Text file src/github.com/GoogleCloudPlatform/k8s-config-connector/config/servicemappings/kms.yaml

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/config/servicemappings

     1# Copyright 2022 Google LLC
     2#
     3# Licensed under the Apache License, Version 2.0 (the "License");
     4# you may not use this file except in compliance with the License.
     5# You may obtain a copy of the License at
     6#
     7#      http://www.apache.org/licenses/LICENSE-2.0
     8#
     9# Unless required by applicable law or agreed to in writing, software
    10# distributed under the License is distributed on an "AS IS" BASIS,
    11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12# See the License for the specific language governing permissions and
    13# limitations under the License.
    14
    15apiVersion: core.cnrm.cloud.google.com/v1alpha1
    16kind: ServiceMapping
    17metadata:
    18  name: kms.cnrm.cloud.google.com
    19  namespace: cnrm-system
    20spec:
    21  name: KMS
    22  version: v1beta1
    23  serviceHostName: "cloudkms.googleapis.com"
    24  resources:
    25    - name: google_kms_crypto_key
    26      kind: KMSCryptoKey
    27      metadataMapping:
    28        name: name
    29        labels: labels
    30      resourceID:
    31        targetField: name
    32      iamConfig:
    33        policyName: google_kms_crypto_key_iam_policy
    34        policyMemberName: google_kms_crypto_key_iam_member
    35        referenceField:
    36          name: crypto_key_id
    37          type: id
    38        supportsConditions: true
    39      idTemplate: "{{key_ring}}/cryptoKeys/{{name}}"
    40      # can't Get(...) after import (location is embedded the KMSKeyRing and not properly fetched
    41      idTemplateCanBeUsedToMatchResourceName: false
    42      resourceAvailableInAssetInventory: true
    43      resourceReferences:
    44        - tfField: key_ring
    45          description: |-
    46            The KMSKeyRing that this key belongs to.
    47          key: keyRingRef
    48          gvk:
    49            kind: KMSKeyRing
    50            version: v1beta1
    51            group: kms.cnrm.cloud.google.com
    52          targetField: self_link
    53          parent: true
    54    - name: google_kms_key_ring
    55      kind: KMSKeyRing
    56      iamConfig:
    57        policyName: google_kms_key_ring_iam_policy
    58        policyMemberName: google_kms_key_ring_iam_member
    59        referenceField:
    60          name: key_ring_id
    61          type: id
    62        supportsConditions: true
    63      idTemplate: "projects/{{project}}/locations/{{location}}/keyRings/{{name}}"
    64      idTemplateCanBeUsedToMatchResourceName: true
    65      resourceAvailableInAssetInventory: true
    66      metadataMapping:
    67        name: name
    68      resourceID:
    69        targetField: name
    70      containers:
    71        - type: project
    72          tfField: project

View as plain text