v1beta2

package
v1.10.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2024 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Overview

+kubebuilder:object:generate=true +groupName=iam.gcp.upbound.io +versionName=v1beta2

Index

Constants

View Source
const (
	CRDGroup   = "iam.gcp.upbound.io"
	CRDVersion = "v1beta2"
)

Package type metadata.

Variables

View Source
var (
	// CRDGroupVersion is the API Group Version used to register the objects
	CRDGroupVersion = schema.GroupVersion{Group: CRDGroup, Version: CRDVersion}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: CRDGroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var (
	WorkloadIdentityPoolProvider_Kind             = "WorkloadIdentityPoolProvider"
	WorkloadIdentityPoolProvider_GroupKind        = schema.GroupKind{Group: CRDGroup, Kind: WorkloadIdentityPoolProvider_Kind}.String()
	WorkloadIdentityPoolProvider_KindAPIVersion   = WorkloadIdentityPoolProvider_Kind + "." + CRDGroupVersion.String()
	WorkloadIdentityPoolProvider_GroupVersionKind = CRDGroupVersion.WithKind(WorkloadIdentityPoolProvider_Kind)
)

Repository type metadata.

Functions

This section is empty.

Types

type AwsInitParameters

type AwsInitParameters struct {

	// The AWS account ID.
	AccountID *string `json:"accountId,omitempty" tf:"account_id,omitempty"`
}

func (*AwsInitParameters) DeepCopy

func (in *AwsInitParameters) DeepCopy() *AwsInitParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsInitParameters.

func (*AwsInitParameters) DeepCopyInto

func (in *AwsInitParameters) DeepCopyInto(out *AwsInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AwsObservation

type AwsObservation struct {

	// The AWS account ID.
	AccountID *string `json:"accountId,omitempty" tf:"account_id,omitempty"`
}

func (*AwsObservation) DeepCopy

func (in *AwsObservation) DeepCopy() *AwsObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsObservation.

func (*AwsObservation) DeepCopyInto

func (in *AwsObservation) DeepCopyInto(out *AwsObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AwsParameters

type AwsParameters struct {

	// The AWS account ID.
	// +kubebuilder:validation:Optional
	AccountID *string `json:"accountId" tf:"account_id,omitempty"`
}

func (*AwsParameters) DeepCopy

func (in *AwsParameters) DeepCopy() *AwsParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsParameters.

func (*AwsParameters) DeepCopyInto

func (in *AwsParameters) DeepCopyInto(out *AwsParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OidcInitParameters

type OidcInitParameters struct {

	// Acceptable values for the aud field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	AllowedAudiences []*string `json:"allowedAudiences,omitempty" tf:"allowed_audiences,omitempty"`

	// The OIDC issuer URL.
	IssuerURI *string `json:"issuerUri,omitempty" tf:"issuer_uri,omitempty"`

	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the jwks_uri from the discovery document fetched from the
	// .well-known path for the issuer_uri. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJSON *string `json:"jwksJson,omitempty" tf:"jwks_json,omitempty"`
}

func (*OidcInitParameters) DeepCopy

func (in *OidcInitParameters) DeepCopy() *OidcInitParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcInitParameters.

func (*OidcInitParameters) DeepCopyInto

func (in *OidcInitParameters) DeepCopyInto(out *OidcInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OidcObservation

type OidcObservation struct {

	// Acceptable values for the aud field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	AllowedAudiences []*string `json:"allowedAudiences,omitempty" tf:"allowed_audiences,omitempty"`

	// The OIDC issuer URL.
	IssuerURI *string `json:"issuerUri,omitempty" tf:"issuer_uri,omitempty"`

	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the jwks_uri from the discovery document fetched from the
	// .well-known path for the issuer_uri. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	JwksJSON *string `json:"jwksJson,omitempty" tf:"jwks_json,omitempty"`
}

func (*OidcObservation) DeepCopy

func (in *OidcObservation) DeepCopy() *OidcObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcObservation.

func (*OidcObservation) DeepCopyInto

func (in *OidcObservation) DeepCopyInto(out *OidcObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OidcParameters

type OidcParameters struct {

	// Acceptable values for the aud field (audience) in the OIDC token. Token exchange
	// requests are rejected if the token audience does not match one of the configured
	// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
	// be configured.
	// If this list is empty, the OIDC token audience must be equal to the full canonical
	// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
	// For example:
	// +kubebuilder:validation:Optional
	AllowedAudiences []*string `json:"allowedAudiences,omitempty" tf:"allowed_audiences,omitempty"`

	// The OIDC issuer URL.
	// +kubebuilder:validation:Optional
	IssuerURI *string `json:"issuerUri" tf:"issuer_uri,omitempty"`

	// OIDC JWKs in JSON String format. For details on definition of a
	// JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we
	// use the jwks_uri from the discovery document fetched from the
	// .well-known path for the issuer_uri. Currently, RSA and EC asymmetric
	// keys are supported. The JWK must use following format and include only
	// the following fields:
	// +kubebuilder:validation:Optional
	JwksJSON *string `json:"jwksJson,omitempty" tf:"jwks_json,omitempty"`
}

func (*OidcParameters) DeepCopy

func (in *OidcParameters) DeepCopy() *OidcParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OidcParameters.

func (*OidcParameters) DeepCopyInto

func (in *OidcParameters) DeepCopyInto(out *OidcParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SAMLInitParameters

type SAMLInitParameters struct {

	// SAML Identity provider configuration metadata xml doc.
	IdPMetadataXML *string `json:"idpMetadataXml,omitempty" tf:"idp_metadata_xml,omitempty"`
}

func (*SAMLInitParameters) DeepCopy

func (in *SAMLInitParameters) DeepCopy() *SAMLInitParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLInitParameters.

func (*SAMLInitParameters) DeepCopyInto

func (in *SAMLInitParameters) DeepCopyInto(out *SAMLInitParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SAMLObservation

type SAMLObservation struct {

	// SAML Identity provider configuration metadata xml doc.
	IdPMetadataXML *string `json:"idpMetadataXml,omitempty" tf:"idp_metadata_xml,omitempty"`
}

func (*SAMLObservation) DeepCopy

func (in *SAMLObservation) DeepCopy() *SAMLObservation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLObservation.

func (*SAMLObservation) DeepCopyInto

func (in *SAMLObservation) DeepCopyInto(out *SAMLObservation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SAMLParameters

type SAMLParameters struct {

	// SAML Identity provider configuration metadata xml doc.
	// +kubebuilder:validation:Optional
	IdPMetadataXML *string `json:"idpMetadataXml" tf:"idp_metadata_xml,omitempty"`
}

func (*SAMLParameters) DeepCopy

func (in *SAMLParameters) DeepCopy() *SAMLParameters

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SAMLParameters.

func (*SAMLParameters) DeepCopyInto

func (in *SAMLParameters) DeepCopyInto(out *SAMLParameters)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WorkloadIdentityPoolProvider

type WorkloadIdentityPoolProvider struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              WorkloadIdentityPoolProviderSpec   `json:"spec"`
	Status            WorkloadIdentityPoolProviderStatus `json:"status,omitempty"`
}

WorkloadIdentityPoolProvider is the Schema for the WorkloadIdentityPoolProviders API. A configuration for an external identity provider. +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}

func (*WorkloadIdentityPoolProvider) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WorkloadIdentityPoolProvider) DeepCopyObject

func (in *WorkloadIdentityPoolProvider) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*WorkloadIdentityPoolProvider) GetCondition

GetCondition of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) GetConnectionDetailsMapping

func (tr *WorkloadIdentityPoolProvider) GetConnectionDetailsMapping() map[string]string

GetConnectionDetailsMapping for this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) GetDeletionPolicy

func (mg *WorkloadIdentityPoolProvider) GetDeletionPolicy() xpv1.DeletionPolicy

GetDeletionPolicy of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) GetID

GetID returns ID of underlying Terraform resource of this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) GetInitParameters

func (tr *WorkloadIdentityPoolProvider) GetInitParameters() (map[string]any, error)

GetInitParameters of this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) GetManagementPolicies

func (mg *WorkloadIdentityPoolProvider) GetManagementPolicies() xpv1.ManagementPolicies

GetManagementPolicies of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) GetMergedParameters

func (tr *WorkloadIdentityPoolProvider) GetMergedParameters(shouldMergeInitProvider bool) (map[string]any, error)

GetInitParameters of this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) GetObservation

func (tr *WorkloadIdentityPoolProvider) GetObservation() (map[string]any, error)

GetObservation of this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) GetParameters

func (tr *WorkloadIdentityPoolProvider) GetParameters() (map[string]any, error)

GetParameters of this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) GetProviderConfigReference

func (mg *WorkloadIdentityPoolProvider) GetProviderConfigReference() *xpv1.Reference

GetProviderConfigReference of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) GetPublishConnectionDetailsTo

func (mg *WorkloadIdentityPoolProvider) GetPublishConnectionDetailsTo() *xpv1.PublishConnectionDetailsTo

GetPublishConnectionDetailsTo of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) GetTerraformResourceType

func (mg *WorkloadIdentityPoolProvider) GetTerraformResourceType() string

GetTerraformResourceType returns Terraform resource type for this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) GetTerraformSchemaVersion

func (tr *WorkloadIdentityPoolProvider) GetTerraformSchemaVersion() int

GetTerraformSchemaVersion returns the associated Terraform schema version

func (*WorkloadIdentityPoolProvider) GetWriteConnectionSecretToReference

func (mg *WorkloadIdentityPoolProvider) GetWriteConnectionSecretToReference() *xpv1.SecretReference

GetWriteConnectionSecretToReference of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) Hub

func (tr *WorkloadIdentityPoolProvider) Hub()

Hub marks this type as a conversion hub.

func (*WorkloadIdentityPoolProvider) LateInitialize

func (tr *WorkloadIdentityPoolProvider) LateInitialize(attrs []byte) (bool, error)

LateInitialize this WorkloadIdentityPoolProvider using its observed tfState. returns True if there are any spec changes for the resource.

func (*WorkloadIdentityPoolProvider) ResolveReferences

func (mg *WorkloadIdentityPoolProvider) ResolveReferences(
	ctx context.Context, c client.Reader) error

func (*WorkloadIdentityPoolProvider) SetConditions

func (mg *WorkloadIdentityPoolProvider) SetConditions(c ...xpv1.Condition)

SetConditions of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) SetDeletionPolicy

func (mg *WorkloadIdentityPoolProvider) SetDeletionPolicy(r xpv1.DeletionPolicy)

SetDeletionPolicy of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) SetManagementPolicies

func (mg *WorkloadIdentityPoolProvider) SetManagementPolicies(r xpv1.ManagementPolicies)

SetManagementPolicies of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) SetObservation

func (tr *WorkloadIdentityPoolProvider) SetObservation(obs map[string]any) error

SetObservation for this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) SetParameters

func (tr *WorkloadIdentityPoolProvider) SetParameters(params map[string]any) error

SetParameters for this WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProvider) SetProviderConfigReference

func (mg *WorkloadIdentityPoolProvider) SetProviderConfigReference(r *xpv1.Reference)

SetProviderConfigReference of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) SetPublishConnectionDetailsTo

func (mg *WorkloadIdentityPoolProvider) SetPublishConnectionDetailsTo(r *xpv1.PublishConnectionDetailsTo)

SetPublishConnectionDetailsTo of this WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProvider) SetWriteConnectionSecretToReference

func (mg *WorkloadIdentityPoolProvider) SetWriteConnectionSecretToReference(r *xpv1.SecretReference)

SetWriteConnectionSecretToReference of this WorkloadIdentityPoolProvider.

type WorkloadIdentityPoolProviderInitParameters

type WorkloadIdentityPoolProviderInitParameters struct {

	// A Common Expression Language expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition *string `json:"attributeCondition,omitempty" tf:"attribute_condition,omitempty"`

	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as subject and segment.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// +mapType=granular
	AttributeMapping map[string]*string `json:"attributeMapping,omitempty" tf:"attribute_mapping,omitempty"`

	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	Aws *AwsInitParameters `json:"aws,omitempty" tf:"aws,omitempty"`

	// A description for the provider. Cannot exceed 256 characters.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled *bool `json:"disabled,omitempty" tf:"disabled,omitempty"`

	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`

	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	Oidc *OidcInitParameters `json:"oidc,omitempty" tf:"oidc,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project *string `json:"project,omitempty" tf:"project,omitempty"`

	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	SAML *SAMLInitParameters `json:"saml,omitempty" tf:"saml,omitempty"`
}

func (*WorkloadIdentityPoolProviderInitParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderInitParameters.

func (*WorkloadIdentityPoolProviderInitParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WorkloadIdentityPoolProviderList

type WorkloadIdentityPoolProviderList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []WorkloadIdentityPoolProvider `json:"items"`
}

WorkloadIdentityPoolProviderList contains a list of WorkloadIdentityPoolProviders

func (*WorkloadIdentityPoolProviderList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderList.

func (*WorkloadIdentityPoolProviderList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WorkloadIdentityPoolProviderList) DeepCopyObject

func (in *WorkloadIdentityPoolProviderList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*WorkloadIdentityPoolProviderList) GetItems

GetItems of this WorkloadIdentityPoolProviderList.

type WorkloadIdentityPoolProviderObservation

type WorkloadIdentityPoolProviderObservation struct {

	// A Common Expression Language expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	AttributeCondition *string `json:"attributeCondition,omitempty" tf:"attribute_condition,omitempty"`

	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as subject and segment.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// +mapType=granular
	AttributeMapping map[string]*string `json:"attributeMapping,omitempty" tf:"attribute_mapping,omitempty"`

	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	Aws *AwsObservation `json:"aws,omitempty" tf:"aws,omitempty"`

	// A description for the provider. Cannot exceed 256 characters.
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	Disabled *bool `json:"disabled,omitempty" tf:"disabled,omitempty"`

	// A display name for the provider. Cannot exceed 32 characters.
	DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`

	// an identifier for the resource with format projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}
	ID *string `json:"id,omitempty" tf:"id,omitempty"`

	// The resource name of the provider as
	// projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}.
	Name *string `json:"name,omitempty" tf:"name,omitempty"`

	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	Oidc *OidcObservation `json:"oidc,omitempty" tf:"oidc,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project *string `json:"project,omitempty" tf:"project,omitempty"`

	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	SAML *SAMLObservation `json:"saml,omitempty" tf:"saml,omitempty"`

	// The state of the provider.
	State *string `json:"state,omitempty" tf:"state,omitempty"`

	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// gcp- is reserved for use by Google, and may not be specified.
	WorkloadIdentityPoolID *string `json:"workloadIdentityPoolId,omitempty" tf:"workload_identity_pool_id,omitempty"`
}

func (*WorkloadIdentityPoolProviderObservation) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderObservation.

func (*WorkloadIdentityPoolProviderObservation) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WorkloadIdentityPoolProviderParameters

type WorkloadIdentityPoolProviderParameters struct {

	// A Common Expression Language expression, in
	// plain text, to restrict what otherwise valid authentication credentials issued by the
	// provider should not be accepted.
	// The expression must output a boolean representing whether to allow the federation.
	// The following keywords may be referenced in the expressions:
	// +kubebuilder:validation:Optional
	AttributeCondition *string `json:"attributeCondition,omitempty" tf:"attribute_condition,omitempty"`

	// Maps attributes from authentication credentials issued by an external identity provider
	// to Google Cloud attributes, such as subject and segment.
	// Each key must be a string specifying the Google Cloud IAM attribute to map to.
	// The following keys are supported:
	// +kubebuilder:validation:Optional
	// +mapType=granular
	AttributeMapping map[string]*string `json:"attributeMapping,omitempty" tf:"attribute_mapping,omitempty"`

	// An Amazon Web Services identity provider. Not compatible with the property oidc or saml.
	// Structure is documented below.
	// +kubebuilder:validation:Optional
	Aws *AwsParameters `json:"aws,omitempty" tf:"aws,omitempty"`

	// A description for the provider. Cannot exceed 256 characters.
	// +kubebuilder:validation:Optional
	Description *string `json:"description,omitempty" tf:"description,omitempty"`

	// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
	// However, existing tokens still grant access.
	// +kubebuilder:validation:Optional
	Disabled *bool `json:"disabled,omitempty" tf:"disabled,omitempty"`

	// A display name for the provider. Cannot exceed 32 characters.
	// +kubebuilder:validation:Optional
	DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`

	// An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.
	// Structure is documented below.
	// +kubebuilder:validation:Optional
	Oidc *OidcParameters `json:"oidc,omitempty" tf:"oidc,omitempty"`

	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	// +kubebuilder:validation:Optional
	Project *string `json:"project,omitempty" tf:"project,omitempty"`

	// An SAML 2.0 identity provider. Not compatible with the property oidc or aws.
	// Structure is documented below.
	// +kubebuilder:validation:Optional
	SAML *SAMLParameters `json:"saml,omitempty" tf:"saml,omitempty"`

	// The ID used for the pool, which is the final component of the pool resource name. This
	// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
	// gcp- is reserved for use by Google, and may not be specified.
	// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/iam/v1beta1.WorkloadIdentityPool
	// +kubebuilder:validation:Optional
	WorkloadIdentityPoolID *string `json:"workloadIdentityPoolId,omitempty" tf:"workload_identity_pool_id,omitempty"`

	// Reference to a WorkloadIdentityPool in iam to populate workloadIdentityPoolId.
	// +kubebuilder:validation:Optional
	WorkloadIdentityPoolIDRef *v1.Reference `json:"workloadIdentityPoolIdRef,omitempty" tf:"-"`

	// Selector for a WorkloadIdentityPool in iam to populate workloadIdentityPoolId.
	// +kubebuilder:validation:Optional
	WorkloadIdentityPoolIDSelector *v1.Selector `json:"workloadIdentityPoolIdSelector,omitempty" tf:"-"`
}

func (*WorkloadIdentityPoolProviderParameters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderParameters.

func (*WorkloadIdentityPoolProviderParameters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WorkloadIdentityPoolProviderSpec

type WorkloadIdentityPoolProviderSpec struct {
	v1.ResourceSpec `json:",inline"`
	ForProvider     WorkloadIdentityPoolProviderParameters `json:"forProvider"`
	// THIS IS A BETA FIELD. It will be honored
	// unless the Management Policies feature flag is disabled.
	// InitProvider holds the same fields as ForProvider, with the exception
	// of Identifier and other resource reference fields. The fields that are
	// in InitProvider are merged into ForProvider when the resource is created.
	// The same fields are also added to the terraform ignore_changes hook, to
	// avoid updating them after creation. This is useful for fields that are
	// required on creation, but we do not desire to update them after creation,
	// for example because of an external controller is managing them, like an
	// autoscaler.
	InitProvider WorkloadIdentityPoolProviderInitParameters `json:"initProvider,omitempty"`
}

WorkloadIdentityPoolProviderSpec defines the desired state of WorkloadIdentityPoolProvider

func (*WorkloadIdentityPoolProviderSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderSpec.

func (*WorkloadIdentityPoolProviderSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WorkloadIdentityPoolProviderStatus

type WorkloadIdentityPoolProviderStatus struct {
	v1.ResourceStatus `json:",inline"`
	AtProvider        WorkloadIdentityPoolProviderObservation `json:"atProvider,omitempty"`
}

WorkloadIdentityPoolProviderStatus defines the observed state of WorkloadIdentityPoolProvider.

func (*WorkloadIdentityPoolProviderStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadIdentityPoolProviderStatus.

func (*WorkloadIdentityPoolProviderStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL