1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/system: "true"
24 name: iampolicymembers.iam.cnrm.cloud.google.com
25spec:
26 group: iam.cnrm.cloud.google.com
27 names:
28 categories:
29 - gcp
30 kind: IAMPolicyMember
31 plural: iampolicymembers
32 shortNames:
33 - gcpiampolicymember
34 - gcpiampolicymembers
35 singular: iampolicymember
36 scope: Namespaced
37 versions:
38 - additionalPrinterColumns:
39 - jsonPath: .metadata.creationTimestamp
40 name: Age
41 type: date
42 - description: When 'True' the most recent reconcile of the resource succeeded
43 jsonPath: .status.conditions[?(@.type=='Ready')].status
44 name: Ready
45 type: string
46 - description: The reason for the value in 'Ready'
47 jsonPath: .status.conditions[?(@.type=='Ready')].reason
48 name: Status
49 type: string
50 - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
51 name: Status Age
52 type: date
53 name: v1beta1
54 schema:
55 openAPIV3Schema:
56 description: IAMPolicyMember is the Schema for the iampolicies API
57 properties:
58 apiVersion:
59 description: 'APIVersion defines the versioned schema of this representation
60 of an object. Servers should convert recognized schemas to the latest
61 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
62 type: string
63 kind:
64 description: 'Kind is a string value representing the REST resource this
65 object represents. Servers may infer this from the endpoint the client
66 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
67 type: string
68 metadata:
69 type: object
70 spec:
71 description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember
72 oneOf:
73 - required:
74 - member
75 - required:
76 - memberFrom
77 properties:
78 condition:
79 description: Immutable. Optional. The condition under which the binding
80 applies.
81 properties:
82 description:
83 type: string
84 expression:
85 type: string
86 title:
87 type: string
88 required:
89 - expression
90 - title
91 type: object
92 member:
93 description: Immutable. The IAM identity to be bound to the role.
94 Exactly one of 'member' or 'memberFrom' must be used.
95 type: string
96 memberFrom:
97 description: Immutable. The IAM identity to be bound to the role.
98 Exactly one of 'member' or 'memberFrom' must be used, and only one
99 subfield within 'memberFrom' can be used.
100 oneOf:
101 - required:
102 - logSinkRef
103 - required:
104 - serviceAccountRef
105 - required:
106 - serviceIdentityRef
107 - required:
108 - sqlInstanceRef
109 properties:
110 logSinkRef:
111 description: The LoggingLogSink whose writer identity (i.e. its
112 'status.writerIdentity') is to be bound to the role.
113 properties:
114 name:
115 type: string
116 namespace:
117 type: string
118 required:
119 - name
120 type: object
121 serviceAccountRef:
122 description: The IAMServiceAccount to be bound to the role.
123 properties:
124 name:
125 type: string
126 namespace:
127 type: string
128 required:
129 - name
130 type: object
131 serviceIdentityRef:
132 description: The ServiceIdentity whose service account (i.e.,
133 its 'status.email') is to be bound to the role.
134 properties:
135 name:
136 type: string
137 namespace:
138 type: string
139 required:
140 - name
141 type: object
142 sqlInstanceRef:
143 description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress')
144 is to be bound to the role.
145 properties:
146 name:
147 type: string
148 namespace:
149 type: string
150 required:
151 - name
152 type: object
153 type: object
154 resourceRef:
155 description: Immutable. Required. The GCP resource to set the IAM
156 policy on.
157 oneOf:
158 - not:
159 required:
160 - external
161 required:
162 - name
163 - not:
164 anyOf:
165 - required:
166 - name
167 - required:
168 - namespace
169 required:
170 - external
171 - not:
172 anyOf:
173 - required:
174 - name
175 - required:
176 - namespace
177 - required:
178 - apiVersion
179 - required:
180 - external
181 properties:
182 apiVersion:
183 type: string
184 external:
185 type: string
186 kind:
187 type: string
188 name:
189 type: string
190 namespace:
191 type: string
192 required:
193 - kind
194 type: object
195 role:
196 description: Immutable. Required. The role for which the Member will
197 be bound.
198 pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$
199 type: string
200 required:
201 - resourceRef
202 - role
203 type: object
204 status:
205 description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember
206 properties:
207 conditions:
208 description: Conditions represent the latest available observations
209 of the IAM policy's current state.
210 items:
211 properties:
212 lastTransitionTime:
213 description: Last time the condition transitioned from one status
214 to another.
215 type: string
216 message:
217 description: Human-readable message indicating details about
218 last transition.
219 type: string
220 reason:
221 description: Unique, one-word, CamelCase reason for the condition's
222 last transition.
223 type: string
224 status:
225 description: Status is the status of the condition. Can be True,
226 False, Unknown.
227 type: string
228 type:
229 description: Type is the type of the condition.
230 type: string
231 type: object
232 type: array
233 observedGeneration:
234 description: ObservedGeneration is the generation of the resource
235 that was most recently observed by the Config Connector controller.
236 If this is equal to metadata.generation, then that means that the
237 current reported status reflects the most recent desired state of
238 the resource.
239 format: int64
240 type: integer
241 type: object
242 type: object
243 served: true
244 storage: true
245 subresources:
246 status: {}
247status:
248 acceptedNames:
249 kind: ""
250 plural: ""
251 conditions: []
252 storedVersions: []
View as plain text