uaa

type Admin struct {

	/*ClientSecret - Descr: Secret of the admin client - a client named admin with uaa.admin as an authority Default: <nil>
	 */
	ClientSecret interface{} `yaml:"client_secret,omitempty"`
}

type Analytics struct {

	/*Domain - Descr: Google analytics domain. If Google Analytics is desired set both login.analytics.code and login.analytics.domain Default: <nil>
	 */
	Domain interface{} `yaml:"domain,omitempty"`

	/*Code - Descr: Google analytics code. If Google Analytics is desired set both login.analytics.code and login.analytics.domain Default: <nil>
	 */
	Code interface{} `yaml:"code,omitempty"`
}

type Authentication struct {

	/*Policy - Descr: Number of allowed failures before account is locked Default: 5
	 */
	Policy *AuthenticationPolicy `yaml:"policy,omitempty"`
}

type AuthenticationPolicy struct {

	/*Global - Descr: Number of allowed failures before account is locked Default: 5
	 */
	Global *Global `yaml:"global,omitempty"`

	/*CountFailuresWithinSeconds - Descr: Number of seconds in which lockoutAfterFailures failures must occur in order for account to be locked Default: 1200
	 */
	CountFailuresWithinSeconds interface{} `yaml:"countFailuresWithinSeconds,omitempty"`

	/*LockoutAfterFailures - Descr: Number of allowed failures before account is locked Default: 5
	 */
	LockoutAfterFailures interface{} `yaml:"lockoutAfterFailures,omitempty"`

	/*LockoutPeriodSeconds - Descr: Number of seconds to lock out an account when lockoutAfterFailures failures is exceeded Default: 300
	 */
	LockoutPeriodSeconds interface{} `yaml:"lockoutPeriodSeconds,omitempty"`
}

type Branding struct {

	/*ProductLogo - Descr: This is a base64 encoded PNG image which will be used as the logo on all UAA pages like Login, Sign Up etc. Default: <nil>
	 */
	ProductLogo interface{} `yaml:"product_logo,omitempty"`

	/*SquareLogo - Descr: This is a base64 encoded PNG image which will be used as the favicon for the UAA pages Default: <nil>
	 */
	SquareLogo interface{} `yaml:"square_logo,omitempty"`

	/*FooterLinks - Descr: These links appear on the footer of all UAA pages. You may choose to add multiple urls for things like Support, Terms of Service etc. Default: <nil>
	 */
	FooterLinks interface{} `yaml:"footer_links,omitempty"`

	/*CompanyName - Descr: This name is used on the UAA Pages and in account management related communication in UAA Default: <nil>
	 */
	CompanyName interface{} `yaml:"company_name,omitempty"`

	/*FooterLegalText - Descr: This text appears on the footer of all UAA pages Default: <nil>
	 */
	FooterLegalText interface{} `yaml:"footer_legal_text,omitempty"`
}

type Claims struct {

	/*Exclude - Descr: List of claims to exclude from the JWT-based OAuth2 tokens Default: <nil>
	 */
	Exclude interface{} `yaml:"exclude,omitempty"`
}

type Database struct {

	/*MaxIdleConnections - Descr: The max number of open idle connections to the DB from a running UAA instance Default: 10
	 */
	MaxIdleConnections interface{} `yaml:"max_idle_connections,omitempty"`

	/*CaseInsensitive - Descr: Set to true if you don't want to be using LOWER() SQL functions in search queries/filters, because you know that your DB is case insensitive. If this property is null, then it will be set to true if the UAA DB is MySQL and false otherwise, but even on MySQL you can override it by setting it explicitly to false Default: <nil>
	 */
	CaseInsensitive interface{} `yaml:"case_insensitive,omitempty"`

	/*LogAbandoned - Descr: Should connections that are forcibly closed be logged. Default: true
	 */
	LogAbandoned interface{} `yaml:"log_abandoned,omitempty"`

	/*AbandonedTimeout - Descr: Timeout in seconds for the longest running queries. Take into DB migrations for this timeout as they may run during a long period of time. Default: 300
	 */
	AbandonedTimeout interface{} `yaml:"abandoned_timeout,omitempty"`

	/*RemoveAbandoned - Descr: True if connections that are left open longer then abandoned_timeout seconds during a session(time between borrow and return from pool) should be forcibly closed Default: false
	 */
	RemoveAbandoned interface{} `yaml:"remove_abandoned,omitempty"`

	/*MinIdleConnections - Descr: The min number of open idle connections to the DB from a running UAA instance Default: 0
	 */
	MinIdleConnections interface{} `yaml:"min_idle_connections,omitempty"`

	/*MaxConnections - Descr: The max number of open connections to the DB from a running UAA instance Default: 100
	 */
	MaxConnections interface{} `yaml:"max_connections,omitempty"`
}

type Env struct {

	/*NoProxy - Descr: Set No_Proxy across the VMs Default: <nil>
	 */
	NoProxy interface{} `yaml:"no_proxy,omitempty"`

	/*HttpProxy - Descr: The http_proxy across the VMs used for all requests over http Default: <nil>
	 */
	HttpProxy interface{} `yaml:"http_proxy,omitempty"`

	/*HttpsProxy - Descr: The http_proxy across the VMs used for all requests over https Default: <nil>
	 */
	HttpsProxy interface{} `yaml:"https_proxy,omitempty"`
}

type Global struct {

	/*MaxLength - Descr: Maximum number of characters required for password to be considered valid Default: 255
	 */
	MaxLength interface{} `yaml:"maxLength,omitempty"`

	/*RequireLowerCaseCharacter - Descr: Minimum number of lowercase characters required for password to be considered valid Default: 0
	 */
	RequireLowerCaseCharacter interface{} `yaml:"requireLowerCaseCharacter,omitempty"`

	/*RequireSpecialCharacter - Descr: Minimum number of special characters required for password to be considered valid Default: 0
	 */
	RequireSpecialCharacter interface{} `yaml:"requireSpecialCharacter,omitempty"`

	/*RequireDigit - Descr: Minimum number of digits required for password to be considered valid Default: 0
	 */
	RequireDigit interface{} `yaml:"requireDigit,omitempty"`

	/*ExpirePasswordInMonths - Descr: Number of months after which current password expires Default: 0
	 */
	ExpirePasswordInMonths interface{} `yaml:"expirePasswordInMonths,omitempty"`

	/*LockoutAfterFailures - Descr: Number of allowed failures before account is locked Default: 5
	 */
	LockoutAfterFailures interface{} `yaml:"lockoutAfterFailures,omitempty"`

	/*AccessTokenValiditySeconds - Descr: The global access token validity for all zones if nothing is configured on the client Default: 43200
	 */
	AccessTokenValiditySeconds interface{} `yaml:"accessTokenValiditySeconds,omitempty"`

	/*CountFailuresWithinSeconds - Descr: Number of seconds in which lockoutAfterFailures failures must occur in order for account to be locked Default: 3600
	 */
	CountFailuresWithinSeconds interface{} `yaml:"countFailuresWithinSeconds,omitempty"`

	/*RequireUpperCaseCharacter - Descr: Minimum number of uppercase characters required for password to be considered valid Default: 0
	 */
	RequireUpperCaseCharacter interface{} `yaml:"requireUpperCaseCharacter,omitempty"`

	/*MinLength - Descr: Minimum number of characters required for password to be considered valid Default: 0
	 */
	MinLength interface{} `yaml:"minLength,omitempty"`

	/*LockoutPeriodSeconds - Descr: Number of seconds to lock out an account when lockoutAfterFailures failures is exceeded Default: 300
	 */
	LockoutPeriodSeconds interface{} `yaml:"lockoutPeriodSeconds,omitempty"`

	/*RefreshTokenValiditySeconds - Descr: The global refresh token validity for all zones if nothing is configured on the client Default: 2592000
	 */
	RefreshTokenValiditySeconds interface{} `yaml:"refreshTokenValiditySeconds,omitempty"`
}

type Internal struct {

	/*Hostnames - Descr: A list of hostnames that are routed to the UAA, specifically the default zone in the UAA. The UAA will reject any Host headers that it doesn't recognize.
	By default the UAA recognizes:
	  The hostname from the property uaa.url
	  The hostname from the property login.url
	  localhost (in order to accept health checks)
	Any hostnames added as a list are additive to the default hostnames allowed.
	 Default: <nil>
	*/
	Hostnames interface{} `yaml:"hostnames,omitempty"`
}

type Jwt struct {

	/*Policy - Descr: The ID of the JWT signing key to be used when signing tokens. Default: <nil>
	 */
	Policy *JwtPolicy `yaml:"policy,omitempty"`

	/*Refresh - Descr: Disallows refresh-token grant for any client for which the user has not approved the `uaa.offline_token` scope Default: false
	 */
	Refresh *Refresh `yaml:"refresh,omitempty"`

	/*Revocable - Descr: Set to true if you wish that even JWT tokens become individually revocable and stored in the UAA token storage. This setting applies to the default zone only. Default: false
	 */
	Revocable interface{} `yaml:"revocable,omitempty"`

	/*VerificationKey - Descr: Deprecated. Use uaa.jwt.policy.keys. The key used to verify JWT-based OAuth2 tokens Default: <nil>
	 */
	VerificationKey interface{} `yaml:"verification_key,omitempty"`

	/*Claims - Descr: List of claims to exclude from the JWT-based OAuth2 tokens Default: <nil>
	 */
	Claims *Claims `yaml:"claims,omitempty"`

	/*SigningKey - Descr: Deprecated. Use uaa.jwt.policy.keys. The key used to sign the JWT-based OAuth2 tokens Default: <nil>
	 */
	SigningKey interface{} `yaml:"signing_key,omitempty"`
}

type JwtPolicy struct {

	/*AccessTokenValiditySeconds - Descr: The access token validity for the default zone if nothing is configured on the client. Will override global validity policies for the default zone only. Default: 43200
	 */
	AccessTokenValiditySeconds interface{} `yaml:"accessTokenValiditySeconds,omitempty"`

	/*Keys - Descr: Map of key IDs and signing keys, each defined with a property `signingKey` Default: <nil>
	 */
	Keys interface{} `yaml:"keys,omitempty"`

	/*ActiveKeyId - Descr: The ID of the JWT signing key to be used when signing tokens. Default: <nil>
	 */
	ActiveKeyId interface{} `yaml:"active_key_id,omitempty"`

	/*Global - Descr: The global refresh token validity for all zones if nothing is configured on the client Default: 2592000
	 */
	Global *Global `yaml:"global,omitempty"`

	/*RefreshTokenValiditySeconds - Descr: The refresh token validity for the default zone if nothing is configured on the client. Will override global validity policies for the default zone only. Default: 2592000
	 */
	RefreshTokenValiditySeconds interface{} `yaml:"refreshTokenValiditySeconds,omitempty"`
}

type Ldap struct {

	/*Referral - Descr: Configures the UAA LDAP referral behavior. The following values are possible:
	- follow -> Referrals are followed
	- ignore -> Referrals are ignored and the partial result is returned
	- throw  -> An error is thrown and the authentication is aborted
	Reference: http://docs.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html
	 Default: follow
	*/
	Referral interface{} `yaml:"referral,omitempty"`

	/*SearchBase - Descr: Used with search-and-bind and search-and-compare. Define a base where the search starts at. Default:
	 */
	SearchBase interface{} `yaml:"searchBase,omitempty"`

	/*Ssl - Descr: Set to true, and LDAPS connection will not validate the server certificate. Default: false
	 */
	Ssl *LdapSsl `yaml:"ssl,omitempty"`

	/*SslCertificateAlias - Descr: Used with ldaps:// URLs. The certificate alias, to be trusted by this connection and stored in the keystore. Default: <nil>
	 */
	SslCertificateAlias interface{} `yaml:"sslCertificateAlias,omitempty"`

	/*Groups - Descr: Used with groups-as-scopes, defines the attribute that holds the scope name(s). Default: spring.security.ldap.dn
	 */
	Groups *LdapGroups `yaml:"groups,omitempty"`

	/*SslCertificate - Descr: Used with ldaps:// URLs. The certificate, if self signed, to be trusted by this connection. Default: <nil>
	 */
	SslCertificate interface{} `yaml:"sslCertificate,omitempty"`

	/*Enabled - Descr: Set to true to enable LDAP Default: false
	 */
	Enabled interface{} `yaml:"enabled,omitempty"`

	/*UserDN - Descr: Used with search-and-bind and search-and-compare. A valid LDAP ID that has read permissions to perform a search of the LDAP tree for user information.  Default: <nil>
	 */
	UserDN interface{} `yaml:"userDN,omitempty"`

	/*LocalPasswordCompare - Descr: Used with search-and-compare only. Set to true if passwords are retrieved by the search, and should be compared in the login server. Default: true
	 */
	LocalPasswordCompare interface{} `yaml:"localPasswordCompare,omitempty"`

	/*UserDNPatternDelimiter - Descr: The delimiter character in between user DN patterns for simple-bind authentication Default: ;
	 */
	UserDNPatternDelimiter interface{} `yaml:"userDNPatternDelimiter,omitempty"`

	/*MailSubstitute - Descr: Defines an email pattern containing a {0} to generate an email address for an LDAP user during authentication Default:
	 */
	MailSubstitute interface{} `yaml:"mailSubstitute,omitempty"`

	/*MailSubstituteOverridesLdap - Descr: Set to true if you wish to override an LDAP user email address with a generated one Default: false
	 */
	MailSubstituteOverridesLdap interface{} `yaml:"mailSubstituteOverridesLdap,omitempty"`

	/*UserPassword - Descr: Used with search-and-bind and search-and-compare. Password for the LDAP ID that performs a search of the LDAP tree for user information. Default: <nil>
	 */
	UserPassword interface{} `yaml:"userPassword,omitempty"`

	/*UserDNPattern - Descr: Used with simple-bind only. A semi-colon separated lists of DN patterns to construct a DN direct from the user ID without performing a search. Default: <nil>
	 */
	UserDNPattern interface{} `yaml:"userDNPattern,omitempty"`

	/*PasswordAttributeName - Descr: Used with search-and-compare only. The name of the password attribute in the LDAP directory Default: userPassword
	 */
	PasswordAttributeName interface{} `yaml:"passwordAttributeName,omitempty"`

	/*PasswordEncoder - Descr: Used with search-and-compare only. The encoder used to properly encode user password to match the one in the LDAP directory. Default: org.cloudfoundry.identity.uaa.ldap.DynamicPasswordComparator
	 */
	PasswordEncoder interface{} `yaml:"passwordEncoder,omitempty"`

	/*AddShadowUserOnLogin - Descr: If set to false, only users pre-populated in the UAA user database will be allowed to authenticate via LDAP. If set to true, any user from LDAP will be allowed to authenticate and an internal user will be created if one does not yet exist. Default: true
	 */
	AddShadowUserOnLogin interface{} `yaml:"add_shadow_user_on_login,omitempty"`

	/*AttributeMappings - Descr: Specifies how UAA user attributes map to LDAP attributes. given_name, family_name, and phone_number are UAA user attributes, while other attributes should be included using the prefix `user.attribute` Default: <nil>
	 */
	AttributeMappings interface{} `yaml:"attributeMappings,omitempty"`

	/*EmailDomain - Descr: Sets the whitelist of emails domains that the LDAP identity provider handles Default: <nil>
	 */
	EmailDomain interface{} `yaml:"emailDomain,omitempty"`

	/*ProfileType - Descr: The file to be used for configuring the LDAP authentication. Options are: 'simple-bind', 'search-and-bind', 'search-and-compare' Default: search-and-bind
	 */
	ProfileType interface{} `yaml:"profile_type,omitempty"`

	/*MailAttributeName - Descr: The name of the LDAP attribute that contains the users email address Default: mail
	 */
	MailAttributeName interface{} `yaml:"mailAttributeName,omitempty"`

	/*ExternalGroupsWhitelist - Descr: Whitelist of external groups from LDAP that get added as roles in the ID Token Default: <nil>
	 */
	ExternalGroupsWhitelist interface{} `yaml:"externalGroupsWhitelist,omitempty"`

	/*Url - Descr: The URL to the ldap server, must start with ldap:// or ldaps://. Allows multiple servers to be specified, space separated Default: <nil>
	 */
	Url interface{} `yaml:"url,omitempty"`

	/*SearchFilter - Descr: Used with search-and-bind and search-and-compare. Search filter used. Takes one parameter, user ID defined as {0} Default: cn={0}
	 */
	SearchFilter interface{} `yaml:"searchFilter,omitempty"`
}

type LdapGroups struct {

	/*SearchSubtree - Descr: Boolean value, set to true to search below the search base Default: true
	 */
	SearchSubtree interface{} `yaml:"searchSubtree,omitempty"`

	/*MaxSearchDepth - Descr: Set to number of levels a nested group search should go. Set to 1 to disable nested groups (default) Default: 1
	 */
	MaxSearchDepth interface{} `yaml:"maxSearchDepth,omitempty"`

	/*ProfileType - Descr: What type of group integration should be used. Values are: 'no-groups', 'groups-as-scopes', 'groups-map-to-scopes' Default: no-groups
	 */
	ProfileType interface{} `yaml:"profile_type,omitempty"`

	/*SearchBase - Descr: Search start point for a user group membership search Default:
	 */
	SearchBase interface{} `yaml:"searchBase,omitempty"`

	/*GroupSearchFilter - Descr: Search query filter to find the groups a user belongs to, or for a nested search, groups that a group belongs to Default: member={0}
	 */
	GroupSearchFilter interface{} `yaml:"groupSearchFilter,omitempty"`

	/*GroupRoleAttribute - Descr: Used with groups-as-scopes, defines the attribute that holds the scope name(s). Default: spring.security.ldap.dn
	 */
	GroupRoleAttribute interface{} `yaml:"groupRoleAttribute,omitempty"`
}

type LdapSsl struct {

	/*Tls - Descr: If using StartTLS, what mode to enable. Default is none, not enabled. Possible values are none, simple, external Default: none
	 */
	Tls interface{} `yaml:"tls,omitempty"`

	/*Skipverification - Descr: Set to true, and LDAPS connection will not validate the server certificate. Default: false
	 */
	Skipverification interface{} `yaml:"skipverification,omitempty"`
}

type Links struct {

	/*Signup - Descr: URL for requesting to signup/register for an account Default: /create_account
	 */
	Signup interface{} `yaml:"signup,omitempty"`

	/*Passwd - Descr: URL for requesting password reset Default: /forgot_password
	 */
	Passwd interface{} `yaml:"passwd,omitempty"`
}

type Login struct {

	/*Logout - Descr: When set to false, this allows an operator to leverage an open redirect on the UAA (/logout.do?redirect=google.com). No open redirect enabled Default: true
	 */
	Logout *Logout `yaml:"logout,omitempty"`

	/*Prompt - Descr: The text used to prompt for a username during login Default: Email
	 */
	Prompt *Prompt `yaml:"prompt,omitempty"`

	/*Notifications - Descr: The url for the notifications service (configure to use Notifications Service instead of SMTP server) Default: <nil>
	 */
	Notifications *Notifications `yaml:"notifications,omitempty"`

	/*Analytics - Descr: Google analytics code. If Google Analytics is desired set both login.analytics.code and login.analytics.domain Default: <nil>
	 */
	Analytics *Analytics `yaml:"analytics,omitempty"`

	/*Url - Descr: Set if you have an external login server.
	The UAA uses this link on by its email service to create links
	The UAA uses this as a base domain for internal hostnames so that subdomain can be detected
	This defaults to the uaa.url property, and if not set, to login.<domain>
	 Default: <nil>
	*/
	Url interface{} `yaml:"url,omitempty"`

	/*Branding - Descr: These links appear on the footer of all UAA pages. You may choose to add multiple urls for things like Support, Terms of Service etc. Default: <nil>
	 */
	Branding *Branding `yaml:"branding,omitempty"`

	/*Links - Descr: A hash of home/passwd/signup URLS (see commented examples below) Default: <nil>
	 */
	Links interface{} `yaml:"links,omitempty"`

	/*Smtp - Descr: SMTP server username Default: <nil>
	 */
	Smtp *Smtp `yaml:"smtp,omitempty"`

	/*Protocol - Descr: Scheme to use for HTTP communication (http/https) Default: https
	 */
	Protocol interface{} `yaml:"protocol,omitempty"`

	/*IdpDiscoveryEnabled - Descr: IDP Discovery should be set to true if you have configured more than one identity provider for UAA. The discovery relies on email domain being set for each additional provider Default: false
	 */
	IdpDiscoveryEnabled interface{} `yaml:"idpDiscoveryEnabled,omitempty"`

	/*AssetBaseUrl - Descr: Deprecated in favor of branding properties. Base url for static assets, allows custom styling of the login server.  Use '/resources/pivotal' for Pivotal style. Default: /resources/oss
	 */
	AssetBaseUrl interface{} `yaml:"asset_base_url,omitempty"`

	/*SelfServiceLinksEnabled - Descr: Enable self-service account creation and password resets links. Default: <nil>
	 */
	SelfServiceLinksEnabled interface{} `yaml:"self_service_links_enabled,omitempty"`

	/*Messages - Descr: A nested or flat hash of messages that the login server uses to display UI message
	This will be flattened into a java.util.Properties file. The example below will lead
	to four properties, where the key is the concatenated value delimited by dot, for example scope.tokens.read=message
	 Default: <nil>
	*/
	Messages interface{} `yaml:"messages,omitempty"`

	/*HomeRedirect - Descr: URL for configuring a custom home page Default: <nil>
	 */
	HomeRedirect interface{} `yaml:"home_redirect,omitempty"`

	/*Saml - Descr: Read timeout in milliseconds for SAML metadata HTTP requests Default: 10000
	 */
	Saml *Saml `yaml:"saml,omitempty"`

	/*Oauth - Descr: Contains a hash of OpenID Connect/Oauth Identity Providers, the key will be used as the origin key for that provider, followed by key/value pairs. Presence of the userInfoUrl will mark it as an OpenID provider instead of OAuth. Default: <nil>
	 */
	Oauth *Oauth `yaml:"oauth,omitempty"`
}

type Logout struct {

	/*Redirect - Descr: When set to false, this allows an operator to leverage an open redirect on the UAA (/logout.do?redirect=google.com). No open redirect enabled Default: true
	 */
	Redirect *Redirect `yaml:"redirect,omitempty"`
}

type Notifications struct {

	/*Url - Descr: The url for the notifications service (configure to use Notifications Service instead of SMTP server) Default: <nil>
	 */
	Url interface{} `yaml:"url,omitempty"`
}

type Oauth struct {

	/*Providers - Descr: Contains a hash of OpenID Connect/Oauth Identity Providers, the key will be used as the origin key for that provider, followed by key/value pairs. Presence of the userInfoUrl will mark it as an OpenID provider instead of OAuth. Default: <nil>
	 */
	Providers interface{} `yaml:"providers,omitempty"`
}

type Parameter struct {

	/*Whitelist - Descr: A list of URLs. When this list is non null, including empty, and disable=false, logout redirects are allowed, but limited to the whitelist URLs. If a redirect parameter value is not white listed, redirect will be to the default URL. Default: <nil>
	 */
	Whitelist interface{} `yaml:"whitelist,omitempty"`

	/*Disable - Descr: When set to false, this allows an operator to leverage an open redirect on the UAA (/logout.do?redirect=google.com). No open redirect enabled Default: true
	 */
	Disable interface{} `yaml:"disable,omitempty"`
}

type PasswordPolicy struct {

	/*RequireSpecialCharacter - Descr: Minimum number of special characters required for password to be considered valid Default: 0
	 */
	RequireSpecialCharacter interface{} `yaml:"requireSpecialCharacter,omitempty"`

	/*Global - Descr: Number of months after which current password expires Default: 0
	 */
	Global *Global `yaml:"global,omitempty"`

	/*RequireDigit - Descr: Minimum number of digits required for password to be considered valid Default: 0
	 */
	RequireDigit interface{} `yaml:"requireDigit,omitempty"`

	/*RequireLowerCaseCharacter - Descr: Minimum number of lowercase characters required for password to be considered valid Default: 0
	 */
	RequireLowerCaseCharacter interface{} `yaml:"requireLowerCaseCharacter,omitempty"`

	/*MinLength - Descr: Minimum number of characters required for password to be considered valid Default: 0
	 */
	MinLength interface{} `yaml:"minLength,omitempty"`

	/*ExpirePasswordInMonths - Descr: Number of months after which current password expires Default: 0
	 */
	ExpirePasswordInMonths interface{} `yaml:"expirePasswordInMonths,omitempty"`

	/*RequireUpperCaseCharacter - Descr: Minimum number of uppercase characters required for password to be considered valid Default: 0
	 */
	RequireUpperCaseCharacter interface{} `yaml:"requireUpperCaseCharacter,omitempty"`

	/*MaxLength - Descr: Maximum number of characters required for password to be considered valid Default: 255
	 */
	MaxLength interface{} `yaml:"maxLength,omitempty"`
}

type Prompt struct {

	/*Password - Descr: The text used to prompt for a password during login Default: Password
	 */
	Password *PromptPassword `yaml:"password,omitempty"`

	/*Username - Descr: The text used to prompt for a username during login Default: Email
	 */
	Username *Username `yaml:"username,omitempty"`
}

type PromptPassword struct {

	/*Text - Descr: The text used to prompt for a password during login Default: Password
	 */
	Text interface{} `yaml:"text,omitempty"`
}

type Proxy struct {

	/*Servers - Descr: Array of the router IPs acting as the first group of HTTP/TCP backends. These will be added to the proxy_ips_regex as exact matches. Default: []
	 */
	Servers interface{} `yaml:"servers,omitempty"`
}

type Redirect struct {

	/*Parameter - Descr: When set to false, this allows an operator to leverage an open redirect on the UAA (/logout.do?redirect=google.com). No open redirect enabled Default: true
	 */
	Parameter *Parameter `yaml:"parameter,omitempty"`

	/*Url - Descr: The Location of the redirect header following a logout of the the UAA (/logout.do). Default: /login
	 */
	Url interface{} `yaml:"url,omitempty"`
}

type Refresh struct {

	/*RestrictGrant - Descr: Disallows refresh-token grant for any client for which the user has not approved the `uaa.offline_token` scope Default: false
	 */
	RestrictGrant interface{} `yaml:"restrict_grant,omitempty"`
}

type Saml struct {

	/*SignatureAlgorithm - Descr: Signature hashing algorithm for SAML. Can be SHA1, SHA256, or SHA512. Default: <nil>
	 */
	SignatureAlgorithm interface{} `yaml:"signatureAlgorithm,omitempty"`

	/*ServiceProviderCertificate - Descr: Service provider certificate. Default: <nil>
	 */
	ServiceProviderCertificate interface{} `yaml:"serviceProviderCertificate,omitempty"`

	/*EntityBaseUrl - Descr: The URL for which SAML identity providers will post assertions to.
	If set it overrides the default.
	This URL should NOT have the schema (http:// or https:// prefix in it) instead just the hostname.
	The schema is derived by #{login.protocol} property.
	The default value is #{uaa.url}.replaceFirst('uaa','login'), typically login.example.com
	The UAA will display this link in the cf --sso call if there is a SAML provider enabled.
	 Default: <nil>
	*/
	EntityBaseUrl interface{} `yaml:"entity_base_url,omitempty"`

	/*ServiceProviderKey - Descr: Private key for the service provider certificate. Default: <nil>
	 */
	ServiceProviderKey interface{} `yaml:"serviceProviderKey,omitempty"`

	/*ServiceProviderKeyPassword - Descr: Password to protect the service provider private key. Default: <nil>
	 */
	ServiceProviderKeyPassword interface{} `yaml:"serviceProviderKeyPassword,omitempty"`

	/*Entityid - Descr: This is used as the SAML Service Provider Entity ID. Each zone has a unique entity ID. Zones other than
	the default zone will derive their entity ID from this setting by prefexing it with the subdomain.
	 Default: <nil>
	*/
	Entityid interface{} `yaml:"entityid,omitempty"`

	/*SignRequest - Descr: Global property to sign Local/SP requests Default: true
	 */
	SignRequest interface{} `yaml:"signRequest,omitempty"`

	/*WantAssertionSigned - Descr: Global property to request that external IDPs sign their SAML assertion before sending them to the UAA Default: false
	 */
	WantAssertionSigned interface{} `yaml:"wantAssertionSigned,omitempty"`

	/*Socket - Descr: Read timeout in milliseconds for SAML metadata HTTP requests Default: 10000
	 */
	Socket *Socket `yaml:"socket,omitempty"`

	/*SignMetaData - Descr: Global property to sign Local/SP metadata Default: true
	 */
	SignMetaData interface{} `yaml:"signMetaData,omitempty"`

	/*Providers - Descr: Contains a hash of SAML Identity Providers, the key is the IDP Alias, followed by key/value pairs. To learn more about how to setup a saml identity provider go to https://simplesamlphp.org Default: <nil>
	 */
	Providers interface{} `yaml:"providers,omitempty"`
}

type Scim struct {

	/*Users - Descr: A list of users to be bootstrapped with authorities.
	Each entry supports the following format:
	  Short OpenStruct:
	    - name: username
	      password: password
	      groups:
	        - group1
	        - group2
	  Long OpenStruct:
	    - name: username
	      password: password
	      groups:
	        - group1
	        - group2
	      firstName: first name
	      lastName: lastName
	      email: email
	      origin: origin-value - most commonly uaa
	 Default: <nil>
	*/
	Users interface{} `yaml:"users,omitempty"`

	/*UseridsEnabled - Descr: Enables the endpoint `/ids/Users` that allows consumers to translate user ids to name Default: true
	 */
	UseridsEnabled interface{} `yaml:"userids_enabled,omitempty"`

	/*ExternalGroups - Descr: External group mappings. Either formatted as an OpenStruct.
	As an OpenStruct, the mapping additionally specifies an origin to which the mapping is applied:
	  origin1:
	    external_group1:
	      - internal_group1
	      - internal_group2
	      - internal_group3
	    external_group2:
	      - internal_group2
	      - internal_group4
	  origin2:
	    external_group3:
	      - internal_group3
	      - internal_group4
	      - internal_group5
	 Default: <nil>
	*/
	ExternalGroups interface{} `yaml:"external_groups,omitempty"`

	/*Groups - Descr: Contains a hash of group names and their descriptions. These groups will be added to the UAA database for the default zone but not associated with any user.
	Example:
	  uaa:
	    scim:
	      groups:
	        my-test-group: 'My test group description'
	        another-group: 'Another group description'
	 Default: <nil>
	*/
	Groups interface{} `yaml:"groups,omitempty"`

	/*User - Descr: If true override users defined in uaa.scim.users found in the database. Default: true
	 */
	User *ScimUser `yaml:"user,omitempty"`
}

type ScimUser struct {

	/*Override - Descr: If true override users defined in uaa.scim.users found in the database. Default: true
	 */
	Override interface{} `yaml:"override,omitempty"`
}

type Servlet struct {

	/*SessionCookie - Descr: Optional configuration of the UAA session cookie.
	Defaults are the following key value pairs:
	  secure: <(boolean)this value if set, otherwise require_https>
	  http-only: <(boolean) - default to true. set HttpOnly flag on cookie.
	  max-age: <(int) lifetime in seconds of cookie - default to 30 minutes)
	  name: <(String) name of cookie, default is JSESSIONID>
	  comment: <(String) optional comment in cookie>
	  path: <(String) path for cookie, default is />
	  domain: <(String) domain for cookie, default is incoming request domain>
	 Default: <nil>
	*/
	SessionCookie interface{} `yaml:"session-cookie,omitempty"`
}

type Smtp struct {

	/*FromAddress - Descr: SMTP from address Default: <nil>
	 */
	FromAddress interface{} `yaml:"from_address,omitempty"`

	/*Host - Descr: SMTP server host address Default: localhost
	 */
	Host interface{} `yaml:"host,omitempty"`

	/*Password - Descr: SMTP server password Default: <nil>
	 */
	Password interface{} `yaml:"password,omitempty"`

	/*User - Descr: SMTP server username Default: <nil>
	 */
	User interface{} `yaml:"user,omitempty"`

	/*Port - Descr: SMTP server port Default: 2525
	 */
	Port interface{} `yaml:"port,omitempty"`

	/*Starttls - Descr: If true, send STARTTLS command before login to server. https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html Default: false
	 */
	Starttls interface{} `yaml:"starttls,omitempty"`

	/*Auth - Descr: If true, authenticate using AUTH command. https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html Default: false
	 */
	Auth interface{} `yaml:"auth,omitempty"`
}

type Socket struct {

	/*ConnectionManagerTimeout - Descr: Timeout in milliseconds for connection pooling for SAML metadata HTTP requests Default: 10000
	 */
	ConnectionManagerTimeout interface{} `yaml:"connectionManagerTimeout,omitempty"`

	/*SoTimeout - Descr: Read timeout in milliseconds for SAML metadata HTTP requests Default: 10000
	 */
	SoTimeout interface{} `yaml:"soTimeout,omitempty"`
}

type Uaa struct {

	/*User - Descr: Contains a list of the default authorities/scopes assigned to a user Default: [openid scim.me cloud_controller.read cloud_controller.write cloud_controller_service_permissions.read password.write uaa.user approvals.me oauth.approvals notification_preferences.read notification_preferences.write profile roles user_attributes uaa.offline_token]
	 */
	User *UaaUser `yaml:"user,omitempty"`

	/*SslCertificate - Descr: The server's ssl certificate. The default is a self-signed certificate and should always be replaced for production deployments Default:
	 */
	SslCertificate interface{} `yaml:"sslCertificate,omitempty"`

	/*Jwt - Descr: The ID of the JWT signing key to be used when signing tokens. Default: <nil>
	 */
	Jwt *Jwt `yaml:"jwt,omitempty"`

	/*Servlet - Descr: Optional configuration of the UAA session cookie.
	Defaults are the following key value pairs:
	  secure: <(boolean)this value if set, otherwise require_https>
	  http-only: <(boolean) - default to true. set HttpOnly flag on cookie.
	  max-age: <(int) lifetime in seconds of cookie - default to 30 minutes)
	  name: <(String) name of cookie, default is JSESSIONID>
	  comment: <(String) optional comment in cookie>
	  path: <(String) path for cookie, default is />
	  domain: <(String) domain for cookie, default is incoming request domain>
	 Default: <nil>
	*/
	Servlet *Servlet `yaml:"servlet,omitempty"`

	/*ProxyIpsRegex - Descr: A pipe delimited set of regular expressions of IP addresses that are considered reverse proxies.
	When a request from these IP addresses come in, the x-forwarded-for and x-forwarded-proto headers will be respected.
	If the uaa.restricted_ips_regex is set, it will be appended to this list for backwards compatibility purposes.
	 Default: 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
	*/
	ProxyIpsRegex interface{} `yaml:"proxy_ips_regex,omitempty"`

	/*RequireHttps - Descr: Request came in on a secure connection. Expect the load balancer/proxy to set the proper headers (x-forwarded-for, x-forwarded-proto) Default: true
	 */
	RequireHttps interface{} `yaml:"require_https,omitempty"`

	/*DisableInternalAuth - Descr: Disables internal user authentication Default: false
	 */
	DisableInternalAuth interface{} `yaml:"disableInternalAuth,omitempty"`

	/*Proxy - Descr: Array of the router IPs acting as the first group of HTTP/TCP backends. These will be added to the proxy_ips_regex as exact matches. Default: []
	 */
	Proxy *Proxy `yaml:"proxy,omitempty"`

	/*Login - Descr: Default login client secret, if no login client is defined Default: <nil>
	 */
	Login *UaaLogin `yaml:"login,omitempty"`

	/*Newrelic - Descr: To enable newrelic monitoring, the sub element of this property will be placed in
	a configuration file called newrelic.yml in the jobs config directory.
	The syntax that must adhere to documentation in https://docs.newrelic.com/docs/agents/java-agent/configuration/java-agent-configuration-config-file
	The JVM option -javaagent:/path/to/newrelic.jar will be added to Apache Tomcat's startup script
	The enablement of the NewRelic agent in the UAA is triggered by the property uaa.newrelic.common.license_key
	The property uaa.newrelic.common.license_key must be set!
	 Default: <nil>
	*/
	Newrelic interface{} `yaml:"newrelic,omitempty"`

	/*Authentication - Descr: Number of allowed failures before account is locked Default: 5
	 */
	Authentication *Authentication `yaml:"authentication,omitempty"`

	/*Ssl - Descr: The header to look for to determine if ssl termination was performed by a front end load balancer. Default: x-forwarded-proto
	 */
	Ssl *UaaSsl `yaml:"ssl,omitempty"`

	/*Admin - Descr: Secret of the admin client - a client named admin with uaa.admin as an authority Default: <nil>
	 */
	Admin *Admin `yaml:"admin,omitempty"`

	/*LoggingLevel - Descr: Set UAA logging level.  (e.g. TRACE, DEBUG, INFO) Default: DEBUG
	 */
	LoggingLevel interface{} `yaml:"logging_level,omitempty"`

	/*Issuer - Descr: The url to use as the issuer URI Default: <nil>
	 */
	Issuer interface{} `yaml:"issuer,omitempty"`

	/*LoggingUseRfc3339 - Descr: Sets the time format for log messages to be yyyy-MM-dd'T'HH:mm:ss.SSSXXX instead of yyyy-MM-dd HH:mm:ss.SSS Default: false
	 */
	LoggingUseRfc3339 interface{} `yaml:"logging_use_rfc3339,omitempty"`

	/*Password - Descr: Number of months after which current password expires Default: 0
	 */
	Password *UaaPassword `yaml:"password,omitempty"`

	/*Url - Descr: The base url of the UAA Default: <nil>
	 */
	Url interface{} `yaml:"url,omitempty"`

	/*Clients - Descr: List of OAuth2 clients that the UAA will be bootstrapped with Default: <nil>
	 */
	Clients interface{} `yaml:"clients,omitempty"`

	/*Zones - Descr: A list of hostnames that are routed to the UAA, specifically the default zone in the UAA. The UAA will reject any Host headers that it doesn't recognize.
	By default the UAA recognizes:
	  The hostname from the property uaa.url
	  The hostname from the property login.url
	  localhost (in order to accept health checks)
	Any hostnames added as a list are additive to the default hostnames allowed.
	 Default: <nil>
	*/
	Zones *Zones `yaml:"zones,omitempty"`

	/*Ldap - Descr: Whitelist of external groups from LDAP that get added as roles in the ID Token Default: <nil>
	 */
	Ldap *Ldap `yaml:"ldap,omitempty"`

	/*Scim - Descr: External group mappings. Either formatted as an OpenStruct.
	As an OpenStruct, the mapping additionally specifies an origin to which the mapping is applied:
	  origin1:
	    external_group1:
	      - internal_group1
	      - internal_group2
	      - internal_group3
	    external_group2:
	      - internal_group2
	      - internal_group4
	  origin2:
	    external_group3:
	      - internal_group3
	      - internal_group4
	      - internal_group5
	 Default: <nil>
	*/
	Scim *Scim `yaml:"scim,omitempty"`

	/*Port - Descr: Port that uaa will accept connections on Default: 8080
	 */
	Port interface{} `yaml:"port,omitempty"`

	/*DisableInternalUserManagement - Descr: Disables UI and API for internal user management Default: false
	 */
	DisableInternalUserManagement interface{} `yaml:"disableInternalUserManagement,omitempty"`

	/*CatalinaOpts - Descr: The options used to configure Tomcat Default: -Xmx768m -XX:MaxMetaspaceSize=256m
	 */
	CatalinaOpts interface{} `yaml:"catalina_opts,omitempty"`

	/*SslPrivateKey - Descr: The server's ssl private key. Only passphrase-less keys are supported Default:
	 */
	SslPrivateKey interface{} `yaml:"sslPrivateKey,omitempty"`

	/*Database - Descr: The max number of open connections to the DB from a running UAA instance Default: 100
	 */
	Database *Database `yaml:"database,omitempty"`
}

type UaaJob struct {

	/*Uaadb - Descr: The list of databases used in UAA database including tag/name Default: <nil>
	 */
	Uaadb *Uaadb `yaml:"uaadb,omitempty"`

	/*Login - Descr: URL for configuring a custom home page Default: <nil>
	 */
	Login *Login `yaml:"login,omitempty"`

	/*Env - Descr: The http_proxy across the VMs used for all requests over https Default: <nil>
	 */
	Env *Env `yaml:"env,omitempty"`

	/*Uaa - Descr: Number of allowed failures before account is locked Default: 5
	 */
	Uaa *Uaa `yaml:"uaa,omitempty"`
}

type UaaLogin struct {

	/*ClientSecret - Descr: Default login client secret, if no login client is defined Default: <nil>
	 */
	ClientSecret interface{} `yaml:"client_secret,omitempty"`
}

type UaaPassword struct {

	/*Policy - Descr: Number of months after which current password expires Default: 0
	 */
	Policy *PasswordPolicy `yaml:"policy,omitempty"`
}

type UaaSsl struct {

	/*Port - Descr: If this property Tomcat will listen to this port and expect https traffic. If null, tomcat will not listen to this port Default: 8443
	 */
	Port interface{} `yaml:"port,omitempty"`

	/*ProtocolHeader - Descr: The header to look for to determine if ssl termination was performed by a front end load balancer. Default: x-forwarded-proto
	 */
	ProtocolHeader interface{} `yaml:"protocol_header,omitempty"`
}

type UaaUser struct {

	/*Authorities - Descr: Contains a list of the default authorities/scopes assigned to a user Default: [openid scim.me cloud_controller.read cloud_controller.write cloud_controller_service_permissions.read password.write uaa.user approvals.me oauth.approvals notification_preferences.read notification_preferences.write profile roles user_attributes uaa.offline_token]
	 */
	Authorities interface{} `yaml:"authorities,omitempty"`
}

type Uaadb struct {

	/*Address - Descr: The UAA database IP address Default: <nil>
	 */
	Address interface{} `yaml:"address,omitempty"`

	/*Roles - Descr: The list of database Roles used in UAA database including tag/name/password Default: <nil>
	 */
	Roles interface{} `yaml:"roles,omitempty"`

	/*DbScheme - Descr: Database scheme for UAA DB Default: <nil>
	 */
	DbScheme interface{} `yaml:"db_scheme,omitempty"`

	/*Port - Descr: The UAA database Port Default: <nil>
	 */
	Port interface{} `yaml:"port,omitempty"`

	/*Databases - Descr: The list of databases used in UAA database including tag/name Default: <nil>
	 */
	Databases interface{} `yaml:"databases,omitempty"`
}

type Username struct {

	/*Text - Descr: The text used to prompt for a username during login Default: Email
	 */
	Text interface{} `yaml:"text,omitempty"`
}

type Zones struct {

	/*Internal - Descr: A list of hostnames that are routed to the UAA, specifically the default zone in the UAA. The UAA will reject any Host headers that it doesn't recognize.
	By default the UAA recognizes:
	  The hostname from the property uaa.url
	  The hostname from the property login.url
	  localhost (in order to accept health checks)
	Any hostnames added as a list are additive to the default hostnames allowed.
	 Default: <nil>
	*/
	Internal *Internal `yaml:"internal,omitempty"`
}