1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: stable
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com
13spec:
14 group: secretmanager.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: SecretManagerSecret
19 plural: secretmanagersecrets
20 shortNames:
21 - gcpsecretmanagersecret
22 - gcpsecretmanagersecrets
23 singular: secretmanagersecret
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1beta1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 expireTime:
62 description: |-
63 Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
64 A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
65 type: string
66 replication:
67 description: |-
68 Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed
69 after the Secret has been created.
70 properties:
71 automatic:
72 description: Immutable. The Secret will automatically be replicated
73 without any restrictions.
74 type: boolean
75 userManaged:
76 description: Immutable. The Secret will automatically be replicated
77 without any restrictions.
78 properties:
79 replicas:
80 description: Immutable. The list of Replicas for this Secret.
81 Cannot be empty.
82 items:
83 properties:
84 customerManagedEncryption:
85 description: Immutable. Customer Managed Encryption
86 for the secret.
87 properties:
88 kmsKeyRef:
89 description: Customer Managed Encryption for the
90 secret.
91 oneOf:
92 - not:
93 required:
94 - external
95 required:
96 - name
97 - not:
98 anyOf:
99 - required:
100 - name
101 - required:
102 - namespace
103 required:
104 - external
105 properties:
106 external:
107 description: 'Allowed value: The `selfLink`
108 field of a `KMSCryptoKey` resource.'
109 type: string
110 name:
111 description: 'Name of the referent. More info:
112 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
113 type: string
114 namespace:
115 description: 'Namespace of the referent. More
116 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
117 type: string
118 type: object
119 required:
120 - kmsKeyRef
121 type: object
122 location:
123 description: 'Immutable. The canonical IDs of the location
124 to replicate data. For example: "us-east1".'
125 type: string
126 required:
127 - location
128 type: object
129 type: array
130 required:
131 - replicas
132 type: object
133 type: object
134 resourceID:
135 description: Immutable. Optional. The secretId of the resource. Used
136 for creation and acquisition. When unset, the value of `metadata.name`
137 is used as the default.
138 type: string
139 rotation:
140 description: The rotation time and period for a Secret. At 'next_rotation_time',
141 Secret Manager will send a Pub/Sub notification to the topics configured
142 on the Secret. 'topics' must be set to configure rotation.
143 properties:
144 nextRotationTime:
145 description: |-
146 Timestamp in UTC at which the Secret is scheduled to rotate.
147 A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
148 type: string
149 rotationPeriod:
150 description: |-
151 Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).
152 If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
153 type: string
154 type: object
155 topics:
156 description: A list of up to 10 Pub/Sub topics to which messages are
157 published when control plane operations are called on the secret
158 or its versions.
159 items:
160 properties:
161 topicRef:
162 description: |-
163 A list of up to 10 Pub/Sub topics to which messages are
164 published when control plane operations are called on the secret
165 or its versions.
166 oneOf:
167 - not:
168 required:
169 - external
170 required:
171 - name
172 - not:
173 anyOf:
174 - required:
175 - name
176 - required:
177 - namespace
178 required:
179 - external
180 properties:
181 external:
182 description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`,
183 where {{value}} is the `name` field of a `PubSubTopic`
184 resource.'
185 type: string
186 name:
187 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
188 type: string
189 namespace:
190 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
191 type: string
192 type: object
193 required:
194 - topicRef
195 type: object
196 type: array
197 ttl:
198 description: |-
199 Immutable. The TTL for the Secret.
200 A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
201 type: string
202 required:
203 - replication
204 type: object
205 status:
206 properties:
207 conditions:
208 description: Conditions represent the latest available observation
209 of the resource's current state.
210 items:
211 properties:
212 lastTransitionTime:
213 description: Last time the condition transitioned from one status
214 to another.
215 type: string
216 message:
217 description: Human-readable message indicating details about
218 last transition.
219 type: string
220 reason:
221 description: Unique, one-word, CamelCase reason for the condition's
222 last transition.
223 type: string
224 status:
225 description: Status is the status of the condition. Can be True,
226 False, Unknown.
227 type: string
228 type:
229 description: Type is the type of the condition.
230 type: string
231 type: object
232 type: array
233 createTime:
234 description: The time at which the Secret was created.
235 type: string
236 name:
237 description: |-
238 The resource name of the Secret. Format:
239 'projects/{{project}}/secrets/{{secret_id}}'.
240 type: string
241 observedGeneration:
242 description: ObservedGeneration is the generation of the resource
243 that was most recently observed by the Config Connector controller.
244 If this is equal to metadata.generation, then that means that the
245 current reported status reflects the most recent desired state of
246 the resource.
247 type: integer
248 type: object
249 required:
250 - spec
251 type: object
252 served: true
253 storage: true
254 subresources:
255 status: {}
256status:
257 acceptedNames:
258 kind: ""
259 plural: ""
260 conditions: []
261 storedVersions: []
View as plain text