Text file
src/github.com/GoogleCloudPlatform/k8s-config-connector/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com.yaml
1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: alpha
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com
13spec:
14 group: accesscontextmanager.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: AccessContextManagerAccessLevelCondition
19 plural: accesscontextmanageraccesslevelconditions
20 shortNames:
21 - gcpaccesscontextmanageraccesslevelcondition
22 - gcpaccesscontextmanageraccesslevelconditions
23 singular: accesscontextmanageraccesslevelcondition
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1alpha1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 accessLevelRef:
62 oneOf:
63 - not:
64 required:
65 - external
66 required:
67 - name
68 - not:
69 anyOf:
70 - required:
71 - name
72 - required:
73 - namespace
74 required:
75 - external
76 properties:
77 external:
78 description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel`
79 resource.'
80 type: string
81 name:
82 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
83 type: string
84 namespace:
85 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
86 type: string
87 type: object
88 devicePolicy:
89 description: |-
90 Immutable. Device specific restrictions, all restrictions must hold for
91 the Condition to be true. If not specified, all devices are
92 allowed.
93 properties:
94 allowedDeviceManagementLevels:
95 description: |-
96 Immutable. A list of allowed device management levels.
97 An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"].
98 items:
99 type: string
100 type: array
101 allowedEncryptionStatuses:
102 description: |-
103 Immutable. A list of allowed encryptions statuses.
104 An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"].
105 items:
106 type: string
107 type: array
108 osConstraints:
109 description: |-
110 Immutable. A list of allowed OS versions.
111 An empty list allows all types and all versions.
112 items:
113 properties:
114 minimumVersion:
115 description: |-
116 Immutable. The minimum allowed OS version. If not set, any version
117 of this OS satisfies the constraint.
118 Format: "major.minor.patch" such as "10.5.301", "9.2.1".
119 type: string
120 osType:
121 description: 'Immutable. The operating system type of the
122 device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC",
123 "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS",
124 "ANDROID", "IOS"].'
125 type: string
126 required:
127 - osType
128 type: object
129 type: array
130 requireAdminApproval:
131 description: Immutable. Whether the device needs to be approved
132 by the customer admin.
133 type: boolean
134 requireCorpOwned:
135 description: Immutable. Whether the device needs to be corp owned.
136 type: boolean
137 requireScreenLock:
138 description: |-
139 Immutable. Whether or not screenlock is required for the DevicePolicy
140 to be true. Defaults to false.
141 type: boolean
142 type: object
143 ipSubnetworks:
144 description: |-
145 Immutable. A list of CIDR block IP subnetwork specification. May be IPv4
146 or IPv6.
147 Note that for a CIDR IP address block, the specified IP address
148 portion must be properly truncated (i.e. all the host bits must
149 be zero) or the input is considered malformed. For example,
150 "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
151 for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
152 is not. The originating IP of a request must be in one of the
153 listed subnets in order for this Condition to be true.
154 If empty, all IP addresses are allowed.
155 items:
156 type: string
157 type: array
158 members:
159 description: |-
160 Immutable. An allowed list of members (users, service accounts).
161 Using groups is not supported yet.
162
163 The signed-in user originating the request must be a part of one
164 of the provided members. If not specified, a request may come
165 from any user (logged in/not logged in, not present in any
166 groups, etc.).
167 Formats: 'user:{emailid}', 'serviceAccount:{emailid}'.
168 items:
169 type: string
170 type: array
171 negate:
172 description: |-
173 Immutable. Whether to negate the Condition. If true, the Condition becomes
174 a NAND over its non-empty fields, each field must be false for
175 the Condition overall to be satisfied. Defaults to false.
176 type: boolean
177 regions:
178 description: |-
179 Immutable. The request must originate from one of the provided
180 countries/regions.
181 Format: A valid ISO 3166-1 alpha-2 code.
182 items:
183 type: string
184 type: array
185 requiredAccessLevels:
186 description: |-
187 Immutable. A list of other access levels defined in the same Policy,
188 referenced by resource name. Referencing an AccessLevel which
189 does not exist is an error. All access levels listed must be
190 granted for the Condition to be true.
191 Format: accessPolicies/{policy_id}/accessLevels/{short_name}.
192 items:
193 type: string
194 type: array
195 resourceID:
196 description: Immutable. Optional. The accessLevel of the resource.
197 Used for creation and acquisition. When unset, the value of `metadata.name`
198 is used as the default.
199 type: string
200 type: object
201 status:
202 properties:
203 conditions:
204 description: Conditions represent the latest available observation
205 of the resource's current state.
206 items:
207 properties:
208 lastTransitionTime:
209 description: Last time the condition transitioned from one status
210 to another.
211 type: string
212 message:
213 description: Human-readable message indicating details about
214 last transition.
215 type: string
216 reason:
217 description: Unique, one-word, CamelCase reason for the condition's
218 last transition.
219 type: string
220 status:
221 description: Status is the status of the condition. Can be True,
222 False, Unknown.
223 type: string
224 type:
225 description: Type is the type of the condition.
226 type: string
227 type: object
228 type: array
229 observedGeneration:
230 description: ObservedGeneration is the generation of the resource
231 that was most recently observed by the Config Connector controller.
232 If this is equal to metadata.generation, then that means that the
233 current reported status reflects the most recent desired state of
234 the resource.
235 type: integer
236 type: object
237 type: object
238 served: true
239 storage: true
240 subresources:
241 status: {}
242status:
243 acceptedNames:
244 kind: ""
245 plural: ""
246 conditions: []
247 storedVersions: []
View as plain text