1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: alpha
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: kmscryptokeyversions.kms.cnrm.cloud.google.com
27spec:
28 group: kms.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: KMSCryptoKeyVersion
33 plural: kmscryptokeyversions
34 shortNames:
35 - gcpkmscryptokeyversion
36 - gcpkmscryptokeyversions
37 singular: kmscryptokeyversion
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1alpha1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 cryptoKey:
75 description: |-
76 Immutable. The name of the cryptoKey associated with the CryptoKeyVersions.
77 Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''.
78 type: string
79 resourceID:
80 description: Immutable. Optional. The service-generated name of the
81 resource. Used for acquisition only. Leave unset to create a new
82 resource.
83 type: string
84 state:
85 description: 'The current state of the CryptoKeyVersion. Possible
86 values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED",
87 "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].'
88 type: string
89 required:
90 - cryptoKey
91 type: object
92 status:
93 properties:
94 algorithm:
95 description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion
96 supports.
97 type: string
98 attestation:
99 description: |-
100 Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.
101 Only provided for key versions with protectionLevel HSM.
102 items:
103 properties:
104 certChains:
105 description: The certificate chains needed to validate the attestation.
106 properties:
107 caviumCerts:
108 description: Cavium certificate chain corresponding to the
109 attestation.
110 type: string
111 googleCardCerts:
112 description: Google card certificate chain corresponding
113 to the attestation.
114 type: string
115 googlePartitionCerts:
116 description: Google partition certificate chain corresponding
117 to the attestation.
118 type: string
119 type: object
120 content:
121 description: The attestation data provided by the HSM when the
122 key operation was performed.
123 type: string
124 externalProtectionLevelOptions:
125 description: ExternalProtectionLevelOptions stores a group of
126 additional fields for configuring a CryptoKeyVersion that
127 are specific to the EXTERNAL protection level and EXTERNAL_VPC
128 protection levels.
129 properties:
130 ekmConnectionKeyPath:
131 description: The path to the external key material on the
132 EKM when using EkmConnection e.g., "v0/my/key". Set this
133 field instead of externalKeyUri when using an EkmConnection.
134 type: string
135 externalKeyUri:
136 description: The URI for an external resource that this
137 CryptoKeyVersion represents.
138 type: string
139 type: object
140 format:
141 description: The format of the attestation data.
142 type: string
143 type: object
144 type: array
145 conditions:
146 description: Conditions represent the latest available observation
147 of the resource's current state.
148 items:
149 properties:
150 lastTransitionTime:
151 description: Last time the condition transitioned from one status
152 to another.
153 type: string
154 message:
155 description: Human-readable message indicating details about
156 last transition.
157 type: string
158 reason:
159 description: Unique, one-word, CamelCase reason for the condition's
160 last transition.
161 type: string
162 status:
163 description: Status is the status of the condition. Can be True,
164 False, Unknown.
165 type: string
166 type:
167 description: Type is the type of the condition.
168 type: string
169 type: object
170 type: array
171 generateTime:
172 description: The time this CryptoKeyVersion key material was generated.
173 type: string
174 name:
175 description: The resource name for this CryptoKeyVersion.
176 type: string
177 observedGeneration:
178 description: ObservedGeneration is the generation of the resource
179 that was most recently observed by the Config Connector controller.
180 If this is equal to metadata.generation, then that means that the
181 current reported status reflects the most recent desired state of
182 the resource.
183 type: integer
184 protectionLevel:
185 description: The ProtectionLevel describing how crypto operations
186 are performed with this CryptoKeyVersion.
187 type: string
188 type: object
189 required:
190 - spec
191 type: object
192 served: true
193 storage: true
194 subresources:
195 status: {}
196status:
197 acceptedNames:
198 kind: ""
199 plural: ""
200 conditions: []
201 storedVersions: []
View as plain text