1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/dcl2crd: "true"
23 cnrm.cloud.google.com/managed-by-kcc: "true"
24 cnrm.cloud.google.com/stability-level: stable
25 cnrm.cloud.google.com/system: "true"
26 name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com
27spec:
28 group: networksecurity.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: NetworkSecurityAuthorizationPolicy
33 plural: networksecurityauthorizationpolicies
34 shortNames:
35 - gcpnetworksecurityauthorizationpolicy
36 - gcpnetworksecurityauthorizationpolicies
37 singular: networksecurityauthorizationpolicy
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 action:
75 description: 'Required. The action to take when a rule match is found.
76 Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED,
77 ALLOW, DENY'
78 type: string
79 description:
80 description: Optional. Free-text description of the resource.
81 type: string
82 location:
83 description: Immutable. The location for the resource
84 type: string
85 projectRef:
86 description: Immutable. The Project that this resource belongs to.
87 oneOf:
88 - not:
89 required:
90 - external
91 required:
92 - name
93 - not:
94 anyOf:
95 - required:
96 - name
97 - required:
98 - namespace
99 required:
100 - external
101 properties:
102 external:
103 description: |-
104 The project for the resource
105
106 Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).
107 type: string
108 name:
109 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
110 type: string
111 namespace:
112 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
113 type: string
114 type: object
115 resourceID:
116 description: Immutable. Optional. The name of the resource. Used for
117 creation and acquisition. When unset, the value of `metadata.name`
118 is used as the default.
119 type: string
120 rules:
121 description: Optional. List of rules to match. If not set, the action
122 specified in the ‘action’ field will be applied without any additional
123 rule checks.
124 items:
125 properties:
126 destinations:
127 description: Optional. List of attributes for the traffic destination.
128 If not set, the action specified in the ‘action’ field will
129 be applied without any rule checks for the destination.
130 items:
131 properties:
132 hosts:
133 description: Required. List of host names to match. Matched
134 against HOST header in http requests. Each host can
135 be an exact match, or a prefix match (example, “mydomain.*”)
136 or a suffix match (example, *.myorg.com”) or a presence(any)
137 match “*”.
138 items:
139 type: string
140 type: array
141 httpHeaderMatch:
142 description: Optional. Match against key:value pair in
143 http header. Provides a flexible match based on HTTP
144 headers, for potentially advanced use cases.
145 properties:
146 headerName:
147 description: Required. The name of the HTTP header
148 to match. For matching against the HTTP request's
149 authority, use a headerMatch with the header name
150 ":authority". For matching a request's method, use
151 the headerName ":method".
152 type: string
153 regexMatch:
154 description: 'Required. The value of the header must
155 match the regular expression specified in regexMatch.
156 For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript
157 For matching against a port specified in the HTTP
158 request, use a headerMatch with headerName set to
159 Host and a regular expression that satisfies the
160 RFC2616 Host header''s port specifier.'
161 type: string
162 required:
163 - headerName
164 - regexMatch
165 type: object
166 methods:
167 description: Optional. A list of HTTP methods to match.
168 Should not be set for gRPC services.
169 items:
170 type: string
171 type: array
172 ports:
173 description: Required. List of destination ports to match.
174 items:
175 format: int64
176 type: integer
177 type: array
178 required:
179 - hosts
180 - ports
181 type: object
182 type: array
183 sources:
184 description: Optional. List of attributes for the traffic source.
185 If not set, the action specified in the ‘action’ field will
186 be applied without any rule checks for the source.
187 items:
188 properties:
189 ipBlocks:
190 description: Optional. List of CIDR ranges to match based
191 on source IP address. Single IP (e.g., "1.2.3.4") and
192 CIDR (e.g., "1.2.3.0/24") are supported.
193 items:
194 type: string
195 type: array
196 principals:
197 description: Optional. List of peer identities to match
198 for authorization. Each peer can be an exact match,
199 or a prefix match (example, “namespace/*”) or a suffix
200 match (example, */service-account”) or a presence match
201 “*”.
202 items:
203 type: string
204 type: array
205 type: object
206 type: array
207 type: object
208 type: array
209 required:
210 - action
211 - location
212 - projectRef
213 type: object
214 status:
215 properties:
216 conditions:
217 description: Conditions represent the latest available observation
218 of the resource's current state.
219 items:
220 properties:
221 lastTransitionTime:
222 description: Last time the condition transitioned from one status
223 to another.
224 type: string
225 message:
226 description: Human-readable message indicating details about
227 last transition.
228 type: string
229 reason:
230 description: Unique, one-word, CamelCase reason for the condition's
231 last transition.
232 type: string
233 status:
234 description: Status is the status of the condition. Can be True,
235 False, Unknown.
236 type: string
237 type:
238 description: Type is the type of the condition.
239 type: string
240 type: object
241 type: array
242 createTime:
243 description: Output only. The timestamp when the resource was created.
244 format: date-time
245 type: string
246 observedGeneration:
247 description: ObservedGeneration is the generation of the resource
248 that was most recently observed by the Config Connector controller.
249 If this is equal to metadata.generation, then that means that the
250 current reported status reflects the most recent desired state of
251 the resource.
252 type: integer
253 updateTime:
254 description: Output only. The timestamp when the resource was updated.
255 format: date-time
256 type: string
257 type: object
258 required:
259 - spec
260 type: object
261 served: true
262 storage: true
263 subresources:
264 status: {}
265status:
266 acceptedNames:
267 kind: ""
268 plural: ""
269 conditions: []
270 storedVersions: []
View as plain text