1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/system: "true"
24 name: iamauditconfigs.iam.cnrm.cloud.google.com
25spec:
26 group: iam.cnrm.cloud.google.com
27 names:
28 categories:
29 - gcp
30 kind: IAMAuditConfig
31 plural: iamauditconfigs
32 shortNames:
33 - gcpiamauditconfig
34 - gcpiamauditconfigs
35 singular: iamauditconfig
36 scope: Namespaced
37 versions:
38 - additionalPrinterColumns:
39 - jsonPath: .metadata.creationTimestamp
40 name: Age
41 type: date
42 - description: When 'True' the most recent reconcile of the resource succeeded
43 jsonPath: .status.conditions[?(@.type=='Ready')].status
44 name: Ready
45 type: string
46 - description: The reason for the value in 'Ready'
47 jsonPath: .status.conditions[?(@.type=='Ready')].reason
48 name: Status
49 type: string
50 - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
51 name: Status Age
52 type: date
53 name: v1beta1
54 schema:
55 openAPIV3Schema:
56 description: IAMAuditConfig is the schema for the IAM audit logging API.
57 properties:
58 apiVersion:
59 description: 'APIVersion defines the versioned schema of this representation
60 of an object. Servers should convert recognized schemas to the latest
61 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
62 type: string
63 kind:
64 description: 'Kind is a string value representing the REST resource this
65 object represents. Servers may infer this from the endpoint the client
66 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
67 type: string
68 metadata:
69 type: object
70 spec:
71 description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig.
72 properties:
73 auditLogConfigs:
74 description: Required. The configuration for logging of each type
75 of permission.
76 items:
77 properties:
78 exemptedMembers:
79 description: Identities that do not cause logging for this type
80 of permission. The format is the same as that for 'members'
81 in IAMPolicy/IAMPolicyMember.
82 items:
83 type: string
84 type: array
85 logType:
86 description: Permission type for which logging is to be configured.
87 Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'.
88 pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$
89 type: string
90 required:
91 - logType
92 type: object
93 type: array
94 resourceRef:
95 description: Immutable. Required. The GCP resource to set the IAMAuditConfig
96 on (e.g. project).
97 properties:
98 apiVersion:
99 type: string
100 external:
101 type: string
102 kind:
103 type: string
104 name:
105 type: string
106 namespace:
107 type: string
108 required:
109 - kind
110 type: object
111 service:
112 description: 'Immutable. Required. The service for which to enable
113 Data Access audit logs. The special value ''allServices'' covers
114 all services. Note that if there are audit configs covering both
115 ''allServices'' and a specific service, then the union of the two
116 audit configs is used for that service: the ''logTypes'' specified
117 in each ''auditLogConfig'' are enabled, and the ''exemptedMembers''
118 in each ''auditLogConfg'' are exempted.'
119 type: string
120 required:
121 - auditLogConfigs
122 - resourceRef
123 - service
124 type: object
125 status:
126 description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig.
127 properties:
128 conditions:
129 description: Conditions represent the latest available observations
130 of the IAMAuditConfig's current state.
131 items:
132 properties:
133 lastTransitionTime:
134 description: Last time the condition transitioned from one status
135 to another.
136 type: string
137 message:
138 description: Human-readable message indicating details about
139 last transition.
140 type: string
141 reason:
142 description: Unique, one-word, CamelCase reason for the condition's
143 last transition.
144 type: string
145 status:
146 description: Status is the status of the condition. Can be True,
147 False, Unknown.
148 type: string
149 type:
150 description: Type is the type of the condition.
151 type: string
152 type: object
153 type: array
154 observedGeneration:
155 description: ObservedGeneration is the generation of the resource
156 that was most recently observed by the Config Connector controller.
157 If this is equal to metadata.generation, then that means that the
158 current reported status reflects the most recent desired state of
159 the resource.
160 format: int64
161 type: integer
162 type: object
163 type: object
164 served: true
165 storage: true
166 subresources:
167 status: {}
168status:
169 acceptedNames:
170 kind: ""
171 plural: ""
172 conditions: []
173 storedVersions: []
View as plain text