@k8ts/sample-interfaces 0.1.1

package/dist/source.toolkit.fluxcd.io.d.ts

@@ -0,0 +1,3733 @@
+import { ApiObject, ApiObjectMetadata, GroupVersionKind } from "cdk8s";
+import { Construct } from "constructs";
+/**
+ * Bucket is the Schema for the buckets API.
+ *
+ * @schema Bucket
+ */
+export declare class Bucket extends ApiObject {
+    /** Returns the apiVersion and kind for "Bucket" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "Bucket".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: BucketProps): any;
+    /**
+     * Defines a "Bucket" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: BucketProps);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * Bucket is the Schema for the buckets API.
+ *
+ * @schema Bucket
+ */
+export interface BucketProps {
+    /** @schema Bucket#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * BucketSpec specifies the required configuration to produce an Artifact for an object storage
+     * bucket.
+     *
+     * @schema Bucket#spec
+     */
+    spec?: BucketSpec;
+}
+/** Converts an object of type 'BucketProps' to JSON representation. */
+export declare function toJson_BucketProps(obj: BucketProps | undefined): Record<string, any> | undefined;
+/**
+ * BucketSpec specifies the required configuration to produce an Artifact for an object storage
+ * bucket.
+ *
+ * @schema BucketSpec
+ */
+export interface BucketSpec {
+    /**
+     * BucketName is the name of the object storage bucket.
+     *
+     * @schema BucketSpec#bucketName
+     */
+    bucketName: string;
+    /**
+     * CertSecretRef can be given the name of a Secret containing either or both of
+     *
+     * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+     * - A PEM-encoded CA certificate (`ca.crt`)
+     *
+     * And whichever are supplied, will be used for connecting to the bucket. The client cert and
+     * key are useful if you are authenticating with a certificate; the CA cert is useful if you are
+     * using a self-signed server certificate. The Secret must be of type `Opaque` or
+     * `kubernetes.io/tls`.
+     *
+     * This field is only supported for the `generic` provider.
+     *
+     * @schema BucketSpec#certSecretRef
+     */
+    certSecretRef?: BucketSpecCertSecretRef;
+    /**
+     * Endpoint is the object storage address the BucketName is located at.
+     *
+     * @schema BucketSpec#endpoint
+     */
+    endpoint: string;
+    /**
+     * Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same
+     * as .gitignore). If not provided, a default will be used, consult the documentation for your
+     * version to find out what those are.
+     *
+     * @schema BucketSpec#ignore
+     */
+    ignore?: string;
+    /**
+     * Insecure allows connecting to a non-TLS HTTP Endpoint.
+     *
+     * @schema BucketSpec#insecure
+     */
+    insecure?: boolean;
+    /**
+     * Interval at which the Bucket Endpoint is checked for updates. This interval is approximate
+     * and may be subject to jitter to ensure efficient use of resources.
+     *
+     * @schema BucketSpec#interval
+     */
+    interval: string;
+    /**
+     * Prefix to use for server-side filtering of files in the Bucket.
+     *
+     * @schema BucketSpec#prefix
+     */
+    prefix?: string;
+    /**
+     * Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API)
+     * compatible object storage.
+     *
+     * @default generic', which expects an S3 (API) compatible object
+     * @schema BucketSpec#provider
+     */
+    provider?: BucketSpecProvider;
+    /**
+     * ProxySecretRef specifies the Secret containing the proxy configuration to use while
+     * communicating with the Bucket server.
+     *
+     * @schema BucketSpec#proxySecretRef
+     */
+    proxySecretRef?: BucketSpecProxySecretRef;
+    /**
+     * Region of the Endpoint where the BucketName is located in.
+     *
+     * @schema BucketSpec#region
+     */
+    region?: string;
+    /**
+     * SecretRef specifies the Secret containing authentication credentials for the Bucket.
+     *
+     * @schema BucketSpec#secretRef
+     */
+    secretRef?: BucketSpecSecretRef;
+    /**
+     * STS specifies the required configuration to use a Security Token Service for fetching
+     * temporary credentials to authenticate in a Bucket provider.
+     *
+     * This field is only supported for the `aws` and `generic` providers.
+     *
+     * @schema BucketSpec#sts
+     */
+    sts?: BucketSpecSts;
+    /**
+     * Suspend tells the controller to suspend the reconciliation of this Bucket.
+     *
+     * @schema BucketSpec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * Timeout for fetch operations, defaults to 60s.
+     *
+     * @schema BucketSpec#timeout
+     */
+    timeout?: string;
+}
+/** Converts an object of type 'BucketSpec' to JSON representation. */
+export declare function toJson_BucketSpec(obj: BucketSpec | undefined): Record<string, any> | undefined;
+/**
+ * CertSecretRef can be given the name of a Secret containing either or both of
+ *
+ * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+ * - A PEM-encoded CA certificate (`ca.crt`)
+ *
+ * And whichever are supplied, will be used for connecting to the bucket. The client cert and key
+ * are useful if you are authenticating with a certificate; the CA cert is useful if you are using a
+ * self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ *
+ * This field is only supported for the `generic` provider.
+ *
+ * @schema BucketSpecCertSecretRef
+ */
+export interface BucketSpecCertSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketSpecCertSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketSpecCertSecretRef' to JSON representation. */
+export declare function toJson_BucketSpecCertSecretRef(obj: BucketSpecCertSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API)
+ * compatible object storage.
+ *
+ * @default generic', which expects an S3 (API) compatible object
+ * @schema BucketSpecProvider
+ */
+export declare enum BucketSpecProvider {
+    /** Generic */
+    GENERIC = "generic",
+    /** Aws */
+    AWS = "aws",
+    /** Gcp */
+    GCP = "gcp",
+    /** Azure */
+    AZURE = "azure"
+}
+/**
+ * ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating
+ * with the Bucket server.
+ *
+ * @schema BucketSpecProxySecretRef
+ */
+export interface BucketSpecProxySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketSpecProxySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketSpecProxySecretRef' to JSON representation. */
+export declare function toJson_BucketSpecProxySecretRef(obj: BucketSpecProxySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * SecretRef specifies the Secret containing authentication credentials for the Bucket.
+ *
+ * @schema BucketSpecSecretRef
+ */
+export interface BucketSpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketSpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketSpecSecretRef' to JSON representation. */
+export declare function toJson_BucketSpecSecretRef(obj: BucketSpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * STS specifies the required configuration to use a Security Token Service for fetching temporary
+ * credentials to authenticate in a Bucket provider.
+ *
+ * This field is only supported for the `aws` and `generic` providers.
+ *
+ * @schema BucketSpecSts
+ */
+export interface BucketSpecSts {
+    /**
+     * CertSecretRef can be given the name of a Secret containing either or both of
+     *
+     * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+     * - A PEM-encoded CA certificate (`ca.crt`)
+     *
+     * And whichever are supplied, will be used for connecting to the STS endpoint. The client cert
+     * and key are useful if you are authenticating with a certificate; the CA cert is useful if you
+     * are using a self-signed server certificate. The Secret must be of type `Opaque` or
+     * `kubernetes.io/tls`.
+     *
+     * This field is only supported for the `ldap` provider.
+     *
+     * @schema BucketSpecSts#certSecretRef
+     */
+    certSecretRef?: BucketSpecStsCertSecretRef;
+    /**
+     * Endpoint is the HTTP/S endpoint of the Security Token Service from where temporary
+     * credentials will be fetched.
+     *
+     * @schema BucketSpecSts#endpoint
+     */
+    endpoint: string;
+    /**
+     * Provider of the Security Token Service.
+     *
+     * @schema BucketSpecSts#provider
+     */
+    provider: BucketSpecStsProvider;
+    /**
+     * SecretRef specifies the Secret containing authentication credentials for the STS endpoint.
+     * This Secret must contain the fields `username` and `password` and is supported only for the
+     * `ldap` provider.
+     *
+     * @schema BucketSpecSts#secretRef
+     */
+    secretRef?: BucketSpecStsSecretRef;
+}
+/** Converts an object of type 'BucketSpecSts' to JSON representation. */
+export declare function toJson_BucketSpecSts(obj: BucketSpecSts | undefined): Record<string, any> | undefined;
+/**
+ * CertSecretRef can be given the name of a Secret containing either or both of
+ *
+ * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+ * - A PEM-encoded CA certificate (`ca.crt`)
+ *
+ * And whichever are supplied, will be used for connecting to the STS endpoint. The client cert and
+ * key are useful if you are authenticating with a certificate; the CA cert is useful if you are
+ * using a self-signed server certificate. The Secret must be of type `Opaque` or
+ * `kubernetes.io/tls`.
+ *
+ * This field is only supported for the `ldap` provider.
+ *
+ * @schema BucketSpecStsCertSecretRef
+ */
+export interface BucketSpecStsCertSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketSpecStsCertSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketSpecStsCertSecretRef' to JSON representation. */
+export declare function toJson_BucketSpecStsCertSecretRef(obj: BucketSpecStsCertSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Provider of the Security Token Service.
+ *
+ * @schema BucketSpecStsProvider
+ */
+export declare enum BucketSpecStsProvider {
+    /** Aws */
+    AWS = "aws",
+    /** Ldap */
+    LDAP = "ldap"
+}
+/**
+ * SecretRef specifies the Secret containing authentication credentials for the STS endpoint. This
+ * Secret must contain the fields `username` and `password` and is supported only for the `ldap`
+ * provider.
+ *
+ * @schema BucketSpecStsSecretRef
+ */
+export interface BucketSpecStsSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketSpecStsSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketSpecStsSecretRef' to JSON representation. */
+export declare function toJson_BucketSpecStsSecretRef(obj: BucketSpecStsSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Bucket is the Schema for the buckets API
+ *
+ * @schema BucketV1Beta1
+ */
+export declare class BucketV1Beta1 extends ApiObject {
+    /** Returns the apiVersion and kind for "BucketV1Beta1" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "BucketV1Beta1".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: BucketV1Beta1Props): any;
+    /**
+     * Defines a "BucketV1Beta1" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: BucketV1Beta1Props);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * Bucket is the Schema for the buckets API
+ *
+ * @schema BucketV1Beta1
+ */
+export interface BucketV1Beta1Props {
+    /** @schema BucketV1Beta1#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * BucketSpec defines the desired state of an S3 compatible bucket
+     *
+     * @schema BucketV1Beta1#spec
+     */
+    spec?: BucketV1Beta1Spec;
+}
+/** Converts an object of type 'BucketV1Beta1Props' to JSON representation. */
+export declare function toJson_BucketV1Beta1Props(obj: BucketV1Beta1Props | undefined): Record<string, any> | undefined;
+/**
+ * BucketSpec defines the desired state of an S3 compatible bucket
+ *
+ * @schema BucketV1Beta1Spec
+ */
+export interface BucketV1Beta1Spec {
+    /**
+     * AccessFrom defines an Access Control List for allowing cross-namespace references to this
+     * object.
+     *
+     * @schema BucketV1Beta1Spec#accessFrom
+     */
+    accessFrom?: BucketV1Beta1SpecAccessFrom;
+    /**
+     * The bucket name.
+     *
+     * @schema BucketV1Beta1Spec#bucketName
+     */
+    bucketName: string;
+    /**
+     * The bucket endpoint address.
+     *
+     * @schema BucketV1Beta1Spec#endpoint
+     */
+    endpoint: string;
+    /**
+     * Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same
+     * as .gitignore). If not provided, a default will be used, consult the documentation for your
+     * version to find out what those are.
+     *
+     * @schema BucketV1Beta1Spec#ignore
+     */
+    ignore?: string;
+    /**
+     * Insecure allows connecting to a non-TLS S3 HTTP endpoint.
+     *
+     * @schema BucketV1Beta1Spec#insecure
+     */
+    insecure?: boolean;
+    /**
+     * The interval at which to check for bucket updates.
+     *
+     * @schema BucketV1Beta1Spec#interval
+     */
+    interval: string;
+    /**
+     * The S3 compatible storage provider name, default ('generic').
+     *
+     * @schema BucketV1Beta1Spec#provider
+     */
+    provider?: BucketV1Beta1SpecProvider;
+    /**
+     * The bucket region.
+     *
+     * @schema BucketV1Beta1Spec#region
+     */
+    region?: string;
+    /**
+     * The name of the secret containing authentication credentials for the Bucket.
+     *
+     * @schema BucketV1Beta1Spec#secretRef
+     */
+    secretRef?: BucketV1Beta1SpecSecretRef;
+    /**
+     * This flag tells the controller to suspend the reconciliation of this source.
+     *
+     * @schema BucketV1Beta1Spec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * The timeout for download operations, defaults to 60s.
+     *
+     * @schema BucketV1Beta1Spec#timeout
+     */
+    timeout?: string;
+}
+/** Converts an object of type 'BucketV1Beta1Spec' to JSON representation. */
+export declare function toJson_BucketV1Beta1Spec(obj: BucketV1Beta1Spec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
+ *
+ * @schema BucketV1Beta1SpecAccessFrom
+ */
+export interface BucketV1Beta1SpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema BucketV1Beta1SpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: BucketV1Beta1SpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'BucketV1Beta1SpecAccessFrom' to JSON representation. */
+export declare function toJson_BucketV1Beta1SpecAccessFrom(obj: BucketV1Beta1SpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * The S3 compatible storage provider name, default ('generic').
+ *
+ * @schema BucketV1Beta1SpecProvider
+ */
+export declare enum BucketV1Beta1SpecProvider {
+    /** Generic */
+    GENERIC = "generic",
+    /** Aws */
+    AWS = "aws",
+    /** Gcp */
+    GCP = "gcp"
+}
+/**
+ * The name of the secret containing authentication credentials for the Bucket.
+ *
+ * @schema BucketV1Beta1SpecSecretRef
+ */
+export interface BucketV1Beta1SpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketV1Beta1SpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketV1Beta1SpecSecretRef' to JSON representation. */
+export declare function toJson_BucketV1Beta1SpecSecretRef(obj: BucketV1Beta1SpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema BucketV1Beta1SpecAccessFromNamespaceSelectors
+ */
+export interface BucketV1Beta1SpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema BucketV1Beta1SpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'BucketV1Beta1SpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_BucketV1Beta1SpecAccessFromNamespaceSelectors(obj: BucketV1Beta1SpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * Bucket is the Schema for the buckets API.
+ *
+ * @schema BucketV1Beta2
+ */
+export declare class BucketV1Beta2 extends ApiObject {
+    /** Returns the apiVersion and kind for "BucketV1Beta2" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "BucketV1Beta2".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: BucketV1Beta2Props): any;
+    /**
+     * Defines a "BucketV1Beta2" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: BucketV1Beta2Props);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * Bucket is the Schema for the buckets API.
+ *
+ * @schema BucketV1Beta2
+ */
+export interface BucketV1Beta2Props {
+    /** @schema BucketV1Beta2#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * BucketSpec specifies the required configuration to produce an Artifact for an object storage
+     * bucket.
+     *
+     * @schema BucketV1Beta2#spec
+     */
+    spec?: BucketV1Beta2Spec;
+}
+/** Converts an object of type 'BucketV1Beta2Props' to JSON representation. */
+export declare function toJson_BucketV1Beta2Props(obj: BucketV1Beta2Props | undefined): Record<string, any> | undefined;
+/**
+ * BucketSpec specifies the required configuration to produce an Artifact for an object storage
+ * bucket.
+ *
+ * @schema BucketV1Beta2Spec
+ */
+export interface BucketV1Beta2Spec {
+    /**
+     * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+     * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+     *
+     * @schema BucketV1Beta2Spec#accessFrom
+     */
+    accessFrom?: BucketV1Beta2SpecAccessFrom;
+    /**
+     * BucketName is the name of the object storage bucket.
+     *
+     * @schema BucketV1Beta2Spec#bucketName
+     */
+    bucketName: string;
+    /**
+     * CertSecretRef can be given the name of a Secret containing either or both of
+     *
+     * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+     * - A PEM-encoded CA certificate (`ca.crt`)
+     *
+     * And whichever are supplied, will be used for connecting to the bucket. The client cert and
+     * key are useful if you are authenticating with a certificate; the CA cert is useful if you are
+     * using a self-signed server certificate. The Secret must be of type `Opaque` or
+     * `kubernetes.io/tls`.
+     *
+     * This field is only supported for the `generic` provider.
+     *
+     * @schema BucketV1Beta2Spec#certSecretRef
+     */
+    certSecretRef?: BucketV1Beta2SpecCertSecretRef;
+    /**
+     * Endpoint is the object storage address the BucketName is located at.
+     *
+     * @schema BucketV1Beta2Spec#endpoint
+     */
+    endpoint: string;
+    /**
+     * Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same
+     * as .gitignore). If not provided, a default will be used, consult the documentation for your
+     * version to find out what those are.
+     *
+     * @schema BucketV1Beta2Spec#ignore
+     */
+    ignore?: string;
+    /**
+     * Insecure allows connecting to a non-TLS HTTP Endpoint.
+     *
+     * @schema BucketV1Beta2Spec#insecure
+     */
+    insecure?: boolean;
+    /**
+     * Interval at which the Bucket Endpoint is checked for updates. This interval is approximate
+     * and may be subject to jitter to ensure efficient use of resources.
+     *
+     * @schema BucketV1Beta2Spec#interval
+     */
+    interval: string;
+    /**
+     * Prefix to use for server-side filtering of files in the Bucket.
+     *
+     * @schema BucketV1Beta2Spec#prefix
+     */
+    prefix?: string;
+    /**
+     * Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API)
+     * compatible object storage.
+     *
+     * @default generic', which expects an S3 (API) compatible object
+     * @schema BucketV1Beta2Spec#provider
+     */
+    provider?: BucketV1Beta2SpecProvider;
+    /**
+     * ProxySecretRef specifies the Secret containing the proxy configuration to use while
+     * communicating with the Bucket server.
+     *
+     * @schema BucketV1Beta2Spec#proxySecretRef
+     */
+    proxySecretRef?: BucketV1Beta2SpecProxySecretRef;
+    /**
+     * Region of the Endpoint where the BucketName is located in.
+     *
+     * @schema BucketV1Beta2Spec#region
+     */
+    region?: string;
+    /**
+     * SecretRef specifies the Secret containing authentication credentials for the Bucket.
+     *
+     * @schema BucketV1Beta2Spec#secretRef
+     */
+    secretRef?: BucketV1Beta2SpecSecretRef;
+    /**
+     * STS specifies the required configuration to use a Security Token Service for fetching
+     * temporary credentials to authenticate in a Bucket provider.
+     *
+     * This field is only supported for the `aws` and `generic` providers.
+     *
+     * @schema BucketV1Beta2Spec#sts
+     */
+    sts?: BucketV1Beta2SpecSts;
+    /**
+     * Suspend tells the controller to suspend the reconciliation of this Bucket.
+     *
+     * @schema BucketV1Beta2Spec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * Timeout for fetch operations, defaults to 60s.
+     *
+     * @schema BucketV1Beta2Spec#timeout
+     */
+    timeout?: string;
+}
+/** Converts an object of type 'BucketV1Beta2Spec' to JSON representation. */
+export declare function toJson_BucketV1Beta2Spec(obj: BucketV1Beta2Spec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+ * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+ *
+ * @schema BucketV1Beta2SpecAccessFrom
+ */
+export interface BucketV1Beta2SpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema BucketV1Beta2SpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: BucketV1Beta2SpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'BucketV1Beta2SpecAccessFrom' to JSON representation. */
+export declare function toJson_BucketV1Beta2SpecAccessFrom(obj: BucketV1Beta2SpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * CertSecretRef can be given the name of a Secret containing either or both of
+ *
+ * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+ * - A PEM-encoded CA certificate (`ca.crt`)
+ *
+ * And whichever are supplied, will be used for connecting to the bucket. The client cert and key
+ * are useful if you are authenticating with a certificate; the CA cert is useful if you are using a
+ * self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ *
+ * This field is only supported for the `generic` provider.
+ *
+ * @schema BucketV1Beta2SpecCertSecretRef
+ */
+export interface BucketV1Beta2SpecCertSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketV1Beta2SpecCertSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketV1Beta2SpecCertSecretRef' to JSON representation. */
+export declare function toJson_BucketV1Beta2SpecCertSecretRef(obj: BucketV1Beta2SpecCertSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API)
+ * compatible object storage.
+ *
+ * @default generic', which expects an S3 (API) compatible object
+ * @schema BucketV1Beta2SpecProvider
+ */
+export declare enum BucketV1Beta2SpecProvider {
+    /** Generic */
+    GENERIC = "generic",
+    /** Aws */
+    AWS = "aws",
+    /** Gcp */
+    GCP = "gcp",
+    /** Azure */
+    AZURE = "azure"
+}
+/**
+ * ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating
+ * with the Bucket server.
+ *
+ * @schema BucketV1Beta2SpecProxySecretRef
+ */
+export interface BucketV1Beta2SpecProxySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketV1Beta2SpecProxySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketV1Beta2SpecProxySecretRef' to JSON representation. */
+export declare function toJson_BucketV1Beta2SpecProxySecretRef(obj: BucketV1Beta2SpecProxySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * SecretRef specifies the Secret containing authentication credentials for the Bucket.
+ *
+ * @schema BucketV1Beta2SpecSecretRef
+ */
+export interface BucketV1Beta2SpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketV1Beta2SpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketV1Beta2SpecSecretRef' to JSON representation. */
+export declare function toJson_BucketV1Beta2SpecSecretRef(obj: BucketV1Beta2SpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * STS specifies the required configuration to use a Security Token Service for fetching temporary
+ * credentials to authenticate in a Bucket provider.
+ *
+ * This field is only supported for the `aws` and `generic` providers.
+ *
+ * @schema BucketV1Beta2SpecSts
+ */
+export interface BucketV1Beta2SpecSts {
+    /**
+     * CertSecretRef can be given the name of a Secret containing either or both of
+     *
+     * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+     * - A PEM-encoded CA certificate (`ca.crt`)
+     *
+     * And whichever are supplied, will be used for connecting to the STS endpoint. The client cert
+     * and key are useful if you are authenticating with a certificate; the CA cert is useful if you
+     * are using a self-signed server certificate. The Secret must be of type `Opaque` or
+     * `kubernetes.io/tls`.
+     *
+     * This field is only supported for the `ldap` provider.
+     *
+     * @schema BucketV1Beta2SpecSts#certSecretRef
+     */
+    certSecretRef?: BucketV1Beta2SpecStsCertSecretRef;
+    /**
+     * Endpoint is the HTTP/S endpoint of the Security Token Service from where temporary
+     * credentials will be fetched.
+     *
+     * @schema BucketV1Beta2SpecSts#endpoint
+     */
+    endpoint: string;
+    /**
+     * Provider of the Security Token Service.
+     *
+     * @schema BucketV1Beta2SpecSts#provider
+     */
+    provider: BucketV1Beta2SpecStsProvider;
+    /**
+     * SecretRef specifies the Secret containing authentication credentials for the STS endpoint.
+     * This Secret must contain the fields `username` and `password` and is supported only for the
+     * `ldap` provider.
+     *
+     * @schema BucketV1Beta2SpecSts#secretRef
+     */
+    secretRef?: BucketV1Beta2SpecStsSecretRef;
+}
+/** Converts an object of type 'BucketV1Beta2SpecSts' to JSON representation. */
+export declare function toJson_BucketV1Beta2SpecSts(obj: BucketV1Beta2SpecSts | undefined): Record<string, any> | undefined;
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema BucketV1Beta2SpecAccessFromNamespaceSelectors
+ */
+export interface BucketV1Beta2SpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema BucketV1Beta2SpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'BucketV1Beta2SpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_BucketV1Beta2SpecAccessFromNamespaceSelectors(obj: BucketV1Beta2SpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * CertSecretRef can be given the name of a Secret containing either or both of
+ *
+ * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+ * - A PEM-encoded CA certificate (`ca.crt`)
+ *
+ * And whichever are supplied, will be used for connecting to the STS endpoint. The client cert and
+ * key are useful if you are authenticating with a certificate; the CA cert is useful if you are
+ * using a self-signed server certificate. The Secret must be of type `Opaque` or
+ * `kubernetes.io/tls`.
+ *
+ * This field is only supported for the `ldap` provider.
+ *
+ * @schema BucketV1Beta2SpecStsCertSecretRef
+ */
+export interface BucketV1Beta2SpecStsCertSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketV1Beta2SpecStsCertSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketV1Beta2SpecStsCertSecretRef' to JSON representation. */
+export declare function toJson_BucketV1Beta2SpecStsCertSecretRef(obj: BucketV1Beta2SpecStsCertSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Provider of the Security Token Service.
+ *
+ * @schema BucketV1Beta2SpecStsProvider
+ */
+export declare enum BucketV1Beta2SpecStsProvider {
+    /** Aws */
+    AWS = "aws",
+    /** Ldap */
+    LDAP = "ldap"
+}
+/**
+ * SecretRef specifies the Secret containing authentication credentials for the STS endpoint. This
+ * Secret must contain the fields `username` and `password` and is supported only for the `ldap`
+ * provider.
+ *
+ * @schema BucketV1Beta2SpecStsSecretRef
+ */
+export interface BucketV1Beta2SpecStsSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema BucketV1Beta2SpecStsSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'BucketV1Beta2SpecStsSecretRef' to JSON representation. */
+export declare function toJson_BucketV1Beta2SpecStsSecretRef(obj: BucketV1Beta2SpecStsSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * GitRepository is the Schema for the gitrepositories API.
+ *
+ * @schema GitRepository
+ */
+export declare class GitRepository extends ApiObject {
+    /** Returns the apiVersion and kind for "GitRepository" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "GitRepository".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: GitRepositoryProps): any;
+    /**
+     * Defines a "GitRepository" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: GitRepositoryProps);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * GitRepository is the Schema for the gitrepositories API.
+ *
+ * @schema GitRepository
+ */
+export interface GitRepositoryProps {
+    /** @schema GitRepository#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * GitRepositorySpec specifies the required configuration to produce an Artifact for a Git
+     * repository.
+     *
+     * @schema GitRepository#spec
+     */
+    spec?: GitRepositorySpec;
+}
+/** Converts an object of type 'GitRepositoryProps' to JSON representation. */
+export declare function toJson_GitRepositoryProps(obj: GitRepositoryProps | undefined): Record<string, any> | undefined;
+/**
+ * GitRepositorySpec specifies the required configuration to produce an Artifact for a Git
+ * repository.
+ *
+ * @schema GitRepositorySpec
+ */
+export interface GitRepositorySpec {
+    /**
+     * Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same
+     * as .gitignore). If not provided, a default will be used, consult the documentation for your
+     * version to find out what those are.
+     *
+     * @schema GitRepositorySpec#ignore
+     */
+    ignore?: string;
+    /**
+     * Include specifies a list of GitRepository resources which Artifacts should be included in the
+     * Artifact produced for this GitRepository.
+     *
+     * @schema GitRepositorySpec#include
+     */
+    include?: GitRepositorySpecInclude[];
+    /**
+     * Interval at which the GitRepository URL is checked for updates. This interval is approximate
+     * and may be subject to jitter to ensure efficient use of resources.
+     *
+     * @schema GitRepositorySpec#interval
+     */
+    interval: string;
+    /**
+     * Provider used for authentication, can be 'azure', 'github', 'generic'. When not specified,
+     * defaults to 'generic'.
+     *
+     * @schema GitRepositorySpec#provider
+     */
+    provider?: GitRepositorySpecProvider;
+    /**
+     * ProxySecretRef specifies the Secret containing the proxy configuration to use while
+     * communicating with the Git server.
+     *
+     * @schema GitRepositorySpec#proxySecretRef
+     */
+    proxySecretRef?: GitRepositorySpecProxySecretRef;
+    /**
+     * RecurseSubmodules enables the initialization of all submodules within the GitRepository as
+     * cloned from the URL, using their default settings.
+     *
+     * @schema GitRepositorySpec#recurseSubmodules
+     */
+    recurseSubmodules?: boolean;
+    /**
+     * Reference specifies the Git reference to resolve and monitor for changes, defaults to the
+     * 'master' branch.
+     *
+     * @schema GitRepositorySpec#ref
+     */
+    ref?: GitRepositorySpecRef;
+    /**
+     * SecretRef specifies the Secret containing authentication credentials for the GitRepository.
+     * For HTTPS repositories the Secret must contain 'username' and 'password' fields for basic
+     * auth or 'bearerToken' field for token auth. For SSH repositories the Secret must contain
+     * 'identity' and 'known_hosts' fields.
+     *
+     * @schema GitRepositorySpec#secretRef
+     */
+    secretRef?: GitRepositorySpecSecretRef;
+    /**
+     * Suspend tells the controller to suspend the reconciliation of this GitRepository.
+     *
+     * @schema GitRepositorySpec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * Timeout for Git operations like cloning, defaults to 60s.
+     *
+     * @schema GitRepositorySpec#timeout
+     */
+    timeout?: string;
+    /**
+     * URL specifies the Git repository URL, it can be an HTTP/S or SSH address.
+     *
+     * @schema GitRepositorySpec#url
+     */
+    url: string;
+    /**
+     * Verification specifies the configuration to verify the Git commit signature(s).
+     *
+     * @schema GitRepositorySpec#verify
+     */
+    verify?: GitRepositorySpecVerify;
+}
+/** Converts an object of type 'GitRepositorySpec' to JSON representation. */
+export declare function toJson_GitRepositorySpec(obj: GitRepositorySpec | undefined): Record<string, any> | undefined;
+/**
+ * GitRepositoryInclude specifies a local reference to a GitRepository which Artifact (sub-)contents
+ * must be included, and where they should be placed.
+ *
+ * @schema GitRepositorySpecInclude
+ */
+export interface GitRepositorySpecInclude {
+    /**
+     * FromPath specifies the path to copy contents from, defaults to the root of the Artifact.
+     *
+     * @schema GitRepositorySpecInclude#fromPath
+     */
+    fromPath?: string;
+    /**
+     * GitRepositoryRef specifies the GitRepository which Artifact contents must be included.
+     *
+     * @schema GitRepositorySpecInclude#repository
+     */
+    repository: GitRepositorySpecIncludeRepository;
+    /**
+     * ToPath specifies the path to copy contents to, defaults to the name of the GitRepositoryRef.
+     *
+     * @schema GitRepositorySpecInclude#toPath
+     */
+    toPath?: string;
+}
+/** Converts an object of type 'GitRepositorySpecInclude' to JSON representation. */
+export declare function toJson_GitRepositorySpecInclude(obj: GitRepositorySpecInclude | undefined): Record<string, any> | undefined;
+/**
+ * Provider used for authentication, can be 'azure', 'github', 'generic'. When not specified,
+ * defaults to 'generic'.
+ *
+ * @schema GitRepositorySpecProvider
+ */
+export declare enum GitRepositorySpecProvider {
+    /** Generic */
+    GENERIC = "generic",
+    /** Azure */
+    AZURE = "azure",
+    /** Github */
+    GITHUB = "github"
+}
+/**
+ * ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating
+ * with the Git server.
+ *
+ * @schema GitRepositorySpecProxySecretRef
+ */
+export interface GitRepositorySpecProxySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositorySpecProxySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositorySpecProxySecretRef' to JSON representation. */
+export declare function toJson_GitRepositorySpecProxySecretRef(obj: GitRepositorySpecProxySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Reference specifies the Git reference to resolve and monitor for changes, defaults to the
+ * 'master' branch.
+ *
+ * @schema GitRepositorySpecRef
+ */
+export interface GitRepositorySpecRef {
+    /**
+     * Branch to check out, defaults to 'master' if no other field is defined.
+     *
+     * @schema GitRepositorySpecRef#branch
+     */
+    branch?: string;
+    /**
+     * Commit SHA to check out, takes precedence over all reference fields.
+     *
+     * This can be combined with Branch to shallow clone the branch, in which the commit is expected
+     * to exist.
+     *
+     * @schema GitRepositorySpecRef#commit
+     */
+    commit?: string;
+    /**
+     * Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
+     *
+     * It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
+     * Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head",
+     * "refs/merge-requests/1/head"
+     *
+     * @schema GitRepositorySpecRef#name
+     */
+    name?: string;
+    /**
+     * SemVer tag expression to check out, takes precedence over Tag.
+     *
+     * @schema GitRepositorySpecRef#semver
+     */
+    semver?: string;
+    /**
+     * Tag to check out, takes precedence over Branch.
+     *
+     * @schema GitRepositorySpecRef#tag
+     */
+    tag?: string;
+}
+/** Converts an object of type 'GitRepositorySpecRef' to JSON representation. */
+export declare function toJson_GitRepositorySpecRef(obj: GitRepositorySpecRef | undefined): Record<string, any> | undefined;
+/**
+ * SecretRef specifies the Secret containing authentication credentials for the GitRepository. For
+ * HTTPS repositories the Secret must contain 'username' and 'password' fields for basic auth or
+ * 'bearerToken' field for token auth. For SSH repositories the Secret must contain 'identity' and
+ * 'known_hosts' fields.
+ *
+ * @schema GitRepositorySpecSecretRef
+ */
+export interface GitRepositorySpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositorySpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositorySpecSecretRef' to JSON representation. */
+export declare function toJson_GitRepositorySpecSecretRef(obj: GitRepositorySpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Verification specifies the configuration to verify the Git commit signature(s).
+ *
+ * @schema GitRepositorySpecVerify
+ */
+export interface GitRepositorySpecVerify {
+    /**
+     * Mode specifies which Git object(s) should be verified.
+     *
+     * The variants "head" and "HEAD" both imply the same thing, i.e. verify the commit that the
+     * HEAD of the Git repository points to. The variant "head" solely exists to ensure backwards
+     * compatibility.
+     *
+     * @schema GitRepositorySpecVerify#mode
+     */
+    mode?: GitRepositorySpecVerifyMode;
+    /**
+     * SecretRef specifies the Secret containing the public keys of trusted Git authors.
+     *
+     * @schema GitRepositorySpecVerify#secretRef
+     */
+    secretRef: GitRepositorySpecVerifySecretRef;
+}
+/** Converts an object of type 'GitRepositorySpecVerify' to JSON representation. */
+export declare function toJson_GitRepositorySpecVerify(obj: GitRepositorySpecVerify | undefined): Record<string, any> | undefined;
+/**
+ * GitRepositoryRef specifies the GitRepository which Artifact contents must be included.
+ *
+ * @schema GitRepositorySpecIncludeRepository
+ */
+export interface GitRepositorySpecIncludeRepository {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositorySpecIncludeRepository#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositorySpecIncludeRepository' to JSON representation. */
+export declare function toJson_GitRepositorySpecIncludeRepository(obj: GitRepositorySpecIncludeRepository | undefined): Record<string, any> | undefined;
+/**
+ * Mode specifies which Git object(s) should be verified.
+ *
+ * The variants "head" and "HEAD" both imply the same thing, i.e. verify the commit that the HEAD of
+ * the Git repository points to. The variant "head" solely exists to ensure backwards
+ * compatibility.
+ *
+ * @schema GitRepositorySpecVerifyMode
+ */
+export declare enum GitRepositorySpecVerifyMode {
+    /** Head */
+    HEAD = "head",
+    /** Tag */
+    TAG = "Tag",
+    /** TagAndHEAD */
+    TAG_AND_HEAD = "TagAndHEAD"
+}
+/**
+ * SecretRef specifies the Secret containing the public keys of trusted Git authors.
+ *
+ * @schema GitRepositorySpecVerifySecretRef
+ */
+export interface GitRepositorySpecVerifySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositorySpecVerifySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositorySpecVerifySecretRef' to JSON representation. */
+export declare function toJson_GitRepositorySpecVerifySecretRef(obj: GitRepositorySpecVerifySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * GitRepository is the Schema for the gitrepositories API
+ *
+ * @schema GitRepositoryV1Beta1
+ */
+export declare class GitRepositoryV1Beta1 extends ApiObject {
+    /** Returns the apiVersion and kind for "GitRepositoryV1Beta1" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "GitRepositoryV1Beta1".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: GitRepositoryV1Beta1Props): any;
+    /**
+     * Defines a "GitRepositoryV1Beta1" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: GitRepositoryV1Beta1Props);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * GitRepository is the Schema for the gitrepositories API
+ *
+ * @schema GitRepositoryV1Beta1
+ */
+export interface GitRepositoryV1Beta1Props {
+    /** @schema GitRepositoryV1Beta1#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * GitRepositorySpec defines the desired state of a Git repository.
+     *
+     * @schema GitRepositoryV1Beta1#spec
+     */
+    spec?: GitRepositoryV1Beta1Spec;
+}
+/** Converts an object of type 'GitRepositoryV1Beta1Props' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1Props(obj: GitRepositoryV1Beta1Props | undefined): Record<string, any> | undefined;
+/**
+ * GitRepositorySpec defines the desired state of a Git repository.
+ *
+ * @schema GitRepositoryV1Beta1Spec
+ */
+export interface GitRepositoryV1Beta1Spec {
+    /**
+     * AccessFrom defines an Access Control List for allowing cross-namespace references to this
+     * object.
+     *
+     * @schema GitRepositoryV1Beta1Spec#accessFrom
+     */
+    accessFrom?: GitRepositoryV1Beta1SpecAccessFrom;
+    /**
+     * Determines which git client library to use. Defaults to go-git, valid values are ('go-git',
+     * 'libgit2').
+     *
+     * @default go-git, valid values are ('go-git', 'libgit2').
+     * @schema GitRepositoryV1Beta1Spec#gitImplementation
+     */
+    gitImplementation?: GitRepositoryV1Beta1SpecGitImplementation;
+    /**
+     * Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same
+     * as .gitignore). If not provided, a default will be used, consult the documentation for your
+     * version to find out what those are.
+     *
+     * @schema GitRepositoryV1Beta1Spec#ignore
+     */
+    ignore?: string;
+    /**
+     * Extra git repositories to map into the repository
+     *
+     * @schema GitRepositoryV1Beta1Spec#include
+     */
+    include?: GitRepositoryV1Beta1SpecInclude[];
+    /**
+     * The interval at which to check for repository updates.
+     *
+     * @schema GitRepositoryV1Beta1Spec#interval
+     */
+    interval: string;
+    /**
+     * When enabled, after the clone is created, initializes all submodules within, using their
+     * default settings. This option is available only when using the 'go-git' GitImplementation.
+     *
+     * @schema GitRepositoryV1Beta1Spec#recurseSubmodules
+     */
+    recurseSubmodules?: boolean;
+    /**
+     * The Git reference to checkout and monitor for changes, defaults to master branch.
+     *
+     * @schema GitRepositoryV1Beta1Spec#ref
+     */
+    ref?: GitRepositoryV1Beta1SpecRef;
+    /**
+     * The secret name containing the Git credentials. For HTTPS repositories the secret must
+     * contain username and password fields. For SSH repositories the secret must contain identity
+     * and known_hosts fields.
+     *
+     * @schema GitRepositoryV1Beta1Spec#secretRef
+     */
+    secretRef?: GitRepositoryV1Beta1SpecSecretRef;
+    /**
+     * This flag tells the controller to suspend the reconciliation of this source.
+     *
+     * @schema GitRepositoryV1Beta1Spec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * The timeout for remote Git operations like cloning, defaults to 60s.
+     *
+     * @schema GitRepositoryV1Beta1Spec#timeout
+     */
+    timeout?: string;
+    /**
+     * The repository URL, can be a HTTP/S or SSH address.
+     *
+     * @schema GitRepositoryV1Beta1Spec#url
+     */
+    url: string;
+    /**
+     * Verify OpenPGP signature for the Git commit HEAD points to.
+     *
+     * @schema GitRepositoryV1Beta1Spec#verify
+     */
+    verify?: GitRepositoryV1Beta1SpecVerify;
+}
+/** Converts an object of type 'GitRepositoryV1Beta1Spec' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1Spec(obj: GitRepositoryV1Beta1Spec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
+ *
+ * @schema GitRepositoryV1Beta1SpecAccessFrom
+ */
+export interface GitRepositoryV1Beta1SpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema GitRepositoryV1Beta1SpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: GitRepositoryV1Beta1SpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'GitRepositoryV1Beta1SpecAccessFrom' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1SpecAccessFrom(obj: GitRepositoryV1Beta1SpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * Determines which git client library to use. Defaults to go-git, valid values are ('go-git',
+ * 'libgit2').
+ *
+ * @default go-git, valid values are ('go-git', 'libgit2').
+ * @schema GitRepositoryV1Beta1SpecGitImplementation
+ */
+export declare enum GitRepositoryV1Beta1SpecGitImplementation {
+    /** Go-git */
+    GO_HYPHEN_GIT = "go-git",
+    /** Libgit2 */
+    LIBGIT2 = "libgit2"
+}
+/**
+ * GitRepositoryInclude defines a source with a from and to path.
+ *
+ * @schema GitRepositoryV1Beta1SpecInclude
+ */
+export interface GitRepositoryV1Beta1SpecInclude {
+    /**
+     * The path to copy contents from, defaults to the root directory.
+     *
+     * @schema GitRepositoryV1Beta1SpecInclude#fromPath
+     */
+    fromPath?: string;
+    /**
+     * Reference to a GitRepository to include.
+     *
+     * @schema GitRepositoryV1Beta1SpecInclude#repository
+     */
+    repository: GitRepositoryV1Beta1SpecIncludeRepository;
+    /**
+     * The path to copy contents to, defaults to the name of the source ref.
+     *
+     * @schema GitRepositoryV1Beta1SpecInclude#toPath
+     */
+    toPath?: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta1SpecInclude' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1SpecInclude(obj: GitRepositoryV1Beta1SpecInclude | undefined): Record<string, any> | undefined;
+/**
+ * The Git reference to checkout and monitor for changes, defaults to master branch.
+ *
+ * @schema GitRepositoryV1Beta1SpecRef
+ */
+export interface GitRepositoryV1Beta1SpecRef {
+    /**
+     * The Git branch to checkout, defaults to master.
+     *
+     * @schema GitRepositoryV1Beta1SpecRef#branch
+     */
+    branch?: string;
+    /**
+     * The Git commit SHA to checkout, if specified Tag filters will be ignored.
+     *
+     * @schema GitRepositoryV1Beta1SpecRef#commit
+     */
+    commit?: string;
+    /**
+     * The Git tag semver expression, takes precedence over Tag.
+     *
+     * @schema GitRepositoryV1Beta1SpecRef#semver
+     */
+    semver?: string;
+    /**
+     * The Git tag to checkout, takes precedence over Branch.
+     *
+     * @schema GitRepositoryV1Beta1SpecRef#tag
+     */
+    tag?: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta1SpecRef' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1SpecRef(obj: GitRepositoryV1Beta1SpecRef | undefined): Record<string, any> | undefined;
+/**
+ * The secret name containing the Git credentials. For HTTPS repositories the secret must contain
+ * username and password fields. For SSH repositories the secret must contain identity and
+ * known_hosts fields.
+ *
+ * @schema GitRepositoryV1Beta1SpecSecretRef
+ */
+export interface GitRepositoryV1Beta1SpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositoryV1Beta1SpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta1SpecSecretRef' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1SpecSecretRef(obj: GitRepositoryV1Beta1SpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Verify OpenPGP signature for the Git commit HEAD points to.
+ *
+ * @schema GitRepositoryV1Beta1SpecVerify
+ */
+export interface GitRepositoryV1Beta1SpecVerify {
+    /**
+     * Mode describes what git object should be verified, currently ('head').
+     *
+     * @schema GitRepositoryV1Beta1SpecVerify#mode
+     */
+    mode: GitRepositoryV1Beta1SpecVerifyMode;
+    /**
+     * The secret name containing the public keys of all trusted Git authors.
+     *
+     * @schema GitRepositoryV1Beta1SpecVerify#secretRef
+     */
+    secretRef?: GitRepositoryV1Beta1SpecVerifySecretRef;
+}
+/** Converts an object of type 'GitRepositoryV1Beta1SpecVerify' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1SpecVerify(obj: GitRepositoryV1Beta1SpecVerify | undefined): Record<string, any> | undefined;
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema GitRepositoryV1Beta1SpecAccessFromNamespaceSelectors
+ */
+export interface GitRepositoryV1Beta1SpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema GitRepositoryV1Beta1SpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'GitRepositoryV1Beta1SpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_GitRepositoryV1Beta1SpecAccessFromNamespaceSelectors(obj: GitRepositoryV1Beta1SpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * Reference to a GitRepository to include.
+ *
+ * @schema GitRepositoryV1Beta1SpecIncludeRepository
+ */
+export interface GitRepositoryV1Beta1SpecIncludeRepository {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositoryV1Beta1SpecIncludeRepository#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta1SpecIncludeRepository' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1SpecIncludeRepository(obj: GitRepositoryV1Beta1SpecIncludeRepository | undefined): Record<string, any> | undefined;
+/**
+ * Mode describes what git object should be verified, currently ('head').
+ *
+ * @schema GitRepositoryV1Beta1SpecVerifyMode
+ */
+export declare enum GitRepositoryV1Beta1SpecVerifyMode {
+    /** Head */
+    HEAD = "head"
+}
+/**
+ * The secret name containing the public keys of all trusted Git authors.
+ *
+ * @schema GitRepositoryV1Beta1SpecVerifySecretRef
+ */
+export interface GitRepositoryV1Beta1SpecVerifySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositoryV1Beta1SpecVerifySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta1SpecVerifySecretRef' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta1SpecVerifySecretRef(obj: GitRepositoryV1Beta1SpecVerifySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * GitRepository is the Schema for the gitrepositories API.
+ *
+ * @schema GitRepositoryV1Beta2
+ */
+export declare class GitRepositoryV1Beta2 extends ApiObject {
+    /** Returns the apiVersion and kind for "GitRepositoryV1Beta2" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "GitRepositoryV1Beta2".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: GitRepositoryV1Beta2Props): any;
+    /**
+     * Defines a "GitRepositoryV1Beta2" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: GitRepositoryV1Beta2Props);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * GitRepository is the Schema for the gitrepositories API.
+ *
+ * @schema GitRepositoryV1Beta2
+ */
+export interface GitRepositoryV1Beta2Props {
+    /** @schema GitRepositoryV1Beta2#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * GitRepositorySpec specifies the required configuration to produce an Artifact for a Git
+     * repository.
+     *
+     * @schema GitRepositoryV1Beta2#spec
+     */
+    spec?: GitRepositoryV1Beta2Spec;
+}
+/** Converts an object of type 'GitRepositoryV1Beta2Props' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2Props(obj: GitRepositoryV1Beta2Props | undefined): Record<string, any> | undefined;
+/**
+ * GitRepositorySpec specifies the required configuration to produce an Artifact for a Git
+ * repository.
+ *
+ * @schema GitRepositoryV1Beta2Spec
+ */
+export interface GitRepositoryV1Beta2Spec {
+    /**
+     * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+     * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+     *
+     * @schema GitRepositoryV1Beta2Spec#accessFrom
+     */
+    accessFrom?: GitRepositoryV1Beta2SpecAccessFrom;
+    /**
+     * GitImplementation specifies which Git client library implementation to use. Defaults to
+     * 'go-git', valid values are ('go-git', 'libgit2'). Deprecated: gitImplementation is deprecated
+     * now that 'go-git' is the only supported implementation.
+     *
+     * @default go-git', valid values are ('go-git', 'libgit2').
+     * @schema GitRepositoryV1Beta2Spec#gitImplementation
+     */
+    gitImplementation?: GitRepositoryV1Beta2SpecGitImplementation;
+    /**
+     * Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same
+     * as .gitignore). If not provided, a default will be used, consult the documentation for your
+     * version to find out what those are.
+     *
+     * @schema GitRepositoryV1Beta2Spec#ignore
+     */
+    ignore?: string;
+    /**
+     * Include specifies a list of GitRepository resources which Artifacts should be included in the
+     * Artifact produced for this GitRepository.
+     *
+     * @schema GitRepositoryV1Beta2Spec#include
+     */
+    include?: GitRepositoryV1Beta2SpecInclude[];
+    /**
+     * Interval at which to check the GitRepository for updates.
+     *
+     * @schema GitRepositoryV1Beta2Spec#interval
+     */
+    interval: string;
+    /**
+     * RecurseSubmodules enables the initialization of all submodules within the GitRepository as
+     * cloned from the URL, using their default settings.
+     *
+     * @schema GitRepositoryV1Beta2Spec#recurseSubmodules
+     */
+    recurseSubmodules?: boolean;
+    /**
+     * Reference specifies the Git reference to resolve and monitor for changes, defaults to the
+     * 'master' branch.
+     *
+     * @schema GitRepositoryV1Beta2Spec#ref
+     */
+    ref?: GitRepositoryV1Beta2SpecRef;
+    /**
+     * SecretRef specifies the Secret containing authentication credentials for the GitRepository.
+     * For HTTPS repositories the Secret must contain 'username' and 'password' fields for basic
+     * auth or 'bearerToken' field for token auth. For SSH repositories the Secret must contain
+     * 'identity' and 'known_hosts' fields.
+     *
+     * @schema GitRepositoryV1Beta2Spec#secretRef
+     */
+    secretRef?: GitRepositoryV1Beta2SpecSecretRef;
+    /**
+     * Suspend tells the controller to suspend the reconciliation of this GitRepository.
+     *
+     * @schema GitRepositoryV1Beta2Spec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * Timeout for Git operations like cloning, defaults to 60s.
+     *
+     * @schema GitRepositoryV1Beta2Spec#timeout
+     */
+    timeout?: string;
+    /**
+     * URL specifies the Git repository URL, it can be an HTTP/S or SSH address.
+     *
+     * @schema GitRepositoryV1Beta2Spec#url
+     */
+    url: string;
+    /**
+     * Verification specifies the configuration to verify the Git commit signature(s).
+     *
+     * @schema GitRepositoryV1Beta2Spec#verify
+     */
+    verify?: GitRepositoryV1Beta2SpecVerify;
+}
+/** Converts an object of type 'GitRepositoryV1Beta2Spec' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2Spec(obj: GitRepositoryV1Beta2Spec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+ * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+ *
+ * @schema GitRepositoryV1Beta2SpecAccessFrom
+ */
+export interface GitRepositoryV1Beta2SpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema GitRepositoryV1Beta2SpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: GitRepositoryV1Beta2SpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'GitRepositoryV1Beta2SpecAccessFrom' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2SpecAccessFrom(obj: GitRepositoryV1Beta2SpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * GitImplementation specifies which Git client library implementation to use. Defaults to 'go-git',
+ * valid values are ('go-git', 'libgit2'). Deprecated: gitImplementation is deprecated now that
+ * 'go-git' is the only supported implementation.
+ *
+ * @default go-git', valid values are ('go-git', 'libgit2').
+ * @schema GitRepositoryV1Beta2SpecGitImplementation
+ */
+export declare enum GitRepositoryV1Beta2SpecGitImplementation {
+    /** Go-git */
+    GO_HYPHEN_GIT = "go-git",
+    /** Libgit2 */
+    LIBGIT2 = "libgit2"
+}
+/**
+ * GitRepositoryInclude specifies a local reference to a GitRepository which Artifact (sub-)contents
+ * must be included, and where they should be placed.
+ *
+ * @schema GitRepositoryV1Beta2SpecInclude
+ */
+export interface GitRepositoryV1Beta2SpecInclude {
+    /**
+     * FromPath specifies the path to copy contents from, defaults to the root of the Artifact.
+     *
+     * @schema GitRepositoryV1Beta2SpecInclude#fromPath
+     */
+    fromPath?: string;
+    /**
+     * GitRepositoryRef specifies the GitRepository which Artifact contents must be included.
+     *
+     * @schema GitRepositoryV1Beta2SpecInclude#repository
+     */
+    repository: GitRepositoryV1Beta2SpecIncludeRepository;
+    /**
+     * ToPath specifies the path to copy contents to, defaults to the name of the GitRepositoryRef.
+     *
+     * @schema GitRepositoryV1Beta2SpecInclude#toPath
+     */
+    toPath?: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta2SpecInclude' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2SpecInclude(obj: GitRepositoryV1Beta2SpecInclude | undefined): Record<string, any> | undefined;
+/**
+ * Reference specifies the Git reference to resolve and monitor for changes, defaults to the
+ * 'master' branch.
+ *
+ * @schema GitRepositoryV1Beta2SpecRef
+ */
+export interface GitRepositoryV1Beta2SpecRef {
+    /**
+     * Branch to check out, defaults to 'master' if no other field is defined.
+     *
+     * @schema GitRepositoryV1Beta2SpecRef#branch
+     */
+    branch?: string;
+    /**
+     * Commit SHA to check out, takes precedence over all reference fields.
+     *
+     * This can be combined with Branch to shallow clone the branch, in which the commit is expected
+     * to exist.
+     *
+     * @schema GitRepositoryV1Beta2SpecRef#commit
+     */
+    commit?: string;
+    /**
+     * Name of the reference to check out; takes precedence over Branch, Tag and SemVer.
+     *
+     * It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description
+     * Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head",
+     * "refs/merge-requests/1/head"
+     *
+     * @schema GitRepositoryV1Beta2SpecRef#name
+     */
+    name?: string;
+    /**
+     * SemVer tag expression to check out, takes precedence over Tag.
+     *
+     * @schema GitRepositoryV1Beta2SpecRef#semver
+     */
+    semver?: string;
+    /**
+     * Tag to check out, takes precedence over Branch.
+     *
+     * @schema GitRepositoryV1Beta2SpecRef#tag
+     */
+    tag?: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta2SpecRef' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2SpecRef(obj: GitRepositoryV1Beta2SpecRef | undefined): Record<string, any> | undefined;
+/**
+ * SecretRef specifies the Secret containing authentication credentials for the GitRepository. For
+ * HTTPS repositories the Secret must contain 'username' and 'password' fields for basic auth or
+ * 'bearerToken' field for token auth. For SSH repositories the Secret must contain 'identity' and
+ * 'known_hosts' fields.
+ *
+ * @schema GitRepositoryV1Beta2SpecSecretRef
+ */
+export interface GitRepositoryV1Beta2SpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositoryV1Beta2SpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta2SpecSecretRef' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2SpecSecretRef(obj: GitRepositoryV1Beta2SpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Verification specifies the configuration to verify the Git commit signature(s).
+ *
+ * @schema GitRepositoryV1Beta2SpecVerify
+ */
+export interface GitRepositoryV1Beta2SpecVerify {
+    /**
+     * Mode specifies what Git object should be verified, currently ('head').
+     *
+     * @schema GitRepositoryV1Beta2SpecVerify#mode
+     */
+    mode: GitRepositoryV1Beta2SpecVerifyMode;
+    /**
+     * SecretRef specifies the Secret containing the public keys of trusted Git authors.
+     *
+     * @schema GitRepositoryV1Beta2SpecVerify#secretRef
+     */
+    secretRef: GitRepositoryV1Beta2SpecVerifySecretRef;
+}
+/** Converts an object of type 'GitRepositoryV1Beta2SpecVerify' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2SpecVerify(obj: GitRepositoryV1Beta2SpecVerify | undefined): Record<string, any> | undefined;
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema GitRepositoryV1Beta2SpecAccessFromNamespaceSelectors
+ */
+export interface GitRepositoryV1Beta2SpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema GitRepositoryV1Beta2SpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'GitRepositoryV1Beta2SpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_GitRepositoryV1Beta2SpecAccessFromNamespaceSelectors(obj: GitRepositoryV1Beta2SpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * GitRepositoryRef specifies the GitRepository which Artifact contents must be included.
+ *
+ * @schema GitRepositoryV1Beta2SpecIncludeRepository
+ */
+export interface GitRepositoryV1Beta2SpecIncludeRepository {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositoryV1Beta2SpecIncludeRepository#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta2SpecIncludeRepository' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2SpecIncludeRepository(obj: GitRepositoryV1Beta2SpecIncludeRepository | undefined): Record<string, any> | undefined;
+/**
+ * Mode specifies what Git object should be verified, currently ('head').
+ *
+ * @schema GitRepositoryV1Beta2SpecVerifyMode
+ */
+export declare enum GitRepositoryV1Beta2SpecVerifyMode {
+    /** Head */
+    HEAD = "head"
+}
+/**
+ * SecretRef specifies the Secret containing the public keys of trusted Git authors.
+ *
+ * @schema GitRepositoryV1Beta2SpecVerifySecretRef
+ */
+export interface GitRepositoryV1Beta2SpecVerifySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema GitRepositoryV1Beta2SpecVerifySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'GitRepositoryV1Beta2SpecVerifySecretRef' to JSON representation. */
+export declare function toJson_GitRepositoryV1Beta2SpecVerifySecretRef(obj: GitRepositoryV1Beta2SpecVerifySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * HelmChart is the Schema for the helmcharts API.
+ *
+ * @schema HelmChart
+ */
+export declare class HelmChart extends ApiObject {
+    /** Returns the apiVersion and kind for "HelmChart" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "HelmChart".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: HelmChartProps): any;
+    /**
+     * Defines a "HelmChart" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: HelmChartProps);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * HelmChart is the Schema for the helmcharts API.
+ *
+ * @schema HelmChart
+ */
+export interface HelmChartProps {
+    /** @schema HelmChart#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * HelmChartSpec specifies the desired state of a Helm chart.
+     *
+     * @schema HelmChart#spec
+     */
+    spec?: HelmChartSpec;
+}
+/** Converts an object of type 'HelmChartProps' to JSON representation. */
+export declare function toJson_HelmChartProps(obj: HelmChartProps | undefined): Record<string, any> | undefined;
+/**
+ * HelmChartSpec specifies the desired state of a Helm chart.
+ *
+ * @schema HelmChartSpec
+ */
+export interface HelmChartSpec {
+    /**
+     * Chart is the name or path the Helm chart is available at in the SourceRef.
+     *
+     * @schema HelmChartSpec#chart
+     */
+    chart: string;
+    /**
+     * IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than
+     * failing.
+     *
+     * @schema HelmChartSpec#ignoreMissingValuesFiles
+     */
+    ignoreMissingValuesFiles?: boolean;
+    /**
+     * Interval at which the HelmChart SourceRef is checked for updates. This interval is
+     * approximate and may be subject to jitter to ensure efficient use of resources.
+     *
+     * @schema HelmChartSpec#interval
+     */
+    interval: string;
+    /**
+     * ReconcileStrategy determines what enables the creation of a new artifact. Valid values are
+     * ('ChartVersion', 'Revision'). See the documentation of the values for an explanation on their
+     * behavior. Defaults to ChartVersion when omitted.
+     *
+     * @default ChartVersion when omitted.
+     * @schema HelmChartSpec#reconcileStrategy
+     */
+    reconcileStrategy?: HelmChartSpecReconcileStrategy;
+    /**
+     * SourceRef is the reference to the Source the chart is available at.
+     *
+     * @schema HelmChartSpec#sourceRef
+     */
+    sourceRef: HelmChartSpecSourceRef;
+    /**
+     * Suspend tells the controller to suspend the reconciliation of this source.
+     *
+     * @schema HelmChartSpec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * ValuesFiles is an alternative list of values files to use as the chart values (values.yaml is
+     * not included by default), expected to be a relative path in the SourceRef. Values files are
+     * merged in the order of this list with the last file overriding the first. Ignored when
+     * omitted.
+     *
+     * @schema HelmChartSpec#valuesFiles
+     */
+    valuesFiles?: string[];
+    /**
+     * Verify contains the secret name containing the trusted public keys used to verify the
+     * signature and specifies which provider to use to check whether OCI image is authentic. This
+     * field is only supported when using HelmRepository source with spec.type 'oci'. Chart
+     * dependencies, which are not bundled in the umbrella chart artifact, are not verified.
+     *
+     * @schema HelmChartSpec#verify
+     */
+    verify?: HelmChartSpecVerify;
+    /**
+     * Version is the chart version semver expression, ignored for charts from GitRepository and
+     * Bucket sources. Defaults to latest when omitted.
+     *
+     * @default latest when omitted.
+     * @schema HelmChartSpec#version
+     */
+    version?: string;
+}
+/** Converts an object of type 'HelmChartSpec' to JSON representation. */
+export declare function toJson_HelmChartSpec(obj: HelmChartSpec | undefined): Record<string, any> | undefined;
+/**
+ * ReconcileStrategy determines what enables the creation of a new artifact. Valid values are
+ * ('ChartVersion', 'Revision'). See the documentation of the values for an explanation on their
+ * behavior. Defaults to ChartVersion when omitted.
+ *
+ * @default ChartVersion when omitted.
+ * @schema HelmChartSpecReconcileStrategy
+ */
+export declare enum HelmChartSpecReconcileStrategy {
+    /** ChartVersion */
+    CHART_VERSION = "ChartVersion",
+    /** Revision */
+    REVISION = "Revision"
+}
+/**
+ * SourceRef is the reference to the Source the chart is available at.
+ *
+ * @schema HelmChartSpecSourceRef
+ */
+export interface HelmChartSpecSourceRef {
+    /**
+     * APIVersion of the referent.
+     *
+     * @schema HelmChartSpecSourceRef#apiVersion
+     */
+    apiVersion?: string;
+    /**
+     * Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
+     *
+     * @schema HelmChartSpecSourceRef#kind
+     */
+    kind: HelmChartSpecSourceRefKind;
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmChartSpecSourceRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmChartSpecSourceRef' to JSON representation. */
+export declare function toJson_HelmChartSpecSourceRef(obj: HelmChartSpecSourceRef | undefined): Record<string, any> | undefined;
+/**
+ * Verify contains the secret name containing the trusted public keys used to verify the signature
+ * and specifies which provider to use to check whether OCI image is authentic. This field is only
+ * supported when using HelmRepository source with spec.type 'oci'. Chart dependencies, which are
+ * not bundled in the umbrella chart artifact, are not verified.
+ *
+ * @schema HelmChartSpecVerify
+ */
+export interface HelmChartSpecVerify {
+    /**
+     * MatchOIDCIdentity specifies the identity matching criteria to use while verifying an OCI
+     * artifact which was signed using Cosign keyless signing. The artifact's identity is deemed to
+     * be verified if any of the specified matchers match against the identity.
+     *
+     * @schema HelmChartSpecVerify#matchOIDCIdentity
+     */
+    matchOidcIdentity?: HelmChartSpecVerifyMatchOidcIdentity[];
+    /**
+     * Provider specifies the technology used to sign the OCI Artifact.
+     *
+     * @schema HelmChartSpecVerify#provider
+     */
+    provider: HelmChartSpecVerifyProvider;
+    /**
+     * SecretRef specifies the Kubernetes Secret containing the trusted public keys.
+     *
+     * @schema HelmChartSpecVerify#secretRef
+     */
+    secretRef?: HelmChartSpecVerifySecretRef;
+}
+/** Converts an object of type 'HelmChartSpecVerify' to JSON representation. */
+export declare function toJson_HelmChartSpecVerify(obj: HelmChartSpecVerify | undefined): Record<string, any> | undefined;
+/**
+ * Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
+ *
+ * @schema HelmChartSpecSourceRefKind
+ */
+export declare enum HelmChartSpecSourceRefKind {
+    /** HelmRepository */
+    HELM_REPOSITORY = "HelmRepository",
+    /** GitRepository */
+    GIT_REPOSITORY = "GitRepository",
+    /** Bucket */
+    BUCKET = "Bucket"
+}
+/**
+ * OIDCIdentityMatch specifies options for verifying the certificate identity, i.e. the issuer and
+ * the subject of the certificate.
+ *
+ * @schema HelmChartSpecVerifyMatchOidcIdentity
+ */
+export interface HelmChartSpecVerifyMatchOidcIdentity {
+    /**
+     * Issuer specifies the regex pattern to match against to verify the OIDC issuer in the Fulcio
+     * certificate. The pattern must be a valid Go regular expression.
+     *
+     * @schema HelmChartSpecVerifyMatchOidcIdentity#issuer
+     */
+    issuer: string;
+    /**
+     * Subject specifies the regex pattern to match against to verify the identity subject in the
+     * Fulcio certificate. The pattern must be a valid Go regular expression.
+     *
+     * @schema HelmChartSpecVerifyMatchOidcIdentity#subject
+     */
+    subject: string;
+}
+/** Converts an object of type 'HelmChartSpecVerifyMatchOidcIdentity' to JSON representation. */
+export declare function toJson_HelmChartSpecVerifyMatchOidcIdentity(obj: HelmChartSpecVerifyMatchOidcIdentity | undefined): Record<string, any> | undefined;
+/**
+ * Provider specifies the technology used to sign the OCI Artifact.
+ *
+ * @schema HelmChartSpecVerifyProvider
+ */
+export declare enum HelmChartSpecVerifyProvider {
+    /** Cosign */
+    COSIGN = "cosign",
+    /** Notation */
+    NOTATION = "notation"
+}
+/**
+ * SecretRef specifies the Kubernetes Secret containing the trusted public keys.
+ *
+ * @schema HelmChartSpecVerifySecretRef
+ */
+export interface HelmChartSpecVerifySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmChartSpecVerifySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmChartSpecVerifySecretRef' to JSON representation. */
+export declare function toJson_HelmChartSpecVerifySecretRef(obj: HelmChartSpecVerifySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * HelmChart is the Schema for the helmcharts API
+ *
+ * @schema HelmChartV1Beta1
+ */
+export declare class HelmChartV1Beta1 extends ApiObject {
+    /** Returns the apiVersion and kind for "HelmChartV1Beta1" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "HelmChartV1Beta1".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: HelmChartV1Beta1Props): any;
+    /**
+     * Defines a "HelmChartV1Beta1" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: HelmChartV1Beta1Props);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * HelmChart is the Schema for the helmcharts API
+ *
+ * @schema HelmChartV1Beta1
+ */
+export interface HelmChartV1Beta1Props {
+    /** @schema HelmChartV1Beta1#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * HelmChartSpec defines the desired state of a Helm chart.
+     *
+     * @schema HelmChartV1Beta1#spec
+     */
+    spec?: HelmChartV1Beta1Spec;
+}
+/** Converts an object of type 'HelmChartV1Beta1Props' to JSON representation. */
+export declare function toJson_HelmChartV1Beta1Props(obj: HelmChartV1Beta1Props | undefined): Record<string, any> | undefined;
+/**
+ * HelmChartSpec defines the desired state of a Helm chart.
+ *
+ * @schema HelmChartV1Beta1Spec
+ */
+export interface HelmChartV1Beta1Spec {
+    /**
+     * AccessFrom defines an Access Control List for allowing cross-namespace references to this
+     * object.
+     *
+     * @schema HelmChartV1Beta1Spec#accessFrom
+     */
+    accessFrom?: HelmChartV1Beta1SpecAccessFrom;
+    /**
+     * The name or path the Helm chart is available at in the SourceRef.
+     *
+     * @schema HelmChartV1Beta1Spec#chart
+     */
+    chart: string;
+    /**
+     * The interval at which to check the Source for updates.
+     *
+     * @schema HelmChartV1Beta1Spec#interval
+     */
+    interval: string;
+    /**
+     * Determines what enables the creation of a new artifact. Valid values are ('ChartVersion',
+     * 'Revision'). See the documentation of the values for an explanation on their behavior.
+     * Defaults to ChartVersion when omitted.
+     *
+     * @default ChartVersion when omitted.
+     * @schema HelmChartV1Beta1Spec#reconcileStrategy
+     */
+    reconcileStrategy?: HelmChartV1Beta1SpecReconcileStrategy;
+    /**
+     * The reference to the Source the chart is available at.
+     *
+     * @schema HelmChartV1Beta1Spec#sourceRef
+     */
+    sourceRef: HelmChartV1Beta1SpecSourceRef;
+    /**
+     * This flag tells the controller to suspend the reconciliation of this source.
+     *
+     * @schema HelmChartV1Beta1Spec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * Alternative values file to use as the default chart values, expected to be a relative path in
+     * the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file
+     * defined here is merged before the ValuesFiles items. Ignored when omitted.
+     *
+     * @schema HelmChartV1Beta1Spec#valuesFile
+     */
+    valuesFile?: string;
+    /**
+     * Alternative list of values files to use as the chart values (values.yaml is not included by
+     * default), expected to be a relative path in the SourceRef. Values files are merged in the
+     * order of this list with the last file overriding the first. Ignored when omitted.
+     *
+     * @schema HelmChartV1Beta1Spec#valuesFiles
+     */
+    valuesFiles?: string[];
+    /**
+     * The chart version semver expression, ignored for charts from GitRepository and Bucket
+     * sources. Defaults to latest when omitted.
+     *
+     * @default latest when omitted.
+     * @schema HelmChartV1Beta1Spec#version
+     */
+    version?: string;
+}
+/** Converts an object of type 'HelmChartV1Beta1Spec' to JSON representation. */
+export declare function toJson_HelmChartV1Beta1Spec(obj: HelmChartV1Beta1Spec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
+ *
+ * @schema HelmChartV1Beta1SpecAccessFrom
+ */
+export interface HelmChartV1Beta1SpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema HelmChartV1Beta1SpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: HelmChartV1Beta1SpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'HelmChartV1Beta1SpecAccessFrom' to JSON representation. */
+export declare function toJson_HelmChartV1Beta1SpecAccessFrom(obj: HelmChartV1Beta1SpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * Determines what enables the creation of a new artifact. Valid values are ('ChartVersion',
+ * 'Revision'). See the documentation of the values for an explanation on their behavior. Defaults
+ * to ChartVersion when omitted.
+ *
+ * @default ChartVersion when omitted.
+ * @schema HelmChartV1Beta1SpecReconcileStrategy
+ */
+export declare enum HelmChartV1Beta1SpecReconcileStrategy {
+    /** ChartVersion */
+    CHART_VERSION = "ChartVersion",
+    /** Revision */
+    REVISION = "Revision"
+}
+/**
+ * The reference to the Source the chart is available at.
+ *
+ * @schema HelmChartV1Beta1SpecSourceRef
+ */
+export interface HelmChartV1Beta1SpecSourceRef {
+    /**
+     * APIVersion of the referent.
+     *
+     * @schema HelmChartV1Beta1SpecSourceRef#apiVersion
+     */
+    apiVersion?: string;
+    /**
+     * Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
+     *
+     * @schema HelmChartV1Beta1SpecSourceRef#kind
+     */
+    kind: HelmChartV1Beta1SpecSourceRefKind;
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmChartV1Beta1SpecSourceRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmChartV1Beta1SpecSourceRef' to JSON representation. */
+export declare function toJson_HelmChartV1Beta1SpecSourceRef(obj: HelmChartV1Beta1SpecSourceRef | undefined): Record<string, any> | undefined;
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema HelmChartV1Beta1SpecAccessFromNamespaceSelectors
+ */
+export interface HelmChartV1Beta1SpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema HelmChartV1Beta1SpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'HelmChartV1Beta1SpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_HelmChartV1Beta1SpecAccessFromNamespaceSelectors(obj: HelmChartV1Beta1SpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
+ *
+ * @schema HelmChartV1Beta1SpecSourceRefKind
+ */
+export declare enum HelmChartV1Beta1SpecSourceRefKind {
+    /** HelmRepository */
+    HELM_REPOSITORY = "HelmRepository",
+    /** GitRepository */
+    GIT_REPOSITORY = "GitRepository",
+    /** Bucket */
+    BUCKET = "Bucket"
+}
+/**
+ * HelmChart is the Schema for the helmcharts API.
+ *
+ * @schema HelmChartV1Beta2
+ */
+export declare class HelmChartV1Beta2 extends ApiObject {
+    /** Returns the apiVersion and kind for "HelmChartV1Beta2" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "HelmChartV1Beta2".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: HelmChartV1Beta2Props): any;
+    /**
+     * Defines a "HelmChartV1Beta2" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: HelmChartV1Beta2Props);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * HelmChart is the Schema for the helmcharts API.
+ *
+ * @schema HelmChartV1Beta2
+ */
+export interface HelmChartV1Beta2Props {
+    /** @schema HelmChartV1Beta2#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * HelmChartSpec specifies the desired state of a Helm chart.
+     *
+     * @schema HelmChartV1Beta2#spec
+     */
+    spec?: HelmChartV1Beta2Spec;
+}
+/** Converts an object of type 'HelmChartV1Beta2Props' to JSON representation. */
+export declare function toJson_HelmChartV1Beta2Props(obj: HelmChartV1Beta2Props | undefined): Record<string, any> | undefined;
+/**
+ * HelmChartSpec specifies the desired state of a Helm chart.
+ *
+ * @schema HelmChartV1Beta2Spec
+ */
+export interface HelmChartV1Beta2Spec {
+    /**
+     * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+     * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+     *
+     * @schema HelmChartV1Beta2Spec#accessFrom
+     */
+    accessFrom?: HelmChartV1Beta2SpecAccessFrom;
+    /**
+     * Chart is the name or path the Helm chart is available at in the SourceRef.
+     *
+     * @schema HelmChartV1Beta2Spec#chart
+     */
+    chart: string;
+    /**
+     * IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than
+     * failing.
+     *
+     * @schema HelmChartV1Beta2Spec#ignoreMissingValuesFiles
+     */
+    ignoreMissingValuesFiles?: boolean;
+    /**
+     * Interval at which the HelmChart SourceRef is checked for updates. This interval is
+     * approximate and may be subject to jitter to ensure efficient use of resources.
+     *
+     * @schema HelmChartV1Beta2Spec#interval
+     */
+    interval: string;
+    /**
+     * ReconcileStrategy determines what enables the creation of a new artifact. Valid values are
+     * ('ChartVersion', 'Revision'). See the documentation of the values for an explanation on their
+     * behavior. Defaults to ChartVersion when omitted.
+     *
+     * @default ChartVersion when omitted.
+     * @schema HelmChartV1Beta2Spec#reconcileStrategy
+     */
+    reconcileStrategy?: HelmChartV1Beta2SpecReconcileStrategy;
+    /**
+     * SourceRef is the reference to the Source the chart is available at.
+     *
+     * @schema HelmChartV1Beta2Spec#sourceRef
+     */
+    sourceRef: HelmChartV1Beta2SpecSourceRef;
+    /**
+     * Suspend tells the controller to suspend the reconciliation of this source.
+     *
+     * @schema HelmChartV1Beta2Spec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * ValuesFile is an alternative values file to use as the default chart values, expected to be a
+     * relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards
+     * compatibility the file specified here is merged before the ValuesFiles items. Ignored when
+     * omitted.
+     *
+     * @schema HelmChartV1Beta2Spec#valuesFile
+     */
+    valuesFile?: string;
+    /**
+     * ValuesFiles is an alternative list of values files to use as the chart values (values.yaml is
+     * not included by default), expected to be a relative path in the SourceRef. Values files are
+     * merged in the order of this list with the last file overriding the first. Ignored when
+     * omitted.
+     *
+     * @schema HelmChartV1Beta2Spec#valuesFiles
+     */
+    valuesFiles?: string[];
+    /**
+     * Verify contains the secret name containing the trusted public keys used to verify the
+     * signature and specifies which provider to use to check whether OCI image is authentic. This
+     * field is only supported when using HelmRepository source with spec.type 'oci'. Chart
+     * dependencies, which are not bundled in the umbrella chart artifact, are not verified.
+     *
+     * @schema HelmChartV1Beta2Spec#verify
+     */
+    verify?: HelmChartV1Beta2SpecVerify;
+    /**
+     * Version is the chart version semver expression, ignored for charts from GitRepository and
+     * Bucket sources. Defaults to latest when omitted.
+     *
+     * @default latest when omitted.
+     * @schema HelmChartV1Beta2Spec#version
+     */
+    version?: string;
+}
+/** Converts an object of type 'HelmChartV1Beta2Spec' to JSON representation. */
+export declare function toJson_HelmChartV1Beta2Spec(obj: HelmChartV1Beta2Spec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+ * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+ *
+ * @schema HelmChartV1Beta2SpecAccessFrom
+ */
+export interface HelmChartV1Beta2SpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema HelmChartV1Beta2SpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: HelmChartV1Beta2SpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'HelmChartV1Beta2SpecAccessFrom' to JSON representation. */
+export declare function toJson_HelmChartV1Beta2SpecAccessFrom(obj: HelmChartV1Beta2SpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * ReconcileStrategy determines what enables the creation of a new artifact. Valid values are
+ * ('ChartVersion', 'Revision'). See the documentation of the values for an explanation on their
+ * behavior. Defaults to ChartVersion when omitted.
+ *
+ * @default ChartVersion when omitted.
+ * @schema HelmChartV1Beta2SpecReconcileStrategy
+ */
+export declare enum HelmChartV1Beta2SpecReconcileStrategy {
+    /** ChartVersion */
+    CHART_VERSION = "ChartVersion",
+    /** Revision */
+    REVISION = "Revision"
+}
+/**
+ * SourceRef is the reference to the Source the chart is available at.
+ *
+ * @schema HelmChartV1Beta2SpecSourceRef
+ */
+export interface HelmChartV1Beta2SpecSourceRef {
+    /**
+     * APIVersion of the referent.
+     *
+     * @schema HelmChartV1Beta2SpecSourceRef#apiVersion
+     */
+    apiVersion?: string;
+    /**
+     * Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
+     *
+     * @schema HelmChartV1Beta2SpecSourceRef#kind
+     */
+    kind: HelmChartV1Beta2SpecSourceRefKind;
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmChartV1Beta2SpecSourceRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmChartV1Beta2SpecSourceRef' to JSON representation. */
+export declare function toJson_HelmChartV1Beta2SpecSourceRef(obj: HelmChartV1Beta2SpecSourceRef | undefined): Record<string, any> | undefined;
+/**
+ * Verify contains the secret name containing the trusted public keys used to verify the signature
+ * and specifies which provider to use to check whether OCI image is authentic. This field is only
+ * supported when using HelmRepository source with spec.type 'oci'. Chart dependencies, which are
+ * not bundled in the umbrella chart artifact, are not verified.
+ *
+ * @schema HelmChartV1Beta2SpecVerify
+ */
+export interface HelmChartV1Beta2SpecVerify {
+    /**
+     * MatchOIDCIdentity specifies the identity matching criteria to use while verifying an OCI
+     * artifact which was signed using Cosign keyless signing. The artifact's identity is deemed to
+     * be verified if any of the specified matchers match against the identity.
+     *
+     * @schema HelmChartV1Beta2SpecVerify#matchOIDCIdentity
+     */
+    matchOidcIdentity?: HelmChartV1Beta2SpecVerifyMatchOidcIdentity[];
+    /**
+     * Provider specifies the technology used to sign the OCI Artifact.
+     *
+     * @schema HelmChartV1Beta2SpecVerify#provider
+     */
+    provider: HelmChartV1Beta2SpecVerifyProvider;
+    /**
+     * SecretRef specifies the Kubernetes Secret containing the trusted public keys.
+     *
+     * @schema HelmChartV1Beta2SpecVerify#secretRef
+     */
+    secretRef?: HelmChartV1Beta2SpecVerifySecretRef;
+}
+/** Converts an object of type 'HelmChartV1Beta2SpecVerify' to JSON representation. */
+export declare function toJson_HelmChartV1Beta2SpecVerify(obj: HelmChartV1Beta2SpecVerify | undefined): Record<string, any> | undefined;
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema HelmChartV1Beta2SpecAccessFromNamespaceSelectors
+ */
+export interface HelmChartV1Beta2SpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema HelmChartV1Beta2SpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'HelmChartV1Beta2SpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_HelmChartV1Beta2SpecAccessFromNamespaceSelectors(obj: HelmChartV1Beta2SpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
+ *
+ * @schema HelmChartV1Beta2SpecSourceRefKind
+ */
+export declare enum HelmChartV1Beta2SpecSourceRefKind {
+    /** HelmRepository */
+    HELM_REPOSITORY = "HelmRepository",
+    /** GitRepository */
+    GIT_REPOSITORY = "GitRepository",
+    /** Bucket */
+    BUCKET = "Bucket"
+}
+/**
+ * OIDCIdentityMatch specifies options for verifying the certificate identity, i.e. the issuer and
+ * the subject of the certificate.
+ *
+ * @schema HelmChartV1Beta2SpecVerifyMatchOidcIdentity
+ */
+export interface HelmChartV1Beta2SpecVerifyMatchOidcIdentity {
+    /**
+     * Issuer specifies the regex pattern to match against to verify the OIDC issuer in the Fulcio
+     * certificate. The pattern must be a valid Go regular expression.
+     *
+     * @schema HelmChartV1Beta2SpecVerifyMatchOidcIdentity#issuer
+     */
+    issuer: string;
+    /**
+     * Subject specifies the regex pattern to match against to verify the identity subject in the
+     * Fulcio certificate. The pattern must be a valid Go regular expression.
+     *
+     * @schema HelmChartV1Beta2SpecVerifyMatchOidcIdentity#subject
+     */
+    subject: string;
+}
+/** Converts an object of type 'HelmChartV1Beta2SpecVerifyMatchOidcIdentity' to JSON representation. */
+export declare function toJson_HelmChartV1Beta2SpecVerifyMatchOidcIdentity(obj: HelmChartV1Beta2SpecVerifyMatchOidcIdentity | undefined): Record<string, any> | undefined;
+/**
+ * Provider specifies the technology used to sign the OCI Artifact.
+ *
+ * @schema HelmChartV1Beta2SpecVerifyProvider
+ */
+export declare enum HelmChartV1Beta2SpecVerifyProvider {
+    /** Cosign */
+    COSIGN = "cosign",
+    /** Notation */
+    NOTATION = "notation"
+}
+/**
+ * SecretRef specifies the Kubernetes Secret containing the trusted public keys.
+ *
+ * @schema HelmChartV1Beta2SpecVerifySecretRef
+ */
+export interface HelmChartV1Beta2SpecVerifySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmChartV1Beta2SpecVerifySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmChartV1Beta2SpecVerifySecretRef' to JSON representation. */
+export declare function toJson_HelmChartV1Beta2SpecVerifySecretRef(obj: HelmChartV1Beta2SpecVerifySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * HelmRepository is the Schema for the helmrepositories API.
+ *
+ * @schema HelmRepository
+ */
+export declare class HelmRepository extends ApiObject {
+    /** Returns the apiVersion and kind for "HelmRepository" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "HelmRepository".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: HelmRepositoryProps): any;
+    /**
+     * Defines a "HelmRepository" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: HelmRepositoryProps);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * HelmRepository is the Schema for the helmrepositories API.
+ *
+ * @schema HelmRepository
+ */
+export interface HelmRepositoryProps {
+    /** @schema HelmRepository#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * HelmRepositorySpec specifies the required configuration to produce an Artifact for a Helm
+     * repository index YAML.
+     *
+     * @schema HelmRepository#spec
+     */
+    spec?: HelmRepositorySpec;
+}
+/** Converts an object of type 'HelmRepositoryProps' to JSON representation. */
+export declare function toJson_HelmRepositoryProps(obj: HelmRepositoryProps | undefined): Record<string, any> | undefined;
+/**
+ * HelmRepositorySpec specifies the required configuration to produce an Artifact for a Helm
+ * repository index YAML.
+ *
+ * @schema HelmRepositorySpec
+ */
+export interface HelmRepositorySpec {
+    /**
+     * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+     * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+     *
+     * @schema HelmRepositorySpec#accessFrom
+     */
+    accessFrom?: HelmRepositorySpecAccessFrom;
+    /**
+     * CertSecretRef can be given the name of a Secret containing either or both of
+     *
+     * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+     * - A PEM-encoded CA certificate (`ca.crt`)
+     *
+     * And whichever are supplied, will be used for connecting to the registry. The client cert and
+     * key are useful if you are authenticating with a certificate; the CA cert is useful if you are
+     * using a self-signed server certificate. The Secret must be of type `Opaque` or
+     * `kubernetes.io/tls`.
+     *
+     * It takes precedence over the values specified in the Secret referred to by `.spec.secretRef`.
+     *
+     * @schema HelmRepositorySpec#certSecretRef
+     */
+    certSecretRef?: HelmRepositorySpecCertSecretRef;
+    /**
+     * Insecure allows connecting to a non-TLS HTTP container registry. This field is only taken
+     * into account if the .spec.type field is set to 'oci'.
+     *
+     * @schema HelmRepositorySpec#insecure
+     */
+    insecure?: boolean;
+    /**
+     * Interval at which the HelmRepository URL is checked for updates. This interval is approximate
+     * and may be subject to jitter to ensure efficient use of resources.
+     *
+     * @schema HelmRepositorySpec#interval
+     */
+    interval?: string;
+    /**
+     * PassCredentials allows the credentials from the SecretRef to be passed on to a host that does
+     * not match the host as defined in URL. This may be required if the host of the advertised
+     * chart URLs in the index differ from the defined URL. Enabling this should be done with
+     * caution, as it can potentially result in credentials getting stolen in a MITM-attack.
+     *
+     * @schema HelmRepositorySpec#passCredentials
+     */
+    passCredentials?: boolean;
+    /**
+     * Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. This field is
+     * optional, and only taken into account if the .spec.type field is set to 'oci'. When not
+     * specified, defaults to 'generic'.
+     *
+     * @schema HelmRepositorySpec#provider
+     */
+    provider?: HelmRepositorySpecProvider;
+    /**
+     * SecretRef specifies the Secret containing authentication credentials for the HelmRepository.
+     * For HTTP/S basic auth the secret must contain 'username' and 'password' fields. Support for
+     * TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. Please use
+     * `.spec.certSecretRef` instead.
+     *
+     * @schema HelmRepositorySpec#secretRef
+     */
+    secretRef?: HelmRepositorySpecSecretRef;
+    /**
+     * Suspend tells the controller to suspend the reconciliation of this HelmRepository.
+     *
+     * @schema HelmRepositorySpec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * Timeout is used for the index fetch operation for an HTTPS helm repository, and for remote
+     * OCI Repository operations like pulling for an OCI helm chart by the associated HelmChart. Its
+     * default value is 60s.
+     *
+     * @schema HelmRepositorySpec#timeout
+     */
+    timeout?: string;
+    /**
+     * Type of the HelmRepository. When this field is set to "oci", the URL field value must be
+     * prefixed with "oci://".
+     *
+     * @schema HelmRepositorySpec#type
+     */
+    type?: HelmRepositorySpecType;
+    /**
+     * URL of the Helm repository, a valid URL contains at least a protocol and host.
+     *
+     * @schema HelmRepositorySpec#url
+     */
+    url: string;
+}
+/** Converts an object of type 'HelmRepositorySpec' to JSON representation. */
+export declare function toJson_HelmRepositorySpec(obj: HelmRepositorySpec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+ * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+ *
+ * @schema HelmRepositorySpecAccessFrom
+ */
+export interface HelmRepositorySpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema HelmRepositorySpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: HelmRepositorySpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'HelmRepositorySpecAccessFrom' to JSON representation. */
+export declare function toJson_HelmRepositorySpecAccessFrom(obj: HelmRepositorySpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * CertSecretRef can be given the name of a Secret containing either or both of
+ *
+ * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+ * - A PEM-encoded CA certificate (`ca.crt`)
+ *
+ * And whichever are supplied, will be used for connecting to the registry. The client cert and key
+ * are useful if you are authenticating with a certificate; the CA cert is useful if you are using a
+ * self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ *
+ * It takes precedence over the values specified in the Secret referred to by `.spec.secretRef`.
+ *
+ * @schema HelmRepositorySpecCertSecretRef
+ */
+export interface HelmRepositorySpecCertSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmRepositorySpecCertSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmRepositorySpecCertSecretRef' to JSON representation. */
+export declare function toJson_HelmRepositorySpecCertSecretRef(obj: HelmRepositorySpecCertSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. This field is
+ * optional, and only taken into account if the .spec.type field is set to 'oci'. When not
+ * specified, defaults to 'generic'.
+ *
+ * @schema HelmRepositorySpecProvider
+ */
+export declare enum HelmRepositorySpecProvider {
+    /** Generic */
+    GENERIC = "generic",
+    /** Aws */
+    AWS = "aws",
+    /** Azure */
+    AZURE = "azure",
+    /** Gcp */
+    GCP = "gcp"
+}
+/**
+ * SecretRef specifies the Secret containing authentication credentials for the HelmRepository. For
+ * HTTP/S basic auth the secret must contain 'username' and 'password' fields. Support for TLS auth
+ * using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. Please use
+ * `.spec.certSecretRef` instead.
+ *
+ * @schema HelmRepositorySpecSecretRef
+ */
+export interface HelmRepositorySpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmRepositorySpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmRepositorySpecSecretRef' to JSON representation. */
+export declare function toJson_HelmRepositorySpecSecretRef(obj: HelmRepositorySpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Type of the HelmRepository. When this field is set to "oci", the URL field value must be prefixed
+ * with "oci://".
+ *
+ * @schema HelmRepositorySpecType
+ */
+export declare enum HelmRepositorySpecType {
+    /** Default */
+    DEFAULT = "default",
+    /** Oci */
+    OCI = "oci"
+}
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema HelmRepositorySpecAccessFromNamespaceSelectors
+ */
+export interface HelmRepositorySpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema HelmRepositorySpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'HelmRepositorySpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_HelmRepositorySpecAccessFromNamespaceSelectors(obj: HelmRepositorySpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * HelmRepository is the Schema for the helmrepositories API
+ *
+ * @schema HelmRepositoryV1Beta1
+ */
+export declare class HelmRepositoryV1Beta1 extends ApiObject {
+    /** Returns the apiVersion and kind for "HelmRepositoryV1Beta1" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "HelmRepositoryV1Beta1".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: HelmRepositoryV1Beta1Props): any;
+    /**
+     * Defines a "HelmRepositoryV1Beta1" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: HelmRepositoryV1Beta1Props);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * HelmRepository is the Schema for the helmrepositories API
+ *
+ * @schema HelmRepositoryV1Beta1
+ */
+export interface HelmRepositoryV1Beta1Props {
+    /** @schema HelmRepositoryV1Beta1#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * HelmRepositorySpec defines the reference to a Helm repository.
+     *
+     * @schema HelmRepositoryV1Beta1#spec
+     */
+    spec?: HelmRepositoryV1Beta1Spec;
+}
+/** Converts an object of type 'HelmRepositoryV1Beta1Props' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta1Props(obj: HelmRepositoryV1Beta1Props | undefined): Record<string, any> | undefined;
+/**
+ * HelmRepositorySpec defines the reference to a Helm repository.
+ *
+ * @schema HelmRepositoryV1Beta1Spec
+ */
+export interface HelmRepositoryV1Beta1Spec {
+    /**
+     * AccessFrom defines an Access Control List for allowing cross-namespace references to this
+     * object.
+     *
+     * @schema HelmRepositoryV1Beta1Spec#accessFrom
+     */
+    accessFrom?: HelmRepositoryV1Beta1SpecAccessFrom;
+    /**
+     * The interval at which to check the upstream for updates.
+     *
+     * @schema HelmRepositoryV1Beta1Spec#interval
+     */
+    interval: string;
+    /**
+     * PassCredentials allows the credentials from the SecretRef to be passed on to a host that does
+     * not match the host as defined in URL. This may be required if the host of the advertised
+     * chart URLs in the index differ from the defined URL. Enabling this should be done with
+     * caution, as it can potentially result in credentials getting stolen in a MITM-attack.
+     *
+     * @schema HelmRepositoryV1Beta1Spec#passCredentials
+     */
+    passCredentials?: boolean;
+    /**
+     * The name of the secret containing authentication credentials for the Helm repository. For
+     * HTTP/S basic auth the secret must contain username and password fields. For TLS the secret
+     * must contain a certFile and keyFile, and/or caFile fields.
+     *
+     * @schema HelmRepositoryV1Beta1Spec#secretRef
+     */
+    secretRef?: HelmRepositoryV1Beta1SpecSecretRef;
+    /**
+     * This flag tells the controller to suspend the reconciliation of this source.
+     *
+     * @schema HelmRepositoryV1Beta1Spec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * The timeout of index downloading, defaults to 60s.
+     *
+     * @schema HelmRepositoryV1Beta1Spec#timeout
+     */
+    timeout?: string;
+    /**
+     * The Helm repository URL, a valid URL contains at least a protocol and host.
+     *
+     * @schema HelmRepositoryV1Beta1Spec#url
+     */
+    url: string;
+}
+/** Converts an object of type 'HelmRepositoryV1Beta1Spec' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta1Spec(obj: HelmRepositoryV1Beta1Spec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom defines an Access Control List for allowing cross-namespace references to this object.
+ *
+ * @schema HelmRepositoryV1Beta1SpecAccessFrom
+ */
+export interface HelmRepositoryV1Beta1SpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema HelmRepositoryV1Beta1SpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: HelmRepositoryV1Beta1SpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'HelmRepositoryV1Beta1SpecAccessFrom' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta1SpecAccessFrom(obj: HelmRepositoryV1Beta1SpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * The name of the secret containing authentication credentials for the Helm repository. For HTTP/S
+ * basic auth the secret must contain username and password fields. For TLS the secret must contain
+ * a certFile and keyFile, and/or caFile fields.
+ *
+ * @schema HelmRepositoryV1Beta1SpecSecretRef
+ */
+export interface HelmRepositoryV1Beta1SpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmRepositoryV1Beta1SpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmRepositoryV1Beta1SpecSecretRef' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta1SpecSecretRef(obj: HelmRepositoryV1Beta1SpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema HelmRepositoryV1Beta1SpecAccessFromNamespaceSelectors
+ */
+export interface HelmRepositoryV1Beta1SpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema HelmRepositoryV1Beta1SpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'HelmRepositoryV1Beta1SpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_HelmRepositoryV1Beta1SpecAccessFromNamespaceSelectors(obj: HelmRepositoryV1Beta1SpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * HelmRepository is the Schema for the helmrepositories API.
+ *
+ * @schema HelmRepositoryV1Beta2
+ */
+export declare class HelmRepositoryV1Beta2 extends ApiObject {
+    /** Returns the apiVersion and kind for "HelmRepositoryV1Beta2" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "HelmRepositoryV1Beta2".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: HelmRepositoryV1Beta2Props): any;
+    /**
+     * Defines a "HelmRepositoryV1Beta2" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: HelmRepositoryV1Beta2Props);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * HelmRepository is the Schema for the helmrepositories API.
+ *
+ * @schema HelmRepositoryV1Beta2
+ */
+export interface HelmRepositoryV1Beta2Props {
+    /** @schema HelmRepositoryV1Beta2#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * HelmRepositorySpec specifies the required configuration to produce an Artifact for a Helm
+     * repository index YAML.
+     *
+     * @schema HelmRepositoryV1Beta2#spec
+     */
+    spec?: HelmRepositoryV1Beta2Spec;
+}
+/** Converts an object of type 'HelmRepositoryV1Beta2Props' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta2Props(obj: HelmRepositoryV1Beta2Props | undefined): Record<string, any> | undefined;
+/**
+ * HelmRepositorySpec specifies the required configuration to produce an Artifact for a Helm
+ * repository index YAML.
+ *
+ * @schema HelmRepositoryV1Beta2Spec
+ */
+export interface HelmRepositoryV1Beta2Spec {
+    /**
+     * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+     * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+     *
+     * @schema HelmRepositoryV1Beta2Spec#accessFrom
+     */
+    accessFrom?: HelmRepositoryV1Beta2SpecAccessFrom;
+    /**
+     * CertSecretRef can be given the name of a Secret containing either or both of
+     *
+     * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+     * - A PEM-encoded CA certificate (`ca.crt`)
+     *
+     * And whichever are supplied, will be used for connecting to the registry. The client cert and
+     * key are useful if you are authenticating with a certificate; the CA cert is useful if you are
+     * using a self-signed server certificate. The Secret must be of type `Opaque` or
+     * `kubernetes.io/tls`.
+     *
+     * It takes precedence over the values specified in the Secret referred to by `.spec.secretRef`.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#certSecretRef
+     */
+    certSecretRef?: HelmRepositoryV1Beta2SpecCertSecretRef;
+    /**
+     * Insecure allows connecting to a non-TLS HTTP container registry. This field is only taken
+     * into account if the .spec.type field is set to 'oci'.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#insecure
+     */
+    insecure?: boolean;
+    /**
+     * Interval at which the HelmRepository URL is checked for updates. This interval is approximate
+     * and may be subject to jitter to ensure efficient use of resources.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#interval
+     */
+    interval?: string;
+    /**
+     * PassCredentials allows the credentials from the SecretRef to be passed on to a host that does
+     * not match the host as defined in URL. This may be required if the host of the advertised
+     * chart URLs in the index differ from the defined URL. Enabling this should be done with
+     * caution, as it can potentially result in credentials getting stolen in a MITM-attack.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#passCredentials
+     */
+    passCredentials?: boolean;
+    /**
+     * Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. This field is
+     * optional, and only taken into account if the .spec.type field is set to 'oci'. When not
+     * specified, defaults to 'generic'.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#provider
+     */
+    provider?: HelmRepositoryV1Beta2SpecProvider;
+    /**
+     * SecretRef specifies the Secret containing authentication credentials for the HelmRepository.
+     * For HTTP/S basic auth the secret must contain 'username' and 'password' fields. Support for
+     * TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. Please use
+     * `.spec.certSecretRef` instead.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#secretRef
+     */
+    secretRef?: HelmRepositoryV1Beta2SpecSecretRef;
+    /**
+     * Suspend tells the controller to suspend the reconciliation of this HelmRepository.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * Timeout is used for the index fetch operation for an HTTPS helm repository, and for remote
+     * OCI Repository operations like pulling for an OCI helm chart by the associated HelmChart. Its
+     * default value is 60s.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#timeout
+     */
+    timeout?: string;
+    /**
+     * Type of the HelmRepository. When this field is set to "oci", the URL field value must be
+     * prefixed with "oci://".
+     *
+     * @schema HelmRepositoryV1Beta2Spec#type
+     */
+    type?: HelmRepositoryV1Beta2SpecType;
+    /**
+     * URL of the Helm repository, a valid URL contains at least a protocol and host.
+     *
+     * @schema HelmRepositoryV1Beta2Spec#url
+     */
+    url: string;
+}
+/** Converts an object of type 'HelmRepositoryV1Beta2Spec' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta2Spec(obj: HelmRepositoryV1Beta2Spec | undefined): Record<string, any> | undefined;
+/**
+ * AccessFrom specifies an Access Control List for allowing cross-namespace references to this
+ * object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092
+ *
+ * @schema HelmRepositoryV1Beta2SpecAccessFrom
+ */
+export interface HelmRepositoryV1Beta2SpecAccessFrom {
+    /**
+     * NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in
+     * this list are evaluated using a logical OR operation.
+     *
+     * @schema HelmRepositoryV1Beta2SpecAccessFrom#namespaceSelectors
+     */
+    namespaceSelectors: HelmRepositoryV1Beta2SpecAccessFromNamespaceSelectors[];
+}
+/** Converts an object of type 'HelmRepositoryV1Beta2SpecAccessFrom' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta2SpecAccessFrom(obj: HelmRepositoryV1Beta2SpecAccessFrom | undefined): Record<string, any> | undefined;
+/**
+ * CertSecretRef can be given the name of a Secret containing either or both of
+ *
+ * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+ * - A PEM-encoded CA certificate (`ca.crt`)
+ *
+ * And whichever are supplied, will be used for connecting to the registry. The client cert and key
+ * are useful if you are authenticating with a certificate; the CA cert is useful if you are using a
+ * self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ *
+ * It takes precedence over the values specified in the Secret referred to by `.spec.secretRef`.
+ *
+ * @schema HelmRepositoryV1Beta2SpecCertSecretRef
+ */
+export interface HelmRepositoryV1Beta2SpecCertSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmRepositoryV1Beta2SpecCertSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmRepositoryV1Beta2SpecCertSecretRef' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta2SpecCertSecretRef(obj: HelmRepositoryV1Beta2SpecCertSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. This field is
+ * optional, and only taken into account if the .spec.type field is set to 'oci'. When not
+ * specified, defaults to 'generic'.
+ *
+ * @schema HelmRepositoryV1Beta2SpecProvider
+ */
+export declare enum HelmRepositoryV1Beta2SpecProvider {
+    /** Generic */
+    GENERIC = "generic",
+    /** Aws */
+    AWS = "aws",
+    /** Azure */
+    AZURE = "azure",
+    /** Gcp */
+    GCP = "gcp"
+}
+/**
+ * SecretRef specifies the Secret containing authentication credentials for the HelmRepository. For
+ * HTTP/S basic auth the secret must contain 'username' and 'password' fields. Support for TLS auth
+ * using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. Please use
+ * `.spec.certSecretRef` instead.
+ *
+ * @schema HelmRepositoryV1Beta2SpecSecretRef
+ */
+export interface HelmRepositoryV1Beta2SpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema HelmRepositoryV1Beta2SpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'HelmRepositoryV1Beta2SpecSecretRef' to JSON representation. */
+export declare function toJson_HelmRepositoryV1Beta2SpecSecretRef(obj: HelmRepositoryV1Beta2SpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Type of the HelmRepository. When this field is set to "oci", the URL field value must be prefixed
+ * with "oci://".
+ *
+ * @schema HelmRepositoryV1Beta2SpecType
+ */
+export declare enum HelmRepositoryV1Beta2SpecType {
+    /** Default */
+    DEFAULT = "default",
+    /** Oci */
+    OCI = "oci"
+}
+/**
+ * NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels
+ * matches all namespaces in a cluster.
+ *
+ * @schema HelmRepositoryV1Beta2SpecAccessFromNamespaceSelectors
+ */
+export interface HelmRepositoryV1Beta2SpecAccessFromNamespaceSelectors {
+    /**
+     * MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is
+     * equivalent to an element of matchExpressions, whose key field is "key", the operator is "In",
+     * and the values array contains only "value". The requirements are ANDed.
+     *
+     * @schema HelmRepositoryV1Beta2SpecAccessFromNamespaceSelectors#matchLabels
+     */
+    matchLabels?: {
+        [key: string]: string;
+    };
+}
+/**
+ * Converts an object of type 'HelmRepositoryV1Beta2SpecAccessFromNamespaceSelectors' to JSON
+ * representation.
+ */
+export declare function toJson_HelmRepositoryV1Beta2SpecAccessFromNamespaceSelectors(obj: HelmRepositoryV1Beta2SpecAccessFromNamespaceSelectors | undefined): Record<string, any> | undefined;
+/**
+ * OCIRepository is the Schema for the ocirepositories API
+ *
+ * @schema OCIRepository
+ */
+export declare class OciRepository extends ApiObject {
+    /** Returns the apiVersion and kind for "OCIRepository" */
+    static GVK: GroupVersionKind;
+    /**
+     * Renders a Kubernetes manifest for "OCIRepository".
+     *
+     * This can be used to inline resource manifests inside other objects (e.g. as templates).
+     *
+     * @param props Initialization props
+     */
+    static manifest(props?: OciRepositoryProps): any;
+    /**
+     * Defines a "OCIRepository" API object
+     *
+     * @param scope The scope in which to define this object
+     * @param id A scope-local name for the object
+     * @param props Initialization props
+     */
+    constructor(scope: Construct, id: string, props?: OciRepositoryProps);
+    /** Renders the object to Kubernetes JSON. */
+    toJson(): any;
+}
+/**
+ * OCIRepository is the Schema for the ocirepositories API
+ *
+ * @schema OCIRepository
+ */
+export interface OciRepositoryProps {
+    /** @schema OCIRepository#metadata */
+    metadata?: ApiObjectMetadata;
+    /**
+     * OCIRepositorySpec defines the desired state of OCIRepository
+     *
+     * @schema OCIRepository#spec
+     */
+    spec?: OciRepositorySpec;
+}
+/** Converts an object of type 'OciRepositoryProps' to JSON representation. */
+export declare function toJson_OciRepositoryProps(obj: OciRepositoryProps | undefined): Record<string, any> | undefined;
+/**
+ * OCIRepositorySpec defines the desired state of OCIRepository
+ *
+ * @schema OciRepositorySpec
+ */
+export interface OciRepositorySpec {
+    /**
+     * CertSecretRef can be given the name of a Secret containing either or both of
+     *
+     * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+     * - A PEM-encoded CA certificate (`ca.crt`)
+     *
+     * And whichever are supplied, will be used for connecting to the registry. The client cert and
+     * key are useful if you are authenticating with a certificate; the CA cert is useful if you are
+     * using a self-signed server certificate. The Secret must be of type `Opaque` or
+     * `kubernetes.io/tls`.
+     *
+     * Note: Support for the `caFile`, `certFile` and `keyFile` keys have been deprecated.
+     *
+     * @schema OciRepositorySpec#certSecretRef
+     */
+    certSecretRef?: OciRepositorySpecCertSecretRef;
+    /**
+     * Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same
+     * as .gitignore). If not provided, a default will be used, consult the documentation for your
+     * version to find out what those are.
+     *
+     * @schema OciRepositorySpec#ignore
+     */
+    ignore?: string;
+    /**
+     * Insecure allows connecting to a non-TLS HTTP container registry.
+     *
+     * @schema OciRepositorySpec#insecure
+     */
+    insecure?: boolean;
+    /**
+     * Interval at which the OCIRepository URL is checked for updates. This interval is approximate
+     * and may be subject to jitter to ensure efficient use of resources.
+     *
+     * @schema OciRepositorySpec#interval
+     */
+    interval: string;
+    /**
+     * LayerSelector specifies which layer should be extracted from the OCI artifact. When not
+     * specified, the first layer found in the artifact is selected.
+     *
+     * @schema OciRepositorySpec#layerSelector
+     */
+    layerSelector?: OciRepositorySpecLayerSelector;
+    /**
+     * The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. When not
+     * specified, defaults to 'generic'.
+     *
+     * @schema OciRepositorySpec#provider
+     */
+    provider?: OciRepositorySpecProvider;
+    /**
+     * ProxySecretRef specifies the Secret containing the proxy configuration to use while
+     * communicating with the container registry.
+     *
+     * @schema OciRepositorySpec#proxySecretRef
+     */
+    proxySecretRef?: OciRepositorySpecProxySecretRef;
+    /**
+     * The OCI reference to pull and monitor for changes, defaults to the latest tag.
+     *
+     * @schema OciRepositorySpec#ref
+     */
+    ref?: OciRepositorySpecRef;
+    /**
+     * SecretRef contains the secret name containing the registry login credentials to resolve image
+     * metadata. The secret must be of type kubernetes.io/dockerconfigjson.
+     *
+     * @schema OciRepositorySpec#secretRef
+     */
+    secretRef?: OciRepositorySpecSecretRef;
+    /**
+     * ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate the
+     * image pull if the service account has attached pull secrets. For more information:
+     * https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account
+     *
+     * @schema OciRepositorySpec#serviceAccountName
+     */
+    serviceAccountName?: string;
+    /**
+     * This flag tells the controller to suspend the reconciliation of this source.
+     *
+     * @schema OciRepositorySpec#suspend
+     */
+    suspend?: boolean;
+    /**
+     * The timeout for remote OCI Repository operations like pulling, defaults to 60s.
+     *
+     * @schema OciRepositorySpec#timeout
+     */
+    timeout?: string;
+    /**
+     * URL is a reference to an OCI artifact repository hosted on a remote container registry.
+     *
+     * @schema OciRepositorySpec#url
+     */
+    url: string;
+    /**
+     * Verify contains the secret name containing the trusted public keys used to verify the
+     * signature and specifies which provider to use to check whether OCI image is authentic.
+     *
+     * @schema OciRepositorySpec#verify
+     */
+    verify?: OciRepositorySpecVerify;
+}
+/** Converts an object of type 'OciRepositorySpec' to JSON representation. */
+export declare function toJson_OciRepositorySpec(obj: OciRepositorySpec | undefined): Record<string, any> | undefined;
+/**
+ * CertSecretRef can be given the name of a Secret containing either or both of
+ *
+ * - A PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`);
+ * - A PEM-encoded CA certificate (`ca.crt`)
+ *
+ * And whichever are supplied, will be used for connecting to the registry. The client cert and key
+ * are useful if you are authenticating with a certificate; the CA cert is useful if you are using a
+ * self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`.
+ *
+ * Note: Support for the `caFile`, `certFile` and `keyFile` keys have been deprecated.
+ *
+ * @schema OciRepositorySpecCertSecretRef
+ */
+export interface OciRepositorySpecCertSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema OciRepositorySpecCertSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'OciRepositorySpecCertSecretRef' to JSON representation. */
+export declare function toJson_OciRepositorySpecCertSecretRef(obj: OciRepositorySpecCertSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * LayerSelector specifies which layer should be extracted from the OCI artifact. When not
+ * specified, the first layer found in the artifact is selected.
+ *
+ * @schema OciRepositorySpecLayerSelector
+ */
+export interface OciRepositorySpecLayerSelector {
+    /**
+     * MediaType specifies the OCI media type of the layer which should be extracted from the OCI
+     * Artifact. The first layer matching this type is selected.
+     *
+     * @schema OciRepositorySpecLayerSelector#mediaType
+     */
+    mediaType?: string;
+    /**
+     * Operation specifies how the selected layer should be processed. By default, the layer
+     * compressed content is extracted to storage. When the operation is set to 'copy', the layer
+     * compressed content is persisted to storage as it is.
+     *
+     * @schema OciRepositorySpecLayerSelector#operation
+     */
+    operation?: OciRepositorySpecLayerSelectorOperation;
+}
+/** Converts an object of type 'OciRepositorySpecLayerSelector' to JSON representation. */
+export declare function toJson_OciRepositorySpecLayerSelector(obj: OciRepositorySpecLayerSelector | undefined): Record<string, any> | undefined;
+/**
+ * The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. When not
+ * specified, defaults to 'generic'.
+ *
+ * @schema OciRepositorySpecProvider
+ */
+export declare enum OciRepositorySpecProvider {
+    /** Generic */
+    GENERIC = "generic",
+    /** Aws */
+    AWS = "aws",
+    /** Azure */
+    AZURE = "azure",
+    /** Gcp */
+    GCP = "gcp"
+}
+/**
+ * ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating
+ * with the container registry.
+ *
+ * @schema OciRepositorySpecProxySecretRef
+ */
+export interface OciRepositorySpecProxySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema OciRepositorySpecProxySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'OciRepositorySpecProxySecretRef' to JSON representation. */
+export declare function toJson_OciRepositorySpecProxySecretRef(obj: OciRepositorySpecProxySecretRef | undefined): Record<string, any> | undefined;
+/**
+ * The OCI reference to pull and monitor for changes, defaults to the latest tag.
+ *
+ * @schema OciRepositorySpecRef
+ */
+export interface OciRepositorySpecRef {
+    /**
+     * Digest is the image digest to pull, takes precedence over SemVer. The value should be in the
+     * format 'sha256:<HASH>'.
+     *
+     * @schema OciRepositorySpecRef#digest
+     */
+    digest?: string;
+    /**
+     * SemVer is the range of tags to pull selecting the latest within the range, takes precedence
+     * over Tag.
+     *
+     * @schema OciRepositorySpecRef#semver
+     */
+    semver?: string;
+    /**
+     * SemverFilter is a regex pattern to filter the tags within the SemVer range.
+     *
+     * @schema OciRepositorySpecRef#semverFilter
+     */
+    semverFilter?: string;
+    /**
+     * Tag is the image tag to pull, defaults to latest.
+     *
+     * @schema OciRepositorySpecRef#tag
+     */
+    tag?: string;
+}
+/** Converts an object of type 'OciRepositorySpecRef' to JSON representation. */
+export declare function toJson_OciRepositorySpecRef(obj: OciRepositorySpecRef | undefined): Record<string, any> | undefined;
+/**
+ * SecretRef contains the secret name containing the registry login credentials to resolve image
+ * metadata. The secret must be of type kubernetes.io/dockerconfigjson.
+ *
+ * @schema OciRepositorySpecSecretRef
+ */
+export interface OciRepositorySpecSecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema OciRepositorySpecSecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'OciRepositorySpecSecretRef' to JSON representation. */
+export declare function toJson_OciRepositorySpecSecretRef(obj: OciRepositorySpecSecretRef | undefined): Record<string, any> | undefined;
+/**
+ * Verify contains the secret name containing the trusted public keys used to verify the signature
+ * and specifies which provider to use to check whether OCI image is authentic.
+ *
+ * @schema OciRepositorySpecVerify
+ */
+export interface OciRepositorySpecVerify {
+    /**
+     * MatchOIDCIdentity specifies the identity matching criteria to use while verifying an OCI
+     * artifact which was signed using Cosign keyless signing. The artifact's identity is deemed to
+     * be verified if any of the specified matchers match against the identity.
+     *
+     * @schema OciRepositorySpecVerify#matchOIDCIdentity
+     */
+    matchOidcIdentity?: OciRepositorySpecVerifyMatchOidcIdentity[];
+    /**
+     * Provider specifies the technology used to sign the OCI Artifact.
+     *
+     * @schema OciRepositorySpecVerify#provider
+     */
+    provider: OciRepositorySpecVerifyProvider;
+    /**
+     * SecretRef specifies the Kubernetes Secret containing the trusted public keys.
+     *
+     * @schema OciRepositorySpecVerify#secretRef
+     */
+    secretRef?: OciRepositorySpecVerifySecretRef;
+}
+/** Converts an object of type 'OciRepositorySpecVerify' to JSON representation. */
+export declare function toJson_OciRepositorySpecVerify(obj: OciRepositorySpecVerify | undefined): Record<string, any> | undefined;
+/**
+ * Operation specifies how the selected layer should be processed. By default, the layer compressed
+ * content is extracted to storage. When the operation is set to 'copy', the layer compressed
+ * content is persisted to storage as it is.
+ *
+ * @schema OciRepositorySpecLayerSelectorOperation
+ */
+export declare enum OciRepositorySpecLayerSelectorOperation {
+    /** Extract */
+    EXTRACT = "extract",
+    /** Copy */
+    COPY = "copy"
+}
+/**
+ * OIDCIdentityMatch specifies options for verifying the certificate identity, i.e. the issuer and
+ * the subject of the certificate.
+ *
+ * @schema OciRepositorySpecVerifyMatchOidcIdentity
+ */
+export interface OciRepositorySpecVerifyMatchOidcIdentity {
+    /**
+     * Issuer specifies the regex pattern to match against to verify the OIDC issuer in the Fulcio
+     * certificate. The pattern must be a valid Go regular expression.
+     *
+     * @schema OciRepositorySpecVerifyMatchOidcIdentity#issuer
+     */
+    issuer: string;
+    /**
+     * Subject specifies the regex pattern to match against to verify the identity subject in the
+     * Fulcio certificate. The pattern must be a valid Go regular expression.
+     *
+     * @schema OciRepositorySpecVerifyMatchOidcIdentity#subject
+     */
+    subject: string;
+}
+/** Converts an object of type 'OciRepositorySpecVerifyMatchOidcIdentity' to JSON representation. */
+export declare function toJson_OciRepositorySpecVerifyMatchOidcIdentity(obj: OciRepositorySpecVerifyMatchOidcIdentity | undefined): Record<string, any> | undefined;
+/**
+ * Provider specifies the technology used to sign the OCI Artifact.
+ *
+ * @schema OciRepositorySpecVerifyProvider
+ */
+export declare enum OciRepositorySpecVerifyProvider {
+    /** Cosign */
+    COSIGN = "cosign",
+    /** Notation */
+    NOTATION = "notation"
+}
+/**
+ * SecretRef specifies the Kubernetes Secret containing the trusted public keys.
+ *
+ * @schema OciRepositorySpecVerifySecretRef
+ */
+export interface OciRepositorySpecVerifySecretRef {
+    /**
+     * Name of the referent.
+     *
+     * @schema OciRepositorySpecVerifySecretRef#name
+     */
+    name: string;
+}
+/** Converts an object of type 'OciRepositorySpecVerifySecretRef' to JSON representation. */
+export declare function toJson_OciRepositorySpecVerifySecretRef(obj: OciRepositorySpecVerifySecretRef | undefined): Record<string, any> | undefined;
+//# sourceMappingURL=source.toolkit.fluxcd.io.d.ts.map