1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: kmscryptokeys.kms.cnrm.cloud.google.com
27spec:
28 group: kms.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: KMSCryptoKey
33 plural: kmscryptokeys
34 shortNames:
35 - gcpkmscryptokey
36 - gcpkmscryptokeys
37 singular: kmscryptokey
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 destroyScheduledDuration:
75 description: |-
76 Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
77 If not specified at creation time, the default duration is 24 hours.
78 type: string
79 importOnly:
80 description: Immutable. Whether this key may contain imported versions
81 only.
82 type: boolean
83 keyRingRef:
84 description: The KMSKeyRing that this key belongs to.
85 oneOf:
86 - not:
87 required:
88 - external
89 required:
90 - name
91 - not:
92 anyOf:
93 - required:
94 - name
95 - required:
96 - namespace
97 required:
98 - external
99 properties:
100 external:
101 description: 'Allowed value: The `selfLink` field of a `KMSKeyRing`
102 resource.'
103 type: string
104 name:
105 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
106 type: string
107 namespace:
108 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
109 type: string
110 type: object
111 purpose:
112 description: |-
113 Immutable. The immutable purpose of this CryptoKey. See the
114 [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
115 for possible inputs.
116 Default value is "ENCRYPT_DECRYPT".
117 type: string
118 resourceID:
119 description: Immutable. Optional. The name of the resource. Used for
120 creation and acquisition. When unset, the value of `metadata.name`
121 is used as the default.
122 type: string
123 rotationPeriod:
124 description: |-
125 Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
126 The first rotation will take place after the specified period. The rotation period has
127 the format of a decimal number with up to 9 fractional digits, followed by the
128 letter 's' (seconds). It must be greater than a day (ie, 86400).
129 type: string
130 skipInitialVersionCreation:
131 description: |-
132 Immutable. If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
133 You must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
134 type: boolean
135 versionTemplate:
136 description: A template describing settings for new crypto key versions.
137 properties:
138 algorithm:
139 description: |-
140 The algorithm to use when creating a version based on this template.
141 See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
142 type: string
143 protectionLevel:
144 description: Immutable. The protection level to use when creating
145 a version based on this template. Possible values include "SOFTWARE",
146 "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
147 type: string
148 required:
149 - algorithm
150 type: object
151 required:
152 - keyRingRef
153 type: object
154 status:
155 properties:
156 conditions:
157 description: Conditions represent the latest available observation
158 of the resource's current state.
159 items:
160 properties:
161 lastTransitionTime:
162 description: Last time the condition transitioned from one status
163 to another.
164 type: string
165 message:
166 description: Human-readable message indicating details about
167 last transition.
168 type: string
169 reason:
170 description: Unique, one-word, CamelCase reason for the condition's
171 last transition.
172 type: string
173 status:
174 description: Status is the status of the condition. Can be True,
175 False, Unknown.
176 type: string
177 type:
178 description: Type is the type of the condition.
179 type: string
180 type: object
181 type: array
182 observedGeneration:
183 description: ObservedGeneration is the generation of the resource
184 that was most recently observed by the Config Connector controller.
185 If this is equal to metadata.generation, then that means that the
186 current reported status reflects the most recent desired state of
187 the resource.
188 type: integer
189 selfLink:
190 description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}.
191 type: string
192 type: object
193 required:
194 - spec
195 type: object
196 served: true
197 storage: true
198 subresources:
199 status: {}
200status:
201 acceptedNames:
202 kind: ""
203 plural: ""
204 conditions: []
205 storedVersions: []
View as plain text