1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com
27spec:
28 group: iam.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: IAMAccessBoundaryPolicy
33 plural: iamaccessboundarypolicies
34 shortNames:
35 - gcpiamaccessboundarypolicy
36 - gcpiamaccessboundarypolicies
37 singular: iamaccessboundarypolicy
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 displayName:
75 description: The display name of the rule.
76 type: string
77 projectRef:
78 oneOf:
79 - not:
80 required:
81 - external
82 required:
83 - name
84 - not:
85 anyOf:
86 - required:
87 - name
88 - required:
89 - namespace
90 required:
91 - external
92 properties:
93 external:
94 description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`,
95 where {{value}} is the `name` field of a `Project` resource.'
96 type: string
97 name:
98 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
99 type: string
100 namespace:
101 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
102 type: string
103 type: object
104 resourceID:
105 description: Immutable. Optional. The name of the resource. Used for
106 creation and acquisition. When unset, the value of `metadata.name`
107 is used as the default.
108 type: string
109 rules:
110 description: Rules to be applied.
111 items:
112 properties:
113 accessBoundaryRule:
114 description: An access boundary rule in an IAM policy.
115 properties:
116 availabilityCondition:
117 description: The availability condition further constrains
118 the access allowed by the access boundary rule.
119 properties:
120 description:
121 description: |-
122 Description of the expression. This is a longer text which describes the expression,
123 e.g. when hovered over it in a UI.
124 type: string
125 expression:
126 description: Textual representation of an expression
127 in Common Expression Language syntax.
128 type: string
129 location:
130 description: |-
131 String indicating the location of the expression for error reporting,
132 e.g. a file name and a position in the file.
133 type: string
134 title:
135 description: |-
136 Title for the expression, i.e. a short string describing its purpose.
137 This can be used e.g. in UIs which allow to enter the expression.
138 type: string
139 required:
140 - expression
141 type: object
142 availablePermissions:
143 description: A list of permissions that may be allowed for
144 use on the specified resource.
145 items:
146 type: string
147 type: array
148 availableResource:
149 description: The full resource name of a Google Cloud resource
150 entity.
151 type: string
152 type: object
153 description:
154 description: The description of the rule.
155 type: string
156 type: object
157 type: array
158 required:
159 - projectRef
160 - rules
161 type: object
162 status:
163 properties:
164 conditions:
165 description: Conditions represent the latest available observation
166 of the resource's current state.
167 items:
168 properties:
169 lastTransitionTime:
170 description: Last time the condition transitioned from one status
171 to another.
172 type: string
173 message:
174 description: Human-readable message indicating details about
175 last transition.
176 type: string
177 reason:
178 description: Unique, one-word, CamelCase reason for the condition's
179 last transition.
180 type: string
181 status:
182 description: Status is the status of the condition. Can be True,
183 False, Unknown.
184 type: string
185 type:
186 description: Type is the type of the condition.
187 type: string
188 type: object
189 type: array
190 etag:
191 description: The hash of the resource. Used internally during updates.
192 type: string
193 observedGeneration:
194 description: ObservedGeneration is the generation of the resource
195 that was most recently observed by the Config Connector controller.
196 If this is equal to metadata.generation, then that means that the
197 current reported status reflects the most recent desired state of
198 the resource.
199 type: integer
200 type: object
201 required:
202 - spec
203 type: object
204 served: true
205 storage: true
206 subresources:
207 status: {}
208status:
209 acceptedNames:
210 kind: ""
211 plural: ""
212 conditions: []
213 storedVersions: []
View as plain text