1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: alpha
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com
13spec:
14 group: containeranalysis.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: ContainerAnalysisOccurrence
19 plural: containeranalysisoccurrences
20 shortNames:
21 - gcpcontaineranalysisoccurrence
22 - gcpcontaineranalysisoccurrences
23 singular: containeranalysisoccurrence
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1alpha1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 attestation:
62 description: |-
63 Occurrence that represents a single "attestation". The authenticity
64 of an attestation can be verified using the attached signature.
65 If the verifier trusts the public key of the signer, then verifying
66 the signature is sufficient to establish trust. In this circumstance,
67 the authority to which this attestation is attached is primarily
68 useful for lookup (how to find this attestation if you already
69 know the authority and artifact to be verified) and intent (for
70 which authority this attestation was intended to sign.
71 properties:
72 serializedPayload:
73 description: |-
74 The serialized payload that is verified by one or
75 more signatures. A base64-encoded string.
76 type: string
77 signatures:
78 description: |-
79 One or more signatures over serializedPayload.
80 Verifier implementations should consider this attestation
81 message verified if at least one signature verifies
82 serializedPayload. See Signature in common.proto for more
83 details on signature structure and verification.
84 items:
85 properties:
86 publicKeyId:
87 description: |-
88 The identifier for the public key that verifies this
89 signature. MUST be an RFC3986 conformant
90 URI. * When possible, the key id should be an
91 immutable reference, such as a cryptographic digest.
92 Examples of valid values:
93
94 * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr
95 for more details on this scheme.
96 * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA'
97 * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
98 * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU".
99 type: string
100 signature:
101 description: |-
102 The content of the signature, an opaque bytestring.
103 The payload that this signature verifies MUST be
104 unambiguously provided with the Signature during
105 verification. A wrapper message might provide the
106 payload explicitly. Alternatively, a message might
107 have a canonical serialization that can always be
108 unambiguously computed to derive the payload.
109 type: string
110 required:
111 - publicKeyId
112 type: object
113 type: array
114 required:
115 - serializedPayload
116 - signatures
117 type: object
118 noteName:
119 description: |-
120 Immutable. The analysis note associated with this occurrence, in the form of
121 projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a
122 filter in list requests.
123 type: string
124 projectRef:
125 description: The project that this resource belongs to.
126 oneOf:
127 - not:
128 required:
129 - external
130 required:
131 - name
132 - not:
133 anyOf:
134 - required:
135 - name
136 - required:
137 - namespace
138 required:
139 - external
140 properties:
141 external:
142 description: 'Allowed value: The `name` field of a `Project` resource.'
143 type: string
144 name:
145 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
146 type: string
147 namespace:
148 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
149 type: string
150 type: object
151 remediation:
152 description: A description of actions that can be taken to remedy
153 the note.
154 type: string
155 resourceID:
156 description: Immutable. Optional. The service-generated name of the
157 resource. Used for acquisition only. Leave unset to create a new
158 resource.
159 type: string
160 resourceUri:
161 description: |-
162 Immutable. Required. Immutable. A URI that represents the resource for which
163 the occurrence applies. For example,
164 https://gcr.io/project/image@sha256:123abc for a Docker image.
165 type: string
166 required:
167 - attestation
168 - noteName
169 - projectRef
170 - resourceUri
171 type: object
172 status:
173 properties:
174 conditions:
175 description: Conditions represent the latest available observation
176 of the resource's current state.
177 items:
178 properties:
179 lastTransitionTime:
180 description: Last time the condition transitioned from one status
181 to another.
182 type: string
183 message:
184 description: Human-readable message indicating details about
185 last transition.
186 type: string
187 reason:
188 description: Unique, one-word, CamelCase reason for the condition's
189 last transition.
190 type: string
191 status:
192 description: Status is the status of the condition. Can be True,
193 False, Unknown.
194 type: string
195 type:
196 description: Type is the type of the condition.
197 type: string
198 type: object
199 type: array
200 createTime:
201 description: The time when the repository was created.
202 type: string
203 kind:
204 description: |-
205 The note kind which explicitly denotes which of the occurrence
206 details are specified. This field can be used as a filter in list
207 requests.
208 type: string
209 name:
210 description: The name of the occurrence.
211 type: string
212 observedGeneration:
213 description: ObservedGeneration is the generation of the resource
214 that was most recently observed by the Config Connector controller.
215 If this is equal to metadata.generation, then that means that the
216 current reported status reflects the most recent desired state of
217 the resource.
218 type: integer
219 updateTime:
220 description: The time when the repository was last updated.
221 type: string
222 type: object
223 required:
224 - spec
225 type: object
226 served: true
227 storage: true
228 subresources:
229 status: {}
230status:
231 acceptedNames:
232 kind: ""
233 plural: ""
234 conditions: []
235 storedVersions: []
View as plain text