {
                    "audiences": {
                      "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list",
                      "items": {
                        "type": "string"
                      },
                      "type": [
                        "array",
                        "null"
                      ]
                    },
                    "name": {
                      "description": "The name of the ServiceAccount resource being referred to.",
                      "maxLength": 253,
                      "minLength": 1,
                      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
                      "type": "string"
                    },
                    "namespace": {
                      "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.",
                      "maxLength": 63,
                      "minLength": 1,
                      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
                      "type": [
                        "string",
                        "null"
                      ]
                    }
                  },
                  "required": [
                    "name"
                  ],
                  "type": [
                    "object",
                    "null"
                  ]
                }
              },
              "type": [
                "object",
                "null"
              ]
            },
            "secretRef": {
              "additionalProperties": false,
              "description": "AWSAuthSecretRef holds secret references for AWS credentials\nboth AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.",
              "properties": {
                "accessKeyIDSecretRef": {
                  "additionalProperties": false,
                  "description": "The AccessKeyID is used for authentication",
                  "properties": {
                    "key": {
                      "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.",
                      "maxLength": 253,
                      "minLength": 1,
                      "pattern": "^[-._a-zA-Z0-9]+$",
                      "type": [
                        "string",
                        "null"
                      ]
                    },
                    "name": {
                      "description": "The name of the Secret resource being referred to.",
                      "maxLength": 253,
                      "minLength": 1,
                      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
                      "type": [
                        "string",
                        "null"
                      ]
                    },
                    "namespace": {
                      "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.",
                      "maxLength": 63,
                      "minLength": 1,
                      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
                      "type": [
                        "string",
                        "null"
                      ]
                    }
                  },
                  "type": [
                    "object",
                    "null"
                  ]
                },
                "secretAccessKeySecretRef": {
                  "additionalProperties": false,
                  "description": "The SecretAccessKey is used for authentication",
                  "properties": {
                    "key": {
                      "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.",
                      "maxLength": 253,
                      "minLength": 1,
                      "pattern": "^[-._a-zA-Z0-9]+$",
                      "type": [
                        "string",
                        "null"
                      ]
                    },
                    "name": {
                      "description": "The name of the Secret resource being referred to.",
                      "maxLength": 253,
                      "minLength": 1,
                      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
                      "type": [
                        "string",
                        "null"
                      ]
                    },
                    "namespace": {
                      "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.",
                      "maxLength": 63,
                      "minLength": 1,
                      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
                      "type": [
                        "string",
                        "null"
                      ]
                    }
                  },
                  "type": [
                    "object",
                    "null"
                  ]
                },
                "sessionTokenSecretRef": {
                  "additionalProperties": false,
                  "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html",
                  "properties": {
                    "key": {
                      "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.",
                      "maxLength": 253,
                      "minLength": 1,
                      "pattern": "^[-._a-zA-Z0-9]+$",
                      "type": [
                        "string",
                        "null"
                      ]
                    },
                    "name": {
                      "description": "The name of the Secret resource being referred to.",
                      "maxLength": 253,
                      "minLength": 1,
                      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
                      "type": [
                        "string",
                        "null"
                      ]
                    },
                    "namespace": {
                      "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.",
                      "maxLength": 63,
                      "minLength": 1,
                      "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
                      "type": [
                        "string",
                        "null"
                      ]
                    }
                  },
                  "type": [
                    "object",
                    "null"
                  ]
                }
              },
              "type": [
                "object",
                "null"
              ]
            }
          },
          "type": [
            "object",
            "null"
          ]
        },
        "region": {
          "description": "Region specifies the region to operate in.",
          "type": "string"
        },
        "requestParameters": {
          "additionalProperties": false,
          "description": "RequestParameters contains parameters that can be passed to the STS service.",
          "properties": {
            "serialNumber": {
              "description": "SerialNumber is the identification number of the MFA device that is associated with the IAM user who is making\nthe GetSessionToken call.\nPossible values: hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device\n(such as arn:aws:iam::123456789012:mfa/user)",
              "type": [
                "string",
                "null"
              ]
            },
            "sessionDuration": {
              "description": "SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for\nIAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds\n(12 hours) as the default.",
              "format": "int64",
              "type": [
                "integer",
                "null"
              ]
            },
            "tokenCode": {
              "description": "TokenCode is the value provided by the MFA device, if MFA is required.",
              "type": [
                "string",
                "null"
              ]
            }
          },
          "type": [
            "object",
            "null"
          ]
        },
        "role": {
          "description": "You can assume a role before making calls to the\ndesired AWS service.",
          "type": [
            "string",
            "null"
          ]
        }
      },
      "required": [
        "region"
      ],
      "type": [
        "object",
        "null"
      ]
    }
  },
  "type": "object"
}