1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: alpha
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: kmskeyringimportjobs.kms.cnrm.cloud.google.com
13spec:
14 group: kms.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: KMSKeyRingImportJob
19 plural: kmskeyringimportjobs
20 shortNames:
21 - gcpkmskeyringimportjob
22 - gcpkmskeyringimportjobs
23 singular: kmskeyringimportjob
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1alpha1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 importJobId:
62 description: Immutable. It must be unique within a KeyRing and match
63 the regular expression [a-zA-Z0-9_-]{1,63}.
64 type: string
65 importMethod:
66 description: 'Immutable. The wrapping method to be used for incoming
67 key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].'
68 type: string
69 keyRing:
70 description: |-
71 Immutable. The KeyRing that this import job belongs to.
72 Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.
73 type: string
74 protectionLevel:
75 description: |-
76 Immutable. The protection level of the ImportJob. This must match the protectionLevel of the
77 versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"].
78 type: string
79 resourceID:
80 description: Immutable. Optional. The service-generated name of the
81 resource. Used for acquisition only. Leave unset to create a new
82 resource.
83 type: string
84 required:
85 - importJobId
86 - importMethod
87 - keyRing
88 - protectionLevel
89 type: object
90 status:
91 properties:
92 attestation:
93 description: |-
94 Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.
95 Use this statement to verify attributes of the key as stored on the HSM, independently of Google.
96 Only present if the chosen ImportMethod is one with a protection level of HSM.
97 items:
98 properties:
99 content:
100 description: |-
101 The attestation data provided by the HSM when the key operation was performed.
102 A base64-encoded string.
103 type: string
104 format:
105 description: The format of the attestation data.
106 type: string
107 type: object
108 type: array
109 conditions:
110 description: Conditions represent the latest available observation
111 of the resource's current state.
112 items:
113 properties:
114 lastTransitionTime:
115 description: Last time the condition transitioned from one status
116 to another.
117 type: string
118 message:
119 description: Human-readable message indicating details about
120 last transition.
121 type: string
122 reason:
123 description: Unique, one-word, CamelCase reason for the condition's
124 last transition.
125 type: string
126 status:
127 description: Status is the status of the condition. Can be True,
128 False, Unknown.
129 type: string
130 type:
131 description: Type is the type of the condition.
132 type: string
133 type: object
134 type: array
135 expireTime:
136 description: |-
137 The time at which this resource is scheduled for expiration and can no longer be used.
138 This is in RFC3339 text format.
139 type: string
140 name:
141 description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.
142 type: string
143 observedGeneration:
144 description: ObservedGeneration is the generation of the resource
145 that was most recently observed by the Config Connector controller.
146 If this is equal to metadata.generation, then that means that the
147 current reported status reflects the most recent desired state of
148 the resource.
149 type: integer
150 publicKey:
151 description: The public key with which to wrap key material prior
152 to import. Only returned if state is 'ACTIVE'.
153 items:
154 properties:
155 pem:
156 description: |-
157 The public key, encoded in PEM format. For more information, see the RFC 7468 sections
158 for General Considerations and Textual Encoding of Subject Public Key Info.
159 type: string
160 type: object
161 type: array
162 state:
163 description: The current state of the ImportJob, indicating if it
164 can be used.
165 type: string
166 type: object
167 required:
168 - spec
169 type: object
170 served: true
171 storage: true
172 subresources:
173 status: {}
174status:
175 acceptedNames:
176 kind: ""
177 plural: ""
178 conditions: []
179 storedVersions: []
View as plain text