1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com
27spec:
28 group: cloudidentity.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: CloudIdentityGroup
33 plural: cloudidentitygroups
34 shortNames:
35 - gcpcloudidentitygroup
36 - gcpcloudidentitygroups
37 singular: cloudidentitygroup
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 description:
75 description: |-
76 An extended description to help users determine the purpose of a Group.
77 Must not be longer than 4,096 characters.
78 type: string
79 displayName:
80 description: The display name of the Group.
81 type: string
82 groupKey:
83 description: Immutable. EntityKey of the Group.
84 properties:
85 id:
86 description: |-
87 Immutable. The ID of the entity.
88
89 For Google-managed entities, the id must be the email address of an existing
90 group or user.
91
92 For external-identity-mapped entities, the id must be a string conforming
93 to the Identity Source's requirements.
94
95 Must be unique within a namespace.
96 type: string
97 namespace:
98 description: |-
99 Immutable. The namespace in which the entity exists.
100
101 If not specified, the EntityKey represents a Google-managed entity
102 such as a Google user or a Google Group.
103
104 If specified, the EntityKey represents an external-identity-mapped group.
105 The namespace must correspond to an identity source created in Admin Console
106 and must be in the form of 'identitysources/{identity_source_id}'.
107 type: string
108 required:
109 - id
110 type: object
111 initialGroupConfig:
112 description: |-
113 Immutable. The initial configuration options for creating a Group.
114
115 See the
116 [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)
117 for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"].
118 type: string
119 labels:
120 additionalProperties:
121 type: string
122 description: |-
123 One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.
124
125 Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.
126
127 Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.
128
129 Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.
130
131 Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.
132 type: object
133 parent:
134 description: |-
135 Immutable. The resource name of the entity under which this Group resides in the
136 Cloud Identity resource hierarchy.
137
138 Must be of the form identitysources/{identity_source_id} for external-identity-mapped
139 groups or customers/{customer_id} for Google Groups.
140 type: string
141 resourceID:
142 description: Immutable. Optional. The service-generated name of the
143 resource. Used for acquisition only. Leave unset to create a new
144 resource.
145 type: string
146 required:
147 - groupKey
148 - labels
149 - parent
150 type: object
151 status:
152 properties:
153 conditions:
154 description: Conditions represent the latest available observation
155 of the resource's current state.
156 items:
157 properties:
158 lastTransitionTime:
159 description: Last time the condition transitioned from one status
160 to another.
161 type: string
162 message:
163 description: Human-readable message indicating details about
164 last transition.
165 type: string
166 reason:
167 description: Unique, one-word, CamelCase reason for the condition's
168 last transition.
169 type: string
170 status:
171 description: Status is the status of the condition. Can be True,
172 False, Unknown.
173 type: string
174 type:
175 description: Type is the type of the condition.
176 type: string
177 type: object
178 type: array
179 createTime:
180 description: The time when the Group was created.
181 type: string
182 name:
183 description: |-
184 Resource name of the Group in the format: groups/{group_id}, where group_id
185 is the unique ID assigned to the Group.
186 type: string
187 observedGeneration:
188 description: ObservedGeneration is the generation of the resource
189 that was most recently observed by the Config Connector controller.
190 If this is equal to metadata.generation, then that means that the
191 current reported status reflects the most recent desired state of
192 the resource.
193 type: integer
194 updateTime:
195 description: The time when the Group was last updated.
196 type: string
197 type: object
198 required:
199 - spec
200 type: object
201 served: true
202 storage: true
203 subresources:
204 status: {}
205status:
206 acceptedNames:
207 kind: ""
208 plural: ""
209 conditions: []
210 storedVersions: []
View as plain text