-
Notifications
You must be signed in to change notification settings - Fork 239
/
Copy pathiam_v1beta1_iampartialpolicy.yaml
223 lines (222 loc) · 9.13 KB
/
iam_v1beta1_iampartialpolicy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cnrm.cloud.google.com/version: 1.54.0
creationTimestamp: null
labels:
cnrm.cloud.google.com/managed-by-kcc: "true"
cnrm.cloud.google.com/system: "true"
name: iampartialpolicies.iam.cnrm.cloud.google.com
spec:
group: iam.cnrm.cloud.google.com
names:
categories:
- gcp
kind: IAMPartialPolicy
plural: iampartialpolicies
shortNames:
- gcpiampartialpolicy
- gcpiampartialpolicies
singular: iampartialpolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- description: When 'True' the most recent reconcile of the resource succeeded
jsonPath: .status.conditions[?(@.type=='Ready')].status
name: Ready
type: string
- description: The reason for the value in 'Ready'
jsonPath: .status.conditions[?(@.type=='Ready')].reason
name: Status
type: string
- jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
name: Status Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: IAMPartialPolicy is the Schema for the iampartialpolicy API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy
properties:
bindings:
description: Optional. The list of IAM bindings managed by Config Connector.
items:
description: Specifies the members to bind to an IAM role.
properties:
condition:
description: Optional. The condition under which the binding applies.
properties:
description:
type: string
expression:
type: string
title:
type: string
required:
- expression
- title
type: object
members:
description: Optional. The list of IAM users to be bound to the role.
items:
properties:
member:
description: The IAM identity to be bound to the role.
pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$
type: string
type: object
type: array
role:
description: Required. The role to bind the users to.
pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$
type: string
required:
- role
type: object
type: array
resourceRef:
description: Immutable. Required. The GCP resource to set the IAM policy on (e.g. organization, project...)
properties:
apiVersion:
type: string
external:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
required:
- kind
type: object
required:
- resourceRef
type: object
status:
description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy
properties:
allBindings:
description: AllBindings surfaces all IAM bindings for the referenced resource.
items:
description: Specifies the members to bind to an IAM role.
properties:
condition:
description: Optional. The condition under which the binding applies.
properties:
description:
type: string
expression:
type: string
title:
type: string
required:
- expression
- title
type: object
members:
description: Optional. The list of IAM users to be bound to the role.
items:
type: string
type: array
role:
description: Required. The role to bind the users to.
type: string
required:
- role
type: object
type: array
conditions:
description: Conditions represent the latest available observations of the IAM policy's current state.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
type: string
message:
description: Human-readable message indicating details about last transition.
type: string
reason:
description: Unique, one-word, CamelCase reason for the condition's last transition.
type: string
status:
description: Status is the status of the condition. Can be True, False, Unknown.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
lastAppliedBindings:
description: LastAppliedBindings is the list of IAM bindings that were most recently applied by Config Connector.
items:
description: Specifies the members to bind to an IAM role.
properties:
condition:
description: Optional. The condition under which the binding applies.
properties:
description:
type: string
expression:
type: string
title:
type: string
required:
- expression
- title
type: object
members:
description: Optional. The list of IAM users to be bound to the role.
items:
type: string
type: array
role:
description: Required. The role to bind the users to.
type: string
required:
- role
type: object
type: array
observedGeneration:
description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []