v1alpha1

type Keypair struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.alias) || (has(self.initProvider) && has(self.initProvider.alias))",message="spec.forProvider.alias is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.pairType) || (has(self.initProvider) && has(self.initProvider.pairType))",message="spec.forProvider.pairType is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.privateKeySecretRef)",message="spec.forProvider.privateKeySecretRef is a required parameter"
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.publicKey) || (has(self.initProvider) && has(self.initProvider.publicKey))",message="spec.forProvider.publicKey is a required parameter"
	Spec   KeypairSpec   `json:"spec"`
	Status KeypairStatus `json:"status,omitempty"`
}

type KeypairInitParameters struct {

	// Will be used as a filename when retrieving the public key via REST API
	Alias *string `json:"alias,omitempty" tf:"alias,omitempty"`

	// Key Pair type. Supported types - GPG and RSA.
	PairType *string `json:"pairType,omitempty" tf:"pair_type,omitempty"`

	// Passphrase will be used to decrypt the private key. Validated server side.
	PassphraseSecretRef *v1.SecretKeySelector `json:"passphraseSecretRef,omitempty" tf:"-"`

	// Private key. PEM format will be validated. Must not include extranous spaces or tabs.
	PrivateKeySecretRef v1.SecretKeySelector `json:"privateKeySecretRef" tf:"-"`

	// Public key. PEM format will be validated. Must not include extranous spaces or tabs.
	PublicKey *string `json:"publicKey,omitempty" tf:"public_key,omitempty"`
}

type KeypairList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Keypair `json:"items"`
}

type KeypairObservation struct {

	// Will be used as a filename when retrieving the public key via REST API
	Alias *string `json:"alias,omitempty" tf:"alias,omitempty"`

	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// Key Pair type. Supported types - GPG and RSA.
	PairType *string `json:"pairType,omitempty" tf:"pair_type,omitempty"`

	// Public key. PEM format will be validated. Must not include extranous spaces or tabs.
	PublicKey *string `json:"publicKey,omitempty" tf:"public_key,omitempty"`
}

type KeypairParameters struct {

	// Will be used as a filename when retrieving the public key via REST API
	// +kubebuilder:validation:Optional
	Alias *string `json:"alias,omitempty" tf:"alias,omitempty"`

	// Key Pair type. Supported types - GPG and RSA.
	// +kubebuilder:validation:Optional
	PairType *string `json:"pairType,omitempty" tf:"pair_type,omitempty"`

	// Passphrase will be used to decrypt the private key. Validated server side.
	// +kubebuilder:validation:Optional
	PassphraseSecretRef *v1.SecretKeySelector `json:"passphraseSecretRef,omitempty" tf:"-"`

	// Private key. PEM format will be validated. Must not include extranous spaces or tabs.
	// +kubebuilder:validation:Optional
	PrivateKeySecretRef v1.SecretKeySelector `json:"privateKeySecretRef" tf:"-"`

	// Public key. PEM format will be validated. Must not include extranous spaces or tabs.
	// +kubebuilder:validation:Optional
	PublicKey *string `json:"publicKey,omitempty" tf:"public_key,omitempty"`
}

type KeypairSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     KeypairParameters `json:"forProvider"`
	// THIS IS A BETA FIELD. It will be honored
	// unless the Management Policies feature flag is disabled.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider KeypairInitParameters `json:"initProvider,omitempty"`
}

type KeypairStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        KeypairObservation `json:"atProvider,omitempty"`
}

type ScopedToken struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ScopedTokenSpec   `json:"spec"`
	Status            ScopedTokenStatus `json:"status,omitempty"`
}

type ScopedTokenInitParameters struct {

	// IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
	// A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '*@*' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this [documentation](https://jfrog.com/help/r/jfrog-rest-apis/get-service-id)
	// +listType=set
	Audiences []*string `json:"audiences,omitempty" tf:"audiences,omitempty"`

	// (String) Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
	// Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
	// The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See [API documentation](https://jfrog.com/help/r/jfrog-rest-apis/revoke-token-by-id) for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See [official documentation](https://jfrog.com/help/r/jfrog-platform-administration-documentation/persistency-threshold) for details.
	ExpiresIn *float64 `json:"expiresIn,omitempty" tf:"expires_in,omitempty"`

	// (String) The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
	// The grant type used to authenticate the request. In this case, the only value supported is `client_credentials` which is also the default value if this parameter is not specified.
	GrantType *string `json:"grantType,omitempty" tf:"grant_type,omitempty"`

	// (Boolean) Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
	// Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is `false`.
	IgnoreMissingTokenWarning *bool `json:"ignoreMissingTokenWarning,omitempty" tf:"ignore_missing_token_warning,omitempty"`

	// (Boolean) Also create a reference token which can be used like an API key. Default is false.
	// Also create a reference token which can be used like an API key. Default is `false`.
	IncludeReferenceToken *bool `json:"includeReferenceToken,omitempty" tf:"include_reference_token,omitempty"`

	// (String) The project for which this token is created. Enter the project name on which you want to apply this token.
	// The project for which this token is created. Enter the project name on which you want to apply this token.
	ProjectKey *string `json:"projectKey,omitempty" tf:"project_key,omitempty"`

	// (Boolean) Is this token refreshable? Default is false.
	// Is this token refreshable? Default is `false`.
	Refreshable *bool `json:"refreshable,omitempty" tf:"refreshable,omitempty"`

	// admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include:
	// The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include:
	// - `applied-permissions/user` - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.
	// - `applied-permissions/admin` - the scope assigned to admin users.
	// - `applied-permissions/groups` - this scope assigns permissions to groups using the following format: `applied-permissions/groups:<group-name>[,<group-name>...]`
	// - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: `<resource-type>:<target>[/<sub-resource>]:<actions>`
	// - Where:
	// - `<resource-type>` - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type.
	// - `<target>` - the target resource, can be exact name or a pattern
	// - `<sub-resource>` - optional, the target sub-resource, can be exact name or a pattern
	// - `<actions>` - comma-separated list of action acronyms. The actions allowed are `r`, `w`, `d`, `a`, `m`, `x`, `s`, or any combination of these actions. To allow all actions - use `*`
	// - Examples:
	// - `["applied-permissions/user", "artifact:generic-local:r"]`
	// - `["applied-permissions/group", "artifact:generic-local/path:*"]`
	// - `["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]`
	// - `applied-permissions/roles:project-key` - provides access to elements associated with the project based on the project role. For example, `applied-permissions/roles:project-type:developer,qa`.
	//
	// - System Permissions: Used to grant access to system resources. A permission can be represented as a scope token string in the following format: `system:(metrics|livelogs|identities|permissions):<actions>`
	// - Where:
	// - `metrics|livelogs|identities|permissions` - one of these options can be chosen      - `<actions>` - comma-separated list of action acronyms. The actions allowed are `r`, `w`, `d`, `a`, `m`, `x`, `s`, or any combination of these actions. To allow all actions - use `*`
	// - Examples:
	// - `["system:livelogs:r", "system:metrics:r,w,d"]`
	// ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total.
	// From Artifactory 7.84.3, [project admins](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-token-creation-by-project-admins) can create access tokens that are tied to the projects in which they hold administrative privileges.
	// +listType=set
	Scopes []*string `json:"scopes,omitempty" tf:"scopes,omitempty"`

	// either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
	// The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: <service-id>/users/<username>. Limited to 255 characters.
	Username *string `json:"username,omitempty" tf:"username,omitempty"`
}

type ScopedTokenList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ScopedToken `json:"items"`
}

type ScopedTokenObservation struct {

	// IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
	// A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '*@*' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this [documentation](https://jfrog.com/help/r/jfrog-rest-apis/get-service-id)
	// +listType=set
	Audiences []*string `json:"audiences,omitempty" tf:"audiences,omitempty"`

	// (String) Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
	// Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
	// The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See [API documentation](https://jfrog.com/help/r/jfrog-rest-apis/revoke-token-by-id) for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See [official documentation](https://jfrog.com/help/r/jfrog-platform-administration-documentation/persistency-threshold) for details.
	ExpiresIn *float64 `json:"expiresIn,omitempty" tf:"expires_in,omitempty"`

	// (Number) Returns the token expiry.
	// Returns the token expiry.
	Expiry *float64 `json:"expiry,omitempty" tf:"expiry,omitempty"`

	// (String) The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
	// The grant type used to authenticate the request. In this case, the only value supported is `client_credentials` which is also the default value if this parameter is not specified.
	GrantType *string `json:"grantType,omitempty" tf:"grant_type,omitempty"`

	// (String) The ID of this resource.
	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// (Boolean) Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
	// Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is `false`.
	IgnoreMissingTokenWarning *bool `json:"ignoreMissingTokenWarning,omitempty" tf:"ignore_missing_token_warning,omitempty"`

	// (Boolean) Also create a reference token which can be used like an API key. Default is false.
	// Also create a reference token which can be used like an API key. Default is `false`.
	IncludeReferenceToken *bool `json:"includeReferenceToken,omitempty" tf:"include_reference_token,omitempty"`

	// (Number) Returns the token issued at date/time.
	// Returns the token issued at date/time.
	IssuedAt *float64 `json:"issuedAt,omitempty" tf:"issued_at,omitempty"`

	// (String) Returns the token issuer.
	// Returns the token issuer.
	Issuer *string `json:"issuer,omitempty" tf:"issuer,omitempty"`

	// (String) The project for which this token is created. Enter the project name on which you want to apply this token.
	// The project for which this token is created. Enter the project name on which you want to apply this token.
	ProjectKey *string `json:"projectKey,omitempty" tf:"project_key,omitempty"`

	// (Boolean) Is this token refreshable? Default is false.
	// Is this token refreshable? Default is `false`.
	Refreshable *bool `json:"refreshable,omitempty" tf:"refreshable,omitempty"`

	// admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include:
	// The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include:
	// - `applied-permissions/user` - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.
	// - `applied-permissions/admin` - the scope assigned to admin users.
	// - `applied-permissions/groups` - this scope assigns permissions to groups using the following format: `applied-permissions/groups:<group-name>[,<group-name>...]`
	// - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: `<resource-type>:<target>[/<sub-resource>]:<actions>`
	// - Where:
	// - `<resource-type>` - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type.
	// - `<target>` - the target resource, can be exact name or a pattern
	// - `<sub-resource>` - optional, the target sub-resource, can be exact name or a pattern
	// - `<actions>` - comma-separated list of action acronyms. The actions allowed are `r`, `w`, `d`, `a`, `m`, `x`, `s`, or any combination of these actions. To allow all actions - use `*`
	// - Examples:
	// - `["applied-permissions/user", "artifact:generic-local:r"]`
	// - `["applied-permissions/group", "artifact:generic-local/path:*"]`
	// - `["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]`
	// - `applied-permissions/roles:project-key` - provides access to elements associated with the project based on the project role. For example, `applied-permissions/roles:project-type:developer,qa`.
	//
	// - System Permissions: Used to grant access to system resources. A permission can be represented as a scope token string in the following format: `system:(metrics|livelogs|identities|permissions):<actions>`
	// - Where:
	// - `metrics|livelogs|identities|permissions` - one of these options can be chosen      - `<actions>` - comma-separated list of action acronyms. The actions allowed are `r`, `w`, `d`, `a`, `m`, `x`, `s`, or any combination of these actions. To allow all actions - use `*`
	// - Examples:
	// - `["system:livelogs:r", "system:metrics:r,w,d"]`
	// ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total.
	// From Artifactory 7.84.3, [project admins](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-token-creation-by-project-admins) can create access tokens that are tied to the projects in which they hold administrative privileges.
	// +listType=set
	Scopes []*string `json:"scopes,omitempty" tf:"scopes,omitempty"`

	// (String) Returns the token type.
	// Returns the token type.
	Subject *string `json:"subject,omitempty" tf:"subject,omitempty"`

	// (String) Returns the token type.
	// Returns the token type.
	TokenType *string `json:"tokenType,omitempty" tf:"token_type,omitempty"`

	// either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
	// The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: <service-id>/users/<username>. Limited to 255 characters.
	Username *string `json:"username,omitempty" tf:"username,omitempty"`
}

type ScopedTokenParameters struct {

	// IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
	// A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '*@*' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this [documentation](https://jfrog.com/help/r/jfrog-rest-apis/get-service-id)
	// +kubebuilder:validation:Optional
	// +listType=set
	Audiences []*string `json:"audiences,omitempty" tf:"audiences,omitempty"`

	// (String) Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
	// Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
	// The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See [API documentation](https://jfrog.com/help/r/jfrog-rest-apis/revoke-token-by-id) for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See [official documentation](https://jfrog.com/help/r/jfrog-platform-administration-documentation/persistency-threshold) for details.
	// +kubebuilder:validation:Optional
	ExpiresIn *float64 `json:"expiresIn,omitempty" tf:"expires_in,omitempty"`

	// (String) The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
	// The grant type used to authenticate the request. In this case, the only value supported is `client_credentials` which is also the default value if this parameter is not specified.
	// +kubebuilder:validation:Optional
	GrantType *string `json:"grantType,omitempty" tf:"grant_type,omitempty"`

	// (Boolean) Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
	// Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is `false`.
	// +kubebuilder:validation:Optional
	IgnoreMissingTokenWarning *bool `json:"ignoreMissingTokenWarning,omitempty" tf:"ignore_missing_token_warning,omitempty"`

	// (Boolean) Also create a reference token which can be used like an API key. Default is false.
	// Also create a reference token which can be used like an API key. Default is `false`.
	// +kubebuilder:validation:Optional
	IncludeReferenceToken *bool `json:"includeReferenceToken,omitempty" tf:"include_reference_token,omitempty"`

	// (String) The project for which this token is created. Enter the project name on which you want to apply this token.
	// The project for which this token is created. Enter the project name on which you want to apply this token.
	// +kubebuilder:validation:Optional
	ProjectKey *string `json:"projectKey,omitempty" tf:"project_key,omitempty"`

	// (Boolean) Is this token refreshable? Default is false.
	// Is this token refreshable? Default is `false`.
	// +kubebuilder:validation:Optional
	Refreshable *bool `json:"refreshable,omitempty" tf:"refreshable,omitempty"`

	// admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include:
	// The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include:
	// - `applied-permissions/user` - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.
	// - `applied-permissions/admin` - the scope assigned to admin users.
	// - `applied-permissions/groups` - this scope assigns permissions to groups using the following format: `applied-permissions/groups:<group-name>[,<group-name>...]`
	// - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: `<resource-type>:<target>[/<sub-resource>]:<actions>`
	// - Where:
	// - `<resource-type>` - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type.
	// - `<target>` - the target resource, can be exact name or a pattern
	// - `<sub-resource>` - optional, the target sub-resource, can be exact name or a pattern
	// - `<actions>` - comma-separated list of action acronyms. The actions allowed are `r`, `w`, `d`, `a`, `m`, `x`, `s`, or any combination of these actions. To allow all actions - use `*`
	// - Examples:
	// - `["applied-permissions/user", "artifact:generic-local:r"]`
	// - `["applied-permissions/group", "artifact:generic-local/path:*"]`
	// - `["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]`
	// - `applied-permissions/roles:project-key` - provides access to elements associated with the project based on the project role. For example, `applied-permissions/roles:project-type:developer,qa`.
	//
	// - System Permissions: Used to grant access to system resources. A permission can be represented as a scope token string in the following format: `system:(metrics|livelogs|identities|permissions):<actions>`
	// - Where:
	// - `metrics|livelogs|identities|permissions` - one of these options can be chosen      - `<actions>` - comma-separated list of action acronyms. The actions allowed are `r`, `w`, `d`, `a`, `m`, `x`, `s`, or any combination of these actions. To allow all actions - use `*`
	// - Examples:
	// - `["system:livelogs:r", "system:metrics:r,w,d"]`
	// ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total.
	// From Artifactory 7.84.3, [project admins](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-token-creation-by-project-admins) can create access tokens that are tied to the projects in which they hold administrative privileges.
	// +kubebuilder:validation:Optional
	// +listType=set
	Scopes []*string `json:"scopes,omitempty" tf:"scopes,omitempty"`

	// either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
	// The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: <service-id>/users/<username>. Limited to 255 characters.
	// +kubebuilder:validation:Optional
	Username *string `json:"username,omitempty" tf:"username,omitempty"`
}

type ScopedTokenSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     ScopedTokenParameters `json:"forProvider"`
	// THIS IS A BETA FIELD. It will be honored
	// unless the Management Policies feature flag is disabled.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider ScopedTokenInitParameters `json:"initProvider,omitempty"`
}

type ScopedTokenStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        ScopedTokenObservation `json:"atProvider,omitempty"`
}