# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: core.cnrm.cloud.google.com/v1alpha1
kind: ServiceMapping
metadata:
  name: accesscontextmanager.cnrm.cloud.google.com
  namespace: cnrm-system
spec:
  name: AccessContextManager
  version: v1beta1
  serviceHostName: accesscontextmanager.googleapis.com
  resources:
    - name: google_access_context_manager_access_level
      kind: AccessContextManagerAccessLevel
      autoGenerated: true
      idTemplate: "{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      metadataMapping:
        name: name
      resourceID:
        targetField: name
    - name: google_access_context_manager_access_level_condition
      kind: AccessContextManagerAccessLevelCondition
      autoGenerated: true
      idTemplate: "{{access_level}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      metadataMapping:
        name: access_level
      resourceID:
        targetField: access_level
      resourceReferences:
        - key: accessLevelRef
          tfField: access_level
          gvk:
            kind: AccessContextManagerAccessLevel
            version: v1beta1
            group: accesscontextmanager.cnrm.cloud.google.com
          targetField: name
          parent: true
    - name: google_access_context_manager_access_levels
      kind: AccessContextManagerAccessLevels
      autoGenerated: true
      idTemplate: "{{parent}}/accessLevels"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      metadataMapping:
        name: parent
      resourceID:
        targetField: parent
    - name: google_access_context_manager_access_policy
      kind: AccessContextManagerAccessPolicy
      autoGenerated: true
      iamConfig:
        policyName: google_access_context_manager_access_policy_iam_policy
        policyMemberName: google_access_context_manager_access_policy_iam_member
        referenceField:
          name: name
          type: id
        supportsConditions: false
      idTemplate: "{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      serverGeneratedIDField: name
      resourceID:
        targetField: name
        valueTemplate: "accessPolicies/{{value}}"
    - name: google_access_context_manager_authorized_orgs_desc
      kind: AccessContextManagerAuthorizedOrgsDesc
      autoGenerated: true
      idTemplate: "{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      metadataMapping:
        name: name
      resourceID:
        targetField: name
    - name: google_access_context_manager_gcp_user_access_binding
      kind: AccessContextManagerGCPUserAccessBinding
      autoGenerated: true
      idTemplate: "{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      serverGeneratedIDField: name
      resourceID:
        targetField: name
        valueTemplate: "organizations/{{organization_id}}/gcpUserAccessBindings/{{value}}"
      hierarchicalReferences:
        - type: organization
          key: organizationRef
      resourceReferences:
        - tfField: organization_id
          key: organizationRef
          description: |-
            The organization that this resource belongs to.
          gvk:
            kind: Organization
            version: v1beta1
            group: resourcemanager.cnrm.cloud.google.com
    - name: google_access_context_manager_service_perimeter
      kind: AccessContextManagerServicePerimeter
      autoGenerated: true
      idTemplate: "{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      metadataMapping:
        name: name
      resourceID:
        targetField: name
    - name: google_access_context_manager_service_perimeter_resource
      kind: AccessContextManagerServicePerimeterResource
      autoGenerated: true
      idTemplate: "{{perimeter_name}}/{{resource}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      resourceReferences:
        - key: perimeterNameRef
          tfField: perimeter_name
          gvk:
            kind: AccessContextManagerServicePerimeter
            version: v1beta1
            group: accesscontextmanager.cnrm.cloud.google.com
          valueTemplate: "{{parent}}/servicePerimeters/{{value}}"
          parent: true
    - name: google_access_context_manager_service_perimeters
      kind: AccessContextManagerServicePerimeters
      autoGenerated: true
      idTemplate: "{{parent}}/servicePerimeters"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      metadataMapping:
        name: parent
      resourceID:
        targetField: parent