1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com
27spec:
28 group: resourcemanager.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: ResourceManagerPolicy
33 plural: resourcemanagerpolicies
34 shortNames:
35 - gcpresourcemanagerpolicy
36 - gcpresourcemanagerpolicies
37 singular: resourcemanagerpolicy
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 booleanPolicy:
75 description: A boolean policy is a constraint that is either enforced
76 or not.
77 properties:
78 enforced:
79 description: If true, then the Policy is enforced. If false, then
80 any configuration is acceptable.
81 type: boolean
82 required:
83 - enforced
84 type: object
85 constraint:
86 description: Immutable. The name of the Constraint the Policy is configuring,
87 for example, serviceuser.services.
88 type: string
89 folderRef:
90 description: |-
91 The folder on which to configure the constraint. Only one of
92 projectRef, folderRef, or organizationRef may be specified.
93 oneOf:
94 - not:
95 required:
96 - external
97 required:
98 - name
99 - not:
100 anyOf:
101 - required:
102 - name
103 - required:
104 - namespace
105 required:
106 - external
107 properties:
108 external:
109 description: 'Allowed value: The `name` field of a `Folder` resource.'
110 type: string
111 name:
112 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
113 type: string
114 namespace:
115 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
116 type: string
117 type: object
118 listPolicy:
119 description: A policy that can define specific values that are allowed
120 or denied for the given constraint. It can also be used to allow
121 or deny all values. .
122 properties:
123 allow:
124 description: One or the other must be set.
125 properties:
126 all:
127 description: The policy allows or denies all values.
128 type: boolean
129 values:
130 description: The policy can define specific values that are
131 allowed or denied.
132 items:
133 type: string
134 type: array
135 type: object
136 deny:
137 description: One or the other must be set.
138 properties:
139 all:
140 description: The policy allows or denies all values.
141 type: boolean
142 values:
143 description: The policy can define specific values that are
144 allowed or denied.
145 items:
146 type: string
147 type: array
148 type: object
149 inheritFromParent:
150 description: If set to true, the values from the effective Policy
151 of the parent resource are inherited, meaning the values set
152 in this Policy are added to the values inherited up the hierarchy.
153 type: boolean
154 suggestedValue:
155 description: The Google Cloud Console will try to default to a
156 configuration that matches the value specified in this field.
157 type: string
158 type: object
159 organizationRef:
160 description: |-
161 The organization on which to configure the constraint. Only one of
162 projectRef, folderRef, or organizationRef may be specified.
163 oneOf:
164 - not:
165 required:
166 - external
167 required:
168 - name
169 - not:
170 anyOf:
171 - required:
172 - name
173 - required:
174 - namespace
175 required:
176 - external
177 properties:
178 external:
179 description: 'Allowed value: The `name` field of an `Organization`
180 resource.'
181 type: string
182 name:
183 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
184 type: string
185 namespace:
186 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
187 type: string
188 type: object
189 projectRef:
190 description: |-
191 The project on which to configure the constraint. Only one of
192 projectRef, folderRef, or organizationRef may be specified.
193 oneOf:
194 - not:
195 required:
196 - external
197 required:
198 - name
199 - not:
200 anyOf:
201 - required:
202 - name
203 - required:
204 - namespace
205 required:
206 - external
207 properties:
208 external:
209 description: 'Allowed value: The `name` field of a `Project` resource.'
210 type: string
211 name:
212 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
213 type: string
214 namespace:
215 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
216 type: string
217 type: object
218 restorePolicy:
219 description: A restore policy is a constraint to restore the default
220 policy.
221 properties:
222 default:
223 description: May only be set to true. If set, then the default
224 Policy is restored.
225 type: boolean
226 required:
227 - default
228 type: object
229 version:
230 description: Version of the Policy. Default version is 0.
231 type: integer
232 required:
233 - constraint
234 type: object
235 status:
236 properties:
237 conditions:
238 description: Conditions represent the latest available observation
239 of the resource's current state.
240 items:
241 properties:
242 lastTransitionTime:
243 description: Last time the condition transitioned from one status
244 to another.
245 type: string
246 message:
247 description: Human-readable message indicating details about
248 last transition.
249 type: string
250 reason:
251 description: Unique, one-word, CamelCase reason for the condition's
252 last transition.
253 type: string
254 status:
255 description: Status is the status of the condition. Can be True,
256 False, Unknown.
257 type: string
258 type:
259 description: Type is the type of the condition.
260 type: string
261 type: object
262 type: array
263 etag:
264 description: The etag of the organization policy. etag is used for
265 optimistic concurrency control as a way to help prevent simultaneous
266 updates of a policy from overwriting each other.
267 type: string
268 observedGeneration:
269 description: ObservedGeneration is the generation of the resource
270 that was most recently observed by the Config Connector controller.
271 If this is equal to metadata.generation, then that means that the
272 current reported status reflects the most recent desired state of
273 the resource.
274 type: integer
275 updateTime:
276 description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate
277 to nanoseconds, representing when the variable was last updated.
278 Example: "2016-10-09T12:33:37.578138407Z".'
279 type: string
280 type: object
281 required:
282 - spec
283 type: object
284 served: true
285 storage: true
286 subresources:
287 status: {}
288status:
289 acceptedNames:
290 kind: ""
291 plural: ""
292 conditions: []
293 storedVersions: []
View as plain text