1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/dcl2crd: "true"
9 cnrm.cloud.google.com/managed-by-kcc: "true"
10 cnrm.cloud.google.com/stability-level: stable
11 cnrm.cloud.google.com/system: "true"
12 name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com
13spec:
14 group: cloudidentity.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: CloudIdentityMembership
19 plural: cloudidentitymemberships
20 shortNames:
21 - gcpcloudidentitymembership
22 - gcpcloudidentitymemberships
23 singular: cloudidentitymembership
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 groupRef:
62 description: Immutable.
63 oneOf:
64 - not:
65 required:
66 - external
67 required:
68 - name
69 - not:
70 anyOf:
71 - required:
72 - name
73 - required:
74 - namespace
75 required:
76 - external
77 properties:
78 external:
79 description: |-
80 The group for the resource
81
82 Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`).
83 type: string
84 name:
85 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
86 type: string
87 namespace:
88 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
89 type: string
90 type: object
91 memberKey:
92 description: Immutable. The `EntityKey` of the member. Either `member_key`
93 or `preferred_member_key` must be set when calling MembershipsService.CreateMembership
94 but not both; both shall be set when returned.
95 properties:
96 id:
97 description: The ID of the entity. For Google-managed entities,
98 the `id` must be the email address of an existing group or user.
99 For external-identity-mapped entities, the `id` must be a string
100 conforming to the Identity Source's requirements. Must be unique
101 within a `namespace`.
102 type: string
103 namespace:
104 description: The namespace in which the entity exists. If not
105 specified, the `EntityKey` represents a Google-managed entity
106 such as a Google user or a Google Group. If specified, the `EntityKey`
107 represents an external-identity-mapped group. The namespace
108 must correspond to an identity source created in Admin Console
109 and must be in the form of `identitysources/{identity_source_id}`.
110 type: string
111 type: object
112 preferredMemberKey:
113 description: Immutable. Required. Immutable. The `EntityKey` of the
114 member.
115 properties:
116 id:
117 description: Immutable. The ID of the entity. For Google-managed
118 entities, the `id` must be the email address of a group or user.
119 For external-identity-mapped entities, the `id` must be a string
120 conforming to the Identity Source's requirements. Must be unique
121 within a `namespace`.
122 type: string
123 namespace:
124 description: Immutable. The namespace in which the entity exists.
125 If not specified, the `EntityKey` represents a Google-managed
126 entity such as a Google user or a Google Group. If specified,
127 the `EntityKey` represents an external-identity-mapped group.
128 The namespace must correspond to an identity source created
129 in Admin Console and must be in the form of `identitysources/{identity_source_id}`.
130 type: string
131 required:
132 - id
133 type: object
134 resourceID:
135 description: Immutable. Optional. The service-generated name of the
136 resource. Used for acquisition only. Leave unset to create a new
137 resource.
138 type: string
139 roles:
140 description: The `MembershipRole`s that apply to the `Membership`.
141 If unspecified, defaults to a single `MembershipRole` with `name`
142 `MEMBER`. Must not contain duplicate `MembershipRole`s with the
143 same `name`.
144 items:
145 properties:
146 expiryDetail:
147 description: The expiry details of the `MembershipRole`. Expiry
148 details are only supported for `MEMBER` `MembershipRoles`.
149 May be set if `name` is `MEMBER`. Must not be set if `name`
150 is any other value.
151 properties:
152 expireTime:
153 description: The time at which the `MembershipRole` will
154 expire.
155 format: date-time
156 type: string
157 type: object
158 name:
159 type: string
160 restrictionEvaluations:
161 description: Evaluations of restrictions applied to parent group
162 on this membership.
163 properties:
164 memberRestrictionEvaluation:
165 description: Evaluation of the member restriction applied
166 to this membership. Empty if the user lacks permission
167 to view the restriction evaluation.
168 properties:
169 state:
170 description: 'Output only. The current state of the
171 restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED,
172 UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED'
173 type: string
174 type: object
175 type: object
176 required:
177 - name
178 type: object
179 type: array
180 required:
181 - groupRef
182 - preferredMemberKey
183 - roles
184 type: object
185 status:
186 properties:
187 conditions:
188 description: Conditions represent the latest available observation
189 of the resource's current state.
190 items:
191 properties:
192 lastTransitionTime:
193 description: Last time the condition transitioned from one status
194 to another.
195 type: string
196 message:
197 description: Human-readable message indicating details about
198 last transition.
199 type: string
200 reason:
201 description: Unique, one-word, CamelCase reason for the condition's
202 last transition.
203 type: string
204 status:
205 description: Status is the status of the condition. Can be True,
206 False, Unknown.
207 type: string
208 type:
209 description: Type is the type of the condition.
210 type: string
211 type: object
212 type: array
213 createTime:
214 description: Output only. The time when the `Membership` was created.
215 format: date-time
216 type: string
217 deliverySetting:
218 description: 'Output only. Delivery setting associated with the membership.
219 Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST,
220 DAILY, NONE, DISABLED'
221 type: string
222 displayName:
223 description: Output only. The display name of this member, if available
224 properties:
225 familyName:
226 description: Output only. Member's family name
227 type: string
228 fullName:
229 description: Output only. Localized UTF-16 full name for the member.
230 Localization is done based on the language in the request and
231 the language of the stored display name.
232 type: string
233 givenName:
234 description: Output only. Member's given name
235 type: string
236 type: object
237 observedGeneration:
238 description: ObservedGeneration is the generation of the resource
239 that was most recently observed by the Config Connector controller.
240 If this is equal to metadata.generation, then that means that the
241 current reported status reflects the most recent desired state of
242 the resource.
243 type: integer
244 type:
245 description: 'Output only. The type of the membership. Possible values:
246 OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER'
247 type: string
248 updateTime:
249 description: Output only. The time when the `Membership` was last
250 updated.
251 format: date-time
252 type: string
253 type: object
254 required:
255 - spec
256 type: object
257 served: true
258 storage: true
259 subresources:
260 status: {}
261status:
262 acceptedNames:
263 kind: ""
264 plural: ""
265 conditions: []
266 storedVersions: []
View as plain text