1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/system: "true"
10 name: iampolicymembers.iam.cnrm.cloud.google.com
11spec:
12 group: iam.cnrm.cloud.google.com
13 names:
14 categories:
15 - gcp
16 kind: IAMPolicyMember
17 plural: iampolicymembers
18 shortNames:
19 - gcpiampolicymember
20 - gcpiampolicymembers
21 singular: iampolicymember
22 preserveUnknownFields: false
23 scope: Namespaced
24 versions:
25 - additionalPrinterColumns:
26 - jsonPath: .metadata.creationTimestamp
27 name: Age
28 type: date
29 - description: When 'True' the most recent reconcile of the resource succeeded
30 jsonPath: .status.conditions[?(@.type=='Ready')].status
31 name: Ready
32 type: string
33 - description: The reason for the value in 'Ready'
34 jsonPath: .status.conditions[?(@.type=='Ready')].reason
35 name: Status
36 type: string
37 - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
38 name: Status Age
39 type: date
40 name: v1beta1
41 schema:
42 openAPIV3Schema:
43 description: IAMPolicyMember is the Schema for the iampolicies API
44 properties:
45 apiVersion:
46 description: 'APIVersion defines the versioned schema of this representation
47 of an object. Servers should convert recognized schemas to the latest
48 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
49 type: string
50 kind:
51 description: 'Kind is a string value representing the REST resource this
52 object represents. Servers may infer this from the endpoint the client
53 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
54 type: string
55 metadata:
56 type: object
57 spec:
58 description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember
59 oneOf:
60 - required:
61 - member
62 - required:
63 - memberFrom
64 properties:
65 condition:
66 description: Immutable. Optional. The condition under which the binding
67 applies.
68 properties:
69 description:
70 type: string
71 expression:
72 type: string
73 title:
74 type: string
75 required:
76 - expression
77 - title
78 type: object
79 member:
80 description: Immutable. The IAM identity to be bound to the role.
81 Exactly one of 'member' or 'memberFrom' must be used.
82 type: string
83 memberFrom:
84 description: Immutable. The IAM identity to be bound to the role.
85 Exactly one of 'member' or 'memberFrom' must be used, and only one
86 subfield within 'memberFrom' can be used.
87 oneOf:
88 - required:
89 - logSinkRef
90 - required:
91 - serviceAccountRef
92 - required:
93 - serviceIdentityRef
94 - required:
95 - sqlInstanceRef
96 properties:
97 logSinkRef:
98 description: The LoggingLogSink whose writer identity (i.e. its
99 'status.writerIdentity') is to be bound to the role.
100 properties:
101 name:
102 type: string
103 namespace:
104 type: string
105 required:
106 - name
107 type: object
108 serviceAccountRef:
109 description: The IAMServiceAccount to be bound to the role.
110 properties:
111 name:
112 type: string
113 namespace:
114 type: string
115 required:
116 - name
117 type: object
118 serviceIdentityRef:
119 description: The ServiceIdentity whose service account (i.e.,
120 its 'status.email') is to be bound to the role.
121 properties:
122 name:
123 type: string
124 namespace:
125 type: string
126 required:
127 - name
128 type: object
129 sqlInstanceRef:
130 description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress')
131 is to be bound to the role.
132 properties:
133 name:
134 type: string
135 namespace:
136 type: string
137 required:
138 - name
139 type: object
140 type: object
141 resourceRef:
142 description: Immutable. Required. The GCP resource to set the IAM
143 policy on.
144 oneOf:
145 - not:
146 required:
147 - external
148 required:
149 - name
150 - not:
151 anyOf:
152 - required:
153 - name
154 - required:
155 - namespace
156 required:
157 - external
158 - not:
159 anyOf:
160 - required:
161 - name
162 - required:
163 - namespace
164 - required:
165 - apiVersion
166 - required:
167 - external
168 properties:
169 apiVersion:
170 type: string
171 external:
172 type: string
173 kind:
174 type: string
175 name:
176 type: string
177 namespace:
178 type: string
179 required:
180 - kind
181 type: object
182 role:
183 description: Immutable. Required. The role for which the Member will
184 be bound.
185 pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$
186 type: string
187 required:
188 - resourceRef
189 - role
190 type: object
191 status:
192 description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember
193 properties:
194 conditions:
195 description: Conditions represent the latest available observations
196 of the IAM policy's current state.
197 items:
198 properties:
199 lastTransitionTime:
200 description: Last time the condition transitioned from one status
201 to another.
202 type: string
203 message:
204 description: Human-readable message indicating details about
205 last transition.
206 type: string
207 reason:
208 description: Unique, one-word, CamelCase reason for the condition's
209 last transition.
210 type: string
211 status:
212 description: Status is the status of the condition. Can be True,
213 False, Unknown.
214 type: string
215 type:
216 description: Type is the type of the condition.
217 type: string
218 type: object
219 type: array
220 observedGeneration:
221 description: ObservedGeneration is the generation of the resource
222 that was most recently observed by the Config Connector controller.
223 If this is equal to metadata.generation, then that means that the
224 current reported status reflects the most recent desired state of
225 the resource.
226 format: int64
227 type: integer
228 type: object
229 type: object
230 served: true
231 storage: true
232 subresources:
233 status: {}
234status:
235 acceptedNames:
236 kind: ""
237 plural: ""
238 conditions: []
239 storedVersions: []
View as plain text