From 137f548beb766e517f722c1eb14254118ee8813f Mon Sep 17 00:00:00 2001 From: Eric Pang Date: Wed, 18 Dec 2024 20:57:06 +0000 Subject: [PATCH] Add example --- .../create.yaml | 26 ++++ .../dependencies.yaml | 136 ++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 pkg/test/resourcefixture/testdata/basic/securesourcemanager/securesourcemanagerinstance/securesourcemanagerinstanceprivate/create.yaml create mode 100644 pkg/test/resourcefixture/testdata/basic/securesourcemanager/securesourcemanagerinstance/securesourcemanagerinstanceprivate/dependencies.yaml diff --git a/pkg/test/resourcefixture/testdata/basic/securesourcemanager/securesourcemanagerinstance/securesourcemanagerinstanceprivate/create.yaml b/pkg/test/resourcefixture/testdata/basic/securesourcemanager/securesourcemanagerinstance/securesourcemanagerinstanceprivate/create.yaml new file mode 100644 index 0000000000..b4c0b6f913 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/securesourcemanager/securesourcemanagerinstance/securesourcemanagerinstanceprivate/create.yaml @@ -0,0 +1,26 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: securesourcemanager.cnrm.cloud.google.com/v1alpha1 +kind: SecureSourceManagerInstance +metadata: + name: ssminstance-${uniqueId} +spec: + location: us-central1 + projectRef: + external: ${projectId} + privateConfig: + isPrivate: true + caPoolRef: + name: privatecacapool-${uniqueId} \ No newline at end of file diff --git a/pkg/test/resourcefixture/testdata/basic/securesourcemanager/securesourcemanagerinstance/securesourcemanagerinstanceprivate/dependencies.yaml b/pkg/test/resourcefixture/testdata/basic/securesourcemanager/securesourcemanagerinstance/securesourcemanagerinstanceprivate/dependencies.yaml new file mode 100644 index 0000000000..a76d83de1f --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/securesourcemanager/securesourcemanagerinstance/securesourcemanagerinstanceprivate/dependencies.yaml @@ -0,0 +1,136 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: privateca.cnrm.cloud.google.com/v1beta1 +kind: PrivateCACAPool +metadata: + labels: + label-two: "value-two" + name: privatecacapool-${uniqueId} +spec: + projectRef: + external: projects/${projectId} + location: "us-central1" + tier: ENTERPRISE + issuancePolicy: + allowedKeyTypes: + - rsa: + minModulusSize: 64 + maxModulusSize: 128 + - ellipticCurve: + signatureAlgorithm: ECDSA_P384 + maximumLifetime: 43200s + allowedIssuanceModes: + allowCsrBasedIssuance: true + allowConfigBasedIssuance: false + baselineValues: + keyUsage: + baseKeyUsage: + digitalSignature: false + contentCommitment: false + keyEncipherment: false + dataEncipherment: false + keyAgreement: false + certSign: false + crlSign: false + encipherOnly: false + decipherOnly: false + extendedKeyUsage: + serverAuth: false + clientAuth: false + codeSigning: false + emailProtection: false + timeStamping: false + ocspSigning: false + unknownExtendedKeyUsages: + - objectIdPath: + - 1 + - 7 + caOptions: + isCa: false + maxIssuerPathLength: 7 + policyIds: + - objectIdPath: + - 1 + - 7 + aiaOcspServers: + - string + additionalExtensions: + - objectId: + objectIdPath: + - 1 + - 7 + critical: false + value: c3RyaW5nCg== + identityConstraints: + celExpression: + title: Sample expression + description: Always false + expression: 'false' + location: devops.ca_pool.json + allowSubjectPassthrough: false + allowSubjectAltNamesPassthrough: false + passthroughExtensions: + knownExtensions: + - BASE_KEY_USAGE + additionalExtensions: + - objectIdPath: + - 1 + - 7 +--- +apiVersion: privateca.cnrm.cloud.google.com/v1beta1 +kind: PrivateCACertificateAuthority +metadata: + labels: + label-two: "value-two" + name: privatecacertificateauthority-${uniqueId} +spec: + projectRef: + external: projects/${projectId} + location: "us-central1" + type: SELF_SIGNED + caPoolRef: + name: privatecacapool-${uniqueId} + lifetime: 86400s + config: + subjectConfig: + subject: + organization: Example + commonName: my-certificate-authority + subjectAltName: + dnsNames: + - example.com + x509Config: + caOptions: + isCa: true + keyUsage: + baseKeyUsage: + certSign: true + crlSign: true + extendedKeyUsage: + serverAuth: true + keySpec: + algorithm: RSA_PKCS1_4096_SHA256 +--- +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: iampolicymember-${uniqueId} +spec: + member: serviceAccount:service-${projectNumber}@gcp-sa-sourcemanager.iam.gserviceaccount.com + role: roles/privateca.certificateRequester + resourceRef: + apiVersion: privateca.cnrm.cloud.google.com/v1beta1 + kind: PrivateCACAPool + name: privatecacapool-${uniqueId} \ No newline at end of file