Documentation
¶
Overview ¶
+kcc:proto=google.cloud.iap.v1
+kubebuilder:object:generate=true +groupName=iap.cnrm.cloud.google.com
Index ¶
- Variables
- func ValidateIAPSettingsID(id string) error
- type AccessDeniedPageSettings
- type AccessSettings
- type AllowedDomainsSettings
- type ApplicationSettings
- type AttributePropagationSettings
- type CorsSettings
- type CsmSettings
- type GcipSettings
- type IAPSettings
- type IAPSettingsIdentity
- type IAPSettingsList
- type IAPSettingsRef
- type IAPSettingsSpec
- type IAPSettingsStatus
- type OAuthSettings
- type ReauthSettings
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "iap.cnrm.cloud.google.com", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var IAPSettingsGVK = GroupVersion.WithKind("IAPSettings")
Functions ¶
func ValidateIAPSettingsID ¶
ValidateIAPSettingsID validates the IAPSettings resource ID.
Types ¶
type AccessDeniedPageSettings ¶
type AccessDeniedPageSettings struct {
// The URI to be redirected to when access is denied.
// +kcc:proto:field=google.cloud.iap.v1.AccessDeniedPageSettings.access_denied_page_uri
AccessDeniedPageURI *string `json:"accessDeniedPageURI,omitempty"`
// Whether to generate a troubleshooting URL on access denied events to this
// application.
// +kcc:proto:field=google.cloud.iap.v1.AccessDeniedPageSettings.generate_troubleshooting_uri
GenerateTroubleshootingURI *bool `json:"generateTroubleshootingURI,omitempty"`
// Whether to generate remediation token on access denied events to this
// application.
// +kcc:proto:field=google.cloud.iap.v1.AccessDeniedPageSettings.remediation_token_generation_enabled
RemediationTokenGenerationEnabled *bool `json:"remediationTokenGenerationEnabled,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.AccessDeniedPageSettings
func (*AccessDeniedPageSettings) DeepCopy ¶
func (in *AccessDeniedPageSettings) DeepCopy() *AccessDeniedPageSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessDeniedPageSettings.
func (*AccessDeniedPageSettings) DeepCopyInto ¶
func (in *AccessDeniedPageSettings) DeepCopyInto(out *AccessDeniedPageSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessSettings ¶
type AccessSettings struct {
// GCIP claims and endpoint configurations for 3p identity providers.
// +kcc:proto:field=google.cloud.iap.v1.AccessSettings.gcip_settings
GcipSettings *GcipSettings `json:"gcipSettings,omitempty"`
// Configuration to allow cross-origin requests via IAP.
// +kcc:proto:field=google.cloud.iap.v1.AccessSettings.cors_settings
CorsSettings *CorsSettings `json:"corsSettings,omitempty"`
// Settings to configure IAP's OAuth behavior.
// +kcc:proto:field=google.cloud.iap.v1.AccessSettings.oauth_settings
OauthSettings *OAuthSettings `json:"oauthSettings,omitempty"`
// Settings to configure reauthentication policies in IAP.
// +kcc:proto:field=google.cloud.iap.v1.AccessSettings.reauth_settings
ReauthSettings *ReauthSettings `json:"reauthSettings,omitempty"`
// Settings to configure and enable allowed domains.
// +kcc:proto:field=google.cloud.iap.v1.AccessSettings.allowed_domains_settings
AllowedDomainsSettings *AllowedDomainsSettings `json:"allowedDomainsSettings,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.AccessSettings
func (*AccessSettings) DeepCopy ¶
func (in *AccessSettings) DeepCopy() *AccessSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessSettings.
func (*AccessSettings) DeepCopyInto ¶
func (in *AccessSettings) DeepCopyInto(out *AccessSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AllowedDomainsSettings ¶
type AllowedDomainsSettings struct {
// Configuration for customers to opt in for the feature.
// +kcc:proto:field=google.cloud.iap.v1.AllowedDomainsSettings.enable
Enable *bool `json:"enable,omitempty"`
// List of trusted domains.
// +kcc:proto:field=google.cloud.iap.v1.AllowedDomainsSettings.domains
Domains []string `json:"domains,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.AllowedDomainsSettings
func (*AllowedDomainsSettings) DeepCopy ¶
func (in *AllowedDomainsSettings) DeepCopy() *AllowedDomainsSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowedDomainsSettings.
func (*AllowedDomainsSettings) DeepCopyInto ¶
func (in *AllowedDomainsSettings) DeepCopyInto(out *AllowedDomainsSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ApplicationSettings ¶
type ApplicationSettings struct {
// Settings to configure IAP's behavior for a service mesh.
// +kcc:proto:field=google.cloud.iap.v1.ApplicationSettings.csm_settings
CsmSettings *CsmSettings `json:"csmSettings,omitempty"`
// Customization for Access Denied page.
// +kcc:proto:field=google.cloud.iap.v1.ApplicationSettings.access_denied_page_settings
AccessDeniedPageSettings *AccessDeniedPageSettings `json:"accessDeniedPageSettings,omitempty"`
// The Domain value to set for cookies generated by IAP. This value is not
// validated by the API, but will be ignored at runtime if invalid.
// +kcc:proto:field=google.cloud.iap.v1.ApplicationSettings.cookie_domain
CookieDomain *string `json:"cookieDomain,omitempty"`
// Settings to configure attribute propagation.
// +kcc:proto:field=google.cloud.iap.v1.ApplicationSettings.attribute_propagation_settings
AttributePropagationSettings *AttributePropagationSettings `json:"attributePropagationSettings,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.ApplicationSettings
func (*ApplicationSettings) DeepCopy ¶
func (in *ApplicationSettings) DeepCopy() *ApplicationSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationSettings.
func (*ApplicationSettings) DeepCopyInto ¶
func (in *ApplicationSettings) DeepCopyInto(out *ApplicationSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttributePropagationSettings ¶
type AttributePropagationSettings struct {
// Raw string CEL expression. Must return a list of attributes. A maximum of
// 45 attributes can be selected. Expressions can select different attribute
// types from `attributes`: `attributes.saml_attributes`,
// `attributes.iap_attributes`. The following functions are supported:
//
// - filter `<list>.filter(<iter_var>, <predicate>)`: Returns a subset of
// `<list>` where `<predicate>` is true for every item.
//
// - in `<var> in <list>`: Returns true if `<list>` contains `<var>`.
//
// - selectByName `<list>.selectByName(<string>)`: Returns the attribute
// in
// `<list>` with the given `<string>` name, otherwise returns empty.
//
// - emitAs `<attribute>.emitAs(<string>)`: Sets the `<attribute>` name
// field to the given `<string>` for propagation in selected output
// credentials.
//
// - strict `<attribute>.strict()`: Ignores the `x-goog-iap-attr-` prefix
// for the provided `<attribute>` when propagating with the `HEADER` output
// credential, such as request headers.
//
// - append `<target_list>.append(<attribute>)` OR
// `<target_list>.append(<list>)`: Appends the provided `<attribute>` or
// `<list>` to the end of `<target_list>`.
//
// Example expression: `attributes.saml_attributes.filter(x, x.name in
// ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())`
// +kcc:proto:field=google.cloud.iap.v1.AttributePropagationSettings.expression
Expression *string `json:"expression,omitempty"`
// Which output credentials attributes selected by the CEL expression should
// be propagated in. All attributes will be fully duplicated in each selected
// output credential.
// +kcc:proto:field=google.cloud.iap.v1.AttributePropagationSettings.output_credentials
OutputCredentials []string `json:"outputCredentials,omitempty"`
// Whether the provided attribute propagation settings should be evaluated on
// user requests. If set to true, attributes returned from the expression will
// be propagated in the set output credentials.
// +kcc:proto:field=google.cloud.iap.v1.AttributePropagationSettings.enable
Enable *bool `json:"enable,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.AttributePropagationSettings
func (*AttributePropagationSettings) DeepCopy ¶
func (in *AttributePropagationSettings) DeepCopy() *AttributePropagationSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttributePropagationSettings.
func (*AttributePropagationSettings) DeepCopyInto ¶
func (in *AttributePropagationSettings) DeepCopyInto(out *AttributePropagationSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CorsSettings ¶
type CorsSettings struct {
// Configuration to allow HTTP OPTIONS calls to skip authorization. If
// undefined, IAP will not apply any special logic to OPTIONS requests.
// +kcc:proto:field=google.cloud.iap.v1.CorsSettings.allow_http_options
AllowHTTPOptions *bool `json:"allowHTTPOptions,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.CorsSettings
func (*CorsSettings) DeepCopy ¶
func (in *CorsSettings) DeepCopy() *CorsSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CorsSettings.
func (*CorsSettings) DeepCopyInto ¶
func (in *CorsSettings) DeepCopyInto(out *CorsSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CsmSettings ¶
type CsmSettings struct {
// Audience claim set in the generated RCToken. This value is not validated by
// IAP.
// +kcc:proto:field=google.cloud.iap.v1.CsmSettings.rctoken_aud
RctokenAud *string `json:"rctokenAud,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.CsmSettings
func (*CsmSettings) DeepCopy ¶
func (in *CsmSettings) DeepCopy() *CsmSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CsmSettings.
func (*CsmSettings) DeepCopyInto ¶
func (in *CsmSettings) DeepCopyInto(out *CsmSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GcipSettings ¶
type GcipSettings struct {
// GCIP tenant ids that are linked to the IAP resource.
// tenant_ids could be a string beginning with a number character to indicate
// authenticating with GCIP tenant flow, or in the format of _<ProjectNumber>
// to indicate authenticating with GCIP agent flow.
// If agent flow is used, tenant_ids should only contain one single element,
// while for tenant flow, tenant_ids can contain multiple elements.
// +kcc:proto:field=google.cloud.iap.v1.GcipSettings.tenant_ids
TenantIds []string `json:"tenantIds,omitempty"`
// Login page URI associated with the GCIP tenants.
// Typically, all resources within the same project share the same login page,
// though it could be overridden at the sub resource level.
// +kcc:proto:field=google.cloud.iap.v1.GcipSettings.login_page_uri
LoginPageURI *string `json:"loginPageURI,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.GcipSettings
func (*GcipSettings) DeepCopy ¶
func (in *GcipSettings) DeepCopy() *GcipSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GcipSettings.
func (*GcipSettings) DeepCopyInto ¶
func (in *GcipSettings) DeepCopyInto(out *GcipSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IAPSettings ¶
type IAPSettings struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// +required
Spec IAPSettingsSpec `json:"spec,omitempty"`
Status IAPSettingsStatus `json:"status,omitempty"`
}
IAPSettings is the Schema for the IAPSettings API +k8s:openapi-gen=true
func (*IAPSettings) DeepCopy ¶
func (in *IAPSettings) DeepCopy() *IAPSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IAPSettings.
func (*IAPSettings) DeepCopyInto ¶
func (in *IAPSettings) DeepCopyInto(out *IAPSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IAPSettings) DeepCopyObject ¶
func (in *IAPSettings) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IAPSettingsIdentity ¶
type IAPSettingsIdentity struct {
// contains filtered or unexported fields
}
IAPSettingsIdentity defines the resource reference to IAPSettings. The id could have the following format:
organizations/{organization_id}
folders/{folder_id}
projects/{projects_id}
projects/{projects_id}/iap_web
projects/{projects_id}/iap_web/compute
projects/{projects_id}/iap_web/compute-{region}
projects/{projects_id}/iap_web/compute/services/{service_id}
projects/{projects_id}/iap_web/compute-{region}/services/{service_id}
projects/{projects_id}/iap_web/appengine-{app_id}
projects/{projects_id}/iap_web/appengine-{app_id}/services/{service_id}
projects/{projects_id}/iap_web/appengine-{app_id}/services/{service_id}/versions/{version_id}
func NewIAPSettingsIdentity ¶
func NewIAPSettingsIdentity(ctx context.Context, reader client.Reader, obj *IAPSettings) (*IAPSettingsIdentity, error)
New builds a IAPSettingsIdentity from the Config Connector IAPSettings object.
func (*IAPSettingsIdentity) DeepCopy ¶
func (in *IAPSettingsIdentity) DeepCopy() *IAPSettingsIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IAPSettingsIdentity.
func (*IAPSettingsIdentity) DeepCopyInto ¶
func (in *IAPSettingsIdentity) DeepCopyInto(out *IAPSettingsIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IAPSettingsIdentity) ID ¶
func (i *IAPSettingsIdentity) ID() string
func (*IAPSettingsIdentity) String ¶
func (i *IAPSettingsIdentity) String() string
type IAPSettingsList ¶
type IAPSettingsList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []IAPSettings `json:"items"`
}
+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object IAPSettingsList contains a list of IAPSettings
func (*IAPSettingsList) DeepCopy ¶
func (in *IAPSettingsList) DeepCopy() *IAPSettingsList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IAPSettingsList.
func (*IAPSettingsList) DeepCopyInto ¶
func (in *IAPSettingsList) DeepCopyInto(out *IAPSettingsList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IAPSettingsList) DeepCopyObject ¶
func (in *IAPSettingsList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IAPSettingsRef ¶
type IAPSettingsRef struct {
// A reference to an externally managed IAPSettings resource.
External string `json:"external,omitempty"`
// The name of a IAPSettings resource.
Name string `json:"name,omitempty"`
// The namespace of a IAPSettings resource.
Namespace string `json:"namespace,omitempty"`
}
IAPSettingsRef defines the resource reference to IAPSettings, which "External" field holds the GCP identifier for the KRM object.
func (*IAPSettingsRef) DeepCopy ¶
func (in *IAPSettingsRef) DeepCopy() *IAPSettingsRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IAPSettingsRef.
func (*IAPSettingsRef) DeepCopyInto ¶
func (in *IAPSettingsRef) DeepCopyInto(out *IAPSettingsRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IAPSettingsRef) NormalizedExternal ¶
func (r *IAPSettingsRef) NormalizedExternal(ctx context.Context, reader client.Reader, otherNamespace string) (string, error)
NormalizedExternal provision the "External" value for other resource that depends on IAPSettings. If the "External" is given in the other resource's spec.IAPSettingsRef, the given value will be used. Otherwise, the "Name" and "Namespace" will be used to query the actual IAPSettings object from the cluster.
type IAPSettingsSpec ¶
type IAPSettingsSpec struct {
// The IAPSettings name.
ResourceID *string `json:"resourceID,omitempty"`
// Required. The resource name of the IAP protected resource.
// The name could have the following format:
// organizations/{organization_id}
// folders/{folder_id}
// projects/{projects_id}
// projects/{projects_id}/iap_web
// projects/{projects_id}/iap_web/compute
// projects/{projects_id}/iap_web/compute-{region}
// projects/{projects_id}/iap_web/compute/service/{service_id}
// projects/{projects_id}/iap_web/compute-{region}/service/{service_id}
// projects/{projects_id}/iap_web/appengine-{app_id}
// projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}
// projects/{projects_id}/iap_web/appengine-{app_id}/service/{service_id}/version/{version_id}
// +kcc:proto:field=google.cloud.iap.v1.IapSettings.name
// +required
Name *string `json:"name,omitempty"`
// Top level wrapper for all access related setting in IAP
// +kcc:proto:field=google.cloud.iap.v1.IapSettings.access_settings
AccessSettings *AccessSettings `json:"accessSettings,omitempty"`
// Top level wrapper for all application related settings in IAP
// +kcc:proto:field=google.cloud.iap.v1.IapSettings.application_settings
ApplicationSettings *ApplicationSettings `json:"applicationSettings,omitempty"`
}
IAPSettingsSpec defines the desired state of IAPSettings +kcc:proto=google.cloud.iap.v1.IapSettings
func (*IAPSettingsSpec) DeepCopy ¶
func (in *IAPSettingsSpec) DeepCopy() *IAPSettingsSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IAPSettingsSpec.
func (*IAPSettingsSpec) DeepCopyInto ¶
func (in *IAPSettingsSpec) DeepCopyInto(out *IAPSettingsSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IAPSettingsStatus ¶
type IAPSettingsStatus struct {
/* Conditions represent the latest available observations of the
object's current state. */
Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
// ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.
ObservedGeneration *int64 `json:"observedGeneration,omitempty"`
// A unique specifier for the IAPSettings resource in GCP.
ExternalRef *string `json:"externalRef,omitempty"`
}
IAPSettingsStatus defines the config connector machine state of IAPSettings
func (*IAPSettingsStatus) DeepCopy ¶
func (in *IAPSettingsStatus) DeepCopy() *IAPSettingsStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IAPSettingsStatus.
func (*IAPSettingsStatus) DeepCopyInto ¶
func (in *IAPSettingsStatus) DeepCopyInto(out *IAPSettingsStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OAuthSettings ¶
type OAuthSettings struct {
// Domain hint to send as hd=? parameter in OAuth request flow. Enables
// redirect to primary IDP by skipping Google's login screen.
// https://developers.google.com/identity/protocols/OpenIDConnect#hd-param
// Note: IAP does not verify that the id token's hd claim matches this value
// since access behavior is managed by IAM policies.
// +kcc:proto:field=google.cloud.iap.v1.OAuthSettings.login_hint
LoginHint *string `json:"loginHint,omitempty"`
// List of OAuth client IDs allowed to programmatically authenticate with IAP.
// +kcc:proto:field=google.cloud.iap.v1.OAuthSettings.programmatic_clients
ProgrammaticClients []string `json:"programmaticClients,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.OAuthSettings
func (*OAuthSettings) DeepCopy ¶
func (in *OAuthSettings) DeepCopy() *OAuthSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthSettings.
func (*OAuthSettings) DeepCopyInto ¶
func (in *OAuthSettings) DeepCopyInto(out *OAuthSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ReauthSettings ¶
type ReauthSettings struct {
// Reauth method requested.
// +kcc:proto:field=google.cloud.iap.v1.ReauthSettings.method
Method *string `json:"method,omitempty"`
// Reauth session lifetime, how long before a user has to reauthenticate
// again.
// +kcc:proto:field=google.cloud.iap.v1.ReauthSettings.max_age
MaxAge *string `json:"maxAge,omitempty"`
// How IAP determines the effective policy in cases of hierarchial policies.
// Policies are merged from higher in the hierarchy to lower in the hierarchy.
// +kcc:proto:field=google.cloud.iap.v1.ReauthSettings.policy_type
PolicyType *string `json:"policyType,omitempty"`
}
+kcc:proto=google.cloud.iap.v1.ReauthSettings
func (*ReauthSettings) DeepCopy ¶
func (in *ReauthSettings) DeepCopy() *ReauthSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReauthSettings.
func (*ReauthSettings) DeepCopyInto ¶
func (in *ReauthSettings) DeepCopyInto(out *ReauthSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files