Documentation ¶
Overview ¶
Package common contains shared types that are used in multiple CRDs. +kubebuilder:object:generate=true
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSPrincipal ¶
type AWSPrincipal struct { // UserARN contains the ARN of an IAM user // +optional // +immutable UserARN *string `json:"iamUserArn,omitempty"` // UserARNRef contains the reference to an User // +optional UserARNRef *xpv1.Reference `json:"iamUserArnRef,omitempty"` // UserARNSelector queries for an User to retrieve its userName // +optional UserARNSelector *xpv1.Selector `json:"iamUserArnSelector,omitempty"` // AWSAccountID identifies an AWS account as the principal // +optional // +immutable AWSAccountID *string `json:"awsAccountId,omitempty"` // IAMRoleARN contains the ARN of an IAM role // +optional // +immutable IAMRoleARN *string `json:"iamRoleArn,omitempty"` // IAMRoleARNRef contains the reference to an IAMRole // +optional IAMRoleARNRef *xpv1.Reference `json:"iamRoleArnRef,omitempty"` // IAMRoleARNSelector queries for an IAM role to retrieve its userName // +optional IAMRoleARNSelector *xpv1.Selector `json:"iamRoleArnSelector,omitempty"` }
AWSPrincipal wraps the potential values a policy principal can take. Only one of the values should be set.
func (*AWSPrincipal) DeepCopy ¶
func (in *AWSPrincipal) DeepCopy() *AWSPrincipal
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPrincipal.
func (*AWSPrincipal) DeepCopyInto ¶
func (in *AWSPrincipal) DeepCopyInto(out *AWSPrincipal)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Condition ¶
type Condition struct { // OperatorKey matches the condition key and value in the policy against values in the request context OperatorKey string `json:"operatorKey"` // Conditions represents each of the key/value pairs for the operator key Conditions []ConditionPair `json:"conditions"` }
Condition represents a set of condition pairs for a resource policy
func (*Condition) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
func (*Condition) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConditionPair ¶
type ConditionPair struct { // ConditionKey is the key condition being applied to the parent condition ConditionKey string `json:"key"` // ConditionStringValue is the expected string value of the key from the parent condition // +optional ConditionStringValue *string `json:"stringValue,omitempty"` // ConditionDateValue is the expected string value of the key from the parent condition. The // date value must be in ISO 8601 format. The time is always midnight UTC. // +optional ConditionDateValue *metav1.Time `json:"dateValue,omitempty"` // ConditionNumericValue is the expected string value of the key from the parent condition // +optional ConditionNumericValue *int64 `json:"numericValue,omitempty"` // ConditionBooleanValue is the expected boolean value of the key from the parent condition // +optional ConditionBooleanValue *bool `json:"booleanValue,omitempty"` // ConditionListValue is the list value of the key from the parent condition // +optional ConditionListValue []string `json:"listValue,omitempty"` }
ConditionPair represents one condition inside of the set of conditions for a resource policy
func (*ConditionPair) DeepCopy ¶
func (in *ConditionPair) DeepCopy() *ConditionPair
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionPair.
func (*ConditionPair) DeepCopyInto ¶
func (in *ConditionPair) DeepCopyInto(out *ConditionPair)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourcePolicy ¶
type ResourcePolicy struct { // Version is the current IAM policy version // +kubebuilder:validation:Enum="2012-10-17";"2008-10-17" // +kubebuilder:default:="2012-10-17" Version string `json:"version"` // ID is the policy's optional identifier // +immutable // +optional ID *string `json:"id,omitempty"` // Statements is the list of statement this policy applies // either jsonStatements or statements must be specified in the policy // +optional Statements []ResourcePolicyStatement `json:"statements,omitempty"` }
ResourcePolicy represents an AWS resource policy manifest
func (*ResourcePolicy) DeepCopy ¶
func (in *ResourcePolicy) DeepCopy() *ResourcePolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicy.
func (*ResourcePolicy) DeepCopyInto ¶
func (in *ResourcePolicy) DeepCopyInto(out *ResourcePolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourcePolicyStatement ¶
type ResourcePolicyStatement struct { // Optional identifier for this statement, must be unique within the // policy if provided. // +optional SID *string `json:"sid,omitempty"` // The effect is required and specifies whether the statement results // in an allow or an explicit deny. Valid values for Effect are Allow and Deny. // +kubebuilder:validation:Enum=Allow;Deny Effect string `json:"effect"` // Used with the resource policy to specify the principal that is allowed // or denied access to a resource. // +optional Principal *ResourcePrincipal `json:"principal,omitempty"` // Used with the resource policy to specify the users which are not included // in this policy // +optional NotPrincipal *ResourcePrincipal `json:"notPrincipal,omitempty"` // Each element of the PolicyAction array describes the specific // action or actions that will be allowed or denied with this PolicyStatement. // +optional Action []string `json:"action,omitempty"` // Each element of the NotPolicyAction array will allow the property to match // all but the listed actions. // +optional NotAction []string `json:"notAction,omitempty"` // The paths on which this resource will apply // +optional Resource []string `json:"resource,omitempty"` // This will explicitly match all resource paths except the ones // specified in this array // +optional NotResource []string `json:"notResource,omitempty"` // Condition specifies where conditions for policy are in effect. // https://docs.aws.amazon.com/Amazonresource/latest/dev/amazon-resource-policy-keys.html // +optional Condition []Condition `json:"condition,omitempty"` }
ResourcePolicyStatement defines an individual statement within the ResourcePolicyBody
func (*ResourcePolicyStatement) DeepCopy ¶
func (in *ResourcePolicyStatement) DeepCopy() *ResourcePolicyStatement
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyStatement.
func (*ResourcePolicyStatement) DeepCopyInto ¶
func (in *ResourcePolicyStatement) DeepCopyInto(out *ResourcePolicyStatement)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourcePrincipal ¶
type ResourcePrincipal struct { // This flag indicates if the policy should be made available // to all anonymous users. // +optional AllowAnon bool `json:"allowAnon,omitempty"` // This list contains the all of the AWS IAM users which are affected // by the policy statement. // +optional AWSPrincipals []AWSPrincipal `json:"awsPrincipals,omitempty"` // This string contains the identifier for any federated web identity // provider. // +optional Federated *string `json:"federated,omitempty"` // Service define the services which can have access to this resource // +optional Service []string `json:"service,omitempty"` }
ResourcePrincipal defines the principal users affected by the ResourcePolicyStatement Please see the AWS resource docs for more information https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
func (*ResourcePrincipal) DeepCopy ¶
func (in *ResourcePrincipal) DeepCopy() *ResourcePrincipal
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePrincipal.
func (*ResourcePrincipal) DeepCopyInto ¶
func (in *ResourcePrincipal) DeepCopyInto(out *ResourcePrincipal)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.