Text file
src/edge-infra.dev/test/fixtures/crds/gcp/compute.cnrm.cloud.google.com_computefirewallpolicyrules.yaml
1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: computefirewallpolicyrules.compute.cnrm.cloud.google.com
8spec:
9 group: compute.cnrm.cloud.google.com
10 names:
11 kind: ComputeFirewallPolicyRule
12 listKind: ComputeFirewallPolicyRuleList
13 plural: computefirewallpolicyrules
14 singular: computefirewallpolicyrule
15 scope: Namespaced
16 versions:
17 - name: v1beta1
18 schema:
19 openAPIV3Schema:
20 description: ComputeFirewallPolicyRule is the Schema for the compute API
21 properties:
22 apiVersion:
23 description: |-
24 APIVersion defines the versioned schema of this representation of an object.
25 Servers should convert recognized schemas to the latest internal value, and
26 may reject unrecognized values.
27 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
28 type: string
29 kind:
30 description: |-
31 Kind is a string value representing the REST resource this object represents.
32 Servers may infer this from the endpoint the client submits requests to.
33 Cannot be updated.
34 In CamelCase.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
36 type: string
37 metadata:
38 type: object
39 spec:
40 properties:
41 action:
42 description: The Action to perform when the client connection triggers
43 the rule. Valid actions are "allow", "deny" and "goto_next".
44 type: string
45 description:
46 description: An optional description for this resource.
47 type: string
48 direction:
49 description: 'The direction in which this rule applies. Possible values:
50 INGRESS, EGRESS'
51 type: string
52 disabled:
53 description: Denotes whether the firewall policy rule is disabled.
54 When set to true, the firewall policy rule is not enforced and traffic
55 behaves as if it did not exist. If this is unspecified, the firewall
56 policy rule will be enabled.
57 type: boolean
58 enableLogging:
59 description: 'Denotes whether to enable logging for a particular rule.
60 If logging is enabled, logs will be exported to the configured export
61 destination in Stackdriver. Logs may be exported to BigQuery or
62 Pub/Sub. Note: you cannot enable logging on "goto_next" rules.'
63 type: boolean
64 firewallPolicyRef:
65 description: Immutable.
66 properties:
67 external:
68 description: The external name of the referenced resource
69 type: string
70 kind:
71 description: Kind of the referent.
72 type: string
73 name:
74 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
75 type: string
76 namespace:
77 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
78 type: string
79 type: object
80 match:
81 description: A match condition that incoming traffic is evaluated
82 against. If it evaluates to true, the corresponding 'action' is
83 enforced.
84 properties:
85 destAddressGroups:
86 description: Address groups which should be matched against the
87 traffic destination. Maximum number of destination address groups
88 is 10. Destination address groups is only supported in Egress
89 rules.
90 items:
91 type: string
92 type: array
93 destFqdns:
94 description: Domain names that will be used to match against the
95 resolved domain name of destination of traffic. Can only be
96 specified if DIRECTION is egress.
97 items:
98 type: string
99 type: array
100 destIPRanges:
101 description: CIDR IP address range. Maximum number of destination
102 CIDR IP ranges allowed is 256.
103 items:
104 type: string
105 type: array
106 destRegionCodes:
107 description: The Unicode country codes whose IP addresses will
108 be used to match against the source of traffic. Can only be
109 specified if DIRECTION is egress.
110 items:
111 type: string
112 type: array
113 destThreatIntelligences:
114 description: Name of the Google Cloud Threat Intelligence list.
115 items:
116 type: string
117 type: array
118 layer4Configs:
119 description: Pairs of IP protocols and ports that the rule should
120 match.
121 items:
122 properties:
123 ipProtocol:
124 description: The IP protocol to which this rule applies.
125 The protocol type is required when creating a firewall
126 rule. This value can either be one of the following well
127 known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`,
128 `ipip`, `sctp`), or the IP protocol number.
129 type: string
130 ports:
131 description: 'An optional list of ports to which this rule
132 applies. This field is only applicable for UDP or TCP
133 protocol. Each entry must be either an integer or a range.
134 If not specified, this rule applies to connections through
135 any port. Example inputs include: ``.'
136 items:
137 type: string
138 type: array
139 required:
140 - ipProtocol
141 type: object
142 type: array
143 srcAddressGroups:
144 description: Address groups which should be matched against the
145 traffic source. Maximum number of source address groups is 10.
146 Source address groups is only supported in Ingress rules.
147 items:
148 type: string
149 type: array
150 srcFqdns:
151 description: Domain names that will be used to match against the
152 resolved domain name of source of traffic. Can only be specified
153 if DIRECTION is ingress.
154 items:
155 type: string
156 type: array
157 srcIPRanges:
158 description: CIDR IP address range. Maximum number of source CIDR
159 IP ranges allowed is 256.
160 items:
161 type: string
162 type: array
163 srcRegionCodes:
164 description: The Unicode country codes whose IP addresses will
165 be used to match against the source of traffic. Can only be
166 specified if DIRECTION is ingress.
167 items:
168 type: string
169 type: array
170 srcThreatIntelligences:
171 description: Name of the Google Cloud Threat Intelligence list.
172 items:
173 type: string
174 type: array
175 required:
176 - layer4Configs
177 type: object
178 priority:
179 description: Immutable. An integer indicating the priority of a rule
180 in the list. The priority must be a positive value between 0 and
181 2147483647. Rules are evaluated from highest to lowest priority
182 where 0 is the highest priority and 2147483647 is the lowest prority.
183 type: integer
184 targetResources:
185 items:
186 properties:
187 external:
188 description: The external name of the referenced resource
189 type: string
190 kind:
191 description: Kind of the referent.
192 type: string
193 name:
194 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
195 type: string
196 namespace:
197 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
198 type: string
199 type: object
200 type: array
201 targetServiceAccounts:
202 items:
203 properties:
204 external:
205 description: The external name of the referenced resource
206 type: string
207 kind:
208 description: Kind of the referent.
209 type: string
210 name:
211 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
212 type: string
213 namespace:
214 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
215 type: string
216 type: object
217 type: array
218 required:
219 - action
220 - direction
221 - firewallPolicyRef
222 - match
223 - priority
224 type: object
225 status:
226 properties:
227 conditions:
228 description: |-
229 Conditions represent the latest available observations of the
230 ComputeFirewallPolicyRule's current state.
231 items:
232 properties:
233 lastTransitionTime:
234 description: Last time the condition transitioned from one status
235 to another.
236 type: string
237 message:
238 description: Human-readable message indicating details about
239 last transition.
240 type: string
241 reason:
242 description: |-
243 Unique, one-word, CamelCase reason for the condition's last
244 transition.
245 type: string
246 status:
247 description: Status is the status of the condition. Can be True,
248 False, Unknown.
249 type: string
250 type:
251 description: Type is the type of the condition.
252 type: string
253 type: object
254 type: array
255 kind:
256 description: Type of the resource. Always `compute#firewallPolicyRule`
257 for firewall policy rules
258 type: string
259 observedGeneration:
260 description: ObservedGeneration is the generation of the resource
261 that was most recently observed by the Config Connector controller.
262 If this is equal to metadata.generation, then that means that the
263 current reported status reflects the most recent desired state of
264 the resource.
265 type: integer
266 ruleTupleCount:
267 description: Calculation of the complexity of a single firewall policy
268 rule.
269 type: integer
270 type: object
271 type: object
272 served: true
273 storage: true
View as plain text