1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: iampartialpolicies.iam.cnrm.cloud.google.com
8spec:
9 group: iam.cnrm.cloud.google.com
10 names:
11 kind: IAMPartialPolicy
12 listKind: IAMPartialPolicyList
13 plural: iampartialpolicies
14 singular: iampartialpolicy
15 scope: Namespaced
16 versions:
17 - name: v1beta1
18 schema:
19 openAPIV3Schema:
20 description: IAMPartialPolicy is the Schema for the iam API
21 properties:
22 apiVersion:
23 description: |-
24 APIVersion defines the versioned schema of this representation of an object.
25 Servers should convert recognized schemas to the latest internal value, and
26 may reject unrecognized values.
27 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
28 type: string
29 kind:
30 description: |-
31 Kind is a string value representing the REST resource this object represents.
32 Servers may infer this from the endpoint the client submits requests to.
33 Cannot be updated.
34 In CamelCase.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
36 type: string
37 metadata:
38 type: object
39 spec:
40 properties:
41 bindings:
42 description: Optional. The list of IAM bindings managed by Config
43 Connector.
44 items:
45 properties:
46 condition:
47 description: Optional. The condition under which the binding
48 applies.
49 properties:
50 description:
51 type: string
52 expression:
53 type: string
54 title:
55 type: string
56 required:
57 - expression
58 - title
59 type: object
60 members:
61 description: Optional. The list of IAM users to be bound to
62 the role.
63 items:
64 properties:
65 member:
66 description: The IAM identity to be bound to the role.
67 Exactly one of 'member' or 'memberFrom' must be used.
68 type: string
69 memberFrom:
70 description: The IAM identity to be bound to the role.
71 Exactly one of 'member' or 'memberFrom' must be used,
72 and only one subfield within 'memberFrom' can be used.
73 properties:
74 logSinkRef:
75 description: The LoggingLogSink whose writer identity
76 (i.e. its 'status.writerIdentity') is to be bound
77 to the role.
78 properties:
79 apiVersion:
80 description: APIVersion of the referenced resource
81 type: string
82 external:
83 description: The external name of the referenced
84 resource
85 type: string
86 kind:
87 description: Kind of the referenced resource
88 type: string
89 name:
90 description: 'Name of the referent. More info:
91 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
92 type: string
93 namespace:
94 description: 'Namespace of the referent. More
95 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
96 type: string
97 required:
98 - kind
99 type: object
100 serviceAccountRef:
101 description: The IAMServiceAccount to be bound to
102 the role.
103 properties:
104 apiVersion:
105 description: APIVersion of the referenced resource
106 type: string
107 external:
108 description: The external name of the referenced
109 resource
110 type: string
111 kind:
112 description: Kind of the referenced resource
113 type: string
114 name:
115 description: 'Name of the referent. More info:
116 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
117 type: string
118 namespace:
119 description: 'Namespace of the referent. More
120 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
121 type: string
122 required:
123 - kind
124 type: object
125 serviceIdentityRef:
126 description: The ServiceIdentity whose service account
127 (i.e., its 'status.email') is to be bound to the
128 role.
129 properties:
130 apiVersion:
131 description: APIVersion of the referenced resource
132 type: string
133 external:
134 description: The external name of the referenced
135 resource
136 type: string
137 kind:
138 description: Kind of the referenced resource
139 type: string
140 name:
141 description: 'Name of the referent. More info:
142 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
143 type: string
144 namespace:
145 description: 'Namespace of the referent. More
146 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
147 type: string
148 required:
149 - kind
150 type: object
151 sqlInstanceRef:
152 description: The SQLInstance whose service account
153 (i.e. its 'status.serviceAccountEmailAddress') is
154 to be bound to the role.
155 properties:
156 apiVersion:
157 description: APIVersion of the referenced resource
158 type: string
159 external:
160 description: The external name of the referenced
161 resource
162 type: string
163 kind:
164 description: Kind of the referenced resource
165 type: string
166 name:
167 description: 'Name of the referent. More info:
168 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
169 type: string
170 namespace:
171 description: 'Namespace of the referent. More
172 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
173 type: string
174 required:
175 - kind
176 type: object
177 type: object
178 type: object
179 type: array
180 role:
181 description: Required. The role to bind the users to.
182 type: string
183 required:
184 - role
185 type: object
186 type: array
187 resourceRef:
188 description: Immutable. Required. The GCP resource to set the IAM
189 policy on.
190 properties:
191 apiVersion:
192 description: APIVersion of the referenced resource
193 type: string
194 external:
195 description: The external name of the referenced resource
196 type: string
197 kind:
198 description: Kind of the referenced resource
199 type: string
200 name:
201 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
202 type: string
203 namespace:
204 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
205 type: string
206 required:
207 - kind
208 type: object
209 required:
210 - resourceRef
211 type: object
212 status:
213 properties:
214 allBindings:
215 description: AllBindings surfaces all IAM bindings for the referenced
216 resource.
217 items:
218 properties:
219 condition:
220 description: Optional. The condition under which the binding
221 applies.
222 properties:
223 description:
224 type: string
225 expression:
226 type: string
227 title:
228 type: string
229 required:
230 - expression
231 - title
232 type: object
233 members:
234 description: Optional. The list of IAM users to be bound to
235 the role.
236 items:
237 type: string
238 type: array
239 role:
240 description: Required. The role to bind the users to.
241 type: string
242 required:
243 - role
244 type: object
245 type: array
246 conditions:
247 description: |-
248 Conditions represent the latest available observations of the
249 IAMPartialPolicy's current state.
250 items:
251 properties:
252 lastTransitionTime:
253 description: Last time the condition transitioned from one status
254 to another.
255 type: string
256 message:
257 description: Human-readable message indicating details about
258 last transition.
259 type: string
260 reason:
261 description: |-
262 Unique, one-word, CamelCase reason for the condition's last
263 transition.
264 type: string
265 status:
266 description: Status is the status of the condition. Can be True,
267 False, Unknown.
268 type: string
269 type:
270 description: Type is the type of the condition.
271 type: string
272 type: object
273 type: array
274 lastAppliedBindings:
275 description: LastAppliedBindings is the list of IAM bindings that
276 were most recently applied by Config Connector.
277 items:
278 properties:
279 condition:
280 description: Optional. The condition under which the binding
281 applies.
282 properties:
283 description:
284 type: string
285 expression:
286 type: string
287 title:
288 type: string
289 required:
290 - expression
291 - title
292 type: object
293 members:
294 description: Optional. The list of IAM users to be bound to
295 the role.
296 items:
297 type: string
298 type: array
299 role:
300 description: Required. The role to bind the users to.
301 type: string
302 required:
303 - role
304 type: object
305 type: array
306 observedGeneration:
307 description: ObservedGeneration is the generation of the resource
308 that was most recently observed by the Config Connector controller.
309 If this is equal to metadata.generation, then that means that the
310 current reported status reflects the most recent desired state of
311 the resource.
312 type: integer
313 type: object
314 type: object
315 served: true
316 storage: true
View as plain text