1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/system: "true"
10 name: iampartialpolicies.iam.cnrm.cloud.google.com
11spec:
12 group: iam.cnrm.cloud.google.com
13 names:
14 categories:
15 - gcp
16 kind: IAMPartialPolicy
17 plural: iampartialpolicies
18 shortNames:
19 - gcpiampartialpolicy
20 - gcpiampartialpolicies
21 singular: iampartialpolicy
22 preserveUnknownFields: false
23 scope: Namespaced
24 versions:
25 - additionalPrinterColumns:
26 - jsonPath: .metadata.creationTimestamp
27 name: Age
28 type: date
29 - description: When 'True' the most recent reconcile of the resource succeeded
30 jsonPath: .status.conditions[?(@.type=='Ready')].status
31 name: Ready
32 type: string
33 - description: The reason for the value in 'Ready'
34 jsonPath: .status.conditions[?(@.type=='Ready')].reason
35 name: Status
36 type: string
37 - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
38 name: Status Age
39 type: date
40 name: v1beta1
41 schema:
42 openAPIV3Schema:
43 description: IAMPartialPolicy is the Schema for the iampartialpolicy API
44 properties:
45 apiVersion:
46 description: 'APIVersion defines the versioned schema of this representation
47 of an object. Servers should convert recognized schemas to the latest
48 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
49 type: string
50 kind:
51 description: 'Kind is a string value representing the REST resource this
52 object represents. Servers may infer this from the endpoint the client
53 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
54 type: string
55 metadata:
56 type: object
57 spec:
58 description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy
59 properties:
60 bindings:
61 description: Optional. The list of IAM bindings managed by Config
62 Connector.
63 items:
64 description: Specifies the members to bind to an IAM role.
65 properties:
66 condition:
67 description: Optional. The condition under which the binding
68 applies.
69 properties:
70 description:
71 type: string
72 expression:
73 type: string
74 title:
75 type: string
76 required:
77 - expression
78 - title
79 type: object
80 members:
81 description: Optional. The list of IAM users to be bound to
82 the role.
83 items:
84 oneOf:
85 - required:
86 - member
87 - required:
88 - memberFrom
89 properties:
90 member:
91 description: The IAM identity to be bound to the role.
92 Exactly one of 'member' or 'memberFrom' must be used.
93 type: string
94 memberFrom:
95 description: The IAM identity to be bound to the role.
96 Exactly one of 'member' or 'memberFrom' must be used,
97 and only one subfield within 'memberFrom' can be used.
98 oneOf:
99 - required:
100 - logSinkRef
101 - required:
102 - serviceAccountRef
103 - required:
104 - serviceIdentityRef
105 - required:
106 - sqlInstanceRef
107 properties:
108 logSinkRef:
109 description: The LoggingLogSink whose writer identity
110 (i.e. its 'status.writerIdentity') is to be bound
111 to the role.
112 properties:
113 name:
114 type: string
115 namespace:
116 type: string
117 required:
118 - name
119 type: object
120 serviceAccountRef:
121 description: The IAMServiceAccount to be bound to
122 the role.
123 properties:
124 name:
125 type: string
126 namespace:
127 type: string
128 required:
129 - name
130 type: object
131 serviceIdentityRef:
132 description: The ServiceIdentity whose service account
133 (i.e., its 'status.email') is to be bound to the
134 role.
135 properties:
136 name:
137 type: string
138 namespace:
139 type: string
140 required:
141 - name
142 type: object
143 sqlInstanceRef:
144 description: The SQLInstance whose service account
145 (i.e. its 'status.serviceAccountEmailAddress') is
146 to be bound to the role.
147 properties:
148 name:
149 type: string
150 namespace:
151 type: string
152 required:
153 - name
154 type: object
155 type: object
156 type: object
157 type: array
158 role:
159 description: Required. The role to bind the users to.
160 pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$
161 type: string
162 required:
163 - role
164 type: object
165 type: array
166 resourceRef:
167 description: Immutable. Required. The GCP resource to set the IAM
168 policy on.
169 oneOf:
170 - not:
171 required:
172 - external
173 required:
174 - name
175 - not:
176 anyOf:
177 - required:
178 - name
179 - required:
180 - namespace
181 required:
182 - external
183 - not:
184 anyOf:
185 - required:
186 - name
187 - required:
188 - namespace
189 - required:
190 - apiVersion
191 - required:
192 - external
193 properties:
194 apiVersion:
195 type: string
196 external:
197 type: string
198 kind:
199 type: string
200 name:
201 type: string
202 namespace:
203 type: string
204 required:
205 - kind
206 type: object
207 required:
208 - resourceRef
209 type: object
210 status:
211 description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy
212 properties:
213 allBindings:
214 description: AllBindings surfaces all IAM bindings for the referenced
215 resource.
216 items:
217 description: Specifies the members to bind to an IAM role.
218 properties:
219 condition:
220 description: Optional. The condition under which the binding
221 applies.
222 properties:
223 description:
224 type: string
225 expression:
226 type: string
227 title:
228 type: string
229 required:
230 - expression
231 - title
232 type: object
233 members:
234 description: Optional. The list of IAM users to be bound to
235 the role.
236 items:
237 type: string
238 type: array
239 role:
240 description: Required. The role to bind the users to.
241 type: string
242 required:
243 - role
244 type: object
245 type: array
246 conditions:
247 description: Conditions represent the latest available observations
248 of the IAM policy's current state.
249 items:
250 properties:
251 lastTransitionTime:
252 description: Last time the condition transitioned from one status
253 to another.
254 type: string
255 message:
256 description: Human-readable message indicating details about
257 last transition.
258 type: string
259 reason:
260 description: Unique, one-word, CamelCase reason for the condition's
261 last transition.
262 type: string
263 status:
264 description: Status is the status of the condition. Can be True,
265 False, Unknown.
266 type: string
267 type:
268 description: Type is the type of the condition.
269 type: string
270 type: object
271 type: array
272 lastAppliedBindings:
273 description: LastAppliedBindings is the list of IAM bindings that
274 were most recently applied by Config Connector.
275 items:
276 description: Specifies the members to bind to an IAM role.
277 properties:
278 condition:
279 description: Optional. The condition under which the binding
280 applies.
281 properties:
282 description:
283 type: string
284 expression:
285 type: string
286 title:
287 type: string
288 required:
289 - expression
290 - title
291 type: object
292 members:
293 description: Optional. The list of IAM users to be bound to
294 the role.
295 items:
296 type: string
297 type: array
298 role:
299 description: Required. The role to bind the users to.
300 type: string
301 required:
302 - role
303 type: object
304 type: array
305 observedGeneration:
306 description: ObservedGeneration is the generation of the resource
307 that was most recently observed by the Config Connector controller.
308 If this is equal to metadata.generation, then that means that the
309 current reported status reflects the most recent desired state of
310 the resource.
311 format: int64
312 type: integer
313 type: object
314 type: object
315 served: true
316 storage: true
317 subresources:
318 status: {}
319status:
320 acceptedNames:
321 kind: ""
322 plural: ""
323 conditions: []
324 storedVersions: []
View as plain text