1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: alpha
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com
27spec:
28 group: orgpolicy.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: OrgPolicyCustomConstraint
33 plural: orgpolicycustomconstraints
34 shortNames:
35 - gcporgpolicycustomconstraint
36 - gcporgpolicycustomconstraints
37 singular: orgpolicycustomconstraint
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1alpha1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 actionType:
75 description: 'The action to take if the condition is met. Possible
76 values: ["ALLOW", "DENY"].'
77 type: string
78 condition:
79 description: A CEL condition that refers to a supported service resource,
80 for example 'resource.management.autoUpgrade == false'. For details
81 about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).
82 type: string
83 description:
84 description: A human-friendly description of the constraint to display
85 as an error message when the policy is violated.
86 type: string
87 displayName:
88 description: A human-friendly name for the constraint.
89 type: string
90 methodTypes:
91 description: A list of RESTful methods for which to enforce the constraint.
92 Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services
93 support both methods. To see supported methods for each service,
94 find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).
95 items:
96 type: string
97 type: array
98 parent:
99 description: Immutable. The parent of the resource, an organization.
100 Format should be 'organizations/{organization_id}'.
101 type: string
102 resourceID:
103 description: Immutable. Optional. The name of the resource. Used for
104 creation and acquisition. When unset, the value of `metadata.name`
105 is used as the default.
106 type: string
107 resourceTypes:
108 description: Immutable. Immutable. The fully qualified name of the
109 Google Cloud REST resource containing the object and field you want
110 to restrict. For example, 'container.googleapis.com/NodePool'.
111 items:
112 type: string
113 type: array
114 required:
115 - actionType
116 - condition
117 - methodTypes
118 - parent
119 - resourceTypes
120 type: object
121 status:
122 properties:
123 conditions:
124 description: Conditions represent the latest available observation
125 of the resource's current state.
126 items:
127 properties:
128 lastTransitionTime:
129 description: Last time the condition transitioned from one status
130 to another.
131 type: string
132 message:
133 description: Human-readable message indicating details about
134 last transition.
135 type: string
136 reason:
137 description: Unique, one-word, CamelCase reason for the condition's
138 last transition.
139 type: string
140 status:
141 description: Status is the status of the condition. Can be True,
142 False, Unknown.
143 type: string
144 type:
145 description: Type is the type of the condition.
146 type: string
147 type: object
148 type: array
149 observedGeneration:
150 description: ObservedGeneration is the generation of the resource
151 that was most recently observed by the Config Connector controller.
152 If this is equal to metadata.generation, then that means that the
153 current reported status reflects the most recent desired state of
154 the resource.
155 type: integer
156 updateTime:
157 description: Output only. The timestamp representing when the constraint
158 was last updated.
159 type: string
160 type: object
161 required:
162 - spec
163 type: object
164 served: true
165 storage: true
166 subresources:
167 status: {}
168status:
169 acceptedNames:
170 kind: ""
171 plural: ""
172 conditions: []
173 storedVersions: []
View as plain text