Documentation ¶
Overview ¶
+kubebuilder:object:generate=true +groupName=binaryauthorization.gcp.upbound.io +versionName=v1beta1
Index ¶
- Constants
- Variables
- type AdmissionWhitelistPatternsInitParameters
- type AdmissionWhitelistPatternsObservation
- type AdmissionWhitelistPatternsParameters
- type AttestationAuthorityNoteInitParameters
- type AttestationAuthorityNoteObservation
- type AttestationAuthorityNoteParameters
- type Attestor
- func (in *Attestor) DeepCopy() *Attestor
- func (in *Attestor) DeepCopyInto(out *Attestor)
- func (in *Attestor) DeepCopyObject() runtime.Object
- func (mg *Attestor) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (tr *Attestor) GetConnectionDetailsMapping() map[string]string
- func (mg *Attestor) GetDeletionPolicy() xpv1.DeletionPolicy
- func (tr *Attestor) GetID() string
- func (tr *Attestor) GetInitParameters() (map[string]any, error)
- func (mg *Attestor) GetManagementPolicies() xpv1.ManagementPolicies
- func (tr *Attestor) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error)
- func (tr *Attestor) GetObservation() (map[string]any, error)
- func (tr *Attestor) GetParameters() (map[string]any, error)
- func (mg *Attestor) GetProviderConfigReference() *xpv1.Reference
- func (mg *Attestor) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
- func (mg *Attestor) GetTerraformResourceType() string
- func (tr *Attestor) GetTerraformSchemaVersion() int
- func (mg *Attestor) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (tr *Attestor) Hub()
- func (tr *Attestor) LateInitialize(attrs []byte) (bool, error)
- func (mg *Attestor) ResolveReferences(ctx context.Context, c client.Reader) error
- func (mg *Attestor) SetConditions(c ...xpv1.Condition)
- func (mg *Attestor) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *Attestor) SetManagementPolicies(r xpv1.ManagementPolicies)
- func (tr *Attestor) SetObservation(obs map[string]any) error
- func (tr *Attestor) SetParameters(params map[string]any) error
- func (mg *Attestor) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *Attestor) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
- func (mg *Attestor) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type AttestorInitParameters
- type AttestorList
- type AttestorObservation
- type AttestorParameters
- type AttestorSpec
- type AttestorStatus
- type ClusterAdmissionRulesInitParameters
- type ClusterAdmissionRulesObservation
- type ClusterAdmissionRulesParameters
- type DefaultAdmissionRuleInitParameters
- type DefaultAdmissionRuleObservation
- type DefaultAdmissionRuleParameters
- type PkixPublicKeyInitParameters
- type PkixPublicKeyObservation
- type PkixPublicKeyParameters
- type Policy
- func (in *Policy) DeepCopy() *Policy
- func (in *Policy) DeepCopyInto(out *Policy)
- func (in *Policy) DeepCopyObject() runtime.Object
- func (mg *Policy) GetCondition(ct xpv1.ConditionType) xpv1.Condition
- func (tr *Policy) GetConnectionDetailsMapping() map[string]string
- func (mg *Policy) GetDeletionPolicy() xpv1.DeletionPolicy
- func (tr *Policy) GetID() string
- func (tr *Policy) GetInitParameters() (map[string]any, error)
- func (mg *Policy) GetManagementPolicies() xpv1.ManagementPolicies
- func (tr *Policy) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error)
- func (tr *Policy) GetObservation() (map[string]any, error)
- func (tr *Policy) GetParameters() (map[string]any, error)
- func (mg *Policy) GetProviderConfigReference() *xpv1.Reference
- func (mg *Policy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
- func (mg *Policy) GetTerraformResourceType() string
- func (tr *Policy) GetTerraformSchemaVersion() int
- func (mg *Policy) GetWriteConnectionSecretToReference() *xpv1.SecretReference
- func (tr *Policy) Hub()
- func (tr *Policy) LateInitialize(attrs []byte) (bool, error)
- func (mg *Policy) SetConditions(c ...xpv1.Condition)
- func (mg *Policy) SetDeletionPolicy(r xpv1.DeletionPolicy)
- func (mg *Policy) SetManagementPolicies(r xpv1.ManagementPolicies)
- func (tr *Policy) SetObservation(obs map[string]any) error
- func (tr *Policy) SetParameters(params map[string]any) error
- func (mg *Policy) SetProviderConfigReference(r *xpv1.Reference)
- func (mg *Policy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
- func (mg *Policy) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
- type PolicyInitParameters
- type PolicyList
- type PolicyObservation
- type PolicyParameters
- type PolicySpec
- type PolicyStatus
- type PublicKeysInitParameters
- type PublicKeysObservation
- type PublicKeysParameters
Constants ¶
const ( CRDGroup = "binaryauthorization.gcp.upbound.io" CRDVersion = "v1beta1" )
Package type metadata.
Variables ¶
var ( Attestor_Kind = "Attestor" Attestor_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Attestor_Kind}.String() Attestor_KindAPIVersion = Attestor_Kind + "." + CRDGroupVersion.String() Attestor_GroupVersionKind = CRDGroupVersion.WithKind(Attestor_Kind) )
Repository type metadata.
var ( // CRDGroupVersion is the API Group Version used to register the objects CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var ( Policy_Kind = "Policy" Policy_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Policy_Kind}.String() Policy_KindAPIVersion = Policy_Kind + "." + CRDGroupVersion.String() Policy_GroupVersionKind = CRDGroupVersion.WithKind(Policy_Kind) )
Repository type metadata.
Functions ¶
This section is empty.
Types ¶
type AdmissionWhitelistPatternsInitParameters ¶ added in v0.35.0
type AdmissionWhitelistPatternsInitParameters struct { // An image name pattern to whitelist, in the form // registry/path/to/image. This supports a trailing * as a // wildcard, but this is allowed only in text after the registry/ // part. NamePattern *string `json:"namePattern,omitempty" tf:"name_pattern,omitempty"` }
func (*AdmissionWhitelistPatternsInitParameters) DeepCopy ¶ added in v0.35.0
func (in *AdmissionWhitelistPatternsInitParameters) DeepCopy() *AdmissionWhitelistPatternsInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionWhitelistPatternsInitParameters.
func (*AdmissionWhitelistPatternsInitParameters) DeepCopyInto ¶ added in v0.35.0
func (in *AdmissionWhitelistPatternsInitParameters) DeepCopyInto(out *AdmissionWhitelistPatternsInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AdmissionWhitelistPatternsObservation ¶
type AdmissionWhitelistPatternsObservation struct { // An image name pattern to whitelist, in the form // registry/path/to/image. This supports a trailing * as a // wildcard, but this is allowed only in text after the registry/ // part. NamePattern *string `json:"namePattern,omitempty" tf:"name_pattern,omitempty"` }
func (*AdmissionWhitelistPatternsObservation) DeepCopy ¶
func (in *AdmissionWhitelistPatternsObservation) DeepCopy() *AdmissionWhitelistPatternsObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionWhitelistPatternsObservation.
func (*AdmissionWhitelistPatternsObservation) DeepCopyInto ¶
func (in *AdmissionWhitelistPatternsObservation) DeepCopyInto(out *AdmissionWhitelistPatternsObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AdmissionWhitelistPatternsParameters ¶
type AdmissionWhitelistPatternsParameters struct { // An image name pattern to whitelist, in the form // registry/path/to/image. This supports a trailing * as a // wildcard, but this is allowed only in text after the registry/ // part. // +kubebuilder:validation:Optional NamePattern *string `json:"namePattern" tf:"name_pattern,omitempty"` }
func (*AdmissionWhitelistPatternsParameters) DeepCopy ¶
func (in *AdmissionWhitelistPatternsParameters) DeepCopy() *AdmissionWhitelistPatternsParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionWhitelistPatternsParameters.
func (*AdmissionWhitelistPatternsParameters) DeepCopyInto ¶
func (in *AdmissionWhitelistPatternsParameters) DeepCopyInto(out *AdmissionWhitelistPatternsParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestationAuthorityNoteInitParameters ¶ added in v0.35.0
type AttestationAuthorityNoteInitParameters struct { // The resource name of a ATTESTATION_AUTHORITY Note, created by the // user. If the Note is in a different project from the Attestor, it // should be specified in the format projects/*/notes/* (or the legacy // providers/*/notes/*). This field may not be updated. // An attestation by this attestor is stored as a Container Analysis // ATTESTATION_AUTHORITY Occurrence that names a container image // and that links to this Note. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/containeranalysis/v1beta1.Note NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"` // Reference to a Note in containeranalysis to populate noteReference. // +kubebuilder:validation:Optional NoteReferenceRef *v1.Reference `json:"noteReferenceRef,omitempty" tf:"-"` // Selector for a Note in containeranalysis to populate noteReference. // +kubebuilder:validation:Optional NoteReferenceSelector *v1.Selector `json:"noteReferenceSelector,omitempty" tf:"-"` // Public keys that verify attestations signed by this attestor. This // field may be updated. // If this field is non-empty, one of the specified public keys must // verify that an attestation was signed by this attestor for the // image specified in the admission request. // If this field is empty, this attestor always returns that no valid // attestations exist. // Structure is documented below. PublicKeys []PublicKeysInitParameters `json:"publicKeys,omitempty" tf:"public_keys,omitempty"` }
func (*AttestationAuthorityNoteInitParameters) DeepCopy ¶ added in v0.35.0
func (in *AttestationAuthorityNoteInitParameters) DeepCopy() *AttestationAuthorityNoteInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestationAuthorityNoteInitParameters.
func (*AttestationAuthorityNoteInitParameters) DeepCopyInto ¶ added in v0.35.0
func (in *AttestationAuthorityNoteInitParameters) DeepCopyInto(out *AttestationAuthorityNoteInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestationAuthorityNoteObservation ¶
type AttestationAuthorityNoteObservation struct { // (Output) // This field will contain the service account email address that // this Attestor will use as the principal when querying Container // Analysis. Attestor administrators must grant this service account // the IAM role needed to read attestations from the noteReference in // Container Analysis (containeranalysis.notes.occurrences.viewer). // This email address is fixed for the lifetime of the Attestor, but // callers should not make any other assumptions about the service // account email; future versions may use an email based on a // different naming pattern. DelegationServiceAccountEmail *string `json:"delegationServiceAccountEmail,omitempty" tf:"delegation_service_account_email,omitempty"` // The resource name of a ATTESTATION_AUTHORITY Note, created by the // user. If the Note is in a different project from the Attestor, it // should be specified in the format projects/*/notes/* (or the legacy // providers/*/notes/*). This field may not be updated. // An attestation by this attestor is stored as a Container Analysis // ATTESTATION_AUTHORITY Occurrence that names a container image // and that links to this Note. NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"` // Public keys that verify attestations signed by this attestor. This // field may be updated. // If this field is non-empty, one of the specified public keys must // verify that an attestation was signed by this attestor for the // image specified in the admission request. // If this field is empty, this attestor always returns that no valid // attestations exist. // Structure is documented below. PublicKeys []PublicKeysObservation `json:"publicKeys,omitempty" tf:"public_keys,omitempty"` }
func (*AttestationAuthorityNoteObservation) DeepCopy ¶
func (in *AttestationAuthorityNoteObservation) DeepCopy() *AttestationAuthorityNoteObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestationAuthorityNoteObservation.
func (*AttestationAuthorityNoteObservation) DeepCopyInto ¶
func (in *AttestationAuthorityNoteObservation) DeepCopyInto(out *AttestationAuthorityNoteObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestationAuthorityNoteParameters ¶
type AttestationAuthorityNoteParameters struct { // The resource name of a ATTESTATION_AUTHORITY Note, created by the // user. If the Note is in a different project from the Attestor, it // should be specified in the format projects/*/notes/* (or the legacy // providers/*/notes/*). This field may not be updated. // An attestation by this attestor is stored as a Container Analysis // ATTESTATION_AUTHORITY Occurrence that names a container image // and that links to this Note. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/containeranalysis/v1beta1.Note // +kubebuilder:validation:Optional NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"` // Reference to a Note in containeranalysis to populate noteReference. // +kubebuilder:validation:Optional NoteReferenceRef *v1.Reference `json:"noteReferenceRef,omitempty" tf:"-"` // Selector for a Note in containeranalysis to populate noteReference. // +kubebuilder:validation:Optional NoteReferenceSelector *v1.Selector `json:"noteReferenceSelector,omitempty" tf:"-"` // Public keys that verify attestations signed by this attestor. This // field may be updated. // If this field is non-empty, one of the specified public keys must // verify that an attestation was signed by this attestor for the // image specified in the admission request. // If this field is empty, this attestor always returns that no valid // attestations exist. // Structure is documented below. // +kubebuilder:validation:Optional PublicKeys []PublicKeysParameters `json:"publicKeys,omitempty" tf:"public_keys,omitempty"` }
func (*AttestationAuthorityNoteParameters) DeepCopy ¶
func (in *AttestationAuthorityNoteParameters) DeepCopy() *AttestationAuthorityNoteParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestationAuthorityNoteParameters.
func (*AttestationAuthorityNoteParameters) DeepCopyInto ¶
func (in *AttestationAuthorityNoteParameters) DeepCopyInto(out *AttestationAuthorityNoteParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Attestor ¶
type Attestor struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.attestationAuthorityNote) || (has(self.initProvider) && has(self.initProvider.attestationAuthorityNote))",message="spec.forProvider.attestationAuthorityNote is a required parameter" Spec AttestorSpec `json:"spec"` Status AttestorStatus `json:"status,omitempty"` }
Attestor is the Schema for the Attestors API. An attestor that attests to container image artifacts. +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}
func (*Attestor) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Attestor.
func (*Attestor) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Attestor) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Attestor) GetCondition ¶
func (mg *Attestor) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this Attestor.
func (*Attestor) GetConnectionDetailsMapping ¶
GetConnectionDetailsMapping for this Attestor
func (*Attestor) GetDeletionPolicy ¶
func (mg *Attestor) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this Attestor.
func (*Attestor) GetInitParameters ¶ added in v0.35.0
GetInitParameters of this Attestor
func (*Attestor) GetManagementPolicies ¶ added in v0.35.0
func (mg *Attestor) GetManagementPolicies() xpv1.ManagementPolicies
GetManagementPolicies of this Attestor.
func (*Attestor) GetMergedParameters ¶ added in v0.40.0
GetInitParameters of this Attestor
func (*Attestor) GetObservation ¶
GetObservation of this Attestor
func (*Attestor) GetParameters ¶
GetParameters of this Attestor
func (*Attestor) GetProviderConfigReference ¶
GetProviderConfigReference of this Attestor.
func (*Attestor) GetPublishConnectionDetailsTo ¶
func (mg *Attestor) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
GetPublishConnectionDetailsTo of this Attestor.
func (*Attestor) GetTerraformResourceType ¶
GetTerraformResourceType returns Terraform resource type for this Attestor
func (*Attestor) GetTerraformSchemaVersion ¶
GetTerraformSchemaVersion returns the associated Terraform schema version
func (*Attestor) GetWriteConnectionSecretToReference ¶
func (mg *Attestor) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this Attestor.
func (*Attestor) Hub ¶ added in v0.41.2
func (tr *Attestor) Hub()
Hub marks this type as a conversion hub.
func (*Attestor) LateInitialize ¶
LateInitialize this Attestor using its observed tfState. returns True if there are any spec changes for the resource.
func (*Attestor) ResolveReferences ¶
func (*Attestor) SetConditions ¶
SetConditions of this Attestor.
func (*Attestor) SetDeletionPolicy ¶
func (mg *Attestor) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this Attestor.
func (*Attestor) SetManagementPolicies ¶ added in v0.35.0
func (mg *Attestor) SetManagementPolicies(r xpv1.ManagementPolicies)
SetManagementPolicies of this Attestor.
func (*Attestor) SetObservation ¶
SetObservation for this Attestor
func (*Attestor) SetParameters ¶
SetParameters for this Attestor
func (*Attestor) SetProviderConfigReference ¶
SetProviderConfigReference of this Attestor.
func (*Attestor) SetPublishConnectionDetailsTo ¶
func (mg *Attestor) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
SetPublishConnectionDetailsTo of this Attestor.
func (*Attestor) SetWriteConnectionSecretToReference ¶
func (mg *Attestor) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this Attestor.
type AttestorInitParameters ¶ added in v0.35.0
type AttestorInitParameters struct { // A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. // Structure is documented below. AttestationAuthorityNote []AttestationAuthorityNoteInitParameters `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"` // A descriptive comment. This field may be updated. The field may be // displayed in chooser dialogs. Description *string `json:"description,omitempty" tf:"description,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` }
func (*AttestorInitParameters) DeepCopy ¶ added in v0.35.0
func (in *AttestorInitParameters) DeepCopy() *AttestorInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorInitParameters.
func (*AttestorInitParameters) DeepCopyInto ¶ added in v0.35.0
func (in *AttestorInitParameters) DeepCopyInto(out *AttestorInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestorList ¶
type AttestorList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Attestor `json:"items"` }
AttestorList contains a list of Attestors
func (*AttestorList) DeepCopy ¶
func (in *AttestorList) DeepCopy() *AttestorList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorList.
func (*AttestorList) DeepCopyInto ¶
func (in *AttestorList) DeepCopyInto(out *AttestorList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AttestorList) DeepCopyObject ¶
func (in *AttestorList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AttestorList) GetItems ¶
func (l *AttestorList) GetItems() []resource.Managed
GetItems of this AttestorList.
type AttestorObservation ¶
type AttestorObservation struct { // A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. // Structure is documented below. AttestationAuthorityNote []AttestationAuthorityNoteObservation `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"` // A descriptive comment. This field may be updated. The field may be // displayed in chooser dialogs. Description *string `json:"description,omitempty" tf:"description,omitempty"` // an identifier for the resource with format projects/{{project}}/attestors/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` }
func (*AttestorObservation) DeepCopy ¶
func (in *AttestorObservation) DeepCopy() *AttestorObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorObservation.
func (*AttestorObservation) DeepCopyInto ¶
func (in *AttestorObservation) DeepCopyInto(out *AttestorObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestorParameters ¶
type AttestorParameters struct { // A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. // Structure is documented below. // +kubebuilder:validation:Optional AttestationAuthorityNote []AttestationAuthorityNoteParameters `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"` // A descriptive comment. This field may be updated. The field may be // displayed in chooser dialogs. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` }
func (*AttestorParameters) DeepCopy ¶
func (in *AttestorParameters) DeepCopy() *AttestorParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorParameters.
func (*AttestorParameters) DeepCopyInto ¶
func (in *AttestorParameters) DeepCopyInto(out *AttestorParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestorSpec ¶
type AttestorSpec struct { v1.ResourceSpec `json:",inline"` ForProvider AttestorParameters `json:"forProvider"` // THIS IS A BETA FIELD. It will be honored // unless the Management Policies feature flag is disabled. // InitProvider holds the same fields as ForProvider, with the exception // of Identifier and other resource reference fields. The fields that are // in InitProvider are merged into ForProvider when the resource is created. // The same fields are also added to the terraform ignore_changes hook, to // avoid updating them after creation. This is useful for fields that are // required on creation, but we do not desire to update them after creation, // for example because of an external controller is managing them, like an // autoscaler. InitProvider AttestorInitParameters `json:"initProvider,omitempty"` }
AttestorSpec defines the desired state of Attestor
func (*AttestorSpec) DeepCopy ¶
func (in *AttestorSpec) DeepCopy() *AttestorSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorSpec.
func (*AttestorSpec) DeepCopyInto ¶
func (in *AttestorSpec) DeepCopyInto(out *AttestorSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestorStatus ¶
type AttestorStatus struct { v1.ResourceStatus `json:",inline"` AtProvider AttestorObservation `json:"atProvider,omitempty"` }
AttestorStatus defines the observed state of Attestor.
func (*AttestorStatus) DeepCopy ¶
func (in *AttestorStatus) DeepCopy() *AttestorStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorStatus.
func (*AttestorStatus) DeepCopyInto ¶
func (in *AttestorStatus) DeepCopyInto(out *AttestorStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterAdmissionRulesInitParameters ¶ added in v0.35.0
type ClusterAdmissionRulesInitParameters struct { // The identifier for this object. Format specified above. Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` // The action when a pod creation is denied by the admission rule. // Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY. EnforcementMode *string `json:"enforcementMode,omitempty" tf:"enforcement_mode,omitempty"` // How this admission rule will be evaluated. // Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY. EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` // The resource names of the attestors that must attest to a // container image. If the attestor is in a different project from the // policy, it should be specified in the format projects/*/attestors/*. // Each attestor must exist before a policy can reference it. To add an // attestor to a policy the principal issuing the policy change // request must be able to read the attestor resource. // Note: this field must be non-empty when the evaluation_mode field // specifies REQUIRE_ATTESTATION, otherwise it must be empty. // +listType=set RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"` }
func (*ClusterAdmissionRulesInitParameters) DeepCopy ¶ added in v0.35.0
func (in *ClusterAdmissionRulesInitParameters) DeepCopy() *ClusterAdmissionRulesInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionRulesInitParameters.
func (*ClusterAdmissionRulesInitParameters) DeepCopyInto ¶ added in v0.35.0
func (in *ClusterAdmissionRulesInitParameters) DeepCopyInto(out *ClusterAdmissionRulesInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterAdmissionRulesObservation ¶
type ClusterAdmissionRulesObservation struct { // The identifier for this object. Format specified above. Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"` // The action when a pod creation is denied by the admission rule. // Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY. EnforcementMode *string `json:"enforcementMode,omitempty" tf:"enforcement_mode,omitempty"` // How this admission rule will be evaluated. // Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY. EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` // The resource names of the attestors that must attest to a // container image. If the attestor is in a different project from the // policy, it should be specified in the format projects/*/attestors/*. // Each attestor must exist before a policy can reference it. To add an // attestor to a policy the principal issuing the policy change // request must be able to read the attestor resource. // Note: this field must be non-empty when the evaluation_mode field // specifies REQUIRE_ATTESTATION, otherwise it must be empty. // +listType=set RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"` }
func (*ClusterAdmissionRulesObservation) DeepCopy ¶
func (in *ClusterAdmissionRulesObservation) DeepCopy() *ClusterAdmissionRulesObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionRulesObservation.
func (*ClusterAdmissionRulesObservation) DeepCopyInto ¶
func (in *ClusterAdmissionRulesObservation) DeepCopyInto(out *ClusterAdmissionRulesObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterAdmissionRulesParameters ¶
type ClusterAdmissionRulesParameters struct { // The identifier for this object. Format specified above. // +kubebuilder:validation:Optional Cluster *string `json:"cluster" tf:"cluster,omitempty"` // The action when a pod creation is denied by the admission rule. // Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY. // +kubebuilder:validation:Optional EnforcementMode *string `json:"enforcementMode" tf:"enforcement_mode,omitempty"` // How this admission rule will be evaluated. // Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY. // +kubebuilder:validation:Optional EvaluationMode *string `json:"evaluationMode" tf:"evaluation_mode,omitempty"` // The resource names of the attestors that must attest to a // container image. If the attestor is in a different project from the // policy, it should be specified in the format projects/*/attestors/*. // Each attestor must exist before a policy can reference it. To add an // attestor to a policy the principal issuing the policy change // request must be able to read the attestor resource. // Note: this field must be non-empty when the evaluation_mode field // specifies REQUIRE_ATTESTATION, otherwise it must be empty. // +kubebuilder:validation:Optional // +listType=set RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"` }
func (*ClusterAdmissionRulesParameters) DeepCopy ¶
func (in *ClusterAdmissionRulesParameters) DeepCopy() *ClusterAdmissionRulesParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionRulesParameters.
func (*ClusterAdmissionRulesParameters) DeepCopyInto ¶
func (in *ClusterAdmissionRulesParameters) DeepCopyInto(out *ClusterAdmissionRulesParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DefaultAdmissionRuleInitParameters ¶ added in v0.35.0
type DefaultAdmissionRuleInitParameters struct { // The action when a pod creation is denied by the admission rule. // Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY. EnforcementMode *string `json:"enforcementMode,omitempty" tf:"enforcement_mode,omitempty"` // How this admission rule will be evaluated. // Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY. EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` // The resource names of the attestors that must attest to a // container image. If the attestor is in a different project from the // policy, it should be specified in the format projects/*/attestors/*. // Each attestor must exist before a policy can reference it. To add an // attestor to a policy the principal issuing the policy change // request must be able to read the attestor resource. // Note: this field must be non-empty when the evaluation_mode field // specifies REQUIRE_ATTESTATION, otherwise it must be empty. // +listType=set RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"` }
func (*DefaultAdmissionRuleInitParameters) DeepCopy ¶ added in v0.35.0
func (in *DefaultAdmissionRuleInitParameters) DeepCopy() *DefaultAdmissionRuleInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultAdmissionRuleInitParameters.
func (*DefaultAdmissionRuleInitParameters) DeepCopyInto ¶ added in v0.35.0
func (in *DefaultAdmissionRuleInitParameters) DeepCopyInto(out *DefaultAdmissionRuleInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DefaultAdmissionRuleObservation ¶
type DefaultAdmissionRuleObservation struct { // The action when a pod creation is denied by the admission rule. // Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY. EnforcementMode *string `json:"enforcementMode,omitempty" tf:"enforcement_mode,omitempty"` // How this admission rule will be evaluated. // Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY. EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"` // The resource names of the attestors that must attest to a // container image. If the attestor is in a different project from the // policy, it should be specified in the format projects/*/attestors/*. // Each attestor must exist before a policy can reference it. To add an // attestor to a policy the principal issuing the policy change // request must be able to read the attestor resource. // Note: this field must be non-empty when the evaluation_mode field // specifies REQUIRE_ATTESTATION, otherwise it must be empty. // +listType=set RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"` }
func (*DefaultAdmissionRuleObservation) DeepCopy ¶
func (in *DefaultAdmissionRuleObservation) DeepCopy() *DefaultAdmissionRuleObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultAdmissionRuleObservation.
func (*DefaultAdmissionRuleObservation) DeepCopyInto ¶
func (in *DefaultAdmissionRuleObservation) DeepCopyInto(out *DefaultAdmissionRuleObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DefaultAdmissionRuleParameters ¶
type DefaultAdmissionRuleParameters struct { // The action when a pod creation is denied by the admission rule. // Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY. // +kubebuilder:validation:Optional EnforcementMode *string `json:"enforcementMode" tf:"enforcement_mode,omitempty"` // How this admission rule will be evaluated. // Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY. // +kubebuilder:validation:Optional EvaluationMode *string `json:"evaluationMode" tf:"evaluation_mode,omitempty"` // The resource names of the attestors that must attest to a // container image. If the attestor is in a different project from the // policy, it should be specified in the format projects/*/attestors/*. // Each attestor must exist before a policy can reference it. To add an // attestor to a policy the principal issuing the policy change // request must be able to read the attestor resource. // Note: this field must be non-empty when the evaluation_mode field // specifies REQUIRE_ATTESTATION, otherwise it must be empty. // +kubebuilder:validation:Optional // +listType=set RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"` }
func (*DefaultAdmissionRuleParameters) DeepCopy ¶
func (in *DefaultAdmissionRuleParameters) DeepCopy() *DefaultAdmissionRuleParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultAdmissionRuleParameters.
func (*DefaultAdmissionRuleParameters) DeepCopyInto ¶
func (in *DefaultAdmissionRuleParameters) DeepCopyInto(out *DefaultAdmissionRuleParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PkixPublicKeyInitParameters ¶ added in v0.35.0
type PkixPublicKeyInitParameters struct { // A PEM-encoded public key, as described in // https://tools.ietf.org/html/rfc7468#section-13 PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"` // The signature algorithm used to verify a message against // a signature using this key. These signature algorithm must // match the structure and any object identifiers encoded in // publicKeyPem (i.e. this algorithm must match that of the // public key). SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"` }
func (*PkixPublicKeyInitParameters) DeepCopy ¶ added in v0.35.0
func (in *PkixPublicKeyInitParameters) DeepCopy() *PkixPublicKeyInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PkixPublicKeyInitParameters.
func (*PkixPublicKeyInitParameters) DeepCopyInto ¶ added in v0.35.0
func (in *PkixPublicKeyInitParameters) DeepCopyInto(out *PkixPublicKeyInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PkixPublicKeyObservation ¶
type PkixPublicKeyObservation struct { // A PEM-encoded public key, as described in // https://tools.ietf.org/html/rfc7468#section-13 PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"` // The signature algorithm used to verify a message against // a signature using this key. These signature algorithm must // match the structure and any object identifiers encoded in // publicKeyPem (i.e. this algorithm must match that of the // public key). SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"` }
func (*PkixPublicKeyObservation) DeepCopy ¶
func (in *PkixPublicKeyObservation) DeepCopy() *PkixPublicKeyObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PkixPublicKeyObservation.
func (*PkixPublicKeyObservation) DeepCopyInto ¶
func (in *PkixPublicKeyObservation) DeepCopyInto(out *PkixPublicKeyObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PkixPublicKeyParameters ¶
type PkixPublicKeyParameters struct { // A PEM-encoded public key, as described in // https://tools.ietf.org/html/rfc7468#section-13 // +kubebuilder:validation:Optional PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"` // The signature algorithm used to verify a message against // a signature using this key. These signature algorithm must // match the structure and any object identifiers encoded in // publicKeyPem (i.e. this algorithm must match that of the // public key). // +kubebuilder:validation:Optional SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"` }
func (*PkixPublicKeyParameters) DeepCopy ¶
func (in *PkixPublicKeyParameters) DeepCopy() *PkixPublicKeyParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PkixPublicKeyParameters.
func (*PkixPublicKeyParameters) DeepCopyInto ¶
func (in *PkixPublicKeyParameters) DeepCopyInto(out *PkixPublicKeyParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Policy ¶
type Policy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.defaultAdmissionRule) || (has(self.initProvider) && has(self.initProvider.defaultAdmissionRule))",message="spec.forProvider.defaultAdmissionRule is a required parameter" Spec PolicySpec `json:"spec"` Status PolicyStatus `json:"status,omitempty"` }
Policy is the Schema for the Policys API. A policy for container image binary authorization. +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}
func (*Policy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (*Policy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Policy) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Policy) GetCondition ¶
func (mg *Policy) GetCondition(ct xpv1.ConditionType) xpv1.Condition
GetCondition of this Policy.
func (*Policy) GetConnectionDetailsMapping ¶
GetConnectionDetailsMapping for this Policy
func (*Policy) GetDeletionPolicy ¶
func (mg *Policy) GetDeletionPolicy() xpv1.DeletionPolicy
GetDeletionPolicy of this Policy.
func (*Policy) GetInitParameters ¶ added in v0.35.0
GetInitParameters of this Policy
func (*Policy) GetManagementPolicies ¶ added in v0.35.0
func (mg *Policy) GetManagementPolicies() xpv1.ManagementPolicies
GetManagementPolicies of this Policy.
func (*Policy) GetMergedParameters ¶ added in v0.40.0
GetInitParameters of this Policy
func (*Policy) GetObservation ¶
GetObservation of this Policy
func (*Policy) GetParameters ¶
GetParameters of this Policy
func (*Policy) GetProviderConfigReference ¶
GetProviderConfigReference of this Policy.
func (*Policy) GetPublishConnectionDetailsTo ¶
func (mg *Policy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo
GetPublishConnectionDetailsTo of this Policy.
func (*Policy) GetTerraformResourceType ¶
GetTerraformResourceType returns Terraform resource type for this Policy
func (*Policy) GetTerraformSchemaVersion ¶
GetTerraformSchemaVersion returns the associated Terraform schema version
func (*Policy) GetWriteConnectionSecretToReference ¶
func (mg *Policy) GetWriteConnectionSecretToReference() *xpv1.SecretReference
GetWriteConnectionSecretToReference of this Policy.
func (*Policy) Hub ¶ added in v0.41.2
func (tr *Policy) Hub()
Hub marks this type as a conversion hub.
func (*Policy) LateInitialize ¶
LateInitialize this Policy using its observed tfState. returns True if there are any spec changes for the resource.
func (*Policy) SetConditions ¶
SetConditions of this Policy.
func (*Policy) SetDeletionPolicy ¶
func (mg *Policy) SetDeletionPolicy(r xpv1.DeletionPolicy)
SetDeletionPolicy of this Policy.
func (*Policy) SetManagementPolicies ¶ added in v0.35.0
func (mg *Policy) SetManagementPolicies(r xpv1.ManagementPolicies)
SetManagementPolicies of this Policy.
func (*Policy) SetObservation ¶
SetObservation for this Policy
func (*Policy) SetParameters ¶
SetParameters for this Policy
func (*Policy) SetProviderConfigReference ¶
SetProviderConfigReference of this Policy.
func (*Policy) SetPublishConnectionDetailsTo ¶
func (mg *Policy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)
SetPublishConnectionDetailsTo of this Policy.
func (*Policy) SetWriteConnectionSecretToReference ¶
func (mg *Policy) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)
SetWriteConnectionSecretToReference of this Policy.
type PolicyInitParameters ¶ added in v0.35.0
type PolicyInitParameters struct { // A whitelist of image patterns to exclude from admission rules. If an // image's name matches a whitelist pattern, the image's admission // requests will always be permitted regardless of your admission rules. // Structure is documented below. AdmissionWhitelistPatterns []AdmissionWhitelistPatternsInitParameters `json:"admissionWhitelistPatterns,omitempty" tf:"admission_whitelist_patterns,omitempty"` // Per-cluster admission rules. An admission rule specifies either that // all container images used in a pod creation request must be attested // to by one or more attestors, that all pod creations will be allowed, // or that all pod creations will be denied. There can be at most one // admission rule per cluster spec. ClusterAdmissionRules []ClusterAdmissionRulesInitParameters `json:"clusterAdmissionRules,omitempty" tf:"cluster_admission_rules,omitempty"` // Default admission rule for a cluster without a per-cluster admission // rule. // Structure is documented below. DefaultAdmissionRule []DefaultAdmissionRuleInitParameters `json:"defaultAdmissionRule,omitempty" tf:"default_admission_rule,omitempty"` // A descriptive comment. Description *string `json:"description,omitempty" tf:"description,omitempty"` // Controls the evaluation of a Google-maintained global admission policy // for common system-level images. Images not covered by the global // policy will be subject to the project admission policy. // Possible values are: ENABLE, DISABLE. GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty" tf:"global_policy_evaluation_mode,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` }
func (*PolicyInitParameters) DeepCopy ¶ added in v0.35.0
func (in *PolicyInitParameters) DeepCopy() *PolicyInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyInitParameters.
func (*PolicyInitParameters) DeepCopyInto ¶ added in v0.35.0
func (in *PolicyInitParameters) DeepCopyInto(out *PolicyInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyList ¶
type PolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Policy `json:"items"` }
PolicyList contains a list of Policys
func (*PolicyList) DeepCopy ¶
func (in *PolicyList) DeepCopy() *PolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.
func (*PolicyList) DeepCopyInto ¶
func (in *PolicyList) DeepCopyInto(out *PolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PolicyList) DeepCopyObject ¶
func (in *PolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PolicyList) GetItems ¶
func (l *PolicyList) GetItems() []resource.Managed
GetItems of this PolicyList.
type PolicyObservation ¶
type PolicyObservation struct { // A whitelist of image patterns to exclude from admission rules. If an // image's name matches a whitelist pattern, the image's admission // requests will always be permitted regardless of your admission rules. // Structure is documented below. AdmissionWhitelistPatterns []AdmissionWhitelistPatternsObservation `json:"admissionWhitelistPatterns,omitempty" tf:"admission_whitelist_patterns,omitempty"` // Per-cluster admission rules. An admission rule specifies either that // all container images used in a pod creation request must be attested // to by one or more attestors, that all pod creations will be allowed, // or that all pod creations will be denied. There can be at most one // admission rule per cluster spec. ClusterAdmissionRules []ClusterAdmissionRulesObservation `json:"clusterAdmissionRules,omitempty" tf:"cluster_admission_rules,omitempty"` // Default admission rule for a cluster without a per-cluster admission // rule. // Structure is documented below. DefaultAdmissionRule []DefaultAdmissionRuleObservation `json:"defaultAdmissionRule,omitempty" tf:"default_admission_rule,omitempty"` // A descriptive comment. Description *string `json:"description,omitempty" tf:"description,omitempty"` // Controls the evaluation of a Google-maintained global admission policy // for common system-level images. Images not covered by the global // policy will be subject to the project admission policy. // Possible values are: ENABLE, DISABLE. GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty" tf:"global_policy_evaluation_mode,omitempty"` // an identifier for the resource with format projects/{{project}} ID *string `json:"id,omitempty" tf:"id,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` }
func (*PolicyObservation) DeepCopy ¶
func (in *PolicyObservation) DeepCopy() *PolicyObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyObservation.
func (*PolicyObservation) DeepCopyInto ¶
func (in *PolicyObservation) DeepCopyInto(out *PolicyObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyParameters ¶
type PolicyParameters struct { // A whitelist of image patterns to exclude from admission rules. If an // image's name matches a whitelist pattern, the image's admission // requests will always be permitted regardless of your admission rules. // Structure is documented below. // +kubebuilder:validation:Optional AdmissionWhitelistPatterns []AdmissionWhitelistPatternsParameters `json:"admissionWhitelistPatterns,omitempty" tf:"admission_whitelist_patterns,omitempty"` // Per-cluster admission rules. An admission rule specifies either that // all container images used in a pod creation request must be attested // to by one or more attestors, that all pod creations will be allowed, // or that all pod creations will be denied. There can be at most one // admission rule per cluster spec. // +kubebuilder:validation:Optional ClusterAdmissionRules []ClusterAdmissionRulesParameters `json:"clusterAdmissionRules,omitempty" tf:"cluster_admission_rules,omitempty"` // Default admission rule for a cluster without a per-cluster admission // rule. // Structure is documented below. // +kubebuilder:validation:Optional DefaultAdmissionRule []DefaultAdmissionRuleParameters `json:"defaultAdmissionRule,omitempty" tf:"default_admission_rule,omitempty"` // A descriptive comment. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` // Controls the evaluation of a Google-maintained global admission policy // for common system-level images. Images not covered by the global // policy will be subject to the project admission policy. // Possible values are: ENABLE, DISABLE. // +kubebuilder:validation:Optional GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty" tf:"global_policy_evaluation_mode,omitempty"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` }
func (*PolicyParameters) DeepCopy ¶
func (in *PolicyParameters) DeepCopy() *PolicyParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyParameters.
func (*PolicyParameters) DeepCopyInto ¶
func (in *PolicyParameters) DeepCopyInto(out *PolicyParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicySpec ¶
type PolicySpec struct { v1.ResourceSpec `json:",inline"` ForProvider PolicyParameters `json:"forProvider"` // THIS IS A BETA FIELD. It will be honored // unless the Management Policies feature flag is disabled. // InitProvider holds the same fields as ForProvider, with the exception // of Identifier and other resource reference fields. The fields that are // in InitProvider are merged into ForProvider when the resource is created. // The same fields are also added to the terraform ignore_changes hook, to // avoid updating them after creation. This is useful for fields that are // required on creation, but we do not desire to update them after creation, // for example because of an external controller is managing them, like an // autoscaler. InitProvider PolicyInitParameters `json:"initProvider,omitempty"` }
PolicySpec defines the desired state of Policy
func (*PolicySpec) DeepCopy ¶
func (in *PolicySpec) DeepCopy() *PolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.
func (*PolicySpec) DeepCopyInto ¶
func (in *PolicySpec) DeepCopyInto(out *PolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyStatus ¶
type PolicyStatus struct { v1.ResourceStatus `json:",inline"` AtProvider PolicyObservation `json:"atProvider,omitempty"` }
PolicyStatus defines the observed state of Policy.
func (*PolicyStatus) DeepCopy ¶
func (in *PolicyStatus) DeepCopy() *PolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.
func (*PolicyStatus) DeepCopyInto ¶
func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PublicKeysInitParameters ¶ added in v0.35.0
type PublicKeysInitParameters struct { // ASCII-armored representation of a PGP public key, as the // entire output by the command // gpg --export --armor foo@example.com (either LF or CRLF // line endings). When using this field, id should be left // blank. The BinAuthz API handlers will calculate the ID // and fill it in automatically. BinAuthz computes this ID // as the OpenPGP RFC4880 V4 fingerprint, represented as // upper-case hex. If id is provided by the caller, it will // be overwritten by the API-calculated ID. ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"` // A descriptive comment. This field may be updated. Comment *string `json:"comment,omitempty" tf:"comment,omitempty"` // The ID of this public key. Signatures verified by BinAuthz // must include the ID of the public key that can be used to // verify them, and that ID must match the contents of this // field exactly. Additional restrictions on this field can // be imposed based on which public key type is encapsulated. // See the documentation on publicKey cases below for details. ID *string `json:"id,omitempty" tf:"id,omitempty"` // A raw PKIX SubjectPublicKeyInfo format public key. // NOTE: id may be explicitly provided by the caller when using this // type of public key, but it MUST be a valid RFC3986 URI. If id is left // blank, a default one will be computed based on the digest of the DER // encoding of the public key. // Structure is documented below. PkixPublicKey []PkixPublicKeyInitParameters `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"` }
func (*PublicKeysInitParameters) DeepCopy ¶ added in v0.35.0
func (in *PublicKeysInitParameters) DeepCopy() *PublicKeysInitParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeysInitParameters.
func (*PublicKeysInitParameters) DeepCopyInto ¶ added in v0.35.0
func (in *PublicKeysInitParameters) DeepCopyInto(out *PublicKeysInitParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PublicKeysObservation ¶
type PublicKeysObservation struct { // ASCII-armored representation of a PGP public key, as the // entire output by the command // gpg --export --armor foo@example.com (either LF or CRLF // line endings). When using this field, id should be left // blank. The BinAuthz API handlers will calculate the ID // and fill it in automatically. BinAuthz computes this ID // as the OpenPGP RFC4880 V4 fingerprint, represented as // upper-case hex. If id is provided by the caller, it will // be overwritten by the API-calculated ID. ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"` // A descriptive comment. This field may be updated. Comment *string `json:"comment,omitempty" tf:"comment,omitempty"` // The ID of this public key. Signatures verified by BinAuthz // must include the ID of the public key that can be used to // verify them, and that ID must match the contents of this // field exactly. Additional restrictions on this field can // be imposed based on which public key type is encapsulated. // See the documentation on publicKey cases below for details. ID *string `json:"id,omitempty" tf:"id,omitempty"` // A raw PKIX SubjectPublicKeyInfo format public key. // NOTE: id may be explicitly provided by the caller when using this // type of public key, but it MUST be a valid RFC3986 URI. If id is left // blank, a default one will be computed based on the digest of the DER // encoding of the public key. // Structure is documented below. PkixPublicKey []PkixPublicKeyObservation `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"` }
func (*PublicKeysObservation) DeepCopy ¶
func (in *PublicKeysObservation) DeepCopy() *PublicKeysObservation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeysObservation.
func (*PublicKeysObservation) DeepCopyInto ¶
func (in *PublicKeysObservation) DeepCopyInto(out *PublicKeysObservation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PublicKeysParameters ¶
type PublicKeysParameters struct { // ASCII-armored representation of a PGP public key, as the // entire output by the command // gpg --export --armor foo@example.com (either LF or CRLF // line endings). When using this field, id should be left // blank. The BinAuthz API handlers will calculate the ID // and fill it in automatically. BinAuthz computes this ID // as the OpenPGP RFC4880 V4 fingerprint, represented as // upper-case hex. If id is provided by the caller, it will // be overwritten by the API-calculated ID. // +kubebuilder:validation:Optional ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"` // A descriptive comment. This field may be updated. // +kubebuilder:validation:Optional Comment *string `json:"comment,omitempty" tf:"comment,omitempty"` // The ID of this public key. Signatures verified by BinAuthz // must include the ID of the public key that can be used to // verify them, and that ID must match the contents of this // field exactly. Additional restrictions on this field can // be imposed based on which public key type is encapsulated. // See the documentation on publicKey cases below for details. // +kubebuilder:validation:Optional ID *string `json:"id,omitempty" tf:"id,omitempty"` // A raw PKIX SubjectPublicKeyInfo format public key. // NOTE: id may be explicitly provided by the caller when using this // type of public key, but it MUST be a valid RFC3986 URI. If id is left // blank, a default one will be computed based on the digest of the DER // encoding of the public key. // Structure is documented below. // +kubebuilder:validation:Optional PkixPublicKey []PkixPublicKeyParameters `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"` }
func (*PublicKeysParameters) DeepCopy ¶
func (in *PublicKeysParameters) DeepCopy() *PublicKeysParameters
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeysParameters.
func (*PublicKeysParameters) DeepCopyInto ¶
func (in *PublicKeysParameters) DeepCopyInto(out *PublicKeysParameters)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.