1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/system: "true"
10 name: iampolicies.iam.cnrm.cloud.google.com
11spec:
12 group: iam.cnrm.cloud.google.com
13 names:
14 categories:
15 - gcp
16 kind: IAMPolicy
17 plural: iampolicies
18 shortNames:
19 - gcpiampolicy
20 - gcpiampolicies
21 singular: iampolicy
22 preserveUnknownFields: false
23 scope: Namespaced
24 versions:
25 - additionalPrinterColumns:
26 - jsonPath: .metadata.creationTimestamp
27 name: Age
28 type: date
29 - description: When 'True' the most recent reconcile of the resource succeeded
30 jsonPath: .status.conditions[?(@.type=='Ready')].status
31 name: Ready
32 type: string
33 - description: The reason for the value in 'Ready'
34 jsonPath: .status.conditions[?(@.type=='Ready')].reason
35 name: Status
36 type: string
37 - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
38 name: Status Age
39 type: date
40 name: v1beta1
41 schema:
42 openAPIV3Schema:
43 description: IAMPolicy is the Schema for the iampolicies API
44 properties:
45 apiVersion:
46 description: 'APIVersion defines the versioned schema of this representation
47 of an object. Servers should convert recognized schemas to the latest
48 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
49 type: string
50 kind:
51 description: 'Kind is a string value representing the REST resource this
52 object represents. Servers may infer this from the endpoint the client
53 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
54 type: string
55 metadata:
56 type: object
57 spec:
58 description: IAMPolicySpec defines the desired state of IAMPolicy
59 properties:
60 auditConfigs:
61 description: Optional. The list of IAM audit configs.
62 items:
63 description: Specifies the Cloud Audit Logs configuration for the
64 IAM policy.
65 properties:
66 auditLogConfigs:
67 description: Required. The configuration for logging of each
68 type of permission.
69 items:
70 properties:
71 exemptedMembers:
72 description: Identities that do not cause logging for
73 this type of permission. The format is the same as that
74 for 'members' in IAMPolicy/IAMPolicyMember.
75 items:
76 type: string
77 type: array
78 logType:
79 description: Permission type for which logging is to be
80 configured. Must be one of 'DATA_READ', 'DATA_WRITE',
81 or 'ADMIN_READ'.
82 pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$
83 type: string
84 required:
85 - logType
86 type: object
87 type: array
88 service:
89 description: 'Required. The service for which to enable Data
90 Access audit logs. The special value ''allServices'' covers
91 all services. Note that if there are audit configs covering
92 both ''allServices'' and a specific service, then the union
93 of the two audit configs is used for that service: the ''logTypes''
94 specified in each ''auditLogConfig'' are enabled, and the
95 ''exemptedMembers'' in each ''auditLogConfg'' are exempted.'
96 type: string
97 required:
98 - auditLogConfigs
99 - service
100 type: object
101 type: array
102 bindings:
103 description: Optional. The list of IAM bindings.
104 items:
105 description: Specifies the members to bind to an IAM role.
106 properties:
107 condition:
108 description: Optional. The condition under which the binding
109 applies.
110 properties:
111 description:
112 type: string
113 expression:
114 type: string
115 title:
116 type: string
117 required:
118 - expression
119 - title
120 type: object
121 members:
122 description: Optional. The list of IAM users to be bound to
123 the role.
124 items:
125 type: string
126 type: array
127 role:
128 description: Required. The role to bind the users to.
129 pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$
130 type: string
131 required:
132 - role
133 type: object
134 type: array
135 resourceRef:
136 description: Immutable. Required. The GCP resource to set the IAM
137 policy on.
138 oneOf:
139 - not:
140 required:
141 - external
142 required:
143 - name
144 - not:
145 anyOf:
146 - required:
147 - name
148 - required:
149 - namespace
150 required:
151 - external
152 - not:
153 anyOf:
154 - required:
155 - name
156 - required:
157 - namespace
158 - required:
159 - apiVersion
160 - required:
161 - external
162 properties:
163 apiVersion:
164 type: string
165 external:
166 type: string
167 kind:
168 type: string
169 name:
170 type: string
171 namespace:
172 type: string
173 required:
174 - kind
175 type: object
176 required:
177 - resourceRef
178 type: object
179 status:
180 description: IAMPolicyStatus defines the observed state of IAMPolicy
181 properties:
182 conditions:
183 description: Conditions represent the latest available observations
184 of the IAM policy's current state.
185 items:
186 properties:
187 lastTransitionTime:
188 description: Last time the condition transitioned from one status
189 to another.
190 type: string
191 message:
192 description: Human-readable message indicating details about
193 last transition.
194 type: string
195 reason:
196 description: Unique, one-word, CamelCase reason for the condition's
197 last transition.
198 type: string
199 status:
200 description: Status is the status of the condition. Can be True,
201 False, Unknown.
202 type: string
203 type:
204 description: Type is the type of the condition.
205 type: string
206 type: object
207 type: array
208 observedGeneration:
209 description: ObservedGeneration is the generation of the resource
210 that was most recently observed by the Config Connector controller.
211 If this is equal to metadata.generation, then that means that the
212 current reported status reflects the most recent desired state of
213 the resource.
214 format: int64
215 type: integer
216 type: object
217 type: object
218 served: true
219 storage: true
220 subresources:
221 status: {}
222status:
223 acceptedNames:
224 kind: ""
225 plural: ""
226 conditions: []
227 storedVersions: []
View as plain text