1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: alpha
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com
27spec:
28 group: containeranalysis.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: ContainerAnalysisOccurrence
33 plural: containeranalysisoccurrences
34 shortNames:
35 - gcpcontaineranalysisoccurrence
36 - gcpcontaineranalysisoccurrences
37 singular: containeranalysisoccurrence
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1alpha1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 attestation:
75 description: |-
76 Occurrence that represents a single "attestation". The authenticity
77 of an attestation can be verified using the attached signature.
78 If the verifier trusts the public key of the signer, then verifying
79 the signature is sufficient to establish trust. In this circumstance,
80 the authority to which this attestation is attached is primarily
81 useful for lookup (how to find this attestation if you already
82 know the authority and artifact to be verified) and intent (for
83 which authority this attestation was intended to sign.
84 properties:
85 serializedPayload:
86 description: |-
87 The serialized payload that is verified by one or
88 more signatures. A base64-encoded string.
89 type: string
90 signatures:
91 description: |-
92 One or more signatures over serializedPayload.
93 Verifier implementations should consider this attestation
94 message verified if at least one signature verifies
95 serializedPayload. See Signature in common.proto for more
96 details on signature structure and verification.
97 items:
98 properties:
99 publicKeyId:
100 description: |-
101 The identifier for the public key that verifies this
102 signature. MUST be an RFC3986 conformant
103 URI. * When possible, the key id should be an
104 immutable reference, such as a cryptographic digest.
105 Examples of valid values:
106
107 * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr
108 for more details on this scheme.
109 * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA'
110 * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
111 * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU".
112 type: string
113 signature:
114 description: |-
115 The content of the signature, an opaque bytestring.
116 The payload that this signature verifies MUST be
117 unambiguously provided with the Signature during
118 verification. A wrapper message might provide the
119 payload explicitly. Alternatively, a message might
120 have a canonical serialization that can always be
121 unambiguously computed to derive the payload.
122 type: string
123 required:
124 - publicKeyId
125 type: object
126 type: array
127 required:
128 - serializedPayload
129 - signatures
130 type: object
131 noteName:
132 description: |-
133 Immutable. The analysis note associated with this occurrence, in the form of
134 projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a
135 filter in list requests.
136 type: string
137 projectRef:
138 description: The project that this resource belongs to.
139 oneOf:
140 - not:
141 required:
142 - external
143 required:
144 - name
145 - not:
146 anyOf:
147 - required:
148 - name
149 - required:
150 - namespace
151 required:
152 - external
153 properties:
154 external:
155 description: 'Allowed value: The `name` field of a `Project` resource.'
156 type: string
157 name:
158 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
159 type: string
160 namespace:
161 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
162 type: string
163 type: object
164 remediation:
165 description: A description of actions that can be taken to remedy
166 the note.
167 type: string
168 resourceID:
169 description: Immutable. Optional. The service-generated name of the
170 resource. Used for acquisition only. Leave unset to create a new
171 resource.
172 type: string
173 resourceUri:
174 description: |-
175 Immutable. Required. Immutable. A URI that represents the resource for which
176 the occurrence applies. For example,
177 https://gcr.io/project/image@sha256:123abc for a Docker image.
178 type: string
179 required:
180 - attestation
181 - noteName
182 - projectRef
183 - resourceUri
184 type: object
185 status:
186 properties:
187 conditions:
188 description: Conditions represent the latest available observation
189 of the resource's current state.
190 items:
191 properties:
192 lastTransitionTime:
193 description: Last time the condition transitioned from one status
194 to another.
195 type: string
196 message:
197 description: Human-readable message indicating details about
198 last transition.
199 type: string
200 reason:
201 description: Unique, one-word, CamelCase reason for the condition's
202 last transition.
203 type: string
204 status:
205 description: Status is the status of the condition. Can be True,
206 False, Unknown.
207 type: string
208 type:
209 description: Type is the type of the condition.
210 type: string
211 type: object
212 type: array
213 createTime:
214 description: The time when the repository was created.
215 type: string
216 kind:
217 description: |-
218 The note kind which explicitly denotes which of the occurrence
219 details are specified. This field can be used as a filter in list
220 requests.
221 type: string
222 name:
223 description: The name of the occurrence.
224 type: string
225 observedGeneration:
226 description: ObservedGeneration is the generation of the resource
227 that was most recently observed by the Config Connector controller.
228 If this is equal to metadata.generation, then that means that the
229 current reported status reflects the most recent desired state of
230 the resource.
231 type: integer
232 updateTime:
233 description: The time when the repository was last updated.
234 type: string
235 type: object
236 required:
237 - spec
238 type: object
239 served: true
240 storage: true
241 subresources:
242 status: {}
243status:
244 acceptedNames:
245 kind: ""
246 plural: ""
247 conditions: []
248 storedVersions: []
View as plain text