v1beta2

package
v1.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 17, 2024 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Overview

+kubebuilder:object:generate=true +groupName=binaryauthorization.gcp.upbound.io +versionName=v1beta2

Index

Constants

View Source
const (
	CRDGroup   = "binaryauthorization.gcp.upbound.io"
	CRDVersion = "v1beta2"
)

Package type metadata.

Variables

View Source
var (
	Attestor_Kind             = "Attestor"
	Attestor_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: Attestor_Kind}.String()
	Attestor_KindAPIVersion   = Attestor_Kind + "." + CRDGroupVersion.String()
	Attestor_GroupVersionKind = CRDGroupVersion.WithKind(Attestor_Kind)
)

Repository type metadata.

View Source
var (
	// CRDGroupVersion is the API Group Version used to register the objects
	CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var (
	Policy_Kind             = "Policy"
	Policy_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: Policy_Kind}.String()
	Policy_KindAPIVersion   = Policy_Kind + "." + CRDGroupVersion.String()
	Policy_GroupVersionKind = CRDGroupVersion.WithKind(Policy_Kind)
)

Repository type metadata.

Functions

This section is empty.

Types

type AdmissionWhitelistPatternsInitParameters

type AdmissionWhitelistPatternsInitParameters struct {

	// An image name pattern to whitelist, in the form
	// registry/path/to/image. This supports a trailing * as a
	// wildcard, but this is allowed only in text after the registry/
	// part.
	NamePattern *string `json:"namePattern,omitempty" tf:"name_pattern,omitempty"`
}

func (*AdmissionWhitelistPatternsInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionWhitelistPatternsInitParameters.

func (*AdmissionWhitelistPatternsInitParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AdmissionWhitelistPatternsObservation

type AdmissionWhitelistPatternsObservation struct {

	// An image name pattern to whitelist, in the form
	// registry/path/to/image. This supports a trailing * as a
	// wildcard, but this is allowed only in text after the registry/
	// part.
	NamePattern *string `json:"namePattern,omitempty" tf:"name_pattern,omitempty"`
}

func (*AdmissionWhitelistPatternsObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionWhitelistPatternsObservation.

func (*AdmissionWhitelistPatternsObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AdmissionWhitelistPatternsParameters

type AdmissionWhitelistPatternsParameters struct {

	// An image name pattern to whitelist, in the form
	// registry/path/to/image. This supports a trailing * as a
	// wildcard, but this is allowed only in text after the registry/
	// part.
	// +kubebuilder:validation:Optional
	NamePattern *string `json:"namePattern" tf:"name_pattern,omitempty"`
}

func (*AdmissionWhitelistPatternsParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionWhitelistPatternsParameters.

func (*AdmissionWhitelistPatternsParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestationAuthorityNoteInitParameters

type AttestationAuthorityNoteInitParameters struct {

	// The resource name of a ATTESTATION_AUTHORITY Note, created by the
	// user. If the Note is in a different project from the Attestor, it
	// should be specified in the format projects/*/notes/* (or the legacy
	// providers/*/notes/*). This field may not be updated.
	// An attestation by this attestor is stored as a Container Analysis
	// ATTESTATION_AUTHORITY Occurrence that names a container image
	// and that links to this Note.
	// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/containeranalysis/v1beta2.Note
	NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"`

	// Reference to a Note in containeranalysis to populate noteReference.
	// +kubebuilder:validation:Optional
	NoteReferenceRef *v1.Reference `json:"noteReferenceRef,omitempty" tf:"-"`

	// Selector for a Note in containeranalysis to populate noteReference.
	// +kubebuilder:validation:Optional
	NoteReferenceSelector *v1.Selector `json:"noteReferenceSelector,omitempty" tf:"-"`

	// Public keys that verify attestations signed by this attestor. This
	// field may be updated.
	// If this field is non-empty, one of the specified public keys must
	// verify that an attestation was signed by this attestor for the
	// image specified in the admission request.
	// If this field is empty, this attestor always returns that no valid
	// attestations exist.
	// Structure is documented below.
	PublicKeys []PublicKeysInitParameters `json:"publicKeys,omitempty" tf:"public_keys,omitempty"`
}

func (*AttestationAuthorityNoteInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestationAuthorityNoteInitParameters.

func (*AttestationAuthorityNoteInitParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestationAuthorityNoteObservation

type AttestationAuthorityNoteObservation struct {

	// (Output)
	// This field will contain the service account email address that
	// this Attestor will use as the principal when querying Container
	// Analysis. Attestor administrators must grant this service account
	// the IAM role needed to read attestations from the noteReference in
	// Container Analysis (containeranalysis.notes.occurrences.viewer).
	// This email address is fixed for the lifetime of the Attestor, but
	// callers should not make any other assumptions about the service
	// account email; future versions may use an email based on a
	// different naming pattern.
	DelegationServiceAccountEmail *string `json:"delegationServiceAccountEmail,omitempty" tf:"delegation_service_account_email,omitempty"`

	// The resource name of a ATTESTATION_AUTHORITY Note, created by the
	// user. If the Note is in a different project from the Attestor, it
	// should be specified in the format projects/*/notes/* (or the legacy
	// providers/*/notes/*). This field may not be updated.
	// An attestation by this attestor is stored as a Container Analysis
	// ATTESTATION_AUTHORITY Occurrence that names a container image
	// and that links to this Note.
	NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"`

	// Public keys that verify attestations signed by this attestor. This
	// field may be updated.
	// If this field is non-empty, one of the specified public keys must
	// verify that an attestation was signed by this attestor for the
	// image specified in the admission request.
	// If this field is empty, this attestor always returns that no valid
	// attestations exist.
	// Structure is documented below.
	PublicKeys []PublicKeysObservation `json:"publicKeys,omitempty" tf:"public_keys,omitempty"`
}

func (*AttestationAuthorityNoteObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestationAuthorityNoteObservation.

func (*AttestationAuthorityNoteObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestationAuthorityNoteParameters

type AttestationAuthorityNoteParameters struct {

	// The resource name of a ATTESTATION_AUTHORITY Note, created by the
	// user. If the Note is in a different project from the Attestor, it
	// should be specified in the format projects/*/notes/* (or the legacy
	// providers/*/notes/*). This field may not be updated.
	// An attestation by this attestor is stored as a Container Analysis
	// ATTESTATION_AUTHORITY Occurrence that names a container image
	// and that links to this Note.
	// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/containeranalysis/v1beta2.Note
	// +kubebuilder:validation:Optional
	NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"`

	// Reference to a Note in containeranalysis to populate noteReference.
	// +kubebuilder:validation:Optional
	NoteReferenceRef *v1.Reference `json:"noteReferenceRef,omitempty" tf:"-"`

	// Selector for a Note in containeranalysis to populate noteReference.
	// +kubebuilder:validation:Optional
	NoteReferenceSelector *v1.Selector `json:"noteReferenceSelector,omitempty" tf:"-"`

	// Public keys that verify attestations signed by this attestor. This
	// field may be updated.
	// If this field is non-empty, one of the specified public keys must
	// verify that an attestation was signed by this attestor for the
	// image specified in the admission request.
	// If this field is empty, this attestor always returns that no valid
	// attestations exist.
	// Structure is documented below.
	// +kubebuilder:validation:Optional
	PublicKeys []PublicKeysParameters `json:"publicKeys,omitempty" tf:"public_keys,omitempty"`
}

func (*AttestationAuthorityNoteParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestationAuthorityNoteParameters.

func (*AttestationAuthorityNoteParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Attestor

type Attestor struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.attestationAuthorityNote) || (has(self.initProvider) && has(self.initProvider.attestationAuthorityNote))",message="spec.forProvider.attestationAuthorityNote is a required parameter"
	Spec   AttestorSpec   `json:"spec"`
	Status AttestorStatus `json:"status,omitempty"`
}

Attestor is the Schema for the Attestors API. An attestor that attests to container image artifacts. +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}

func (*Attestor) DeepCopy

func (in *Attestor) DeepCopy() *Attestor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Attestor.

func (*Attestor) DeepCopyInto

func (in *Attestor) DeepCopyInto(out *Attestor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Attestor) DeepCopyObject

func (in *Attestor) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Attestor) GetCondition

func (mg *Attestor) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this Attestor.

func (*Attestor) GetConnectionDetailsMapping

func (tr *Attestor) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this Attestor

func (*Attestor) GetDeletionPolicy

func (mg *Attestor) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this Attestor.

func (*Attestor) GetID

func (tr *Attestor) GetID() string

GetID returns ID of underlying Terraform resource of this Attestor

func (*Attestor) GetInitParameters

func (tr *Attestor) GetInitParameters() (map[string]any, error)

GetInitParameters of this Attestor

func (*Attestor) GetManagementPolicies

func (mg *Attestor) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this Attestor.

func (*Attestor) GetMergedParameters

func (tr *Attestor) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error)

GetInitParameters of this Attestor

func (*Attestor) GetObservation

func (tr *Attestor) GetObservation() (map[string]any, error)

GetObservation of this Attestor

func (*Attestor) GetParameters

func (tr *Attestor) GetParameters() (map[string]any, error)

GetParameters of this Attestor

func (*Attestor) GetProviderConfigReference

func (mg *Attestor) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this Attestor.

func (*Attestor) GetPublishConnectionDetailsTo

func (mg *Attestor) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this Attestor.

func (*Attestor) GetTerraformResourceType

func (mg *Attestor) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this Attestor

func (*Attestor) GetTerraformSchemaVersion

func (tr *Attestor) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*Attestor) GetWriteConnectionSecretToReference

func (mg *Attestor) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this Attestor.

func (*Attestor) Hub

func (tr *Attestor) Hub()

Hub marks this type as a conversion hub.

func (*Attestor) LateInitialize

func (tr *Attestor) LateInitialize(attrs []byte) (bool, error)

LateInitialize this Attestor using its observed tfState. returns True if there are any spec changes for the resource.

func (*Attestor) ResolveReferences

func (mg *Attestor) ResolveReferences(ctx context.Context, c client.Reader) error

func (*Attestor) SetConditions

func (mg *Attestor) SetConditions(c ...xpv1.Condition)

SetConditions of this Attestor.

func (*Attestor) SetDeletionPolicy

func (mg *Attestor) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this Attestor.

func (*Attestor) SetManagementPolicies

func (mg *Attestor) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this Attestor.

func (*Attestor) SetObservation

func (tr *Attestor) SetObservation(obs map[string]any) error

SetObservation for this Attestor

func (*Attestor) SetParameters

func (tr *Attestor) SetParameters(params map[string]any) error

SetParameters for this Attestor

func (*Attestor) SetProviderConfigReference

func (mg *Attestor) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this Attestor.

func (*Attestor) SetPublishConnectionDetailsTo

func (mg *Attestor) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this Attestor.

func (*Attestor) SetWriteConnectionSecretToReference

func (mg *Attestor) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this Attestor.

type AttestorInitParameters

type AttestorInitParameters struct {

	// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
	// Structure is documented below.
	AttestationAuthorityNote *AttestationAuthorityNoteInitParameters `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"`

	// A descriptive comment. This field may be updated. The field may be
	// displayed in chooser dialogs.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project *string `json:"project,omitempty" tf:"project,omitempty"`
}

func (*AttestorInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorInitParameters.

func (*AttestorInitParameters) DeepCopyInto

func (in *AttestorInitParameters) DeepCopyInto(out *AttestorInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorList

type AttestorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Attestor `json:"items"`
}

AttestorList contains a list of Attestors

func (*AttestorList) DeepCopy

func (in *AttestorList) DeepCopy() *AttestorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorList.

func (*AttestorList) DeepCopyInto

func (in *AttestorList) DeepCopyInto(out *AttestorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AttestorList) DeepCopyObject

func (in *AttestorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AttestorList) GetItems

func (l *AttestorList) GetItems() []resource.Managed

GetItems of this AttestorList.

type AttestorObservation

type AttestorObservation struct {

	// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
	// Structure is documented below.
	AttestationAuthorityNote *AttestationAuthorityNoteObservation `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"`

	// A descriptive comment. This field may be updated. The field may be
	// displayed in chooser dialogs.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// an identifier for the resource with format projects/{{project}}/attestors/{{name}}
	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project *string `json:"project,omitempty" tf:"project,omitempty"`
}

func (*AttestorObservation) DeepCopy

func (in *AttestorObservation) DeepCopy() *AttestorObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorObservation.

func (*AttestorObservation) DeepCopyInto

func (in *AttestorObservation) DeepCopyInto(out *AttestorObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorParameters

type AttestorParameters struct {

	// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
	// Structure is documented below.
	// +kubebuilder:validation:Optional
	AttestationAuthorityNote *AttestationAuthorityNoteParameters `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"`

	// A descriptive comment. This field may be updated. The field may be
	// displayed in chooser dialogs.
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	// +kubebuilder:validation:Optional
	Project *string `json:"project,omitempty" tf:"project,omitempty"`
}

func (*AttestorParameters) DeepCopy

func (in *AttestorParameters) DeepCopy() *AttestorParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorParameters.

func (*AttestorParameters) DeepCopyInto

func (in *AttestorParameters) DeepCopyInto(out *AttestorParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorSpec

type AttestorSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     AttestorParameters `json:"forProvider"`
	// THIS IS A BETA FIELD. It will be honored
	// unless the Management Policies feature flag is disabled.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider AttestorInitParameters `json:"initProvider,omitempty"`
}

AttestorSpec defines the desired state of Attestor

func (*AttestorSpec) DeepCopy

func (in *AttestorSpec) DeepCopy() *AttestorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorSpec.

func (*AttestorSpec) DeepCopyInto

func (in *AttestorSpec) DeepCopyInto(out *AttestorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorStatus

type AttestorStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        AttestorObservation `json:"atProvider,omitempty"`
}

AttestorStatus defines the observed state of Attestor.

func (*AttestorStatus) DeepCopy

func (in *AttestorStatus) DeepCopy() *AttestorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorStatus.

func (*AttestorStatus) DeepCopyInto

func (in *AttestorStatus) DeepCopyInto(out *AttestorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterAdmissionRulesInitParameters

type ClusterAdmissionRulesInitParameters struct {

	// The identifier for this object. Format specified above.
	Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"`

	// The action when a pod creation is denied by the admission rule.
	// Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY.
	EnforcementMode *string `json:"enforcementMode,omitempty" tf:"enforcement_mode,omitempty"`

	// How this admission rule will be evaluated.
	// Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY.
	EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"`

	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format projects/*/attestors/*.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluation_mode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/binaryauthorization/v1beta2.Attestor
	// +listType=set
	RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"`

	// References to Attestor in binaryauthorization to populate requireAttestationsBy.
	// +kubebuilder:validation:Optional
	RequireAttestationsByRefs []v1.Reference `json:"requireAttestationsByRefs,omitempty" tf:"-"`

	// Selector for a list of Attestor in binaryauthorization to populate requireAttestationsBy.
	// +kubebuilder:validation:Optional
	RequireAttestationsBySelector *v1.Selector `json:"requireAttestationsBySelector,omitempty" tf:"-"`
}

func (*ClusterAdmissionRulesInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionRulesInitParameters.

func (*ClusterAdmissionRulesInitParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterAdmissionRulesObservation

type ClusterAdmissionRulesObservation struct {

	// The identifier for this object. Format specified above.
	Cluster *string `json:"cluster,omitempty" tf:"cluster,omitempty"`

	// The action when a pod creation is denied by the admission rule.
	// Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY.
	EnforcementMode *string `json:"enforcementMode,omitempty" tf:"enforcement_mode,omitempty"`

	// How this admission rule will be evaluated.
	// Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY.
	EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"`

	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format projects/*/attestors/*.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluation_mode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	// +listType=set
	RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"`
}

func (*ClusterAdmissionRulesObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionRulesObservation.

func (*ClusterAdmissionRulesObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterAdmissionRulesParameters

type ClusterAdmissionRulesParameters struct {

	// The identifier for this object. Format specified above.
	// +kubebuilder:validation:Optional
	Cluster *string `json:"cluster" tf:"cluster,omitempty"`

	// The action when a pod creation is denied by the admission rule.
	// Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY.
	// +kubebuilder:validation:Optional
	EnforcementMode *string `json:"enforcementMode" tf:"enforcement_mode,omitempty"`

	// How this admission rule will be evaluated.
	// Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY.
	// +kubebuilder:validation:Optional
	EvaluationMode *string `json:"evaluationMode" tf:"evaluation_mode,omitempty"`

	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format projects/*/attestors/*.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluation_mode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/binaryauthorization/v1beta2.Attestor
	// +kubebuilder:validation:Optional
	// +listType=set
	RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"`

	// References to Attestor in binaryauthorization to populate requireAttestationsBy.
	// +kubebuilder:validation:Optional
	RequireAttestationsByRefs []v1.Reference `json:"requireAttestationsByRefs,omitempty" tf:"-"`

	// Selector for a list of Attestor in binaryauthorization to populate requireAttestationsBy.
	// +kubebuilder:validation:Optional
	RequireAttestationsBySelector *v1.Selector `json:"requireAttestationsBySelector,omitempty" tf:"-"`
}

func (*ClusterAdmissionRulesParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionRulesParameters.

func (*ClusterAdmissionRulesParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DefaultAdmissionRuleInitParameters

type DefaultAdmissionRuleInitParameters struct {

	// The action when a pod creation is denied by the admission rule.
	// Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY.
	EnforcementMode *string `json:"enforcementMode,omitempty" tf:"enforcement_mode,omitempty"`

	// How this admission rule will be evaluated.
	// Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY.
	EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"`

	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format projects/*/attestors/*.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluation_mode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/binaryauthorization/v1beta2.Attestor
	// +listType=set
	RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"`

	// References to Attestor in binaryauthorization to populate requireAttestationsBy.
	// +kubebuilder:validation:Optional
	RequireAttestationsByRefs []v1.Reference `json:"requireAttestationsByRefs,omitempty" tf:"-"`

	// Selector for a list of Attestor in binaryauthorization to populate requireAttestationsBy.
	// +kubebuilder:validation:Optional
	RequireAttestationsBySelector *v1.Selector `json:"requireAttestationsBySelector,omitempty" tf:"-"`
}

func (*DefaultAdmissionRuleInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultAdmissionRuleInitParameters.

func (*DefaultAdmissionRuleInitParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DefaultAdmissionRuleObservation

type DefaultAdmissionRuleObservation struct {

	// The action when a pod creation is denied by the admission rule.
	// Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY.
	EnforcementMode *string `json:"enforcementMode,omitempty" tf:"enforcement_mode,omitempty"`

	// How this admission rule will be evaluated.
	// Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY.
	EvaluationMode *string `json:"evaluationMode,omitempty" tf:"evaluation_mode,omitempty"`

	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format projects/*/attestors/*.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluation_mode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	// +listType=set
	RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"`
}

func (*DefaultAdmissionRuleObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultAdmissionRuleObservation.

func (*DefaultAdmissionRuleObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DefaultAdmissionRuleParameters

type DefaultAdmissionRuleParameters struct {

	// The action when a pod creation is denied by the admission rule.
	// Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY.
	// +kubebuilder:validation:Optional
	EnforcementMode *string `json:"enforcementMode" tf:"enforcement_mode,omitempty"`

	// How this admission rule will be evaluated.
	// Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY.
	// +kubebuilder:validation:Optional
	EvaluationMode *string `json:"evaluationMode" tf:"evaluation_mode,omitempty"`

	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format projects/*/attestors/*.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluation_mode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/binaryauthorization/v1beta2.Attestor
	// +kubebuilder:validation:Optional
	// +listType=set
	RequireAttestationsBy []*string `json:"requireAttestationsBy,omitempty" tf:"require_attestations_by,omitempty"`

	// References to Attestor in binaryauthorization to populate requireAttestationsBy.
	// +kubebuilder:validation:Optional
	RequireAttestationsByRefs []v1.Reference `json:"requireAttestationsByRefs,omitempty" tf:"-"`

	// Selector for a list of Attestor in binaryauthorization to populate requireAttestationsBy.
	// +kubebuilder:validation:Optional
	RequireAttestationsBySelector *v1.Selector `json:"requireAttestationsBySelector,omitempty" tf:"-"`
}

func (*DefaultAdmissionRuleParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultAdmissionRuleParameters.

func (*DefaultAdmissionRuleParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PkixPublicKeyInitParameters

type PkixPublicKeyInitParameters struct {

	// A PEM-encoded public key, as described in
	// https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"`

	// The signature algorithm used to verify a message against
	// a signature using this key. These signature algorithm must
	// match the structure and any object identifiers encoded in
	// publicKeyPem (i.e. this algorithm must match that of the
	// public key).
	SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"`
}

func (*PkixPublicKeyInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PkixPublicKeyInitParameters.

func (*PkixPublicKeyInitParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PkixPublicKeyObservation

type PkixPublicKeyObservation struct {

	// A PEM-encoded public key, as described in
	// https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"`

	// The signature algorithm used to verify a message against
	// a signature using this key. These signature algorithm must
	// match the structure and any object identifiers encoded in
	// publicKeyPem (i.e. this algorithm must match that of the
	// public key).
	SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"`
}

func (*PkixPublicKeyObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PkixPublicKeyObservation.

func (*PkixPublicKeyObservation) DeepCopyInto

func (in *PkixPublicKeyObservation) DeepCopyInto(out *PkixPublicKeyObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PkixPublicKeyParameters

type PkixPublicKeyParameters struct {

	// A PEM-encoded public key, as described in
	// https://tools.ietf.org/html/rfc7468#section-13
	// +kubebuilder:validation:Optional
	PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"`

	// The signature algorithm used to verify a message against
	// a signature using this key. These signature algorithm must
	// match the structure and any object identifiers encoded in
	// publicKeyPem (i.e. this algorithm must match that of the
	// public key).
	// +kubebuilder:validation:Optional
	SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"`
}

func (*PkixPublicKeyParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PkixPublicKeyParameters.

func (*PkixPublicKeyParameters) DeepCopyInto

func (in *PkixPublicKeyParameters) DeepCopyInto(out *PkixPublicKeyParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Policy

type Policy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.defaultAdmissionRule) || (has(self.initProvider) && has(self.initProvider.defaultAdmissionRule))",message="spec.forProvider.defaultAdmissionRule is a required parameter"
	Spec   PolicySpec   `json:"spec"`
	Status PolicyStatus `json:"status,omitempty"`
}

Policy is the Schema for the Policys API. A policy for container image binary authorization. +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}

func (*Policy) DeepCopy

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*Policy) GetCondition

func (mg *Policy) GetCondition(ct xpv1.ConditionType) xpv1.Condition

GetCondition of this Policy.

func (*Policy) GetConnectionDetailsMapping

func (tr *Policy) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this Policy

func (*Policy) GetDeletionPolicy

func (mg *Policy) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this Policy.

func (*Policy) GetID

func (tr *Policy) GetID() string

GetID returns ID of underlying Terraform resource of this Policy

func (*Policy) GetInitParameters

func (tr *Policy) GetInitParameters() (map[string]any, error)

GetInitParameters of this Policy

func (*Policy) GetManagementPolicies

func (mg *Policy) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this Policy.

func (*Policy) GetMergedParameters

func (tr *Policy) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error)

GetInitParameters of this Policy

func (*Policy) GetObservation

func (tr *Policy) GetObservation() (map[string]any, error)

GetObservation of this Policy

func (*Policy) GetParameters

func (tr *Policy) GetParameters() (map[string]any, error)

GetParameters of this Policy

func (*Policy) GetProviderConfigReference

func (mg *Policy) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this Policy.

func (*Policy) GetPublishConnectionDetailsTo

func (mg *Policy) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this Policy.

func (*Policy) GetTerraformResourceType

func (mg *Policy) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this Policy

func (*Policy) GetTerraformSchemaVersion

func (tr *Policy) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*Policy) GetWriteConnectionSecretToReference

func (mg *Policy) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this Policy.

func (*Policy) Hub

func (tr *Policy) Hub()

Hub marks this type as a conversion hub.

func (*Policy) LateInitialize

func (tr *Policy) LateInitialize(attrs []byte) (bool, error)

LateInitialize this Policy using its observed tfState. returns True if there are any spec changes for the resource.

func (*Policy) ResolveReferences added in v1.9.0

func (mg *Policy) ResolveReferences(ctx context.Context, c client.Reader) error

ResolveReferences of this Policy.

func (*Policy) SetConditions

func (mg *Policy) SetConditions(c ...xpv1.Condition)

SetConditions of this Policy.

func (*Policy) SetDeletionPolicy

func (mg *Policy) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this Policy.

func (*Policy) SetManagementPolicies

func (mg *Policy) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this Policy.

func (*Policy) SetObservation

func (tr *Policy) SetObservation(obs map[string]any) error

SetObservation for this Policy

func (*Policy) SetParameters

func (tr *Policy) SetParameters(params map[string]any) error

SetParameters for this Policy

func (*Policy) SetProviderConfigReference

func (mg *Policy) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this Policy.

func (*Policy) SetPublishConnectionDetailsTo

func (mg *Policy) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this Policy.

func (*Policy) SetWriteConnectionSecretToReference

func (mg *Policy) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this Policy.

type PolicyInitParameters

type PolicyInitParameters struct {

	// A whitelist of image patterns to exclude from admission rules. If an
	// image's name matches a whitelist pattern, the image's admission
	// requests will always be permitted regardless of your admission rules.
	// Structure is documented below.
	AdmissionWhitelistPatterns []AdmissionWhitelistPatternsInitParameters `json:"admissionWhitelistPatterns,omitempty" tf:"admission_whitelist_patterns,omitempty"`

	// Per-cluster admission rules. An admission rule specifies either that
	// all container images used in a pod creation request must be attested
	// to by one or more attestors, that all pod creations will be allowed,
	// or that all pod creations will be denied. There can be at most one
	// admission rule per cluster spec.
	ClusterAdmissionRules []ClusterAdmissionRulesInitParameters `json:"clusterAdmissionRules,omitempty" tf:"cluster_admission_rules,omitempty"`

	// Default admission rule for a cluster without a per-cluster admission
	// rule.
	// Structure is documented below.
	DefaultAdmissionRule *DefaultAdmissionRuleInitParameters `json:"defaultAdmissionRule,omitempty" tf:"default_admission_rule,omitempty"`

	// A descriptive comment.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Controls the evaluation of a Google-maintained global admission policy
	// for common system-level images. Images not covered by the global
	// policy will be subject to the project admission policy.
	// Possible values are: ENABLE, DISABLE.
	GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty" tf:"global_policy_evaluation_mode,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project *string `json:"project,omitempty" tf:"project,omitempty"`
}

func (*PolicyInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyInitParameters.

func (*PolicyInitParameters) DeepCopyInto

func (in *PolicyInitParameters) DeepCopyInto(out *PolicyInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyList

type PolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Policy `json:"items"`
}

PolicyList contains a list of Policys

func (*PolicyList) DeepCopy

func (in *PolicyList) DeepCopy() *PolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList.

func (*PolicyList) DeepCopyInto

func (in *PolicyList) DeepCopyInto(out *PolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyList) DeepCopyObject

func (in *PolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*PolicyList) GetItems

func (l *PolicyList) GetItems() []resource.Managed

GetItems of this PolicyList.

type PolicyObservation

type PolicyObservation struct {

	// A whitelist of image patterns to exclude from admission rules. If an
	// image's name matches a whitelist pattern, the image's admission
	// requests will always be permitted regardless of your admission rules.
	// Structure is documented below.
	AdmissionWhitelistPatterns []AdmissionWhitelistPatternsObservation `json:"admissionWhitelistPatterns,omitempty" tf:"admission_whitelist_patterns,omitempty"`

	// Per-cluster admission rules. An admission rule specifies either that
	// all container images used in a pod creation request must be attested
	// to by one or more attestors, that all pod creations will be allowed,
	// or that all pod creations will be denied. There can be at most one
	// admission rule per cluster spec.
	ClusterAdmissionRules []ClusterAdmissionRulesObservation `json:"clusterAdmissionRules,omitempty" tf:"cluster_admission_rules,omitempty"`

	// Default admission rule for a cluster without a per-cluster admission
	// rule.
	// Structure is documented below.
	DefaultAdmissionRule *DefaultAdmissionRuleObservation `json:"defaultAdmissionRule,omitempty" tf:"default_admission_rule,omitempty"`

	// A descriptive comment.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Controls the evaluation of a Google-maintained global admission policy
	// for common system-level images. Images not covered by the global
	// policy will be subject to the project admission policy.
	// Possible values are: ENABLE, DISABLE.
	GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty" tf:"global_policy_evaluation_mode,omitempty"`

	// an identifier for the resource with format projects/{{project}}
	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project *string `json:"project,omitempty" tf:"project,omitempty"`
}

func (*PolicyObservation) DeepCopy

func (in *PolicyObservation) DeepCopy() *PolicyObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyObservation.

func (*PolicyObservation) DeepCopyInto

func (in *PolicyObservation) DeepCopyInto(out *PolicyObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyParameters

type PolicyParameters struct {

	// A whitelist of image patterns to exclude from admission rules. If an
	// image's name matches a whitelist pattern, the image's admission
	// requests will always be permitted regardless of your admission rules.
	// Structure is documented below.
	// +kubebuilder:validation:Optional
	AdmissionWhitelistPatterns []AdmissionWhitelistPatternsParameters `json:"admissionWhitelistPatterns,omitempty" tf:"admission_whitelist_patterns,omitempty"`

	// Per-cluster admission rules. An admission rule specifies either that
	// all container images used in a pod creation request must be attested
	// to by one or more attestors, that all pod creations will be allowed,
	// or that all pod creations will be denied. There can be at most one
	// admission rule per cluster spec.
	// +kubebuilder:validation:Optional
	ClusterAdmissionRules []ClusterAdmissionRulesParameters `json:"clusterAdmissionRules,omitempty" tf:"cluster_admission_rules,omitempty"`

	// Default admission rule for a cluster without a per-cluster admission
	// rule.
	// Structure is documented below.
	// +kubebuilder:validation:Optional
	DefaultAdmissionRule *DefaultAdmissionRuleParameters `json:"defaultAdmissionRule,omitempty" tf:"default_admission_rule,omitempty"`

	// A descriptive comment.
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Controls the evaluation of a Google-maintained global admission policy
	// for common system-level images. Images not covered by the global
	// policy will be subject to the project admission policy.
	// Possible values are: ENABLE, DISABLE.
	// +kubebuilder:validation:Optional
	GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty" tf:"global_policy_evaluation_mode,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	// +kubebuilder:validation:Optional
	Project *string `json:"project,omitempty" tf:"project,omitempty"`
}

func (*PolicyParameters) DeepCopy

func (in *PolicyParameters) DeepCopy() *PolicyParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyParameters.

func (*PolicyParameters) DeepCopyInto

func (in *PolicyParameters) DeepCopyInto(out *PolicyParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicySpec

type PolicySpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     PolicyParameters `json:"forProvider"`
	// THIS IS A BETA FIELD. It will be honored
	// unless the Management Policies feature flag is disabled.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider PolicyInitParameters `json:"initProvider,omitempty"`
}

PolicySpec defines the desired state of Policy

func (*PolicySpec) DeepCopy

func (in *PolicySpec) DeepCopy() *PolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.

func (*PolicySpec) DeepCopyInto

func (in *PolicySpec) DeepCopyInto(out *PolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyStatus

type PolicyStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        PolicyObservation `json:"atProvider,omitempty"`
}

PolicyStatus defines the observed state of Policy.

func (*PolicyStatus) DeepCopy

func (in *PolicyStatus) DeepCopy() *PolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.

func (*PolicyStatus) DeepCopyInto

func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PublicKeysInitParameters

type PublicKeysInitParameters struct {

	// ASCII-armored representation of a PGP public key, as the
	// entire output by the command
	// gpg --export --armor foo@example.com (either LF or CRLF
	// line endings). When using this field, id should be left
	// blank. The BinAuthz API handlers will calculate the ID
	// and fill it in automatically. BinAuthz computes this ID
	// as the OpenPGP RFC4880 V4 fingerprint, represented as
	// upper-case hex. If id is provided by the caller, it will
	// be overwritten by the API-calculated ID.
	ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"`

	// A descriptive comment. This field may be updated.
	Comment *string `json:"comment,omitempty" tf:"comment,omitempty"`

	// The ID of this public key. Signatures verified by BinAuthz
	// must include the ID of the public key that can be used to
	// verify them, and that ID must match the contents of this
	// field exactly. Additional restrictions on this field can
	// be imposed based on which public key type is encapsulated.
	// See the documentation on publicKey cases below for details.
	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// A raw PKIX SubjectPublicKeyInfo format public key.
	// NOTE: id may be explicitly provided by the caller when using this
	// type of public key, but it MUST be a valid RFC3986 URI. If id is left
	// blank, a default one will be computed based on the digest of the DER
	// encoding of the public key.
	// Structure is documented below.
	PkixPublicKey *PkixPublicKeyInitParameters `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"`
}

func (*PublicKeysInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeysInitParameters.

func (*PublicKeysInitParameters) DeepCopyInto

func (in *PublicKeysInitParameters) DeepCopyInto(out *PublicKeysInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PublicKeysObservation

type PublicKeysObservation struct {

	// ASCII-armored representation of a PGP public key, as the
	// entire output by the command
	// gpg --export --armor foo@example.com (either LF or CRLF
	// line endings). When using this field, id should be left
	// blank. The BinAuthz API handlers will calculate the ID
	// and fill it in automatically. BinAuthz computes this ID
	// as the OpenPGP RFC4880 V4 fingerprint, represented as
	// upper-case hex. If id is provided by the caller, it will
	// be overwritten by the API-calculated ID.
	ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"`

	// A descriptive comment. This field may be updated.
	Comment *string `json:"comment,omitempty" tf:"comment,omitempty"`

	// The ID of this public key. Signatures verified by BinAuthz
	// must include the ID of the public key that can be used to
	// verify them, and that ID must match the contents of this
	// field exactly. Additional restrictions on this field can
	// be imposed based on which public key type is encapsulated.
	// See the documentation on publicKey cases below for details.
	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// A raw PKIX SubjectPublicKeyInfo format public key.
	// NOTE: id may be explicitly provided by the caller when using this
	// type of public key, but it MUST be a valid RFC3986 URI. If id is left
	// blank, a default one will be computed based on the digest of the DER
	// encoding of the public key.
	// Structure is documented below.
	PkixPublicKey *PkixPublicKeyObservation `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"`
}

func (*PublicKeysObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeysObservation.

func (*PublicKeysObservation) DeepCopyInto

func (in *PublicKeysObservation) DeepCopyInto(out *PublicKeysObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PublicKeysParameters

type PublicKeysParameters struct {

	// ASCII-armored representation of a PGP public key, as the
	// entire output by the command
	// gpg --export --armor foo@example.com (either LF or CRLF
	// line endings). When using this field, id should be left
	// blank. The BinAuthz API handlers will calculate the ID
	// and fill it in automatically. BinAuthz computes this ID
	// as the OpenPGP RFC4880 V4 fingerprint, represented as
	// upper-case hex. If id is provided by the caller, it will
	// be overwritten by the API-calculated ID.
	// +kubebuilder:validation:Optional
	ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"`

	// A descriptive comment. This field may be updated.
	// +kubebuilder:validation:Optional
	Comment *string `json:"comment,omitempty" tf:"comment,omitempty"`

	// The ID of this public key. Signatures verified by BinAuthz
	// must include the ID of the public key that can be used to
	// verify them, and that ID must match the contents of this
	// field exactly. Additional restrictions on this field can
	// be imposed based on which public key type is encapsulated.
	// See the documentation on publicKey cases below for details.
	// +kubebuilder:validation:Optional
	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// A raw PKIX SubjectPublicKeyInfo format public key.
	// NOTE: id may be explicitly provided by the caller when using this
	// type of public key, but it MUST be a valid RFC3986 URI. If id is left
	// blank, a default one will be computed based on the digest of the DER
	// encoding of the public key.
	// Structure is documented below.
	// +kubebuilder:validation:Optional
	PkixPublicKey *PkixPublicKeyParameters `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"`
}

func (*PublicKeysParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PublicKeysParameters.

func (*PublicKeysParameters) DeepCopyInto

func (in *PublicKeysParameters) DeepCopyInto(out *PublicKeysParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL