1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: stable
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com
27spec:
28 group: secretmanager.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: SecretManagerSecret
33 plural: secretmanagersecrets
34 shortNames:
35 - gcpsecretmanagersecret
36 - gcpsecretmanagersecrets
37 singular: secretmanagersecret
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1beta1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 expireTime:
75 description: |-
76 Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
77 A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
78 type: string
79 replication:
80 description: |-
81 Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed
82 after the Secret has been created.
83 properties:
84 automatic:
85 description: Immutable. The Secret will automatically be replicated
86 without any restrictions.
87 type: boolean
88 userManaged:
89 description: Immutable. The Secret will automatically be replicated
90 without any restrictions.
91 properties:
92 replicas:
93 description: Immutable. The list of Replicas for this Secret.
94 Cannot be empty.
95 items:
96 properties:
97 customerManagedEncryption:
98 description: Immutable. Customer Managed Encryption
99 for the secret.
100 properties:
101 kmsKeyRef:
102 description: Customer Managed Encryption for the
103 secret.
104 oneOf:
105 - not:
106 required:
107 - external
108 required:
109 - name
110 - not:
111 anyOf:
112 - required:
113 - name
114 - required:
115 - namespace
116 required:
117 - external
118 properties:
119 external:
120 description: 'Allowed value: The `selfLink`
121 field of a `KMSCryptoKey` resource.'
122 type: string
123 name:
124 description: 'Name of the referent. More info:
125 https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
126 type: string
127 namespace:
128 description: 'Namespace of the referent. More
129 info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
130 type: string
131 type: object
132 required:
133 - kmsKeyRef
134 type: object
135 location:
136 description: 'Immutable. The canonical IDs of the location
137 to replicate data. For example: "us-east1".'
138 type: string
139 required:
140 - location
141 type: object
142 type: array
143 required:
144 - replicas
145 type: object
146 type: object
147 resourceID:
148 description: Immutable. Optional. The secretId of the resource. Used
149 for creation and acquisition. When unset, the value of `metadata.name`
150 is used as the default.
151 type: string
152 rotation:
153 description: The rotation time and period for a Secret. At 'next_rotation_time',
154 Secret Manager will send a Pub/Sub notification to the topics configured
155 on the Secret. 'topics' must be set to configure rotation.
156 properties:
157 nextRotationTime:
158 description: |-
159 Timestamp in UTC at which the Secret is scheduled to rotate.
160 A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
161 type: string
162 rotationPeriod:
163 description: |-
164 Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).
165 If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.
166 type: string
167 type: object
168 topics:
169 description: A list of up to 10 Pub/Sub topics to which messages are
170 published when control plane operations are called on the secret
171 or its versions.
172 items:
173 properties:
174 topicRef:
175 description: |-
176 A list of up to 10 Pub/Sub topics to which messages are
177 published when control plane operations are called on the secret
178 or its versions.
179 oneOf:
180 - not:
181 required:
182 - external
183 required:
184 - name
185 - not:
186 anyOf:
187 - required:
188 - name
189 - required:
190 - namespace
191 required:
192 - external
193 properties:
194 external:
195 description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`,
196 where {{value}} is the `name` field of a `PubSubTopic`
197 resource.'
198 type: string
199 name:
200 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
201 type: string
202 namespace:
203 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
204 type: string
205 type: object
206 required:
207 - topicRef
208 type: object
209 type: array
210 ttl:
211 description: |-
212 Immutable. The TTL for the Secret.
213 A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
214 type: string
215 required:
216 - replication
217 type: object
218 status:
219 properties:
220 conditions:
221 description: Conditions represent the latest available observation
222 of the resource's current state.
223 items:
224 properties:
225 lastTransitionTime:
226 description: Last time the condition transitioned from one status
227 to another.
228 type: string
229 message:
230 description: Human-readable message indicating details about
231 last transition.
232 type: string
233 reason:
234 description: Unique, one-word, CamelCase reason for the condition's
235 last transition.
236 type: string
237 status:
238 description: Status is the status of the condition. Can be True,
239 False, Unknown.
240 type: string
241 type:
242 description: Type is the type of the condition.
243 type: string
244 type: object
245 type: array
246 createTime:
247 description: The time at which the Secret was created.
248 type: string
249 name:
250 description: |-
251 The resource name of the Secret. Format:
252 'projects/{{project}}/secrets/{{secret_id}}'.
253 type: string
254 observedGeneration:
255 description: ObservedGeneration is the generation of the resource
256 that was most recently observed by the Config Connector controller.
257 If this is equal to metadata.generation, then that means that the
258 current reported status reflects the most recent desired state of
259 the resource.
260 type: integer
261 type: object
262 required:
263 - spec
264 type: object
265 served: true
266 storage: true
267 subresources:
268 status: {}
269status:
270 acceptedNames:
271 kind: ""
272 plural: ""
273 conditions: []
274 storedVersions: []
View as plain text