1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: apiextensions.k8s.io/v1
16kind: CustomResourceDefinition
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 creationTimestamp: null
21 labels:
22 cnrm.cloud.google.com/managed-by-kcc: "true"
23 cnrm.cloud.google.com/stability-level: alpha
24 cnrm.cloud.google.com/system: "true"
25 cnrm.cloud.google.com/tf2crd: "true"
26 name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com
27spec:
28 group: securitycenter.cnrm.cloud.google.com
29 names:
30 categories:
31 - gcp
32 kind: SecurityCenterNotificationConfig
33 plural: securitycenternotificationconfigs
34 shortNames:
35 - gcpsecuritycenternotificationconfig
36 - gcpsecuritycenternotificationconfigs
37 singular: securitycenternotificationconfig
38 scope: Namespaced
39 versions:
40 - additionalPrinterColumns:
41 - jsonPath: .metadata.creationTimestamp
42 name: Age
43 type: date
44 - description: When 'True', the most recent reconcile of the resource succeeded
45 jsonPath: .status.conditions[?(@.type=='Ready')].status
46 name: Ready
47 type: string
48 - description: The reason for the value in 'Ready'
49 jsonPath: .status.conditions[?(@.type=='Ready')].reason
50 name: Status
51 type: string
52 - description: The last transition time for the value in 'Status'
53 jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
54 name: Status Age
55 type: date
56 name: v1alpha1
57 schema:
58 openAPIV3Schema:
59 properties:
60 apiVersion:
61 description: 'apiVersion defines the versioned schema of this representation
62 of an object. Servers should convert recognized schemas to the latest
63 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
64 type: string
65 kind:
66 description: 'kind is a string value representing the REST resource this
67 object represents. Servers may infer this from the endpoint the client
68 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
69 type: string
70 metadata:
71 type: object
72 spec:
73 properties:
74 configId:
75 description: Immutable. This must be unique within the organization.
76 type: string
77 description:
78 description: The description of the notification config (max of 1024
79 characters).
80 type: string
81 organizationRef:
82 description: The organization that this resource belongs to.
83 oneOf:
84 - not:
85 required:
86 - external
87 required:
88 - name
89 - not:
90 anyOf:
91 - required:
92 - name
93 - required:
94 - namespace
95 required:
96 - external
97 properties:
98 external:
99 description: 'Allowed value: The `name` field of an `Organization`
100 resource.'
101 type: string
102 name:
103 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
104 type: string
105 namespace:
106 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
107 type: string
108 type: object
109 pubsubTopic:
110 description: |-
111 The Pub/Sub topic to send notifications to. Its format is
112 "projects/[project_id]/topics/[topic]".
113 type: string
114 resourceID:
115 description: Immutable. Optional. The service-generated name of the
116 resource. Used for acquisition only. Leave unset to create a new
117 resource.
118 type: string
119 streamingConfig:
120 description: The config for triggering streaming-based notifications.
121 properties:
122 filter:
123 description: |-
124 Expression that defines the filter to apply across create/update
125 events of assets or findings as specified by the event type. The
126 expression is a list of zero or more restrictions combined via
127 logical operators AND and OR. Parentheses are supported, and OR
128 has higher precedence than AND.
129
130 Restrictions have the form <field> <operator> <value> and may have
131 a - character in front of them to indicate negation. The fields
132 map to those defined in the corresponding resource.
133
134 The supported operators are:
135
136 * = for all value types.
137 * >, <, >=, <= for integer values.
138 * :, meaning substring matching, for strings.
139
140 The supported value types are:
141
142 * string literals in quotes.
143 * integer literals without quotes.
144 * boolean literals true and false without quotes.
145
146 See
147 [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)
148 for information on how to write a filter.
149 type: string
150 required:
151 - filter
152 type: object
153 required:
154 - configId
155 - organizationRef
156 - pubsubTopic
157 - streamingConfig
158 type: object
159 status:
160 properties:
161 conditions:
162 description: Conditions represent the latest available observation
163 of the resource's current state.
164 items:
165 properties:
166 lastTransitionTime:
167 description: Last time the condition transitioned from one status
168 to another.
169 type: string
170 message:
171 description: Human-readable message indicating details about
172 last transition.
173 type: string
174 reason:
175 description: Unique, one-word, CamelCase reason for the condition's
176 last transition.
177 type: string
178 status:
179 description: Status is the status of the condition. Can be True,
180 False, Unknown.
181 type: string
182 type:
183 description: Type is the type of the condition.
184 type: string
185 type: object
186 type: array
187 name:
188 description: |-
189 The resource name of this notification config, in the format
190 'organizations/{{organization}}/notificationConfigs/{{config_id}}'.
191 type: string
192 observedGeneration:
193 description: ObservedGeneration is the generation of the resource
194 that was most recently observed by the Config Connector controller.
195 If this is equal to metadata.generation, then that means that the
196 current reported status reflects the most recent desired state of
197 the resource.
198 type: integer
199 serviceAccount:
200 description: |-
201 The service account that needs "pubsub.topics.publish" permission to
202 publish to the Pub/Sub topic.
203 type: string
204 type: object
205 required:
206 - spec
207 type: object
208 served: true
209 storage: true
210 subresources:
211 status: {}
212status:
213 acceptedNames:
214 kind: ""
215 plural: ""
216 conditions: []
217 storedVersions: []
View as plain text