1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: stable
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: kmscryptokeys.kms.cnrm.cloud.google.com
13spec:
14 group: kms.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: KMSCryptoKey
19 plural: kmscryptokeys
20 shortNames:
21 - gcpkmscryptokey
22 - gcpkmscryptokeys
23 singular: kmscryptokey
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 destroyScheduledDuration:
62 description: |-
63 Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
64 If not specified at creation time, the default duration is 24 hours.
65 type: string
66 importOnly:
67 description: Immutable. Whether this key may contain imported versions
68 only.
69 type: boolean
70 keyRingRef:
71 description: The KMSKeyRing that this key belongs to.
72 oneOf:
73 - not:
74 required:
75 - external
76 required:
77 - name
78 - not:
79 anyOf:
80 - required:
81 - name
82 - required:
83 - namespace
84 required:
85 - external
86 properties:
87 external:
88 description: 'Allowed value: The `selfLink` field of a `KMSKeyRing`
89 resource.'
90 type: string
91 name:
92 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
93 type: string
94 namespace:
95 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
96 type: string
97 type: object
98 purpose:
99 description: |-
100 Immutable. The immutable purpose of this CryptoKey. See the
101 [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
102 for possible inputs.
103 Default value is "ENCRYPT_DECRYPT".
104 type: string
105 resourceID:
106 description: Immutable. Optional. The name of the resource. Used for
107 creation and acquisition. When unset, the value of `metadata.name`
108 is used as the default.
109 type: string
110 rotationPeriod:
111 description: |-
112 Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
113 The first rotation will take place after the specified period. The rotation period has
114 the format of a decimal number with up to 9 fractional digits, followed by the
115 letter 's' (seconds). It must be greater than a day (ie, 86400).
116 type: string
117 skipInitialVersionCreation:
118 description: |-
119 Immutable. If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
120 You must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
121 type: boolean
122 versionTemplate:
123 description: A template describing settings for new crypto key versions.
124 properties:
125 algorithm:
126 description: |-
127 The algorithm to use when creating a version based on this template.
128 See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
129 type: string
130 protectionLevel:
131 description: Immutable. The protection level to use when creating
132 a version based on this template. Possible values include "SOFTWARE",
133 "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
134 type: string
135 required:
136 - algorithm
137 type: object
138 required:
139 - keyRingRef
140 type: object
141 status:
142 properties:
143 conditions:
144 description: Conditions represent the latest available observation
145 of the resource's current state.
146 items:
147 properties:
148 lastTransitionTime:
149 description: Last time the condition transitioned from one status
150 to another.
151 type: string
152 message:
153 description: Human-readable message indicating details about
154 last transition.
155 type: string
156 reason:
157 description: Unique, one-word, CamelCase reason for the condition's
158 last transition.
159 type: string
160 status:
161 description: Status is the status of the condition. Can be True,
162 False, Unknown.
163 type: string
164 type:
165 description: Type is the type of the condition.
166 type: string
167 type: object
168 type: array
169 observedGeneration:
170 description: ObservedGeneration is the generation of the resource
171 that was most recently observed by the Config Connector controller.
172 If this is equal to metadata.generation, then that means that the
173 current reported status reflects the most recent desired state of
174 the resource.
175 type: integer
176 selfLink:
177 description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}.
178 type: string
179 type: object
180 required:
181 - spec
182 type: object
183 served: true
184 storage: true
185 subresources:
186 status: {}
187status:
188 acceptedNames:
189 kind: ""
190 plural: ""
191 conditions: []
192 storedVersions: []
View as plain text