1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 annotations:
6 controller-gen.kubebuilder.io/version: (unknown)
7 name: iampolicymembers.iam.cnrm.cloud.google.com
8spec:
9 group: iam.cnrm.cloud.google.com
10 names:
11 kind: IAMPolicyMember
12 listKind: IAMPolicyMemberList
13 plural: iampolicymembers
14 singular: iampolicymember
15 scope: Namespaced
16 versions:
17 - name: v1beta1
18 schema:
19 openAPIV3Schema:
20 description: IAMPolicyMember is the Schema for the iam API
21 properties:
22 apiVersion:
23 description: |-
24 APIVersion defines the versioned schema of this representation of an object.
25 Servers should convert recognized schemas to the latest internal value, and
26 may reject unrecognized values.
27 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
28 type: string
29 kind:
30 description: |-
31 Kind is a string value representing the REST resource this object represents.
32 Servers may infer this from the endpoint the client submits requests to.
33 Cannot be updated.
34 In CamelCase.
35 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
36 type: string
37 metadata:
38 type: object
39 spec:
40 properties:
41 condition:
42 description: Immutable. Optional. The condition under which the binding
43 applies.
44 properties:
45 description:
46 type: string
47 expression:
48 type: string
49 title:
50 type: string
51 required:
52 - expression
53 - title
54 type: object
55 member:
56 description: Immutable. The IAM identity to be bound to the role.
57 Exactly one of 'member' or 'memberFrom' must be used.
58 type: string
59 memberFrom:
60 description: Immutable. The IAM identity to be bound to the role.
61 Exactly one of 'member' or 'memberFrom' must be used, and only one
62 subfield within 'memberFrom' can be used.
63 properties:
64 logSinkRef:
65 description: The LoggingLogSink whose writer identity (i.e. its
66 'status.writerIdentity') is to be bound to the role.
67 properties:
68 apiVersion:
69 description: APIVersion of the referenced resource
70 type: string
71 external:
72 description: The external name of the referenced resource
73 type: string
74 kind:
75 description: Kind of the referenced resource
76 type: string
77 name:
78 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
79 type: string
80 namespace:
81 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
82 type: string
83 required:
84 - kind
85 type: object
86 serviceAccountRef:
87 description: The IAMServiceAccount to be bound to the role.
88 properties:
89 apiVersion:
90 description: APIVersion of the referenced resource
91 type: string
92 external:
93 description: The external name of the referenced resource
94 type: string
95 kind:
96 description: Kind of the referenced resource
97 type: string
98 name:
99 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
100 type: string
101 namespace:
102 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
103 type: string
104 required:
105 - kind
106 type: object
107 serviceIdentityRef:
108 description: The ServiceIdentity whose service account (i.e.,
109 its 'status.email') is to be bound to the role.
110 properties:
111 apiVersion:
112 description: APIVersion of the referenced resource
113 type: string
114 external:
115 description: The external name of the referenced resource
116 type: string
117 kind:
118 description: Kind of the referenced resource
119 type: string
120 name:
121 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
122 type: string
123 namespace:
124 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
125 type: string
126 required:
127 - kind
128 type: object
129 sqlInstanceRef:
130 description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress')
131 is to be bound to the role.
132 properties:
133 apiVersion:
134 description: APIVersion of the referenced resource
135 type: string
136 external:
137 description: The external name of the referenced resource
138 type: string
139 kind:
140 description: Kind of the referenced resource
141 type: string
142 name:
143 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
144 type: string
145 namespace:
146 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
147 type: string
148 required:
149 - kind
150 type: object
151 type: object
152 resourceRef:
153 description: Immutable. Required. The GCP resource to set the IAM
154 policy on.
155 properties:
156 apiVersion:
157 description: APIVersion of the referenced resource
158 type: string
159 external:
160 description: The external name of the referenced resource
161 type: string
162 kind:
163 description: Kind of the referenced resource
164 type: string
165 name:
166 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
167 type: string
168 namespace:
169 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
170 type: string
171 required:
172 - kind
173 type: object
174 role:
175 description: Immutable. Required. The role for which the Member will
176 be bound.
177 type: string
178 required:
179 - resourceRef
180 - role
181 type: object
182 status:
183 properties:
184 conditions:
185 description: |-
186 Conditions represent the latest available observations of the
187 IAMPolicyMember's current state.
188 items:
189 properties:
190 lastTransitionTime:
191 description: Last time the condition transitioned from one status
192 to another.
193 type: string
194 message:
195 description: Human-readable message indicating details about
196 last transition.
197 type: string
198 reason:
199 description: |-
200 Unique, one-word, CamelCase reason for the condition's last
201 transition.
202 type: string
203 status:
204 description: Status is the status of the condition. Can be True,
205 False, Unknown.
206 type: string
207 type:
208 description: Type is the type of the condition.
209 type: string
210 type: object
211 type: array
212 observedGeneration:
213 description: ObservedGeneration is the generation of the resource
214 that was most recently observed by the Config Connector controller.
215 If this is equal to metadata.generation, then that means that the
216 current reported status reflects the most recent desired state of
217 the resource.
218 type: integer
219 type: object
220 type: object
221 served: true
222 storage: true
View as plain text