1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: iampolicies.iam.cnrm.cloud.google.com
8spec:
9 group: iam.cnrm.cloud.google.com
10 names:
11 kind: IAMPolicy
12 listKind: IAMPolicyList
13 plural: iampolicies
14 singular: iampolicy
15 scope: Namespaced
16 versions:
17 - name: v1beta1
18 schema:
19 openAPIV3Schema:
20 description: IAMPolicy is the Schema for the iam API
21 properties:
22 apiVersion:
23 description: |-
24 APIVersion defines the versioned schema of this representation of an object.
25 Servers should convert recognized schemas to the latest internal value, and
26 may reject unrecognized values.
27 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
28 type: string
29 kind:
30 description: |-
31 Kind is a string value representing the REST resource this object represents.
32 Servers may infer this from the endpoint the client submits requests to.
33 Cannot be updated.
34 In CamelCase.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
36 type: string
37 metadata:
38 type: object
39 spec:
40 properties:
41 auditConfigs:
42 description: Optional. The list of IAM audit configs.
43 items:
44 properties:
45 auditLogConfigs:
46 description: Required. The configuration for logging of each
47 type of permission.
48 items:
49 properties:
50 exemptedMembers:
51 description: Identities that do not cause logging for
52 this type of permission. The format is the same as that
53 for 'members' in IAMPolicy/IAMPolicyMember.
54 items:
55 type: string
56 type: array
57 logType:
58 description: Permission type for which logging is to be
59 configured. Must be one of 'DATA_READ', 'DATA_WRITE',
60 or 'ADMIN_READ'.
61 type: string
62 required:
63 - logType
64 type: object
65 type: array
66 service:
67 description: 'Required. The service for which to enable Data
68 Access audit logs. The special value ''allServices'' covers
69 all services. Note that if there are audit configs covering
70 both ''allServices'' and a specific service, then the union
71 of the two audit configs is used for that service: the ''logTypes''
72 specified in each ''auditLogConfig'' are enabled, and the
73 ''exemptedMembers'' in each ''auditLogConfg'' are exempted.'
74 type: string
75 required:
76 - auditLogConfigs
77 - service
78 type: object
79 type: array
80 bindings:
81 description: Optional. The list of IAM bindings.
82 items:
83 properties:
84 condition:
85 description: Optional. The condition under which the binding
86 applies.
87 properties:
88 description:
89 type: string
90 expression:
91 type: string
92 title:
93 type: string
94 required:
95 - expression
96 - title
97 type: object
98 members:
99 description: Optional. The list of IAM users to be bound to
100 the role.
101 items:
102 type: string
103 type: array
104 role:
105 description: Required. The role to bind the users to.
106 type: string
107 required:
108 - role
109 type: object
110 type: array
111 resourceRef:
112 description: Immutable. Required. The GCP resource to set the IAM
113 policy on.
114 properties:
115 apiVersion:
116 description: APIVersion of the referenced resource
117 type: string
118 external:
119 description: The external name of the referenced resource
120 type: string
121 kind:
122 description: Kind of the referenced resource
123 type: string
124 name:
125 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
126 type: string
127 namespace:
128 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
129 type: string
130 required:
131 - kind
132 type: object
133 required:
134 - resourceRef
135 type: object
136 status:
137 properties:
138 conditions:
139 description: |-
140 Conditions represent the latest available observations of the
141 IAMPolicy's current state.
142 items:
143 properties:
144 lastTransitionTime:
145 description: Last time the condition transitioned from one status
146 to another.
147 type: string
148 message:
149 description: Human-readable message indicating details about
150 last transition.
151 type: string
152 reason:
153 description: |-
154 Unique, one-word, CamelCase reason for the condition's last
155 transition.
156 type: string
157 status:
158 description: Status is the status of the condition. Can be True,
159 False, Unknown.
160 type: string
161 type:
162 description: Type is the type of the condition.
163 type: string
164 type: object
165 type: array
166 observedGeneration:
167 description: ObservedGeneration is the generation of the resource
168 that was most recently observed by the Config Connector controller.
169 If this is equal to metadata.generation, then that means that the
170 current reported status reflects the most recent desired state of
171 the resource.
172 type: integer
173 type: object
174 type: object
175 served: true
176 storage: true
View as plain text