1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: iamauditconfigs.iam.cnrm.cloud.google.com
8spec:
9 group: iam.cnrm.cloud.google.com
10 names:
11 kind: IAMAuditConfig
12 listKind: IAMAuditConfigList
13 plural: iamauditconfigs
14 singular: iamauditconfig
15 scope: Namespaced
16 versions:
17 - name: v1beta1
18 schema:
19 openAPIV3Schema:
20 description: IAMAuditConfig is the Schema for the iam API
21 properties:
22 apiVersion:
23 description: |-
24 APIVersion defines the versioned schema of this representation of an object.
25 Servers should convert recognized schemas to the latest internal value, and
26 may reject unrecognized values.
27 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
28 type: string
29 kind:
30 description: |-
31 Kind is a string value representing the REST resource this object represents.
32 Servers may infer this from the endpoint the client submits requests to.
33 Cannot be updated.
34 In CamelCase.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
36 type: string
37 metadata:
38 type: object
39 spec:
40 properties:
41 auditLogConfigs:
42 description: Required. The configuration for logging of each type
43 of permission.
44 items:
45 properties:
46 exemptedMembers:
47 description: Identities that do not cause logging for this type
48 of permission. The format is the same as that for 'members'
49 in IAMPolicy/IAMPolicyMember.
50 items:
51 type: string
52 type: array
53 logType:
54 description: Permission type for which logging is to be configured.
55 Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'.
56 type: string
57 required:
58 - logType
59 type: object
60 type: array
61 resourceRef:
62 description: Immutable. Required. The GCP resource to set the IAMAuditConfig
63 on (e.g. project).
64 properties:
65 apiVersion:
66 description: APIVersion of the referenced resource
67 type: string
68 external:
69 description: The external name of the referenced resource
70 type: string
71 kind:
72 description: Kind of the referenced resource
73 type: string
74 name:
75 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
76 type: string
77 namespace:
78 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
79 type: string
80 required:
81 - kind
82 type: object
83 service:
84 description: 'Immutable. Required. The service for which to enable
85 Data Access audit logs. The special value ''allServices'' covers
86 all services. Note that if there are audit configs covering both
87 ''allServices'' and a specific service, then the union of the two
88 audit configs is used for that service: the ''logTypes'' specified
89 in each ''auditLogConfig'' are enabled, and the ''exemptedMembers''
90 in each ''auditLogConfg'' are exempted.'
91 type: string
92 required:
93 - auditLogConfigs
94 - resourceRef
95 - service
96 type: object
97 status:
98 properties:
99 conditions:
100 description: |-
101 Conditions represent the latest available observations of the
102 IAMAuditConfig's current state.
103 items:
104 properties:
105 lastTransitionTime:
106 description: Last time the condition transitioned from one status
107 to another.
108 type: string
109 message:
110 description: Human-readable message indicating details about
111 last transition.
112 type: string
113 reason:
114 description: |-
115 Unique, one-word, CamelCase reason for the condition's last
116 transition.
117 type: string
118 status:
119 description: Status is the status of the condition. Can be True,
120 False, Unknown.
121 type: string
122 type:
123 description: Type is the type of the condition.
124 type: string
125 type: object
126 type: array
127 observedGeneration:
128 description: ObservedGeneration is the generation of the resource
129 that was most recently observed by the Config Connector controller.
130 If this is equal to metadata.generation, then that means that the
131 current reported status reflects the most recent desired state of
132 the resource.
133 type: integer
134 type: object
135 type: object
136 served: true
137 storage: true
View as plain text