1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com
8spec:
9 group: iam.cnrm.cloud.google.com
10 names:
11 kind: IAMAccessBoundaryPolicy
12 listKind: IAMAccessBoundaryPolicyList
13 plural: iamaccessboundarypolicies
14 singular: iamaccessboundarypolicy
15 scope: Namespaced
16 versions:
17 - name: v1beta1
18 schema:
19 openAPIV3Schema:
20 description: IAMAccessBoundaryPolicy is the Schema for the iam API
21 properties:
22 apiVersion:
23 description: |-
24 APIVersion defines the versioned schema of this representation of an object.
25 Servers should convert recognized schemas to the latest internal value, and
26 may reject unrecognized values.
27 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
28 type: string
29 kind:
30 description: |-
31 Kind is a string value representing the REST resource this object represents.
32 Servers may infer this from the endpoint the client submits requests to.
33 Cannot be updated.
34 In CamelCase.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
36 type: string
37 metadata:
38 type: object
39 spec:
40 properties:
41 displayName:
42 description: The display name of the rule.
43 type: string
44 projectRef:
45 properties:
46 external:
47 description: The external name of the referenced resource
48 type: string
49 kind:
50 description: Kind of the referent.
51 type: string
52 name:
53 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
54 type: string
55 namespace:
56 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
57 type: string
58 type: object
59 resourceID:
60 description: Immutable. Optional. The name of the resource. Used for
61 creation and acquisition. When unset, the value of `metadata.name`
62 is used as the default.
63 type: string
64 rules:
65 description: Rules to be applied.
66 items:
67 properties:
68 accessBoundaryRule:
69 description: An access boundary rule in an IAM policy.
70 properties:
71 availabilityCondition:
72 description: The availability condition further constrains
73 the access allowed by the access boundary rule.
74 properties:
75 description:
76 description: |-
77 Description of the expression. This is a longer text which describes the expression,
78 e.g. when hovered over it in a UI.
79 type: string
80 expression:
81 description: Textual representation of an expression
82 in Common Expression Language syntax.
83 type: string
84 location:
85 description: |-
86 String indicating the location of the expression for error reporting,
87 e.g. a file name and a position in the file.
88 type: string
89 title:
90 description: |-
91 Title for the expression, i.e. a short string describing its purpose.
92 This can be used e.g. in UIs which allow to enter the expression.
93 type: string
94 required:
95 - expression
96 type: object
97 availablePermissions:
98 description: A list of permissions that may be allowed for
99 use on the specified resource.
100 items:
101 type: string
102 type: array
103 availableResource:
104 description: The full resource name of a Google Cloud resource
105 entity.
106 type: string
107 type: object
108 description:
109 description: The description of the rule.
110 type: string
111 type: object
112 type: array
113 required:
114 - projectRef
115 - rules
116 type: object
117 status:
118 properties:
119 conditions:
120 description: |-
121 Conditions represent the latest available observations of the
122 IAMAccessBoundaryPolicy's current state.
123 items:
124 properties:
125 lastTransitionTime:
126 description: Last time the condition transitioned from one status
127 to another.
128 type: string
129 message:
130 description: Human-readable message indicating details about
131 last transition.
132 type: string
133 reason:
134 description: |-
135 Unique, one-word, CamelCase reason for the condition's last
136 transition.
137 type: string
138 status:
139 description: Status is the status of the condition. Can be True,
140 False, Unknown.
141 type: string
142 type:
143 description: Type is the type of the condition.
144 type: string
145 type: object
146 type: array
147 etag:
148 description: The hash of the resource. Used internally during updates.
149 type: string
150 observedGeneration:
151 description: ObservedGeneration is the generation of the resource
152 that was most recently observed by the Config Connector controller.
153 If this is equal to metadata.generation, then that means that the
154 current reported status reflects the most recent desired state of
155 the resource.
156 type: integer
157 type: object
158 type: object
159 served: true
160 storage: true
View as plain text