config.ts

// THIS FILE IS AUTOMATICALLY GENERATED – DO NOT EDIT MANUALLY.

// To parse this data:
//
//   import { Convert, GitProxyConfig } from "./file";
//
//   const gitProxyConfig = Convert.toGitProxyConfig(json);
//
// These functions will throw an error if the JSON doesn't
// match the expected interface, even if the JSON is valid.

/**
 * Configuration for customizing git-proxy
 */
export interface GitProxyConfig {
  /**
   * Third party APIs
   */
  api?: API;
  /**
   * List of authentication sources for API endpoints. May be empty, in which case all
   * endpoints are public.
   */
  apiAuthentication?: AuthenticationElement[];
  /**
   * Configuration for the attestation form displayed to reviewers. Reviewers will need to
   * check the box next to each question in order to complete the review attestation.
   */
  attestationConfig?: AttestationConfig;
  /**
   * List of authentication sources. The first source in the configuration with enabled=true
   * will be used.
   */
  authentication?: AuthenticationElement[];
  /**
   * List of repositories that are authorised to be pushed to through the proxy.
   */
  authorisedList?: AuthorisedRepo[];
  /**
   * Block commits based on rules defined over author/committer e-mail addresses, commit
   * message content and diff content
   */
  commitConfig?: CommitConfig;
  configurationSources?: any;
  /**
   * Customisable e-mail address to share in proxy responses and warnings
   */
  contactEmail?: string;
  cookieSecret?: string;
  /**
   * Flag to enable CSRF protections for UI
   */
  csrfProtection?: boolean;
  /**
   * Provide custom URLs for the git proxy interfaces in case it cannot determine its own URL
   */
  domains?: Domains;
  /**
   * List of plugins to integrate on GitProxy's push or pull actions. Each value is either a
   * file path or a module name.
   */
  plugins?: string[];
  /**
   * Provider searches for listed private organizations are disabled, see
   * commitConfig.diff.block.providers
   */
  privateOrganizations?: any[];
  /**
   * Deprecated: Used in early versions of git proxy to configure the remote host that traffic
   * is proxied to. In later versions, the repository URL is used to determine the domain
   * proxied, allowing multiple hosts to be proxied by one instance.
   */
  proxyUrl?: string;
  /**
   * API Rate limiting configuration.
   */
  rateLimit?: RateLimit;
  sessionMaxAgeHours?: number;
  /**
   * List of database sources. The first source in the configuration with enabled=true will be
   * used.
   */
  sink?: Database[];
  /**
   * Deprecated: Path to SSL certificate file (use tls.cert instead)
   */
  sslCertPemPath?: string;
  /**
   * Deprecated: Path to SSL private key file (use tls.key instead)
   */
  sslKeyPemPath?: string;
  /**
   * Toggle the generation of temporary password for git-proxy admin user
   */
  tempPassword?: TempPassword;
  /**
   * TLS configuration for secure connections
   */
  tls?: TLS;
  /**
   * UI routes that require authentication (logged in or admin)
   */
  uiRouteAuth?: UIRouteAuth;
  /**
   * Configuration for routing outbound requests to upstream Git hosts via an HTTP(S) proxy.
   */
  upstreamProxy?: UpstreamProxy;
  /**
   * Customisable URL shortener to share in proxy responses and warnings
   */
  urlShortener?: string;
}

/**
 * Third party APIs
 */
export interface API {
  /**
   * Configuration for the gitleaks
   * [https://github.com/gitleaks/gitleaks](https://github.com/gitleaks/gitleaks) plugin
   */
  gitleaks?: Gitleaks;
  /**
   * Configuration used in conjunction with ActiveDirectory auth, which relates to a REST API
   * used to check user group membership, as opposed to direct querying via LDAP.<br />If this
   * configuration is set direct querying of group membership via LDAP will be disabled.
   */
  ls?: Ls;
}

/**
 * Configuration for the gitleaks
 * [https://github.com/gitleaks/gitleaks](https://github.com/gitleaks/gitleaks) plugin
 */
export interface Gitleaks {
  configPath?: string;
  enabled?: boolean;
  ignoreGitleaksAllow?: boolean;
  noColor?: boolean;
  [property: string]: any;
}

/**
 * Configuration used in conjunction with ActiveDirectory auth, which relates to a REST API
 * used to check user group membership, as opposed to direct querying via LDAP.<br />If this
 * configuration is set direct querying of group membership via LDAP will be disabled.
 */
export interface Ls {
  /**
   * URL template for a GET request that confirms a user's membership of a specific group.
   * Should respond with a non-empty 200 status if the user is a member of the group, an empty
   * response or non-200 status indicates that the user is not a group member. If set, this
   * URL will be queried and direct queries via LDAP will be disabled. The template should
   * contain the following string placeholders, which will be replaced to produce the final
   * URL:<ul><li>"&lt;domain&gt;": AD domain,</li><li>"&lt;name&gt;": The group name to check
   * membership of.</li><li>"&lt;id&gt;": The username to check group membership for.</li></ul>
   */
  userInADGroup?: string;
}

/**
 * Configuration for an authentication source
 */
export interface AuthenticationElement {
  enabled: boolean;
  type: AuthenticationElementType;
  /**
   * Additional Active Directory configuration supporting LDAP connection which can be used to
   * confirm group membership. For the full set of available options see the activedirectory 2
   * NPM module docs at https://www.npmjs.com/package/activedirectory2#activedirectoryoptions
   * <br /><br />Please note that if the Third Party APIs config `api.ls.userInADGroup` is set
   * then the REST API it represents is used in preference to direct querying of group
   * memebership via LDAP.
   */
  adConfig?: AdConfig;
  /**
   * Group that indicates that a user is an admin
   */
  adminGroup?: string;
  /**
   * Active Directory domain
   */
  domain?: string;
  /**
   * Group that indicates that a user should be able to login to the Git Proxy UI and can work
   * as a reviewer
   */
  userGroup?: string;
  /**
   * Additional OIDC configuration.
   */
  oidcConfig?: OidcConfig;
  /**
   * Additional JWT configuration.
   */
  jwtConfig?: JwtConfig;
  [property: string]: any;
}

/**
 * Additional Active Directory configuration supporting LDAP connection which can be used to
 * confirm group membership. For the full set of available options see the activedirectory 2
 * NPM module docs at https://www.npmjs.com/package/activedirectory2#activedirectoryoptions
 * <br /><br />Please note that if the Third Party APIs config `api.ls.userInADGroup` is set
 * then the REST API it represents is used in preference to direct querying of group
 * memebership via LDAP.
 */
export interface AdConfig {
  /**
   * The root DN from which all searches will be performed, e.g. `dc=example,dc=com`.
   */
  baseDN: string;
  /**
   * Password for the given `username`.
   */
  password: string;
  /**
   * Override baseDN to query for users in other OUs or sub-trees.
   */
  searchBase?: string;
  /**
   * Active Directory server to connect to, e.g. `ldap://ad.example.com`.
   */
  url: string;
  /**
   * An account name capable of performing the operations desired.
   */
  username: string;
  [property: string]: any;
}

/**
 * Additional JWT configuration.
 */
export interface JwtConfig {
  authorityURL: string;
  clientID: string;
  expectedAudience?: string;
  roleMapping?: RoleMapping;
  [property: string]: any;
}

export interface RoleMapping {
  admin?: { [key: string]: any };
  [property: string]: any;
}

/**
 * Additional OIDC configuration.
 */
export interface OidcConfig {
  callbackURL: string;
  clientID: string;
  clientSecret: string;
  issuer: string;
  scope: string;
  [property: string]: any;
}

export enum AuthenticationElementType {
  ActiveDirectory = 'ActiveDirectory',
  Jwt = 'jwt',
  Local = 'local',
  Openidconnect = 'openidconnect',
}

/**
 * Configuration for the attestation form displayed to reviewers. Reviewers will need to
 * check the box next to each question in order to complete the review attestation.
 */
export interface AttestationConfig {
  /**
   * Customisable attestation questions to add to attestation form.
   */
  questions?: Question[];
}

export interface Question {
  /**
   * The text of the question that will be displayed to the reviewer
   */
  label: string;
  /**
   * A tooltip and optional set of links that will be displayed on mouseover of the question
   * and used to provide additional guidance to the reviewer.
   */
  tooltip: QuestionTooltip;
}

/**
 * A tooltip and optional set of links that will be displayed on mouseover of the question
 * and used to provide additional guidance to the reviewer.
 */
export interface QuestionTooltip {
  /**
   * An array of links to display under the tooltip text, providing additional context about
   * the question
   */
  links?: Link[];
  /**
   * Tooltip text
   */
  text: string;
}

export interface Link {
  /**
   * Link text
   */
  text: string;
  /**
   * Link URL
   */
  url: string;
}

export interface AuthorisedRepo {
  name: string;
  project: string;
  url: string;
  [property: string]: any;
}

/**
 * Block commits based on rules defined over author/committer e-mail addresses, commit
 * message content and diff content
 */
export interface CommitConfig {
  /**
   * Rules applied to commit authors
   */
  author?: Author;
  /**
   * Rules applied to commit diff content
   */
  diff?: Diff;
  /**
   * Rules applied to commit messages
   */
  message?: Message;
}

/**
 * Rules applied to commit authors
 */
export interface Author {
  /**
   * Rules applied to author email addresses
   */
  email?: Email;
}

/**
 * Rules applied to author email addresses
 */
export interface Email {
  /**
   * Rules applied to the domain portion of the email address (i.e. section after the @ symbol)
   */
  domain?: Domain;
  /**
   * Rules applied to the local portion of the email address (i.e. section before the @ symbol)
   */
  local?: Local;
}

/**
 * Rules applied to the domain portion of the email address (i.e. section after the @ symbol)
 */
export interface Domain {
  /**
   * Allow only commits where the domain part of the email address matches this regular
   * expression
   */
  allow?: string;
}

/**
 * Rules applied to the local portion of the email address (i.e. section before the @ symbol)
 */
export interface Local {
  /**
   * Block commits with author email addresses where the first part matches this regular
   * expression
   */
  block?: string;
}

/**
 * Rules applied to commit diff content
 */
export interface Diff {
  /**
   * Block commits where the commit diff matches any of the given patterns
   */
  block?: DiffBlock;
}

/**
 * Block commits where the commit diff matches any of the given patterns
 */
export interface DiffBlock {
  /**
   * Block commits where the commit diff content contains any of the given string literals
   */
  literals?: string[];
  /**
   * Block commits where the commit diff content matches any of the given regular expressions
   */
  patterns?: any[];
  /**
   * Block commits where the commit diff content matches any of the given regular expressions,
   * except where the repository path (project/organisation) matches one of the listed
   * privateOrganisations. The keys in this array are listed as the block type in logs.
   */
  providers?: { [key: string]: string };
}

/**
 * Rules applied to commit messages
 */
export interface Message {
  /**
   * Block commits where the commit message matches any of the given patterns
   */
  block?: MessageBlock;
}

/**
 * Block commits where the commit message matches any of the given patterns
 */
export interface MessageBlock {
  /**
   * Block commits where the commit message contains any of the given string literals
   */
  literals?: string[];
  /**
   * Block commits where the commit message matches any of the given regular expressions
   */
  patterns?: string[];
}

/**
 * Provide custom URLs for the git proxy interfaces in case it cannot determine its own URL
 */
export interface Domains {
  /**
   * Override for the default proxy URL, should include the protocol
   */
  proxy?: string;
  /**
   * Override for the service UI URL, should include the protocol
   */
  service?: string;
  [property: string]: any;
}

/**
 * API Rate limiting configuration.
 */
export interface RateLimit {
  /**
   * How many requests to allow (default 150).
   */
  limit: number;
  /**
   * Response to return after limit is reached.
   */
  message?: string;
  /**
   * HTTP status code after limit is reached (default is 429).
   */
  statusCode?: number;
  /**
   * How long to remember requests for, in milliseconds (default 10 mins).
   */
  windowMs: number;
}

/**
 * Configuration entry for a database
 *
 * Connection properties for mongoDB. Options may be passed in either the connection string
 * or broken out in the options object
 *
 * Connection properties for an neDB file-based database
 */
export interface Database {
  /**
   * mongoDB Client connection string, see
   * [https://www.mongodb.com/docs/manual/reference/connection-string/](https://www.mongodb.com/docs/manual/reference/connection-string/)
   */
  connectionString?: string;
  enabled: boolean;
  /**
   * mongoDB Client connection options. Please note that only custom options are described
   * here, see
   * [https://www.mongodb.com/docs/drivers/node/current/connect/connection-options/](https://www.mongodb.com/docs/drivers/node/current/connect/connection-options/)
   * for all config options.
   */
  options?: Options;
  type: DatabaseType;
  [property: string]: any;
}

/**
 * mongoDB Client connection options. Please note that only custom options are described
 * here, see
 * [https://www.mongodb.com/docs/drivers/node/current/connect/connection-options/](https://www.mongodb.com/docs/drivers/node/current/connect/connection-options/)
 * for all config options.
 */
export interface Options {
  authMechanismProperties?: AuthMechanismProperties;
  [property: string]: any;
}

export interface AuthMechanismProperties {
  /**
   * If set to true, the `fromNodeProviderChain()` function from @aws-sdk/credential-providers
   * is passed as the `AWS_CREDENTIAL_PROVIDER`
   */
  AWS_CREDENTIAL_PROVIDER?: boolean;
  [property: string]: any;
}

export enum DatabaseType {
  FS = 'fs',
  Mongo = 'mongo',
}

/**
 * Toggle the generation of temporary password for git-proxy admin user
 */
export interface TempPassword {
  /**
   * Generic object to configure nodemailer. For full type information, please see
   * https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/nodemailer
   */
  emailConfig?: { [key: string]: any };
  sendEmail?: boolean;
  [property: string]: any;
}

/**
 * TLS configuration for secure connections
 */
export interface TLS {
  cert: string;
  enabled: boolean;
  key: string;
  [property: string]: any;
}

/**
 * UI routes that require authentication (logged in or admin)
 */
export interface UIRouteAuth {
  enabled?: boolean;
  rules?: RouteAuthRule[];
  [property: string]: any;
}

export interface RouteAuthRule {
  adminOnly?: boolean;
  loginRequired?: boolean;
  pattern?: string;
  [property: string]: any;
}

/**
 * Configuration for routing outbound requests to upstream Git hosts via an HTTP(S) proxy.
 */
export interface UpstreamProxy {
  /**
   * Whether to use an outbound HTTP(S) proxy for upstream Git hosts.
   */
  enabled?: boolean;
  /**
   * Additional hostnames or domain suffixes that should bypass the upstream proxy.
   */
  noProxy?: string[];
  /**
   * Proxy URL used for outbound connections to upstream Git hosts when set.
   */
  url?: string;
}

// Converts JSON strings to/from your types
// and asserts the results of JSON.parse at runtime
export class Convert {
  public static toGitProxyConfig(json: string): GitProxyConfig {
    return cast(JSON.parse(json), r('GitProxyConfig'));
  }

  public static gitProxyConfigToJson(value: GitProxyConfig): string {
    return JSON.stringify(uncast(value, r('GitProxyConfig')), null, 2);
  }
}

function invalidValue(typ: any, val: any, key: any, parent: any = ''): never {
  const prettyTyp = prettyTypeName(typ);
  const parentText = parent ? ` on ${parent}` : '';
  const keyText = key ? ` for key "${key}"` : '';
  throw Error(
    `Invalid value${keyText}${parentText}. Expected ${prettyTyp} but got ${JSON.stringify(val)}`,
  );
}

function prettyTypeName(typ: any): string {
  if (Array.isArray(typ)) {
    if (typ.length === 2 && typ[0] === undefined) {
      return `an optional ${prettyTypeName(typ[1])}`;
    } else {
      return `one of [${typ
        .map((a) => {
          return prettyTypeName(a);
        })
        .join(', ')}]`;
    }
  } else if (typeof typ === 'object' && typ.literal !== undefined) {
    return typ.literal;
  } else {
    return typeof typ;
  }
}

function jsonToJSProps(typ: any): any {
  if (typ.jsonToJS === undefined) {
    const map: any = {};
    typ.props.forEach((p: any) => (map[p.json] = { key: p.js, typ: p.typ }));
    typ.jsonToJS = map;
  }
  return typ.jsonToJS;
}

function jsToJSONProps(typ: any): any {
  if (typ.jsToJSON === undefined) {
    const map: any = {};
    typ.props.forEach((p: any) => (map[p.js] = { key: p.json, typ: p.typ }));
    typ.jsToJSON = map;
  }
  return typ.jsToJSON;
}

function transform(val: any, typ: any, getProps: any, key: any = '', parent: any = ''): any {
  function transformPrimitive(typ: string, val: any): any {
    if (typeof typ === typeof val) return val;
    return invalidValue(typ, val, key, parent);
  }

  function transformUnion(typs: any[], val: any): any {
    // val must validate against one typ in typs
    const l = typs.length;
    for (let i = 0; i < l; i++) {
      const typ = typs[i];
      try {
        return transform(val, typ, getProps);
      } catch (_) {}
    }
    return invalidValue(typs, val, key, parent);
  }

  function transformEnum(cases: string[], val: any): any {
    if (cases.indexOf(val) !== -1) return val;
    return invalidValue(
      cases.map((a) => {
        return l(a);
      }),
      val,
      key,
      parent,
    );
  }

  function transformArray(typ: any, val: any): any {
    // val must be an array with no invalid elements
    if (!Array.isArray(val)) return invalidValue(l('array'), val, key, parent);
    return val.map((el) => transform(el, typ, getProps));
  }

  function transformDate(val: any): any {
    if (val === null) {
      return null;
    }
    const d = new Date(val);
    if (isNaN(d.valueOf())) {
      return invalidValue(l('Date'), val, key, parent);
    }
    return d;
  }

  function transformObject(props: { [k: string]: any }, additional: any, val: any): any {
    if (val === null || typeof val !== 'object' || Array.isArray(val)) {
      return invalidValue(l(ref || 'object'), val, key, parent);
    }
    const result: any = {};
    Object.getOwnPropertyNames(props).forEach((key) => {
      const prop = props[key];
      const v = Object.prototype.hasOwnProperty.call(val, key) ? val[key] : undefined;
      result[prop.key] = transform(v, prop.typ, getProps, key, ref);
    });
    Object.getOwnPropertyNames(val).forEach((key) => {
      if (!Object.prototype.hasOwnProperty.call(props, key)) {
        result[key] = transform(val[key], additional, getProps, key, ref);
      }
    });
    return result;
  }

  if (typ === 'any') return val;
  if (typ === null) {
    if (val === null) return val;
    return invalidValue(typ, val, key, parent);
  }
  if (typ === false) return invalidValue(typ, val, key, parent);
  let ref: any = undefined;
  while (typeof typ === 'object' && typ.ref !== undefined) {
    ref = typ.ref;
    typ = typeMap[typ.ref];
  }
  if (Array.isArray(typ)) return transformEnum(typ, val);
  if (typeof typ === 'object') {
    return typ.hasOwnProperty('unionMembers')
      ? transformUnion(typ.unionMembers, val)
      : typ.hasOwnProperty('arrayItems')
        ? transformArray(typ.arrayItems, val)
        : typ.hasOwnProperty('props')
          ? transformObject(getProps(typ), typ.additional, val)
          : invalidValue(typ, val, key, parent);
  }
  // Numbers can be parsed by Date but shouldn't be.
  if (typ === Date && typeof val !== 'number') return transformDate(val);
  return transformPrimitive(typ, val);
}

function cast<T>(val: any, typ: any): T {
  return transform(val, typ, jsonToJSProps);
}

function uncast<T>(val: T, typ: any): any {
  return transform(val, typ, jsToJSONProps);
}

function l(typ: any) {
  return { literal: typ };
}

function a(typ: any) {
  return { arrayItems: typ };
}

function u(...typs: any[]) {
  return { unionMembers: typs };
}

function o(props: any[], additional: any) {
  return { props, additional };
}

function m(additional: any) {
  return { props: [], additional };
}

function r(name: string) {
  return { ref: name };
}

const typeMap: any = {
  GitProxyConfig: o(
    [
      { json: 'api', js: 'api', typ: u(undefined, r('API')) },
      {
        json: 'apiAuthentication',
        js: 'apiAuthentication',
        typ: u(undefined, a(r('AuthenticationElement'))),
      },
      {
        json: 'attestationConfig',
        js: 'attestationConfig',
        typ: u(undefined, r('AttestationConfig')),
      },
      {
        json: 'authentication',
        js: 'authentication',
        typ: u(undefined, a(r('AuthenticationElement'))),
      },
      { json: 'authorisedList', js: 'authorisedList', typ: u(undefined, a(r('AuthorisedRepo'))) },
      { json: 'commitConfig', js: 'commitConfig', typ: u(undefined, r('CommitConfig')) },
      { json: 'configurationSources', js: 'configurationSources', typ: u(undefined, 'any') },
      { json: 'contactEmail', js: 'contactEmail', typ: u(undefined, '') },
      { json: 'cookieSecret', js: 'cookieSecret', typ: u(undefined, '') },
      { json: 'csrfProtection', js: 'csrfProtection', typ: u(undefined, true) },
      { json: 'domains', js: 'domains', typ: u(undefined, r('Domains')) },
      { json: 'plugins', js: 'plugins', typ: u(undefined, a('')) },
      { json: 'privateOrganizations', js: 'privateOrganizations', typ: u(undefined, a('any')) },
      { json: 'proxyUrl', js: 'proxyUrl', typ: u(undefined, '') },
      { json: 'rateLimit', js: 'rateLimit', typ: u(undefined, r('RateLimit')) },
      { json: 'sessionMaxAgeHours', js: 'sessionMaxAgeHours', typ: u(undefined, 3.14) },
      { json: 'sink', js: 'sink', typ: u(undefined, a(r('Database'))) },
      { json: 'sslCertPemPath', js: 'sslCertPemPath', typ: u(undefined, '') },
      { json: 'sslKeyPemPath', js: 'sslKeyPemPath', typ: u(undefined, '') },
      { json: 'tempPassword', js: 'tempPassword', typ: u(undefined, r('TempPassword')) },
      { json: 'tls', js: 'tls', typ: u(undefined, r('TLS')) },
      { json: 'uiRouteAuth', js: 'uiRouteAuth', typ: u(undefined, r('UIRouteAuth')) },
      { json: 'upstreamProxy', js: 'upstreamProxy', typ: u(undefined, r('UpstreamProxy')) },
      { json: 'urlShortener', js: 'urlShortener', typ: u(undefined, '') },
    ],
    false,
  ),
  API: o(
    [
      { json: 'gitleaks', js: 'gitleaks', typ: u(undefined, r('Gitleaks')) },
      { json: 'ls', js: 'ls', typ: u(undefined, r('Ls')) },
    ],
    false,
  ),
  Gitleaks: o(
    [
      { json: 'configPath', js: 'configPath', typ: u(undefined, '') },
      { json: 'enabled', js: 'enabled', typ: u(undefined, true) },
      { json: 'ignoreGitleaksAllow', js: 'ignoreGitleaksAllow', typ: u(undefined, true) },
      { json: 'noColor', js: 'noColor', typ: u(undefined, true) },
    ],
    'any',
  ),
  Ls: o([{ json: 'userInADGroup', js: 'userInADGroup', typ: u(undefined, '') }], false),
  AuthenticationElement: o(
    [
      { json: 'enabled', js: 'enabled', typ: true },
      { json: 'type', js: 'type', typ: r('AuthenticationElementType') },
      { json: 'adConfig', js: 'adConfig', typ: u(undefined, r('AdConfig')) },
      { json: 'adminGroup', js: 'adminGroup', typ: u(undefined, '') },
      { json: 'domain', js: 'domain', typ: u(undefined, '') },
      { json: 'userGroup', js: 'userGroup', typ: u(undefined, '') },
      { json: 'oidcConfig', js: 'oidcConfig', typ: u(undefined, r('OidcConfig')) },
      { json: 'jwtConfig', js: 'jwtConfig', typ: u(undefined, r('JwtConfig')) },
    ],
    'any',
  ),
  AdConfig: o(
    [
      { json: 'baseDN', js: 'baseDN', typ: '' },
      { json: 'password', js: 'password', typ: '' },
      { json: 'searchBase', js: 'searchBase', typ: u(undefined, '') },
      { json: 'url', js: 'url', typ: '' },
      { json: 'username', js: 'username', typ: '' },
    ],
    'any',
  ),
  JwtConfig: o(
    [
      { json: 'authorityURL', js: 'authorityURL', typ: '' },
      { json: 'clientID', js: 'clientID', typ: '' },
      { json: 'expectedAudience', js: 'expectedAudience', typ: u(undefined, '') },
      { json: 'roleMapping', js: 'roleMapping', typ: u(undefined, r('RoleMapping')) },
    ],
    'any',
  ),
  RoleMapping: o([{ json: 'admin', js: 'admin', typ: u(undefined, m('any')) }], 'any'),
  OidcConfig: o(
    [
      { json: 'callbackURL', js: 'callbackURL', typ: '' },
      { json: 'clientID', js: 'clientID', typ: '' },
      { json: 'clientSecret', js: 'clientSecret', typ: '' },
      { json: 'issuer', js: 'issuer', typ: '' },
      { json: 'scope', js: 'scope', typ: '' },
    ],
    'any',
  ),
  AttestationConfig: o(
    [{ json: 'questions', js: 'questions', typ: u(undefined, a(r('Question'))) }],
    false,
  ),
  Question: o(
    [
      { json: 'label', js: 'label', typ: '' },
      { json: 'tooltip', js: 'tooltip', typ: r('QuestionTooltip') },
    ],
    false,
  ),
  QuestionTooltip: o(
    [
      { json: 'links', js: 'links', typ: u(undefined, a(r('Link'))) },
      { json: 'text', js: 'text', typ: '' },
    ],
    false,
  ),
  Link: o(
    [
      { json: 'text', js: 'text', typ: '' },
      { json: 'url', js: 'url', typ: '' },
    ],
    false,
  ),
  AuthorisedRepo: o(
    [
      { json: 'name', js: 'name', typ: '' },
      { json: 'project', js: 'project', typ: '' },
      { json: 'url', js: 'url', typ: '' },
    ],
    'any',
  ),
  CommitConfig: o(
    [
      { json: 'author', js: 'author', typ: u(undefined, r('Author')) },
      { json: 'diff', js: 'diff', typ: u(undefined, r('Diff')) },
      { json: 'message', js: 'message', typ: u(undefined, r('Message')) },
    ],
    false,
  ),
  Author: o([{ json: 'email', js: 'email', typ: u(undefined, r('Email')) }], false),
  Email: o(
    [
      { json: 'domain', js: 'domain', typ: u(undefined, r('Domain')) },
      { json: 'local', js: 'local', typ: u(undefined, r('Local')) },
    ],
    false,
  ),
  Domain: o([{ json: 'allow', js: 'allow', typ: u(undefined, '') }], false),
  Local: o([{ json: 'block', js: 'block', typ: u(undefined, '') }], false),
  Diff: o([{ json: 'block', js: 'block', typ: u(undefined, r('DiffBlock')) }], false),
  DiffBlock: o(
    [
      { json: 'literals', js: 'literals', typ: u(undefined, a('')) },
      { json: 'patterns', js: 'patterns', typ: u(undefined, a('any')) },
      { json: 'providers', js: 'providers', typ: u(undefined, m('')) },
    ],
    false,
  ),
  Message: o([{ json: 'block', js: 'block', typ: u(undefined, r('MessageBlock')) }], false),
  MessageBlock: o(
    [
      { json: 'literals', js: 'literals', typ: u(undefined, a('')) },
      { json: 'patterns', js: 'patterns', typ: u(undefined, a('')) },
    ],
    false,
  ),
  Domains: o(
    [
      { json: 'proxy', js: 'proxy', typ: u(undefined, '') },
      { json: 'service', js: 'service', typ: u(undefined, '') },
    ],
    'any',
  ),
  RateLimit: o(
    [
      { json: 'limit', js: 'limit', typ: 3.14 },
      { json: 'message', js: 'message', typ: u(undefined, '') },
      { json: 'statusCode', js: 'statusCode', typ: u(undefined, 3.14) },
      { json: 'windowMs', js: 'windowMs', typ: 3.14 },
    ],
    false,
  ),
  Database: o(
    [
      { json: 'connectionString', js: 'connectionString', typ: u(undefined, '') },
      { json: 'enabled', js: 'enabled', typ: true },
      { json: 'options', js: 'options', typ: u(undefined, r('Options')) },
      { json: 'type', js: 'type', typ: r('DatabaseType') },
    ],
    'any',
  ),
  Options: o(
    [
      {
        json: 'authMechanismProperties',
        js: 'authMechanismProperties',
        typ: u(undefined, r('AuthMechanismProperties')),
      },
    ],
    'any',
  ),
  AuthMechanismProperties: o(
    [{ json: 'AWS_CREDENTIAL_PROVIDER', js: 'AWS_CREDENTIAL_PROVIDER', typ: u(undefined, true) }],
    'any',
  ),
  TempPassword: o(
    [
      { json: 'emailConfig', js: 'emailConfig', typ: u(undefined, m('any')) },
      { json: 'sendEmail', js: 'sendEmail', typ: u(undefined, true) },
    ],
    'any',
  ),
  TLS: o(
    [
      { json: 'cert', js: 'cert', typ: '' },
      { json: 'enabled', js: 'enabled', typ: true },
      { json: 'key', js: 'key', typ: '' },
    ],
    'any',
  ),
  UIRouteAuth: o(
    [
      { json: 'enabled', js: 'enabled', typ: u(undefined, true) },
      { json: 'rules', js: 'rules', typ: u(undefined, a(r('RouteAuthRule'))) },
    ],
    'any',
  ),
  RouteAuthRule: o(
    [
      { json: 'adminOnly', js: 'adminOnly', typ: u(undefined, true) },
      { json: 'loginRequired', js: 'loginRequired', typ: u(undefined, true) },
      { json: 'pattern', js: 'pattern', typ: u(undefined, '') },
    ],
    'any',
  ),
  UpstreamProxy: o(
    [
      { json: 'enabled', js: 'enabled', typ: u(undefined, true) },
      { json: 'noProxy', js: 'noProxy', typ: u(undefined, a('')) },
      { json: 'url', js: 'url', typ: u(undefined, '') },
    ],
    false,
  ),
  AuthenticationElementType: ['ActiveDirectory', 'jwt', 'local', 'openidconnect'],
  DatabaseType: ['fs', 'mongo'],
};