1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 cnrm.cloud.google.com/version: 0.0.0-dev
6 creationTimestamp: null
7 labels:
8 cnrm.cloud.google.com/managed-by-kcc: "true"
9 cnrm.cloud.google.com/stability-level: alpha
10 cnrm.cloud.google.com/system: "true"
11 cnrm.cloud.google.com/tf2crd: "true"
12 name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com
13spec:
14 group: securitycenter.cnrm.cloud.google.com
15 names:
16 categories:
17 - gcp
18 kind: SecurityCenterNotificationConfig
19 plural: securitycenternotificationconfigs
20 shortNames:
21 - gcpsecuritycenternotificationconfig
22 - gcpsecuritycenternotificationconfigs
23 singular: securitycenternotificationconfig
24 preserveUnknownFields: false
25 scope: Namespaced
26 versions:
27 - additionalPrinterColumns:
28 - jsonPath: .metadata.creationTimestamp
29 name: Age
30 type: date
31 - description: When 'True', the most recent reconcile of the resource succeeded
32 jsonPath: .status.conditions[?(@.type=='Ready')].status
33 name: Ready
34 type: string
35 - description: The reason for the value in 'Ready'
36 jsonPath: .status.conditions[?(@.type=='Ready')].reason
37 name: Status
38 type: string
39 - description: The last transition time for the value in 'Status'
40 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
41 name: Status Age
42 type: date
43 name: v1alpha1
44 schema:
45 openAPIV3Schema:
46 properties:
47 apiVersion:
48 description: 'apiVersion defines the versioned schema of this representation
49 of an object. Servers should convert recognized schemas to the latest
50 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
51 type: string
52 kind:
53 description: 'kind is a string value representing the REST resource this
54 object represents. Servers may infer this from the endpoint the client
55 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
56 type: string
57 metadata:
58 type: object
59 spec:
60 properties:
61 configId:
62 description: Immutable. This must be unique within the organization.
63 type: string
64 description:
65 description: The description of the notification config (max of 1024
66 characters).
67 type: string
68 organizationRef:
69 description: The organization that this resource belongs to.
70 oneOf:
71 - not:
72 required:
73 - external
74 required:
75 - name
76 - not:
77 anyOf:
78 - required:
79 - name
80 - required:
81 - namespace
82 required:
83 - external
84 properties:
85 external:
86 description: 'Allowed value: The `name` field of an `Organization`
87 resource.'
88 type: string
89 name:
90 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
91 type: string
92 namespace:
93 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
94 type: string
95 type: object
96 pubsubTopic:
97 description: |-
98 The Pub/Sub topic to send notifications to. Its format is
99 "projects/[project_id]/topics/[topic]".
100 type: string
101 resourceID:
102 description: Immutable. Optional. The service-generated name of the
103 resource. Used for acquisition only. Leave unset to create a new
104 resource.
105 type: string
106 streamingConfig:
107 description: The config for triggering streaming-based notifications.
108 properties:
109 filter:
110 description: |-
111 Expression that defines the filter to apply across create/update
112 events of assets or findings as specified by the event type. The
113 expression is a list of zero or more restrictions combined via
114 logical operators AND and OR. Parentheses are supported, and OR
115 has higher precedence than AND.
116
117 Restrictions have the form <field> <operator> <value> and may have
118 a - character in front of them to indicate negation. The fields
119 map to those defined in the corresponding resource.
120
121 The supported operators are:
122
123 * = for all value types.
124 * >, <, >=, <= for integer values.
125 * :, meaning substring matching, for strings.
126
127 The supported value types are:
128
129 * string literals in quotes.
130 * integer literals without quotes.
131 * boolean literals true and false without quotes.
132
133 See
134 [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)
135 for information on how to write a filter.
136 type: string
137 required:
138 - filter
139 type: object
140 required:
141 - configId
142 - organizationRef
143 - pubsubTopic
144 - streamingConfig
145 type: object
146 status:
147 properties:
148 conditions:
149 description: Conditions represent the latest available observation
150 of the resource's current state.
151 items:
152 properties:
153 lastTransitionTime:
154 description: Last time the condition transitioned from one status
155 to another.
156 type: string
157 message:
158 description: Human-readable message indicating details about
159 last transition.
160 type: string
161 reason:
162 description: Unique, one-word, CamelCase reason for the condition's
163 last transition.
164 type: string
165 status:
166 description: Status is the status of the condition. Can be True,
167 False, Unknown.
168 type: string
169 type:
170 description: Type is the type of the condition.
171 type: string
172 type: object
173 type: array
174 name:
175 description: |-
176 The resource name of this notification config, in the format
177 'organizations/{{organization}}/notificationConfigs/{{config_id}}'.
178 type: string
179 observedGeneration:
180 description: ObservedGeneration is the generation of the resource
181 that was most recently observed by the Config Connector controller.
182 If this is equal to metadata.generation, then that means that the
183 current reported status reflects the most recent desired state of
184 the resource.
185 type: integer
186 serviceAccount:
187 description: |-
188 The service account that needs "pubsub.topics.publish" permission to
189 publish to the Pub/Sub topic.
190 type: string
191 type: object
192 required:
193 - spec
194 type: object
195 served: true
196 storage: true
197 subresources:
198 status: {}
199status:
200 acceptedNames:
201 kind: ""
202 plural: ""
203 conditions: []
204 storedVersions: []
View as plain text