1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: alpha
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: kmscryptokeyversions.kms.cnrm.cloud.google.com
13spec:
14 group: kms.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: KMSCryptoKeyVersion
19 plural: kmscryptokeyversions
20 shortNames:
21 - gcpkmscryptokeyversion
22 - gcpkmscryptokeyversions
23 singular: kmscryptokeyversion
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1alpha1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 cryptoKey:
62 description: |-
63 Immutable. The name of the cryptoKey associated with the CryptoKeyVersions.
64 Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''.
65 type: string
66 resourceID:
67 description: Immutable. Optional. The service-generated name of the
68 resource. Used for acquisition only. Leave unset to create a new
69 resource.
70 type: string
71 state:
72 description: 'The current state of the CryptoKeyVersion. Possible
73 values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED",
74 "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].'
75 type: string
76 required:
77 - cryptoKey
78 type: object
79 status:
80 properties:
81 algorithm:
82 description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion
83 supports.
84 type: string
85 attestation:
86 description: |-
87 Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.
88 Only provided for key versions with protectionLevel HSM.
89 items:
90 properties:
91 certChains:
92 description: The certificate chains needed to validate the attestation.
93 properties:
94 caviumCerts:
95 description: Cavium certificate chain corresponding to the
96 attestation.
97 type: string
98 googleCardCerts:
99 description: Google card certificate chain corresponding
100 to the attestation.
101 type: string
102 googlePartitionCerts:
103 description: Google partition certificate chain corresponding
104 to the attestation.
105 type: string
106 type: object
107 content:
108 description: The attestation data provided by the HSM when the
109 key operation was performed.
110 type: string
111 externalProtectionLevelOptions:
112 description: ExternalProtectionLevelOptions stores a group of
113 additional fields for configuring a CryptoKeyVersion that
114 are specific to the EXTERNAL protection level and EXTERNAL_VPC
115 protection levels.
116 properties:
117 ekmConnectionKeyPath:
118 description: The path to the external key material on the
119 EKM when using EkmConnection e.g., "v0/my/key". Set this
120 field instead of externalKeyUri when using an EkmConnection.
121 type: string
122 externalKeyUri:
123 description: The URI for an external resource that this
124 CryptoKeyVersion represents.
125 type: string
126 type: object
127 format:
128 description: The format of the attestation data.
129 type: string
130 type: object
131 type: array
132 conditions:
133 description: Conditions represent the latest available observation
134 of the resource's current state.
135 items:
136 properties:
137 lastTransitionTime:
138 description: Last time the condition transitioned from one status
139 to another.
140 type: string
141 message:
142 description: Human-readable message indicating details about
143 last transition.
144 type: string
145 reason:
146 description: Unique, one-word, CamelCase reason for the condition's
147 last transition.
148 type: string
149 status:
150 description: Status is the status of the condition. Can be True,
151 False, Unknown.
152 type: string
153 type:
154 description: Type is the type of the condition.
155 type: string
156 type: object
157 type: array
158 generateTime:
159 description: The time this CryptoKeyVersion key material was generated.
160 type: string
161 name:
162 description: The resource name for this CryptoKeyVersion.
163 type: string
164 observedGeneration:
165 description: ObservedGeneration is the generation of the resource
166 that was most recently observed by the Config Connector controller.
167 If this is equal to metadata.generation, then that means that the
168 current reported status reflects the most recent desired state of
169 the resource.
170 type: integer
171 protectionLevel:
172 description: The ProtectionLevel describing how crypto operations
173 are performed with this CryptoKeyVersion.
174 type: string
175 type: object
176 required:
177 - spec
178 type: object
179 served: true
180 storage: true
181 subresources:
182 status: {}
183status:
184 acceptedNames:
185 kind: ""
186 plural: ""
187 conditions: []
188 storedVersions: []
View as plain text