1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/system: "true"
10 name: iamauditconfigs.iam.cnrm.cloud.google.com
11spec:
12 group: iam.cnrm.cloud.google.com
13 names:
14 categories:
15 - gcp
16 kind: IAMAuditConfig
17 plural: iamauditconfigs
18 shortNames:
19 - gcpiamauditconfig
20 - gcpiamauditconfigs
21 singular: iamauditconfig
22 preserveUnknownFields: false
23 scope: Namespaced
24 versions:
25 - additionalPrinterColumns:
26 - jsonPath: .metadata.creationTimestamp
27 name: Age
28 type: date
29 - description: When 'True' the most recent reconcile of the resource succeeded
30 jsonPath: .status.conditions[?(@.type=='Ready')].status
31 name: Ready
32 type: string
33 - description: The reason for the value in 'Ready'
34 jsonPath: .status.conditions[?(@.type=='Ready')].reason
35 name: Status
36 type: string
37 - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
38 name: Status Age
39 type: date
40 name: v1beta1
41 schema:
42 openAPIV3Schema:
43 description: IAMAuditConfig is the schema for the IAM audit logging API.
44 properties:
45 apiVersion:
46 description: 'APIVersion defines the versioned schema of this representation
47 of an object. Servers should convert recognized schemas to the latest
48 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
49 type: string
50 kind:
51 description: 'Kind is a string value representing the REST resource this
52 object represents. Servers may infer this from the endpoint the client
53 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
54 type: string
55 metadata:
56 type: object
57 spec:
58 description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig.
59 properties:
60 auditLogConfigs:
61 description: Required. The configuration for logging of each type
62 of permission.
63 items:
64 properties:
65 exemptedMembers:
66 description: Identities that do not cause logging for this type
67 of permission. The format is the same as that for 'members'
68 in IAMPolicy/IAMPolicyMember.
69 items:
70 type: string
71 type: array
72 logType:
73 description: Permission type for which logging is to be configured.
74 Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'.
75 pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$
76 type: string
77 required:
78 - logType
79 type: object
80 type: array
81 resourceRef:
82 description: Immutable. Required. The GCP resource to set the IAMAuditConfig
83 on (e.g. project).
84 properties:
85 apiVersion:
86 type: string
87 external:
88 type: string
89 kind:
90 type: string
91 name:
92 type: string
93 namespace:
94 type: string
95 required:
96 - kind
97 type: object
98 service:
99 description: 'Immutable. Required. The service for which to enable
100 Data Access audit logs. The special value ''allServices'' covers
101 all services. Note that if there are audit configs covering both
102 ''allServices'' and a specific service, then the union of the two
103 audit configs is used for that service: the ''logTypes'' specified
104 in each ''auditLogConfig'' are enabled, and the ''exemptedMembers''
105 in each ''auditLogConfg'' are exempted.'
106 type: string
107 required:
108 - auditLogConfigs
109 - resourceRef
110 - service
111 type: object
112 status:
113 description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig.
114 properties:
115 conditions:
116 description: Conditions represent the latest available observations
117 of the IAMAuditConfig's current state.
118 items:
119 properties:
120 lastTransitionTime:
121 description: Last time the condition transitioned from one status
122 to another.
123 type: string
124 message:
125 description: Human-readable message indicating details about
126 last transition.
127 type: string
128 reason:
129 description: Unique, one-word, CamelCase reason for the condition's
130 last transition.
131 type: string
132 status:
133 description: Status is the status of the condition. Can be True,
134 False, Unknown.
135 type: string
136 type:
137 description: Type is the type of the condition.
138 type: string
139 type: object
140 type: array
141 observedGeneration:
142 description: ObservedGeneration is the generation of the resource
143 that was most recently observed by the Config Connector controller.
144 If this is equal to metadata.generation, then that means that the
145 current reported status reflects the most recent desired state of
146 the resource.
147 format: int64
148 type: integer
149 type: object
150 type: object
151 served: true
152 storage: true
153 subresources:
154 status: {}
155status:
156 acceptedNames:
157 kind: ""
158 plural: ""
159 conditions: []
160 storedVersions: []
View as plain text