Text file
src/edge-infra.dev/test/fixtures/crds/gcp/compute.cnrm.cloud.google.com_computeorganizationsecuritypolicyrules.yaml
1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com
8spec:
9 group: compute.cnrm.cloud.google.com
10 names:
11 kind: ComputeOrganizationSecurityPolicyRule
12 listKind: ComputeOrganizationSecurityPolicyRuleList
13 plural: computeorganizationsecuritypolicyrules
14 singular: computeorganizationsecuritypolicyrule
15 scope: Namespaced
16 versions:
17 - name: v1alpha1
18 schema:
19 openAPIV3Schema:
20 description: ComputeOrganizationSecurityPolicyRule is the Schema for the compute
21 API
22 properties:
23 apiVersion:
24 description: |-
25 APIVersion defines the versioned schema of this representation of an object.
26 Servers should convert recognized schemas to the latest internal value, and
27 may reject unrecognized values.
28 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
29 type: string
30 kind:
31 description: |-
32 Kind is a string value representing the REST resource this object represents.
33 Servers may infer this from the endpoint the client submits requests to.
34 Cannot be updated.
35 In CamelCase.
36 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
37 type: string
38 metadata:
39 type: object
40 spec:
41 properties:
42 action:
43 description: |-
44 The Action to perform when the client connection triggers the rule. Can currently be either
45 "allow", "deny" or "goto_next".
46 type: string
47 description:
48 description: A description of the rule.
49 type: string
50 direction:
51 description: 'The direction in which this rule applies. If unspecified
52 an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].'
53 type: string
54 enableLogging:
55 description: |-
56 Denotes whether to enable logging for a particular rule.
57 If logging is enabled, logs will be exported to the
58 configured export destination in Stackdriver.
59 type: boolean
60 match:
61 description: A match condition that incoming traffic is evaluated
62 against. If it evaluates to true, the corresponding 'action' is
63 enforced.
64 properties:
65 config:
66 description: The configuration options for matching the rule.
67 properties:
68 destIpRanges:
69 description: |-
70 Destination IP address range in CIDR format. Required for
71 EGRESS rules.
72 items:
73 type: string
74 type: array
75 layer4Config:
76 description: Pairs of IP protocols and ports that the rule
77 should match.
78 items:
79 properties:
80 ipProtocol:
81 description: |-
82 The IP protocol to which this rule applies. The protocol
83 type is required when creating a firewall rule.
84 This value can either be one of the following well
85 known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
86 or the IP protocol number.
87 type: string
88 ports:
89 description: |-
90 An optional list of ports to which this rule applies. This field
91 is only applicable for UDP or TCP protocol. Each entry must be
92 either an integer or a range. If not specified, this rule
93 applies to connections through any port.
94
95
96 Example inputs include: ["22"], ["80","443"], and
97 ["12345-12349"].
98 items:
99 type: string
100 type: array
101 required:
102 - ipProtocol
103 type: object
104 type: array
105 srcIpRanges:
106 description: |-
107 Source IP address range in CIDR format. Required for
108 INGRESS rules.
109 items:
110 type: string
111 type: array
112 required:
113 - layer4Config
114 type: object
115 description:
116 description: A description of the rule.
117 type: string
118 versionedExpr:
119 description: |-
120 Preconfigured versioned expression. For organization security policy rules,
121 the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"].
122 type: string
123 required:
124 - config
125 type: object
126 policyId:
127 description: Immutable. The ID of the OrganizationSecurityPolicy this
128 rule applies to.
129 type: string
130 preview:
131 description: If set to true, the specified action is not enforced.
132 type: boolean
133 resourceID:
134 description: Immutable. Optional. The priority of the resource. Used
135 for creation and acquisition. When unset, the value of `metadata.name`
136 is used as the default.
137 type: string
138 targetResources:
139 description: |-
140 A list of network resource URLs to which this rule applies.
141 This field allows you to control which network's VMs get
142 this rule. If this field is left blank, all VMs
143 within the organization will receive the rule.
144 items:
145 type: string
146 type: array
147 targetServiceAccounts:
148 description: |-
149 A list of service accounts indicating the sets of
150 instances that are applied with this rule.
151 items:
152 type: string
153 type: array
154 required:
155 - action
156 - match
157 - policyId
158 type: object
159 status:
160 properties:
161 conditions:
162 description: |-
163 Conditions represent the latest available observations of the
164 ComputeOrganizationSecurityPolicyRule's current state.
165 items:
166 properties:
167 lastTransitionTime:
168 description: Last time the condition transitioned from one status
169 to another.
170 type: string
171 message:
172 description: Human-readable message indicating details about
173 last transition.
174 type: string
175 reason:
176 description: |-
177 Unique, one-word, CamelCase reason for the condition's last
178 transition.
179 type: string
180 status:
181 description: Status is the status of the condition. Can be True,
182 False, Unknown.
183 type: string
184 type:
185 description: Type is the type of the condition.
186 type: string
187 type: object
188 type: array
189 observedGeneration:
190 description: ObservedGeneration is the generation of the resource
191 that was most recently observed by the Config Connector controller.
192 If this is equal to metadata.generation, then that means that the
193 current reported status reflects the most recent desired state of
194 the resource.
195 type: integer
196 type: object
197 type: object
198 served: true
199 storage: true
View as plain text