1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com
27spec:
28 group: identityplatform.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: IdentityPlatformConfig
33 plural: identityplatformconfigs
34 shortNames:
35 - gcpidentityplatformconfig
36 - gcpidentityplatformconfigs
37 singular: identityplatformconfig
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 authorizedDomains:
75 description: List of domains authorized for OAuth redirects
76 items:
77 type: string
78 type: array
79 blockingFunctions:
80 description: Configuration related to blocking functions.
81 properties:
82 triggers:
83 additionalProperties:
84 properties:
85 functionUriRef:
86 oneOf:
87 - not:
88 required:
89 - external
90 required:
91 - name
92 - not:
93 anyOf:
94 - required:
95 - name
96 - required:
97 - namespace
98 required:
99 - external
100 properties:
101 external:
102 description: |-
103 HTTP URI trigger for the Cloud Function.
104
105 Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource.
106 type: string
107 name:
108 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
109 type: string
110 namespace:
111 description: 'Namespace of the referent. More info:
112 https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
113 type: string
114 type: object
115 updateTime:
116 description: When the trigger was changed.
117 format: date-time
118 type: string
119 type: object
120 description: 'Map of Trigger to event type. Key should be one
121 of the supported event types: "beforeCreate", "beforeSignIn"'
122 type: object
123 type: object
124 client:
125 description: Options related to how clients making requests on behalf
126 of a project should be configured.
127 properties:
128 permissions:
129 description: Configuration related to restricting a user's ability
130 to affect their account.
131 properties:
132 disabledUserDeletion:
133 description: When true, end users cannot delete their account
134 on the associated project through any of our API methods
135 type: boolean
136 disabledUserSignup:
137 description: When true, end users cannot sign up for a new
138 account on the associated project through any of our API
139 methods
140 type: boolean
141 type: object
142 type: object
143 mfa:
144 description: Configuration for this project's multi-factor authentication,
145 including whether it is active and what factors can be used for
146 the second factor
147 properties:
148 state:
149 description: 'Whether MultiFactor Authentication has been enabled
150 for this project. Possible values: STATE_UNSPECIFIED, DISABLED,
151 ENABLED, MANDATORY'
152 type: string
153 type: object
154 monitoring:
155 description: Configuration related to monitoring project activity.
156 properties:
157 requestLogging:
158 description: Configuration for logging requests made to this project
159 to Stackdriver Logging
160 properties:
161 enabled:
162 description: Whether logging is enabled for this project or
163 not.
164 type: boolean
165 type: object
166 type: object
167 multiTenant:
168 description: Configuration related to multi-tenant functionality.
169 properties:
170 allowTenants:
171 description: Whether this project can have tenants or not.
172 type: boolean
173 defaultTenantLocationRef:
174 oneOf:
175 - not:
176 required:
177 - external
178 required:
179 - name
180 - kind
181 - not:
182 anyOf:
183 - required:
184 - name
185 - required:
186 - namespace
187 - required:
188 - kind
189 required:
190 - external
191 properties:
192 external:
193 description: |-
194 The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "<type>/<number>", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project.
195
196 Allowed values:
197 * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).
198 * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).
199 type: string
200 kind:
201 description: 'Kind of the referent. Allowed values: Folder'
202 type: string
203 name:
204 description: |-
205 [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.
206 Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
207 type: string
208 namespace:
209 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
210 type: string
211 type: object
212 type: object
213 notification:
214 description: Configuration related to sending notifications to users.
215 properties:
216 defaultLocale:
217 description: Default locale used for email and SMS in IETF BCP
218 47 format.
219 type: string
220 sendEmail:
221 description: Options for email sending.
222 properties:
223 callbackUri:
224 description: action url in email template.
225 type: string
226 changeEmailTemplate:
227 description: Email template for change email
228 properties:
229 body:
230 description: Immutable. Email body
231 type: string
232 bodyFormat:
233 description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED,
234 PLAIN_TEXT, HTML'
235 type: string
236 replyTo:
237 description: Reply-to address
238 type: string
239 senderDisplayName:
240 description: Sender display name
241 type: string
242 senderLocalPart:
243 description: Local part of From address
244 type: string
245 subject:
246 description: Subject of the email
247 type: string
248 type: object
249 dnsInfo:
250 description: Information of custom domain DNS verification.
251 properties:
252 useCustomDomain:
253 description: Whether to use custom domain.
254 type: boolean
255 type: object
256 method:
257 description: 'The method used for sending an email. Possible
258 values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP'
259 type: string
260 resetPasswordTemplate:
261 description: Email template for reset password
262 properties:
263 body:
264 description: Email body
265 type: string
266 bodyFormat:
267 description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED,
268 PLAIN_TEXT, HTML'
269 type: string
270 replyTo:
271 description: Reply-to address
272 type: string
273 senderDisplayName:
274 description: Sender display name
275 type: string
276 senderLocalPart:
277 description: Local part of From address
278 type: string
279 subject:
280 description: Subject of the email
281 type: string
282 type: object
283 revertSecondFactorAdditionTemplate:
284 description: Email template for reverting second factor addition
285 emails
286 properties:
287 body:
288 description: Immutable. Email body
289 type: string
290 bodyFormat:
291 description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED,
292 PLAIN_TEXT, HTML'
293 type: string
294 replyTo:
295 description: Reply-to address
296 type: string
297 senderDisplayName:
298 description: Sender display name
299 type: string
300 senderLocalPart:
301 description: Local part of From address
302 type: string
303 subject:
304 description: Subject of the email
305 type: string
306 type: object
307 smtp:
308 description: Use a custom SMTP relay
309 properties:
310 host:
311 description: SMTP relay host
312 type: string
313 password:
314 description: SMTP relay password
315 oneOf:
316 - not:
317 required:
318 - valueFrom
319 required:
320 - value
321 - not:
322 required:
323 - value
324 required:
325 - valueFrom
326 properties:
327 value:
328 description: Value of the field. Cannot be used if
329 'valueFrom' is specified.
330 type: string
331 valueFrom:
332 description: Source for the field's value. Cannot
333 be used if 'value' is specified.
334 properties:
335 secretKeyRef:
336 description: Reference to a value with the given
337 key in the given Secret in the resource's namespace.
338 properties:
339 key:
340 description: Key that identifies the value
341 to be extracted.
342 type: string
343 name:
344 description: Name of the Secret to extract
345 a value from.
346 type: string
347 required:
348 - name
349 - key
350 type: object
351 type: object
352 type: object
353 port:
354 description: SMTP relay port
355 format: int64
356 type: integer
357 securityMode:
358 description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED,
359 SSL, START_TLS'
360 type: string
361 senderEmail:
362 description: Sender email for the SMTP relay
363 type: string
364 username:
365 description: SMTP relay username
366 type: string
367 type: object
368 verifyEmailTemplate:
369 description: Email template for verify email
370 properties:
371 body:
372 description: Immutable. Email body
373 type: string
374 bodyFormat:
375 description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED,
376 PLAIN_TEXT, HTML'
377 type: string
378 replyTo:
379 description: Reply-to address
380 type: string
381 senderDisplayName:
382 description: Sender display name
383 type: string
384 senderLocalPart:
385 description: Local part of From address
386 type: string
387 subject:
388 description: Subject of the email
389 type: string
390 type: object
391 type: object
392 sendSms:
393 description: Options for SMS sending.
394 properties:
395 useDeviceLocale:
396 description: Whether to use the accept_language header for
397 SMS.
398 type: boolean
399 type: object
400 type: object
401 projectRef:
402 description: Immutable. The Project that this resource belongs to.
403 oneOf:
404 - not:
405 required:
406 - external
407 required:
408 - name
409 - not:
410 anyOf:
411 - required:
412 - name
413 - required:
414 - namespace
415 required:
416 - external
417 properties:
418 external:
419 description: |-
420 The project of the resource
421
422 Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).
423 type: string
424 name:
425 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
426 type: string
427 namespace:
428 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
429 type: string
430 type: object
431 quota:
432 description: Configuration related to quotas.
433 properties:
434 signUpQuotaConfig:
435 description: Quota for the Signup endpoint, if overwritten. Signup
436 quota is measured in sign ups per project per hour per IP.
437 properties:
438 quota:
439 description: Corresponds to the 'refill_token_count' field
440 in QuotaServer config
441 format: int64
442 type: integer
443 quotaDuration:
444 description: How long this quota will be active for
445 type: string
446 startTime:
447 description: When this quota will take affect
448 format: date-time
449 type: string
450 type: object
451 type: object
452 signIn:
453 description: Configuration related to local sign in methods.
454 properties:
455 allowDuplicateEmails:
456 description: Whether to allow more than one account to have the
457 same email.
458 type: boolean
459 anonymous:
460 description: Configuration options related to authenticating an
461 anonymous user.
462 properties:
463 enabled:
464 description: Whether anonymous user auth is enabled for the
465 project or not.
466 type: boolean
467 type: object
468 email:
469 description: Configuration options related to authenticating a
470 user by their email address.
471 properties:
472 enabled:
473 description: Whether email auth is enabled for the project
474 or not.
475 type: boolean
476 passwordRequired:
477 description: Whether a password is required for email auth
478 or not. If true, both an email and password must be provided
479 to sign in. If false, a user may sign in via either email/password
480 or email link.
481 type: boolean
482 type: object
483 phoneNumber:
484 description: Configuration options related to authenticated a
485 user by their phone number.
486 properties:
487 enabled:
488 description: Whether phone number auth is enabled for the
489 project or not.
490 type: boolean
491 testPhoneNumbers:
492 additionalProperties:
493 type: string
494 description: A map of that can be used for phone auth testing.
495 type: object
496 type: object
497 type: object
498 required:
499 - projectRef
500 type: object
501 status:
502 properties:
503 client:
504 properties:
505 apiKey:
506 description: Output only. API key that can be used when making
507 requests for this project.
508 type: string
509 firebaseSubdomain:
510 description: Output only. Firebase subdomain.
511 type: string
512 type: object
513 conditions:
514 description: Conditions represent the latest available observation
515 of the resource's current state.
516 items:
517 properties:
518 lastTransitionTime:
519 description: Last time the condition transitioned from one status
520 to another.
521 type: string
522 message:
523 description: Human-readable message indicating details about
524 last transition.
525 type: string
526 reason:
527 description: Unique, one-word, CamelCase reason for the condition's
528 last transition.
529 type: string
530 status:
531 description: Status is the status of the condition. Can be True,
532 False, Unknown.
533 type: string
534 type:
535 description: Type is the type of the condition.
536 type: string
537 type: object
538 type: array
539 notification:
540 properties:
541 sendEmail:
542 properties:
543 changeEmailTemplate:
544 properties:
545 customized:
546 description: Output only. Whether the body or subject
547 of the email is customized.
548 type: boolean
549 type: object
550 dnsInfo:
551 properties:
552 customDomain:
553 description: Output only. The applied verified custom
554 domain.
555 type: string
556 customDomainState:
557 description: 'Output only. The current verification state
558 of the custom domain. The custom domain will only be
559 used once the domain verification is successful. Possible
560 values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED,
561 IN_PROGRESS, FAILED, SUCCEEDED'
562 type: string
563 domainVerificationRequestTime:
564 description: Output only. The timestamp of initial request
565 for the current domain verification.
566 format: date-time
567 type: string
568 pendingCustomDomain:
569 description: Output only. The custom domain that's to
570 be verified.
571 type: string
572 type: object
573 resetPasswordTemplate:
574 properties:
575 customized:
576 description: Output only. Whether the body or subject
577 of the email is customized.
578 type: boolean
579 type: object
580 revertSecondFactorAdditionTemplate:
581 properties:
582 customized:
583 description: Output only. Whether the body or subject
584 of the email is customized.
585 type: boolean
586 type: object
587 verifyEmailTemplate:
588 properties:
589 customized:
590 description: Output only. Whether the body or subject
591 of the email is customized.
592 type: boolean
593 type: object
594 type: object
595 sendSms:
596 properties:
597 smsTemplate:
598 description: Output only. The template to use when sending
599 an SMS.
600 properties:
601 content:
602 description: 'Output only. The SMS''s content. Can contain
603 the following placeholders which will be replaced with
604 the appropriate values: %APP_NAME% - For Android or
605 iOS apps, the app''s display name. For web apps, the
606 domain hosting the application. %LOGIN_CODE% - The OOB
607 code being sent in the SMS.'
608 type: string
609 type: object
610 type: object
611 type: object
612 observedGeneration:
613 description: ObservedGeneration is the generation of the resource
614 that was most recently observed by the Config Connector controller.
615 If this is equal to metadata.generation, then that means that the
616 current reported status reflects the most recent desired state of
617 the resource.
618 type: integer
619 signIn:
620 properties:
621 email:
622 properties:
623 hashConfig:
624 description: Output only. Hash config information.
625 properties:
626 algorithm:
627 description: 'Output only. Different password hash algorithms
628 used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED,
629 HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1,
630 MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256,
631 SHA512, STANDARD_SCRYPT'
632 type: string
633 memoryCost:
634 description: Output only. Memory cost for hash calculation.
635 Used by scrypt and other similar password derivation
636 algorithms. See https://tools.ietf.org/html/rfc7914
637 for explanation of field.
638 format: int64
639 type: integer
640 rounds:
641 description: Output only. How many rounds for hash calculation.
642 Used by scrypt and other similar password derivation
643 algorithms.
644 format: int64
645 type: integer
646 saltSeparator:
647 description: Output only. Non-printable character to be
648 inserted between the salt and plain text password in
649 base64.
650 type: string
651 signerKey:
652 description: Output only. Signer key in base64.
653 type: string
654 type: object
655 type: object
656 hashConfig:
657 description: Output only. Hash config information.
658 properties:
659 algorithm:
660 description: 'Output only. Different password hash algorithms
661 used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED,
662 HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5,
663 HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512,
664 STANDARD_SCRYPT'
665 type: string
666 memoryCost:
667 description: Output only. Memory cost for hash calculation.
668 Used by scrypt and other similar password derivation algorithms.
669 See https://tools.ietf.org/html/rfc7914 for explanation
670 of field.
671 format: int64
672 type: integer
673 rounds:
674 description: Output only. How many rounds for hash calculation.
675 Used by scrypt and other similar password derivation algorithms.
676 format: int64
677 type: integer
678 saltSeparator:
679 description: Output only. Non-printable character to be inserted
680 between the salt and plain text password in base64.
681 type: string
682 signerKey:
683 description: Output only. Signer key in base64.
684 type: string
685 type: object
686 type: object
687 subtype:
688 description: 'Output only. The subtype of this config. Possible values:
689 SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH'
690 type: string
691 type: object
692 required:
693 - spec
694 type: object
695 served: true
696 storage: true
697 subresources:
698 status: {}
699status:
700 acceptedNames:
701 kind: ""
702 plural: ""
703 conditions: []
704 storedVersions: []
View as plain text