1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com
27spec:
28 group: cloudidentity.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: CloudIdentityMembership
33 plural: cloudidentitymemberships
34 shortNames:
35 - gcpcloudidentitymembership
36 - gcpcloudidentitymemberships
37 singular: cloudidentitymembership
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 groupRef:
75 description: Immutable.
76 oneOf:
77 - not:
78 required:
79 - external
80 required:
81 - name
82 - not:
83 anyOf:
84 - required:
85 - name
86 - required:
87 - namespace
88 required:
89 - external
90 properties:
91 external:
92 description: |-
93 The group for the resource
94
95 Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`).
96 type: string
97 name:
98 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
99 type: string
100 namespace:
101 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
102 type: string
103 type: object
104 memberKey:
105 description: Immutable. The `EntityKey` of the member. Either `member_key`
106 or `preferred_member_key` must be set when calling MembershipsService.CreateMembership
107 but not both; both shall be set when returned.
108 properties:
109 id:
110 description: The ID of the entity. For Google-managed entities,
111 the `id` must be the email address of an existing group or user.
112 For external-identity-mapped entities, the `id` must be a string
113 conforming to the Identity Source's requirements. Must be unique
114 within a `namespace`.
115 type: string
116 namespace:
117 description: The namespace in which the entity exists. If not
118 specified, the `EntityKey` represents a Google-managed entity
119 such as a Google user or a Google Group. If specified, the `EntityKey`
120 represents an external-identity-mapped group. The namespace
121 must correspond to an identity source created in Admin Console
122 and must be in the form of `identitysources/{identity_source_id}`.
123 type: string
124 type: object
125 preferredMemberKey:
126 description: Immutable. Required. Immutable. The `EntityKey` of the
127 member.
128 properties:
129 id:
130 description: Immutable. The ID of the entity. For Google-managed
131 entities, the `id` must be the email address of a group or user.
132 For external-identity-mapped entities, the `id` must be a string
133 conforming to the Identity Source's requirements. Must be unique
134 within a `namespace`.
135 type: string
136 namespace:
137 description: Immutable. The namespace in which the entity exists.
138 If not specified, the `EntityKey` represents a Google-managed
139 entity such as a Google user or a Google Group. If specified,
140 the `EntityKey` represents an external-identity-mapped group.
141 The namespace must correspond to an identity source created
142 in Admin Console and must be in the form of `identitysources/{identity_source_id}`.
143 type: string
144 required:
145 - id
146 type: object
147 resourceID:
148 description: Immutable. Optional. The service-generated name of the
149 resource. Used for acquisition only. Leave unset to create a new
150 resource.
151 type: string
152 roles:
153 description: The `MembershipRole`s that apply to the `Membership`.
154 If unspecified, defaults to a single `MembershipRole` with `name`
155 `MEMBER`. Must not contain duplicate `MembershipRole`s with the
156 same `name`.
157 items:
158 properties:
159 expiryDetail:
160 description: The expiry details of the `MembershipRole`. Expiry
161 details are only supported for `MEMBER` `MembershipRoles`.
162 May be set if `name` is `MEMBER`. Must not be set if `name`
163 is any other value.
164 properties:
165 expireTime:
166 description: The time at which the `MembershipRole` will
167 expire.
168 format: date-time
169 type: string
170 type: object
171 name:
172 type: string
173 restrictionEvaluations:
174 description: Evaluations of restrictions applied to parent group
175 on this membership.
176 properties:
177 memberRestrictionEvaluation:
178 description: Evaluation of the member restriction applied
179 to this membership. Empty if the user lacks permission
180 to view the restriction evaluation.
181 properties:
182 state:
183 description: 'Output only. The current state of the
184 restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED,
185 UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED'
186 type: string
187 type: object
188 type: object
189 required:
190 - name
191 type: object
192 type: array
193 required:
194 - groupRef
195 - preferredMemberKey
196 - roles
197 type: object
198 status:
199 properties:
200 conditions:
201 description: Conditions represent the latest available observation
202 of the resource's current state.
203 items:
204 properties:
205 lastTransitionTime:
206 description: Last time the condition transitioned from one status
207 to another.
208 type: string
209 message:
210 description: Human-readable message indicating details about
211 last transition.
212 type: string
213 reason:
214 description: Unique, one-word, CamelCase reason for the condition's
215 last transition.
216 type: string
217 status:
218 description: Status is the status of the condition. Can be True,
219 False, Unknown.
220 type: string
221 type:
222 description: Type is the type of the condition.
223 type: string
224 type: object
225 type: array
226 createTime:
227 description: Output only. The time when the `Membership` was created.
228 format: date-time
229 type: string
230 deliverySetting:
231 description: 'Output only. Delivery setting associated with the membership.
232 Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST,
233 DAILY, NONE, DISABLED'
234 type: string
235 displayName:
236 description: Output only. The display name of this member, if available
237 properties:
238 familyName:
239 description: Output only. Member's family name
240 type: string
241 fullName:
242 description: Output only. Localized UTF-16 full name for the member.
243 Localization is done based on the language in the request and
244 the language of the stored display name.
245 type: string
246 givenName:
247 description: Output only. Member's given name
248 type: string
249 type: object
250 observedGeneration:
251 description: ObservedGeneration is the generation of the resource
252 that was most recently observed by the Config Connector controller.
253 If this is equal to metadata.generation, then that means that the
254 current reported status reflects the most recent desired state of
255 the resource.
256 type: integer
257 type:
258 description: 'Output only. The type of the membership. Possible values:
259 OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER'
260 type: string
261 updateTime:
262 description: Output only. The time when the `Membership` was last
263 updated.
264 format: date-time
265 type: string
266 type: object
267 required:
268 - spec
269 type: object
270 served: true
271 storage: true
272 subresources:
273 status: {}
274status:
275 acceptedNames:
276 kind: ""
277 plural: ""
278 conditions: []
279 storedVersions: []
View as plain text