v1alpha1

package
v0.22.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package v1alpha1 contains managed resources, such as ServiceAccount, for IAM services. +kubebuilder:object:generate=true +groupName=iam.gcp.crossplane.io +versionName=v1alpha1

Index

Constants

View Source
const (
	Group   = "iam.gcp.crossplane.io"
	Version = "v1alpha1"
)

Package type metadata.

View Source
const (
	// PolicyVersion Specifies the format of the policy.
	// Any operation that affects conditional role bindings must specify version 3.
	// Our CR supports conditional role bindings.
	// https://cloud.google.com/kms/docs/reference/rest/v1/Policy
	PolicyVersion = 3
)

Variables

View Source
var (
	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
)
View Source
var (
	ServiceAccountKind             = reflect.TypeOf(ServiceAccount{}).Name()
	ServiceAccountGroupKind        = schema.GroupKind{Group: Group, Kind: ServiceAccountKind}.String()
	ServiceAccountKindAPIVersion   = ServiceAccountKind + "." + SchemeGroupVersion.String()
	ServiceAccountGroupVersionKind = SchemeGroupVersion.WithKind(ServiceAccountKind)
)

ServiceAccount type metadata.

View Source
var (
	ServiceAccountKeyKind             = reflect.TypeOf(ServiceAccountKey{}).Name()
	ServiceAccountKeyGroupKind        = schema.GroupKind{Group: Group, Kind: ServiceAccountKeyKind}.String()
	ServiceAccountKeyKindAPIVersion   = ServiceAccountKeyKind + "." + SchemeGroupVersion.String()
	ServiceAccountKeyGroupVersionKind = SchemeGroupVersion.WithKind(ServiceAccountKeyKind)
)

ServiceAccountKey type metadata.

View Source
var (
	ServiceAccountPolicyKind             = reflect.TypeOf(ServiceAccountPolicy{}).Name()
	ServiceAccountPolicyGroupKind        = schema.GroupKind{Group: Group, Kind: ServiceAccountPolicyKind}.String()
	ServiceAccountPolicyKindAPIVersion   = ServiceAccountPolicyKind + "." + SchemeGroupVersion.String()
	ServiceAccountPolicyGroupVersionKind = SchemeGroupVersion.WithKind(ServiceAccountPolicyKind)
)

ServiceAccountPolicy type metadata.

Functions

func ServiceAccountMemberName

func ServiceAccountMemberName() reference.ExtractValueFn

ServiceAccountMemberName returns member name for a given ServiceAccount Object.

func ServiceAccountRRN

func ServiceAccountRRN() reference.ExtractValueFn

ServiceAccountRRN extracts the partially qualified URL of a Network.

Types

type AuditConfig

type AuditConfig struct {
	// AuditLogConfigs: The configuration for logging of each type of
	// permission.
	AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"`

	// Service: Specifies a service that will be enabled for audit
	// logging.
	// For example, `storage.googleapis.com`,
	// `cloudsql.googleapis.com`.
	// `allServices` is a special value that covers all services.
	Service string `json:"service,omitempty"`
}

AuditConfig Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs.

If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted.

Example Policy with multiple AuditConfigs:

{
  "audit_configs": [
    {
      "service": "allServices"
      "audit_log_configs": [
        {
          "log_type": "DATA_READ",
          "exempted_members": [
            "user:jose@example.com"
          ]
        },
        {
          "log_type": "DATA_WRITE",
        },
        {
          "log_type": "ADMIN_READ",
        }
      ]
    },
    {
      "service": "sampleservice.googleapis.com"
      "audit_log_configs": [
        {
          "log_type": "DATA_READ",
        },
        {
          "log_type": "DATA_WRITE",
          "exempted_members": [
            "user:aliya@example.com"
          ]
        }
      ]
    }
  ]
}

For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.

func (*AuditConfig) DeepCopy

func (in *AuditConfig) DeepCopy() *AuditConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditConfig.

func (*AuditConfig) DeepCopyInto

func (in *AuditConfig) DeepCopyInto(out *AuditConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuditLogConfig

type AuditLogConfig struct {
	// ExemptedMembers: Specifies the identities that do not cause logging
	// for this type of
	// permission.
	// Follows the same format of Binding.members.
	ExemptedMembers []string `json:"exemptedMembers,omitempty"`

	// LogType: The log type that this config enables.
	//
	// Possible values:
	//   "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this.
	//   "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy
	//   "DATA_WRITE" - Data writes. Example: CloudSQL Users create
	//   "DATA_READ" - Data reads. Example: CloudSQL Users list
	// +kubebuilder:validation:Enum=ADMIN_READ;DATA_WRITE;DATA_READ
	LogType string `json:"logType,omitempty"`
}

AuditLogConfig Provides the configuration for logging a type of permissions. Example:

{
  "audit_log_configs": [
    {
      "log_type": "DATA_READ",
      "exempted_members": [
        "user:jose@example.com"
      ]
    },
    {
      "log_type": "DATA_WRITE",
    }
  ]
}

This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (*AuditLogConfig) DeepCopy

func (in *AuditLogConfig) DeepCopy() *AuditLogConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditLogConfig.

func (*AuditLogConfig) DeepCopyInto

func (in *AuditLogConfig) DeepCopyInto(out *AuditLogConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Binding

type Binding struct {
	// Condition: The condition that is associated with this binding.
	// NOTE: An unsatisfied condition will not allow user access via
	// current
	// binding. Different bindings, including their conditions, are
	// examined
	// independently.
	Condition *Expr `json:"condition,omitempty"`

	// Members: Specifies the identities requesting access for a Cloud
	// Platform resource.
	// `members` can have the following values:
	//
	// * `allUsers`: A special identifier that represents anyone who is
	//    on the internet; with or without a Google account.
	//
	// * `allAuthenticatedUsers`: A special identifier that represents
	// anyone
	//    who is authenticated with a Google account or a service
	// account.
	//
	// * `user:{emailid}`: An email address that represents a specific
	// Google
	//    account. For example, `alice@example.com` .
	//
	//
	// * `serviceAccount:{emailid}`: An email address that represents a
	// service
	//    account. For example,
	// `my-other-app@appspot.gserviceaccount.com`.
	//
	// * `group:{emailid}`: An email address that represents a Google
	// group.
	//    For example, `admins@example.com`.
	//
	// * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
	// unique
	//    identifier) representing a user that has been recently deleted.
	// For
	//    example, `alice@example.com?uid=123456789012345678901`. If the
	// user is
	//    recovered, this value reverts to `user:{emailid}` and the
	// recovered user
	//    retains the role in the binding.
	//
	// * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address
	// (plus
	//    unique identifier) representing a service account that has been
	// recently
	//    deleted. For example,
	//
	// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
	//
	//    If the service account is undeleted, this value reverts to
	//    `serviceAccount:{emailid}` and the undeleted service account
	// retains the
	//    role in the binding.
	//
	// * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus
	// unique
	//    identifier) representing a Google group that has been recently
	//    deleted. For example,
	// `admins@example.com?uid=123456789012345678901`. If
	//    the group is recovered, this value reverts to `group:{emailid}`
	// and the
	//    recovered group retains the role in the binding.
	//
	//
	// * `domain:{domain}`: The G Suite domain (primary) that represents all
	// the
	//    users of that domain. For example, `google.com` or
	// `example.com`.
	//
	//
	Members []string `json:"members,omitempty"`

	// ServiceAccountMemberRefs are references to ServiceAccounts used to set
	// the Members.
	// +optional
	ServiceAccountMemberRefs []xpv1.Reference `json:"serviceAccountMemberRefs,omitempty"`

	// ServiceAccountMemberSelector selects references to ServiceAccounts used
	// to set the Members.
	// +optional
	ServiceAccountMemberSelector *xpv1.Selector `json:"serviceAccountMemberSelector,omitempty"`

	// Role: Role that is assigned to `members`.
	// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role string `json:"role"`
}

Binding Associates `members` with a `role`.

func (*Binding) DeepCopy

func (in *Binding) DeepCopy() *Binding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Binding.

func (*Binding) DeepCopyInto

func (in *Binding) DeepCopyInto(out *Binding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Expr

type Expr struct {
	// Description: Optional. Description of the expression. This is a
	// longer text which
	// describes the expression, e.g. when hovered over it in a UI.
	// +optional
	Description *string `json:"description,omitempty"`

	// Expression: Textual representation of an expression in Common
	// Expression Language
	// syntax.
	Expression string `json:"expression,omitempty"`

	// Location: Optional. String indicating the location of the expression
	// for error
	// reporting, e.g. a file name and a position in the file.
	// +optional
	Location *string `json:"location,omitempty"`

	// Title: Optional. Title for the expression, i.e. a short string
	// describing
	// its purpose. This can be used e.g. in UIs which allow to enter
	// the
	// expression.
	// +optional
	Title *string `json:"title,omitempty"`
}

Expr Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec.

Example (Comparison):

title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"

Example (Equality):

title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner ==

request.auth.claims.email"

Example (Logic):

title: "Public documents"
description: "Determine whether the document should be publicly

visible"

expression: "document.type != 'private' && document.type !=

'internal'"

Example (Data Manipulation):

title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' +

string(document.create_time)"

The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (*Expr) DeepCopy

func (in *Expr) DeepCopy() *Expr

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Expr.

func (*Expr) DeepCopyInto

func (in *Expr) DeepCopyInto(out *Expr)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Policy

type Policy struct {
	// AuditConfigs: Specifies cloud audit logging configuration for this
	// policy.
	AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"`

	// Bindings: Associates a list of `members` to a `role`. Optionally, may
	// specify a
	// `condition` that determines how and when the `bindings` are applied.
	// Each
	// of the `bindings` must contain at least one member.
	Bindings []*Binding `json:"bindings,omitempty"`
}

Policy is an Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role.

Optionally, a `binding` can specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both.

**JSON example:**

{
  "bindings": [
    {
      "role": "roles/resourcemanager.organizationAdmin",
      "members": [
        "user:mike@example.com",
        "group:admins@example.com",
        "domain:google.com",

"serviceAccount:my-project-id@appspot.gserviceaccount.com"

  ]
},
{
  "role": "roles/resourcemanager.organizationViewer",
  "members": ["user:eve@example.com"],
  "condition": {
    "title": "expirable access",
    "description": "Does not grant access after Sep 2020",
    "expression": "request.time <

timestamp('2020-10-01T00:00:00.000Z')",

      }
    }
  ],
  "etag": "BwWWja0YfJA=",
  "version": 3
}

**YAML example:**

bindings:
- members:
  - user:mike@example.com
  - group:admins@example.com
  - domain:google.com
  - serviceAccount:my-project-id@appspot.gserviceaccount.com
  role: roles/resourcemanager.organizationAdmin
- members:
  - user:eve@example.com
  role: roles/resourcemanager.organizationViewer
  condition:
    title: expirable access
    description: Does not grant access after Sep 2020
    expression: request.time <

timestamp('2020-10-01T00:00:00.000Z')

  • etag: BwWWja0YfJA=
  • version: 3

For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).

func (*Policy) DeepCopy

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccount

type ServiceAccount struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ServiceAccountSpec   `json:"spec"`
	Status ServiceAccountStatus `json:"status,omitempty"`
}

ServiceAccount is a managed resource that represents a Google IAM Service Account. +kubebuilder:subresource:status +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="DISPLAYNAME",type="string",JSONPath=".spec.forProvider.displayName" +kubebuilder:printcolumn:name="EMAIL",type="string",JSONPath=".status.atProvider.email" +kubebuilder:printcolumn:name="DISABLED",type="boolean",JSONPath=".status.atProvider.disabled" +kubebuilder:resource:scope=Cluster +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}

func (*ServiceAccount) DeepCopy

func (in *ServiceAccount) DeepCopy() *ServiceAccount

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccount.

func (*ServiceAccount) DeepCopyInto

func (in *ServiceAccount) DeepCopyInto(out *ServiceAccount)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccount) DeepCopyObject

func (in *ServiceAccount) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ServiceAccount) GetCondition

func (mg *ServiceAccount) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this ServiceAccount.

func (*ServiceAccount) GetDeletionPolicy

func (mg *ServiceAccount) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this ServiceAccount.

func (*ServiceAccount) GetProviderConfigReference

func (mg *ServiceAccount) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this ServiceAccount.

func (*ServiceAccount) GetProviderReference

func (mg *ServiceAccount) GetProviderReference() *xpv1.Reference

GetProviderReference of this ServiceAccount. Deprecated: Use GetProviderConfigReference.

func (*ServiceAccount) GetPublishConnectionDetailsTo

func (mg *ServiceAccount) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this ServiceAccount.

func (*ServiceAccount) GetWriteConnectionSecretToReference

func (mg *ServiceAccount) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this ServiceAccount.

func (*ServiceAccount) SetConditions

func (mg *ServiceAccount) SetConditions(c ...xpv1.Condition)

SetConditions of this ServiceAccount.

func (*ServiceAccount) SetDeletionPolicy

func (mg *ServiceAccount) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this ServiceAccount.

func (*ServiceAccount) SetProviderConfigReference

func (mg *ServiceAccount) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this ServiceAccount.

func (*ServiceAccount) SetProviderReference

func (mg *ServiceAccount) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this ServiceAccount. Deprecated: Use SetProviderConfigReference.

func (*ServiceAccount) SetPublishConnectionDetailsTo

func (mg *ServiceAccount) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this ServiceAccount.

func (*ServiceAccount) SetWriteConnectionSecretToReference

func (mg *ServiceAccount) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this ServiceAccount.

type ServiceAccountKey

type ServiceAccountKey struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ServiceAccountKeySpec   `json:"spec"`
	Status ServiceAccountKeyStatus `json:"status,omitempty"`
}

ServiceAccountKey is a managed resource that represents a Google IAM Service Account Key. +kubebuilder:subresource:status +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="KEY_ID",type="string",JSONPath=".status.atProvider.keyId" +kubebuilder:printcolumn:name="CREATED_AT",type="string",JSONPath=".status.atProvider.validAfterTime" +kubebuilder:printcolumn:name="EXPIRES_AT",type="boolean",JSONPath=".status.atProvider.validBeforeTime" +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}

func (*ServiceAccountKey) DeepCopy

func (in *ServiceAccountKey) DeepCopy() *ServiceAccountKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountKey.

func (*ServiceAccountKey) DeepCopyInto

func (in *ServiceAccountKey) DeepCopyInto(out *ServiceAccountKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccountKey) DeepCopyObject

func (in *ServiceAccountKey) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ServiceAccountKey) GetCondition

func (mg *ServiceAccountKey) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this ServiceAccountKey.

func (*ServiceAccountKey) GetDeletionPolicy

func (mg *ServiceAccountKey) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this ServiceAccountKey.

func (*ServiceAccountKey) GetProviderConfigReference

func (mg *ServiceAccountKey) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this ServiceAccountKey.

func (*ServiceAccountKey) GetProviderReference

func (mg *ServiceAccountKey) GetProviderReference() *xpv1.Reference

GetProviderReference of this ServiceAccountKey. Deprecated: Use GetProviderConfigReference.

func (*ServiceAccountKey) GetPublishConnectionDetailsTo

func (mg *ServiceAccountKey) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this ServiceAccountKey.

func (*ServiceAccountKey) GetWriteConnectionSecretToReference

func (mg *ServiceAccountKey) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this ServiceAccountKey.

func (*ServiceAccountKey) ResolveReferences

func (in *ServiceAccountKey) ResolveReferences(ctx context.Context, c client.Reader) error

ResolveReferences of this ServiceAccountKey

func (*ServiceAccountKey) SetConditions

func (mg *ServiceAccountKey) SetConditions(c ...xpv1.Condition)

SetConditions of this ServiceAccountKey.

func (*ServiceAccountKey) SetDeletionPolicy

func (mg *ServiceAccountKey) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this ServiceAccountKey.

func (*ServiceAccountKey) SetProviderConfigReference

func (mg *ServiceAccountKey) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this ServiceAccountKey.

func (*ServiceAccountKey) SetProviderReference

func (mg *ServiceAccountKey) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this ServiceAccountKey. Deprecated: Use SetProviderConfigReference.

func (*ServiceAccountKey) SetPublishConnectionDetailsTo

func (mg *ServiceAccountKey) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this ServiceAccountKey.

func (*ServiceAccountKey) SetWriteConnectionSecretToReference

func (mg *ServiceAccountKey) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this ServiceAccountKey.

type ServiceAccountKeyList

type ServiceAccountKeyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ServiceAccountKey `json:"items"`
}

ServiceAccountKeyList contains a list of ServiceAccountKey types

func (*ServiceAccountKeyList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountKeyList.

func (*ServiceAccountKeyList) DeepCopyInto

func (in *ServiceAccountKeyList) DeepCopyInto(out *ServiceAccountKeyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccountKeyList) DeepCopyObject

func (in *ServiceAccountKeyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ServiceAccountKeyList) GetItems

func (l *ServiceAccountKeyList) GetItems() []resource.Managed

GetItems of this ServiceAccountKeyList.

type ServiceAccountKeyObservation

type ServiceAccountKeyObservation struct {
	// Name is the resource name of the service account key in the following format:
	// projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{external-name}.
	// part of https://godoc.org/google.golang.org/genproto/googleapis/iam/admin/v1#ServiceAccountKey
	Name string `json:"name,omitempty"`

	// KeyID is the generated unique & stable key id for the service account key.
	KeyID string `json:"keyId,omitempty"`

	// PrivateKeyType is the output format for the generated private key. Only set in keys.create responses.
	// Determines the encoding for the private key stored in the "connection" secret.
	PrivateKeyType string `json:"privateKeyType,omitempty"`

	// KeyAlgorithm is the key algorithm & possibly key size used for public/private key pair generation.
	KeyAlgorithm string `json:"keyAlgorithm,omitempty"`

	// ValidAfterTime is the timestamp after which this key can be used in RFC3339 UTC "Zulu" format.
	ValidAfterTime string `json:"validAfterTime,omitempty"`

	// ValidBeforeTime is the timestamp before which this key can be used in RFC3339 UTC "Zulu" format.
	ValidBeforeTime string `json:"validBeforeTime,omitempty"`

	// KeyOrigin is the origin of the key.
	// Possible values:
	//   "ORIGIN_UNSPECIFIED" - Unspecified key origin.
	//   "USER_PROVIDED" - Key is provided by user.
	//   "GOOGLE_PROVIDED" - Key is provided by Google.
	KeyOrigin string `json:"keyOrigin,omitempty"`

	// KeyType is the type of the key.
	// Possible values:
	//   "KEY_TYPE_UNSPECIFIED" - Unspecified key type.
	//   "USER_MANAGED" - User-managed key (managed and rotated by the user).
	//   "SYSTEM_MANAGED" - System-managed key (managed and rotated by Google).
	KeyType string `json:"keyType,omitempty"`
}

ServiceAccountKeyObservation is used to show the observed state of the ServiceAccountKey resource on GCP. All fields in this structure should only be populated from GCP responses; any changes made to the k8s resource outside of the crossplane gcp controller will be ignored and overwritten.

func (*ServiceAccountKeyObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountKeyObservation.

func (*ServiceAccountKeyObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountKeyParameters

type ServiceAccountKeyParameters struct {
	// KeyAlgorithm is an optional user-specified string that specifies the type of key and algorithm
	// to use for the key. The default is currently a 2048-bit RSA key. However this may change in the future.
	// Possible values:
	//   "KEY_ALG_UNSPECIFIED" - Not specified.
	//   "KEY_ALG_RSA_1024" - 1024-bit RSA key
	//   "KEY_ALG_RSA_2048" - 2048-bit RSA key
	// +optional
	// +immutable
	KeyAlgorithm *string `json:"keyAlgorithm,omitempty"`

	// PrivateKeyType is an optional specification of the output format of the generated private key.
	// The default value is TYPE_GOOGLE_CREDENTIALS_FILE, which corresponds to the Google Credentials File Format.
	// Possible values:
	//   "TYPE_UNSPECIFIED" - Not specified. Equivalent to TYPE_GOOGLE_CREDENTIALS_FILE.
	//   "TYPE_PKCS12_FILE" - Private key stored in a RFC7292 PKCS #12 document. Password for the PKCS #12 document is "notasecret".
	//   "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format.
	// +optional
	// +immutable
	PrivateKeyType *string `json:"privateKeyType,omitempty"`

	// PublicKeyType is an optional specification of the output format for the associated public key.
	// The default value is TYPE_RAW_PUBLIC_KEY.
	// Possible values:
	//   "TYPE_NONE" - Not specified. Public key is not retrieved via Google Cloud API.
	//   "TYPE_X509_PEM_FILE" - X509 PEM format.
	//   "TYPE_RAW_PUBLIC_KEY" - Raw public key.
	// +optional
	// +kubebuilder:default=TYPE_RAW_PUBLIC_KEY
	PublicKeyType *string `json:"publicKeyType,omitempty"`

	// ServiceAccountRef is a reference to a ServiceAccount which this policy is associated with
	ServiceAccountReferer `json:",inline"`
}

ServiceAccountKeyParameters defines parameters for a desired IAM ServiceAccountKey https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys

func (*ServiceAccountKeyParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountKeyParameters.

func (*ServiceAccountKeyParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountKeySpec

type ServiceAccountKeySpec struct {
	xpv1.ResourceSpec `json:",inline"`
	ForProvider       ServiceAccountKeyParameters `json:"forProvider"`
}

ServiceAccountKeySpec defines the desired state of a ServiceAccountKey.

func (*ServiceAccountKeySpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountKeySpec.

func (*ServiceAccountKeySpec) DeepCopyInto

func (in *ServiceAccountKeySpec) DeepCopyInto(out *ServiceAccountKeySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountKeyStatus

type ServiceAccountKeyStatus struct {
	xpv1.ResourceStatus `json:",inline"`
	AtProvider          ServiceAccountKeyObservation `json:"atProvider,omitempty"`
}

ServiceAccountKeyStatus represents the observed state of a ServiceAccountKey.

func (*ServiceAccountKeyStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountKeyStatus.

func (*ServiceAccountKeyStatus) DeepCopyInto

func (in *ServiceAccountKeyStatus) DeepCopyInto(out *ServiceAccountKeyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountList

type ServiceAccountList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ServiceAccount `json:"items"`
}

ServiceAccountList contains a list of ServiceAccount types

func (*ServiceAccountList) DeepCopy

func (in *ServiceAccountList) DeepCopy() *ServiceAccountList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountList.

func (*ServiceAccountList) DeepCopyInto

func (in *ServiceAccountList) DeepCopyInto(out *ServiceAccountList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccountList) DeepCopyObject

func (in *ServiceAccountList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ServiceAccountList) GetItems

func (l *ServiceAccountList) GetItems() []resource.Managed

GetItems of this ServiceAccountList.

type ServiceAccountObservation

type ServiceAccountObservation struct {
	// Name is the "relative resource name" of the service account in the following format:
	// projects/{PROJECT_ID}/serviceAccounts/{external-name}.
	// part of https://godoc.org/google.golang.org/genproto/googleapis/iam/admin/v1#ServiceAccount
	// not to be confused with CreateServiceAccountRequest.Name aka ServiceAccountParameters.ProjectName
	Name string `json:"name,omitempty"`

	// ProjectID is the id of the project that owns the service account.
	ProjectID string `json:"projectId,omitempty"`

	// The unique and stable id of the service account.
	UniqueID string `json:"uniqueId,omitempty"`

	// Email is the the email address of the service account.
	// This matches the EMAIL field you would see using `gcloud iam service-accounts list`
	Email string `json:"email,omitempty"`

	// OAuth2ClientId is the value GCP will use in conjunction with the OAuth2
	// clientconfig API to make three legged OAuth2 (3LO) flows to access the
	// data of Google users.
	Oauth2ClientID string `json:"oauth2ClientId,omitempty"`

	// Disabled is a bool indicating if the service account is disabled.
	// The field is currently in alpha phase.
	Disabled bool `json:"disabled,omitempty"`
}

ServiceAccountObservation is used to show the observed state of the ServiceAccount resource on GCP. All fields in this structure should only be populated from GCP responses; any changes made to the k8s resource outside of the crossplane gcp controller will be ignored and overwritten.

func (*ServiceAccountObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountObservation.

func (*ServiceAccountObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountParameters

type ServiceAccountParameters struct {
	// DisplayName is an optional user-specified name for the service account.
	// Must be less than or equal to 100 characters.
	// +optional
	DisplayName *string `json:"displayName,omitempty"`

	// Description is an optional user-specified opaque description of the
	// service account. Must be less than or equal to 256 characters.
	// +optional
	Description *string `json:"description,omitempty"`
}

ServiceAccountParameters defines parameters for a desired IAM ServiceAccount https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts The name of the service account (ie the `accountId` parameter of the Create call) is determined by the value of the `crossplane.io/external-name` annotation. Unless overridden by the user, this annotation is automatically populated with the value of the `metadata.name` attribute.

func (*ServiceAccountParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountParameters.

func (*ServiceAccountParameters) DeepCopyInto

func (in *ServiceAccountParameters) DeepCopyInto(out *ServiceAccountParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountPolicy

type ServiceAccountPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ServiceAccountPolicySpec   `json:"spec"`
	Status ServiceAccountPolicyStatus `json:"status,omitempty"`
}

ServiceAccountPolicy is a managed resource that represents a Google IAM ServiceAccount. +kubebuilder:subresource:status +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:resource:scope=Cluster +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}

func (*ServiceAccountPolicy) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountPolicy.

func (*ServiceAccountPolicy) DeepCopyInto

func (in *ServiceAccountPolicy) DeepCopyInto(out *ServiceAccountPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccountPolicy) DeepCopyObject

func (in *ServiceAccountPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ServiceAccountPolicy) GetCondition

func (mg *ServiceAccountPolicy) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) GetDeletionPolicy

func (mg *ServiceAccountPolicy) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) GetProviderConfigReference

func (mg *ServiceAccountPolicy) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) GetProviderReference

func (mg *ServiceAccountPolicy) GetProviderReference() *xpv1.Reference

GetProviderReference of this ServiceAccountPolicy. Deprecated: Use GetProviderConfigReference.

func (*ServiceAccountPolicy) GetPublishConnectionDetailsTo

func (mg *ServiceAccountPolicy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) GetWriteConnectionSecretToReference

func (mg *ServiceAccountPolicy) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) ResolveReferences

func (in *ServiceAccountPolicy) ResolveReferences(ctx context.Context, c client.Reader) error

ResolveReferences of this ServiceAccountPolicy

func (*ServiceAccountPolicy) SetConditions

func (mg *ServiceAccountPolicy) SetConditions(c ...xpv1.Condition)

SetConditions of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) SetDeletionPolicy

func (mg *ServiceAccountPolicy) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) SetProviderConfigReference

func (mg *ServiceAccountPolicy) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) SetProviderReference

func (mg *ServiceAccountPolicy) SetProviderReference(r *xpv1.Reference)

SetProviderReference of this ServiceAccountPolicy. Deprecated: Use SetProviderConfigReference.

func (*ServiceAccountPolicy) SetPublishConnectionDetailsTo

func (mg *ServiceAccountPolicy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this ServiceAccountPolicy.

func (*ServiceAccountPolicy) SetWriteConnectionSecretToReference

func (mg *ServiceAccountPolicy) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this ServiceAccountPolicy.

type ServiceAccountPolicyList

type ServiceAccountPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ServiceAccountPolicy `json:"items"`
}

ServiceAccountPolicyList contains a list of ServiceAccountPolicy types

func (*ServiceAccountPolicyList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountPolicyList.

func (*ServiceAccountPolicyList) DeepCopyInto

func (in *ServiceAccountPolicyList) DeepCopyInto(out *ServiceAccountPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceAccountPolicyList) DeepCopyObject

func (in *ServiceAccountPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ServiceAccountPolicyList) GetItems

func (l *ServiceAccountPolicyList) GetItems() []resource.Managed

GetItems of this ServiceAccountPolicyList.

type ServiceAccountPolicyParameters

type ServiceAccountPolicyParameters struct {
	// ServiceAccountRef is a reference to a ServiceAccount which this policy is associated with
	ServiceAccountReferer `json:",inline"`

	// Policy: An Identity and Access Management (IAM) policy, which
	// specifies access controls for Google Cloud resources.
	Policy Policy `json:"policy"`
}

ServiceAccountPolicyParameters defines parameters for a desired IAM ServiceAccountPolicy

func (*ServiceAccountPolicyParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountPolicyParameters.

func (*ServiceAccountPolicyParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountPolicySpec

type ServiceAccountPolicySpec struct {
	xpv1.ResourceSpec `json:",inline"`
	ForProvider       ServiceAccountPolicyParameters `json:"forProvider"`
}

ServiceAccountPolicySpec defines the desired state of a ServiceAccountPolicy.

func (*ServiceAccountPolicySpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountPolicySpec.

func (*ServiceAccountPolicySpec) DeepCopyInto

func (in *ServiceAccountPolicySpec) DeepCopyInto(out *ServiceAccountPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountPolicyStatus

type ServiceAccountPolicyStatus struct {
	xpv1.ResourceStatus `json:",inline"`
}

ServiceAccountPolicyStatus represents the observed state of a ServiceAccountPolicy.

func (*ServiceAccountPolicyStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountPolicyStatus.

func (*ServiceAccountPolicyStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountReferer

type ServiceAccountReferer struct {
	// ServiceAccount: The RRN of the referred ServiceAccount
	// RRN is the relative resource name as defined by Google Cloud API design docs here:
	// https://cloud.google.com/apis/design/resource_names#relative_resource_name
	// An example value for the ServiceAccount field is as follows:
	// projects/<project-name>/serviceAccounts/perfect-test-sa@crossplane-playground.iam.gserviceaccount.com
	// +optional
	// +immutable
	ServiceAccount *string `json:"serviceAccount,omitempty"`

	// ServiceAccountRef references a ServiceAccount and retrieves its URI
	// +optional
	// +immutable
	ServiceAccountRef *xpv1.Reference `json:"serviceAccountRef,omitempty"`

	// ServiceAccountSelector selects a reference to a ServiceAccount
	// +optional
	ServiceAccountSelector *xpv1.Selector `json:"serviceAccountSelector,omitempty"`
}

ServiceAccountReferer defines a reference to a ServiceAccount either via its RRN, or via a v1alpha1.ServiceAccount object or via a selector. RRN is the relative resource name as defined by Google Cloud API design docs here: https://cloud.google.com/apis/design/resource_names#relative_resource_name An example value for the ServiceAccount field is as follows: projects/<project-name>>/serviceAccounts/perfect-test-sa@crossplane-playground.iam.gserviceaccount.com

func (*ServiceAccountReferer) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountReferer.

func (*ServiceAccountReferer) DeepCopyInto

func (in *ServiceAccountReferer) DeepCopyInto(out *ServiceAccountReferer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountSpec

type ServiceAccountSpec struct {
	xpv1.ResourceSpec `json:",inline"`
	ForProvider       ServiceAccountParameters `json:"forProvider"`
}

ServiceAccountSpec defines the desired state of a ServiceAccount.

func (*ServiceAccountSpec) DeepCopy

func (in *ServiceAccountSpec) DeepCopy() *ServiceAccountSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountSpec.

func (*ServiceAccountSpec) DeepCopyInto

func (in *ServiceAccountSpec) DeepCopyInto(out *ServiceAccountSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccountStatus

type ServiceAccountStatus struct {
	xpv1.ResourceStatus `json:",inline"`
	AtProvider          ServiceAccountObservation `json:"atProvider,omitempty"`
}

ServiceAccountStatus represents the observed state of a ServiceAccount.

func (*ServiceAccountStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountStatus.

func (*ServiceAccountStatus) DeepCopyInto

func (in *ServiceAccountStatus) DeepCopyInto(out *ServiceAccountStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL