CRD Reference

API group and kind

• Group: platform.atensecurity.com
• Version: v1alpha1
• Kind: ThothTenant

spec fields

• tenantId (string, required)
  • Thoth tenant identifier.
• apexDomain (string, optional)
  • Endpoint domain suffix. Default behavior uses your configured control-plane domain.
• apiBaseURL (string, optional)
  • Explicit endpoint override. If omitted, operator derives from tenant + apex.
• authSecretRef (object, required)
  • Secret reference for admin auth token.
  • name (required), key (required).
• settings (map[string]JSON, optional)
  • Arbitrary tenant settings payload forwarded to Thoth settings API.
• mdmProvider (object, optional)
  • provider (required)
  • endpointUrl (optional)
  • enabled (optional)
  • apiTokenSecretRef (optional secret ref)
• packAssignments (array, optional)
  • Bulk compliance-pack assignment operations.
  • Each item supports packIds, optional target selectors (allAgents, agentIds, fleetIds, endpointIds), and optional overrides.
• policySync (bool, optional)
  • When true, triggers policy sync on generation changes.
• governanceEvidenceBackfill (object, optional)
  • Triggers governance evidence materialization from behavioral events.
  • Common fields: enabled, limit (1-1000), includeBlockedEvents, integrationId, dryRun.
• governanceDecisionFieldBackfill (object, optional)
  • Backfills missing decision-evidence fields on behavioral events.
  • Common fields: enabled, limit (1-5000), windowHours (1-2880), includeBlockedEvents, dryRun.

status fields

• phase
• observedGeneration
• endpointUrl
• lastPolicySyncAt
• lastGovernanceEvidenceBackfillAt
• lastGovernanceDecisionFieldBackfillAt
• conditions[]

Ready=True indicates successful end-to-end reconciliation for current generation.