v1alpha1

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

+groupName=accesscontext.google.kubeform.com

Index

Constants

This section is empty.

Variables

View Source
var (
	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: accesscontext.GroupName, Version: "v1alpha1"}

Functions

func GetDecoder

func GetDecoder() map[string]jsoniter.ValDecoder

func GetEncoder

func GetEncoder() map[string]jsoniter.ValEncoder

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type ManagerAccessLevel

type ManagerAccessLevel struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ManagerAccessLevelSpec   `json:"spec,omitempty"`
	Status            ManagerAccessLevelStatus `json:"status,omitempty"`
}

func (*ManagerAccessLevel) DeepCopy

func (in *ManagerAccessLevel) DeepCopy() *ManagerAccessLevel

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevel.

func (*ManagerAccessLevel) DeepCopyInto

func (in *ManagerAccessLevel) DeepCopyInto(out *ManagerAccessLevel)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerAccessLevel) DeepCopyObject

func (in *ManagerAccessLevel) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagerAccessLevel) SetupWebhookWithManager

func (r *ManagerAccessLevel) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ManagerAccessLevel) ValidateCreate

func (r *ManagerAccessLevel) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ManagerAccessLevel) ValidateDelete

func (r *ManagerAccessLevel) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ManagerAccessLevel) ValidateUpdate

func (r *ManagerAccessLevel) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ManagerAccessLevelBatch

type ManagerAccessLevelBatch struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ManagerAccessLevelBatchSpec   `json:"spec,omitempty"`
	Status            ManagerAccessLevelBatchStatus `json:"status,omitempty"`
}

func (*ManagerAccessLevelBatch) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatch.

func (*ManagerAccessLevelBatch) DeepCopyInto

func (in *ManagerAccessLevelBatch) DeepCopyInto(out *ManagerAccessLevelBatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerAccessLevelBatch) DeepCopyObject

func (in *ManagerAccessLevelBatch) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagerAccessLevelBatch) SetupWebhookWithManager

func (r *ManagerAccessLevelBatch) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ManagerAccessLevelBatch) ValidateCreate

func (r *ManagerAccessLevelBatch) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ManagerAccessLevelBatch) ValidateDelete

func (r *ManagerAccessLevelBatch) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ManagerAccessLevelBatch) ValidateUpdate

func (r *ManagerAccessLevelBatch) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ManagerAccessLevelBatchList

type ManagerAccessLevelBatchList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	// Items is a list of ManagerAccessLevelBatch CRD objects
	Items []ManagerAccessLevelBatch `json:"items,omitempty"`
}

ManagerAccessLevelBatchList is a list of ManagerAccessLevelBatchs

func (*ManagerAccessLevelBatchList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchList.

func (*ManagerAccessLevelBatchList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerAccessLevelBatchList) DeepCopyObject

func (in *ManagerAccessLevelBatchList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagerAccessLevelBatchSpec

type ManagerAccessLevelBatchSpec struct {
	State *ManagerAccessLevelBatchSpecResource `json:"state,omitempty" tf:"-"`

	Resource ManagerAccessLevelBatchSpecResource `json:"resource" tf:"resource"`

	UpdatePolicy base.UpdatePolicy `json:"updatePolicy,omitempty" tf:"-"`

	TerminationPolicy base.TerminationPolicy `json:"terminationPolicy,omitempty" tf:"-"`

	ProviderRef core.LocalObjectReference `json:"providerRef" tf:"-"`
}

func (*ManagerAccessLevelBatchSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpec.

func (*ManagerAccessLevelBatchSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchSpecAccessLevels

type ManagerAccessLevelBatchSpecAccessLevels struct {
	// A set of predefined conditions for the access level and a combining function.
	// +optional
	Basic *ManagerAccessLevelBatchSpecAccessLevelsBasic `json:"basic,omitempty" tf:"basic"`
	// Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.
	// See CEL spec at: https://github.com/google/cel-spec.
	// +optional
	Custom *ManagerAccessLevelBatchSpecAccessLevelsCustom `json:"custom,omitempty" tf:"custom"`
	// Description of the AccessLevel and its use. Does not affect behavior.
	// +optional
	Description *string `json:"description,omitempty" tf:"description"`
	// Resource name for the Access Level. The short_name component must begin
	// with a letter and only include alphanumeric and '_'.
	// Format: accessPolicies/{policy_id}/accessLevels/{short_name}
	Name *string `json:"name" tf:"name"`
	// Human readable title. Must be unique within the Policy.
	Title *string `json:"title" tf:"title"`
}

func (*ManagerAccessLevelBatchSpecAccessLevels) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpecAccessLevels.

func (*ManagerAccessLevelBatchSpecAccessLevels) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchSpecAccessLevelsBasic

type ManagerAccessLevelBatchSpecAccessLevelsBasic struct {
	// How the conditions list should be combined to determine if a request
	// is granted this AccessLevel. If AND is used, each Condition in
	// conditions must be satisfied for the AccessLevel to be applied. If
	// OR is used, at least one Condition in conditions must be satisfied
	// for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]
	// +optional
	CombiningFunction *string `json:"combiningFunction,omitempty" tf:"combining_function"`
	// A set of requirements for the AccessLevel to be granted.
	// +kubebuilder:validation:MinItems=1
	Conditions []ManagerAccessLevelBatchSpecAccessLevelsBasicConditions `json:"conditions" tf:"conditions"`
}

func (*ManagerAccessLevelBatchSpecAccessLevelsBasic) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpecAccessLevelsBasic.

func (*ManagerAccessLevelBatchSpecAccessLevelsBasic) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchSpecAccessLevelsBasicCodec

type ManagerAccessLevelBatchSpecAccessLevelsBasicCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelBatchSpecAccessLevelsBasicCodec) Decode

func (ManagerAccessLevelBatchSpecAccessLevelsBasicCodec) Encode

func (ManagerAccessLevelBatchSpecAccessLevelsBasicCodec) IsEmpty

type ManagerAccessLevelBatchSpecAccessLevelsBasicConditions

type ManagerAccessLevelBatchSpecAccessLevelsBasicConditions struct {
	// Device specific restrictions, all restrictions must hold for
	// the Condition to be true. If not specified, all devices are
	// allowed.
	// +optional
	DevicePolicy *ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicy `json:"devicePolicy,omitempty" tf:"device_policy"`
	// A list of CIDR block IP subnetwork specification. May be IPv4
	// or IPv6.
	// Note that for a CIDR IP address block, the specified IP address
	// portion must be properly truncated (i.e. all the host bits must
	// be zero) or the input is considered malformed. For example,
	// "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
	// for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
	// is not. The originating IP of a request must be in one of the
	// listed subnets in order for this Condition to be true.
	// If empty, all IP addresses are allowed.
	// +optional
	IpSubnetworks []string `json:"ipSubnetworks,omitempty" tf:"ip_subnetworks"`
	// An allowed list of members (users, service accounts).
	// Using groups is not supported yet.
	//
	// The signed-in user originating the request must be a part of one
	// of the provided members. If not specified, a request may come
	// from any user (logged in/not logged in, not present in any
	// groups, etc.).
	// Formats: 'user:{emailid}', 'serviceAccount:{emailid}'
	// +optional
	Members []string `json:"members,omitempty" tf:"members"`
	// Whether to negate the Condition. If true, the Condition becomes
	// a NAND over its non-empty fields, each field must be false for
	// the Condition overall to be satisfied. Defaults to false.
	// +optional
	Negate *bool `json:"negate,omitempty" tf:"negate"`
	// The request must originate from one of the provided
	// countries/regions.
	// Format: A valid ISO 3166-1 alpha-2 code.
	// +optional
	Regions []string `json:"regions,omitempty" tf:"regions"`
	// A list of other access levels defined in the same Policy,
	// referenced by resource name. Referencing an AccessLevel which
	// does not exist is an error. All access levels listed must be
	// granted for the Condition to be true.
	// Format: accessPolicies/{policy_id}/accessLevels/{short_name}
	// +optional
	RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels"`
}

func (*ManagerAccessLevelBatchSpecAccessLevelsBasicConditions) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpecAccessLevelsBasicConditions.

func (*ManagerAccessLevelBatchSpecAccessLevelsBasicConditions) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicy

type ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicy struct {
	// A list of allowed device management levels.
	// An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]
	// +optional
	AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty" tf:"allowed_device_management_levels"`
	// A list of allowed encryptions statuses.
	// An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]
	// +optional
	AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty" tf:"allowed_encryption_statuses"`
	// A list of allowed OS versions.
	// An empty list allows all types and all versions.
	// +optional
	OsConstraints []ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyOsConstraints `json:"osConstraints,omitempty" tf:"os_constraints"`
	// Whether the device needs to be approved by the customer admin.
	// +optional
	RequireAdminApproval *bool `json:"requireAdminApproval,omitempty" tf:"require_admin_approval"`
	// Whether the device needs to be corp owned.
	// +optional
	RequireCorpOwned *bool `json:"requireCorpOwned,omitempty" tf:"require_corp_owned"`
	// Whether or not screenlock is required for the DevicePolicy
	// to be true. Defaults to false.
	// +optional
	RequireScreenLock *bool `json:"requireScreenLock,omitempty" tf:"require_screen_lock"`
}

func (*ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicy) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicy.

func (*ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicy) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyCodec

type ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyCodec) Decode

func (ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyCodec) Encode

func (ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyCodec) IsEmpty

type ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyOsConstraints

type ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyOsConstraints struct {
	// The minimum allowed OS version. If not set, any version
	// of this OS satisfies the constraint.
	// Format: "major.minor.patch" such as "10.5.301", "9.2.1".
	// +optional
	MinimumVersion *string `json:"minimumVersion,omitempty" tf:"minimum_version"`
	// The operating system type of the device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS"]
	OsType *string `json:"osType" tf:"os_type"`
}

func (*ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyOsConstraints) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyOsConstraints.

func (*ManagerAccessLevelBatchSpecAccessLevelsBasicConditionsDevicePolicyOsConstraints) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchSpecAccessLevelsCustom

type ManagerAccessLevelBatchSpecAccessLevelsCustom struct {
	// Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
	// This page details the objects and attributes that are used to the build the CEL expressions for
	// custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
	Expr *ManagerAccessLevelBatchSpecAccessLevelsCustomExpr `json:"expr" tf:"expr"`
}

func (*ManagerAccessLevelBatchSpecAccessLevelsCustom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpecAccessLevelsCustom.

func (*ManagerAccessLevelBatchSpecAccessLevelsCustom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchSpecAccessLevelsCustomCodec

type ManagerAccessLevelBatchSpecAccessLevelsCustomCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelBatchSpecAccessLevelsCustomCodec) Decode

func (ManagerAccessLevelBatchSpecAccessLevelsCustomCodec) Encode

func (ManagerAccessLevelBatchSpecAccessLevelsCustomCodec) IsEmpty

type ManagerAccessLevelBatchSpecAccessLevelsCustomExpr

type ManagerAccessLevelBatchSpecAccessLevelsCustomExpr struct {
	// Description of the expression
	// +optional
	Description *string `json:"description,omitempty" tf:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `json:"expression" tf:"expression"`
	// String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
	// +optional
	Location *string `json:"location,omitempty" tf:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// +optional
	Title *string `json:"title,omitempty" tf:"title"`
}

func (*ManagerAccessLevelBatchSpecAccessLevelsCustomExpr) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpecAccessLevelsCustomExpr.

func (*ManagerAccessLevelBatchSpecAccessLevelsCustomExpr) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchSpecAccessLevelsCustomExprCodec

type ManagerAccessLevelBatchSpecAccessLevelsCustomExprCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelBatchSpecAccessLevelsCustomExprCodec) Decode

func (ManagerAccessLevelBatchSpecAccessLevelsCustomExprCodec) Encode

func (ManagerAccessLevelBatchSpecAccessLevelsCustomExprCodec) IsEmpty

type ManagerAccessLevelBatchSpecResource

type ManagerAccessLevelBatchSpecResource struct {
	Timeouts *base.ResourceTimeout `json:"timeouts,omitempty" tf:"timeouts"`

	ID string `json:"id,omitempty" tf:"id,omitempty"`

	// The desired Access Levels that should replace all existing Access Levels in the Access Policy.
	// +optional
	AccessLevels []ManagerAccessLevelBatchSpecAccessLevels `json:"accessLevels,omitempty" tf:"access_levels"`
	// The AccessPolicy this AccessLevel lives in.
	// Format: accessPolicies/{policy_id}
	Parent *string `json:"parent" tf:"parent"`
}

func (*ManagerAccessLevelBatchSpecResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchSpecResource.

func (*ManagerAccessLevelBatchSpecResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelBatchStatus

type ManagerAccessLevelBatchStatus struct {
	// Resource generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// +optional
	Phase status.Status `json:"phase,omitempty"`
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*ManagerAccessLevelBatchStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelBatchStatus.

func (*ManagerAccessLevelBatchStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelCondition

type ManagerAccessLevelCondition struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ManagerAccessLevelConditionSpec   `json:"spec,omitempty"`
	Status            ManagerAccessLevelConditionStatus `json:"status,omitempty"`
}

func (*ManagerAccessLevelCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelCondition.

func (*ManagerAccessLevelCondition) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerAccessLevelCondition) DeepCopyObject

func (in *ManagerAccessLevelCondition) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagerAccessLevelCondition) SetupWebhookWithManager

func (r *ManagerAccessLevelCondition) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ManagerAccessLevelCondition) ValidateCreate

func (r *ManagerAccessLevelCondition) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ManagerAccessLevelCondition) ValidateDelete

func (r *ManagerAccessLevelCondition) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ManagerAccessLevelCondition) ValidateUpdate

func (r *ManagerAccessLevelCondition) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ManagerAccessLevelConditionList

type ManagerAccessLevelConditionList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	// Items is a list of ManagerAccessLevelCondition CRD objects
	Items []ManagerAccessLevelCondition `json:"items,omitempty"`
}

ManagerAccessLevelConditionList is a list of ManagerAccessLevelConditions

func (*ManagerAccessLevelConditionList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelConditionList.

func (*ManagerAccessLevelConditionList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerAccessLevelConditionList) DeepCopyObject

func (in *ManagerAccessLevelConditionList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagerAccessLevelConditionSpec

type ManagerAccessLevelConditionSpec struct {
	State *ManagerAccessLevelConditionSpecResource `json:"state,omitempty" tf:"-"`

	Resource ManagerAccessLevelConditionSpecResource `json:"resource" tf:"resource"`

	UpdatePolicy base.UpdatePolicy `json:"updatePolicy,omitempty" tf:"-"`

	TerminationPolicy base.TerminationPolicy `json:"terminationPolicy,omitempty" tf:"-"`

	ProviderRef core.LocalObjectReference `json:"providerRef" tf:"-"`
}

func (*ManagerAccessLevelConditionSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelConditionSpec.

func (*ManagerAccessLevelConditionSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelConditionSpecDevicePolicy

type ManagerAccessLevelConditionSpecDevicePolicy struct {
	// A list of allowed device management levels.
	// An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]
	// +optional
	AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty" tf:"allowed_device_management_levels"`
	// A list of allowed encryptions statuses.
	// An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]
	// +optional
	AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty" tf:"allowed_encryption_statuses"`
	// A list of allowed OS versions.
	// An empty list allows all types and all versions.
	// +optional
	OsConstraints []ManagerAccessLevelConditionSpecDevicePolicyOsConstraints `json:"osConstraints,omitempty" tf:"os_constraints"`
	// Whether the device needs to be approved by the customer admin.
	// +optional
	RequireAdminApproval *bool `json:"requireAdminApproval,omitempty" tf:"require_admin_approval"`
	// Whether the device needs to be corp owned.
	// +optional
	RequireCorpOwned *bool `json:"requireCorpOwned,omitempty" tf:"require_corp_owned"`
	// Whether or not screenlock is required for the DevicePolicy
	// to be true. Defaults to false.
	// +optional
	RequireScreenLock *bool `json:"requireScreenLock,omitempty" tf:"require_screen_lock"`
}

func (*ManagerAccessLevelConditionSpecDevicePolicy) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelConditionSpecDevicePolicy.

func (*ManagerAccessLevelConditionSpecDevicePolicy) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelConditionSpecDevicePolicyCodec

type ManagerAccessLevelConditionSpecDevicePolicyCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelConditionSpecDevicePolicyCodec) Decode

func (ManagerAccessLevelConditionSpecDevicePolicyCodec) Encode

func (ManagerAccessLevelConditionSpecDevicePolicyCodec) IsEmpty

type ManagerAccessLevelConditionSpecDevicePolicyOsConstraints

type ManagerAccessLevelConditionSpecDevicePolicyOsConstraints struct {
	// The minimum allowed OS version. If not set, any version
	// of this OS satisfies the constraint.
	// Format: "major.minor.patch" such as "10.5.301", "9.2.1".
	// +optional
	MinimumVersion *string `json:"minimumVersion,omitempty" tf:"minimum_version"`
	// The operating system type of the device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS"]
	OsType *string `json:"osType" tf:"os_type"`
}

func (*ManagerAccessLevelConditionSpecDevicePolicyOsConstraints) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelConditionSpecDevicePolicyOsConstraints.

func (*ManagerAccessLevelConditionSpecDevicePolicyOsConstraints) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelConditionSpecResource

type ManagerAccessLevelConditionSpecResource struct {
	Timeouts *base.ResourceTimeout `json:"timeouts,omitempty" tf:"timeouts"`

	ID string `json:"id,omitempty" tf:"id,omitempty"`

	// The name of the Access Level to add this condition to.
	AccessLevel *string `json:"accessLevel" tf:"access_level"`
	// Device specific restrictions, all restrictions must hold for
	// the Condition to be true. If not specified, all devices are
	// allowed.
	// +optional
	DevicePolicy *ManagerAccessLevelConditionSpecDevicePolicy `json:"devicePolicy,omitempty" tf:"device_policy"`
	// A list of CIDR block IP subnetwork specification. May be IPv4
	// or IPv6.
	// Note that for a CIDR IP address block, the specified IP address
	// portion must be properly truncated (i.e. all the host bits must
	// be zero) or the input is considered malformed. For example,
	// "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
	// for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
	// is not. The originating IP of a request must be in one of the
	// listed subnets in order for this Condition to be true.
	// If empty, all IP addresses are allowed.
	// +optional
	IpSubnetworks []string `json:"ipSubnetworks,omitempty" tf:"ip_subnetworks"`
	// An allowed list of members (users, service accounts).
	// Using groups is not supported yet.
	//
	// The signed-in user originating the request must be a part of one
	// of the provided members. If not specified, a request may come
	// from any user (logged in/not logged in, not present in any
	// groups, etc.).
	// Formats: 'user:{emailid}', 'serviceAccount:{emailid}'
	// +optional
	Members []string `json:"members,omitempty" tf:"members"`
	// Whether to negate the Condition. If true, the Condition becomes
	// a NAND over its non-empty fields, each field must be false for
	// the Condition overall to be satisfied. Defaults to false.
	// +optional
	Negate *bool `json:"negate,omitempty" tf:"negate"`
	// The request must originate from one of the provided
	// countries/regions.
	// Format: A valid ISO 3166-1 alpha-2 code.
	// +optional
	Regions []string `json:"regions,omitempty" tf:"regions"`
	// A list of other access levels defined in the same Policy,
	// referenced by resource name. Referencing an AccessLevel which
	// does not exist is an error. All access levels listed must be
	// granted for the Condition to be true.
	// Format: accessPolicies/{policy_id}/accessLevels/{short_name}
	// +optional
	RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels"`
}

func (*ManagerAccessLevelConditionSpecResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelConditionSpecResource.

func (*ManagerAccessLevelConditionSpecResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelConditionStatus

type ManagerAccessLevelConditionStatus struct {
	// Resource generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// +optional
	Phase status.Status `json:"phase,omitempty"`
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*ManagerAccessLevelConditionStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelConditionStatus.

func (*ManagerAccessLevelConditionStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelList

type ManagerAccessLevelList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	// Items is a list of ManagerAccessLevel CRD objects
	Items []ManagerAccessLevel `json:"items,omitempty"`
}

ManagerAccessLevelList is a list of ManagerAccessLevels

func (*ManagerAccessLevelList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelList.

func (*ManagerAccessLevelList) DeepCopyInto

func (in *ManagerAccessLevelList) DeepCopyInto(out *ManagerAccessLevelList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerAccessLevelList) DeepCopyObject

func (in *ManagerAccessLevelList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagerAccessLevelSpec

type ManagerAccessLevelSpec struct {
	State *ManagerAccessLevelSpecResource `json:"state,omitempty" tf:"-"`

	Resource ManagerAccessLevelSpecResource `json:"resource" tf:"resource"`

	UpdatePolicy base.UpdatePolicy `json:"updatePolicy,omitempty" tf:"-"`

	TerminationPolicy base.TerminationPolicy `json:"terminationPolicy,omitempty" tf:"-"`

	ProviderRef core.LocalObjectReference `json:"providerRef" tf:"-"`
}

func (*ManagerAccessLevelSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelSpec.

func (*ManagerAccessLevelSpec) DeepCopyInto

func (in *ManagerAccessLevelSpec) DeepCopyInto(out *ManagerAccessLevelSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelSpecBasic

type ManagerAccessLevelSpecBasic struct {
	// How the conditions list should be combined to determine if a request
	// is granted this AccessLevel. If AND is used, each Condition in
	// conditions must be satisfied for the AccessLevel to be applied. If
	// OR is used, at least one Condition in conditions must be satisfied
	// for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]
	// +optional
	CombiningFunction *string `json:"combiningFunction,omitempty" tf:"combining_function"`
	// A set of requirements for the AccessLevel to be granted.
	// +kubebuilder:validation:MinItems=1
	Conditions []ManagerAccessLevelSpecBasicConditions `json:"conditions" tf:"conditions"`
}

func (*ManagerAccessLevelSpecBasic) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelSpecBasic.

func (*ManagerAccessLevelSpecBasic) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelSpecBasicCodec

type ManagerAccessLevelSpecBasicCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelSpecBasicCodec) Decode

func (ManagerAccessLevelSpecBasicCodec) Encode

func (ManagerAccessLevelSpecBasicCodec) IsEmpty

type ManagerAccessLevelSpecBasicConditions

type ManagerAccessLevelSpecBasicConditions struct {
	// Device specific restrictions, all restrictions must hold for
	// the Condition to be true. If not specified, all devices are
	// allowed.
	// +optional
	DevicePolicy *ManagerAccessLevelSpecBasicConditionsDevicePolicy `json:"devicePolicy,omitempty" tf:"device_policy"`
	// A list of CIDR block IP subnetwork specification. May be IPv4
	// or IPv6.
	// Note that for a CIDR IP address block, the specified IP address
	// portion must be properly truncated (i.e. all the host bits must
	// be zero) or the input is considered malformed. For example,
	// "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
	// for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
	// is not. The originating IP of a request must be in one of the
	// listed subnets in order for this Condition to be true.
	// If empty, all IP addresses are allowed.
	// +optional
	IpSubnetworks []string `json:"ipSubnetworks,omitempty" tf:"ip_subnetworks"`
	// An allowed list of members (users, service accounts).
	// Using groups is not supported yet.
	//
	// The signed-in user originating the request must be a part of one
	// of the provided members. If not specified, a request may come
	// from any user (logged in/not logged in, not present in any
	// groups, etc.).
	// Formats: 'user:{emailid}', 'serviceAccount:{emailid}'
	// +optional
	Members []string `json:"members,omitempty" tf:"members"`
	// Whether to negate the Condition. If true, the Condition becomes
	// a NAND over its non-empty fields, each field must be false for
	// the Condition overall to be satisfied. Defaults to false.
	// +optional
	Negate *bool `json:"negate,omitempty" tf:"negate"`
	// The request must originate from one of the provided
	// countries/regions.
	// Format: A valid ISO 3166-1 alpha-2 code.
	// +optional
	Regions []string `json:"regions,omitempty" tf:"regions"`
	// A list of other access levels defined in the same Policy,
	// referenced by resource name. Referencing an AccessLevel which
	// does not exist is an error. All access levels listed must be
	// granted for the Condition to be true.
	// Format: accessPolicies/{policy_id}/accessLevels/{short_name}
	// +optional
	RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels"`
}

func (*ManagerAccessLevelSpecBasicConditions) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelSpecBasicConditions.

func (*ManagerAccessLevelSpecBasicConditions) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelSpecBasicConditionsDevicePolicy

type ManagerAccessLevelSpecBasicConditionsDevicePolicy struct {
	// A list of allowed device management levels.
	// An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]
	// +optional
	AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty" tf:"allowed_device_management_levels"`
	// A list of allowed encryptions statuses.
	// An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]
	// +optional
	AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty" tf:"allowed_encryption_statuses"`
	// A list of allowed OS versions.
	// An empty list allows all types and all versions.
	// +optional
	OsConstraints []ManagerAccessLevelSpecBasicConditionsDevicePolicyOsConstraints `json:"osConstraints,omitempty" tf:"os_constraints"`
	// Whether the device needs to be approved by the customer admin.
	// +optional
	RequireAdminApproval *bool `json:"requireAdminApproval,omitempty" tf:"require_admin_approval"`
	// Whether the device needs to be corp owned.
	// +optional
	RequireCorpOwned *bool `json:"requireCorpOwned,omitempty" tf:"require_corp_owned"`
	// Whether or not screenlock is required for the DevicePolicy
	// to be true. Defaults to false.
	// +optional
	RequireScreenLock *bool `json:"requireScreenLock,omitempty" tf:"require_screen_lock"`
}

func (*ManagerAccessLevelSpecBasicConditionsDevicePolicy) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelSpecBasicConditionsDevicePolicy.

func (*ManagerAccessLevelSpecBasicConditionsDevicePolicy) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelSpecBasicConditionsDevicePolicyCodec

type ManagerAccessLevelSpecBasicConditionsDevicePolicyCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelSpecBasicConditionsDevicePolicyCodec) Decode

func (ManagerAccessLevelSpecBasicConditionsDevicePolicyCodec) Encode

func (ManagerAccessLevelSpecBasicConditionsDevicePolicyCodec) IsEmpty

type ManagerAccessLevelSpecBasicConditionsDevicePolicyOsConstraints

type ManagerAccessLevelSpecBasicConditionsDevicePolicyOsConstraints struct {
	// The minimum allowed OS version. If not set, any version
	// of this OS satisfies the constraint.
	// Format: "major.minor.patch" such as "10.5.301", "9.2.1".
	// +optional
	MinimumVersion *string `json:"minimumVersion,omitempty" tf:"minimum_version"`
	// The operating system type of the device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", "ANDROID", "IOS"]
	OsType *string `json:"osType" tf:"os_type"`
	// If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access.
	// +optional
	RequireVerifiedChromeOs *bool `json:"requireVerifiedChromeOs,omitempty" tf:"require_verified_chrome_os"`
}

func (*ManagerAccessLevelSpecBasicConditionsDevicePolicyOsConstraints) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelSpecBasicConditionsDevicePolicyOsConstraints.

func (*ManagerAccessLevelSpecBasicConditionsDevicePolicyOsConstraints) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelSpecCustom

type ManagerAccessLevelSpecCustom struct {
	// Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.
	// This page details the objects and attributes that are used to the build the CEL expressions for
	// custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.
	Expr *ManagerAccessLevelSpecCustomExpr `json:"expr" tf:"expr"`
}

func (*ManagerAccessLevelSpecCustom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelSpecCustom.

func (*ManagerAccessLevelSpecCustom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelSpecCustomCodec

type ManagerAccessLevelSpecCustomCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelSpecCustomCodec) Decode

func (ManagerAccessLevelSpecCustomCodec) Encode

func (ManagerAccessLevelSpecCustomCodec) IsEmpty

type ManagerAccessLevelSpecCustomExpr

type ManagerAccessLevelSpecCustomExpr struct {
	// Description of the expression
	// +optional
	Description *string `json:"description,omitempty" tf:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `json:"expression" tf:"expression"`
	// String indicating the location of the expression for error reporting, e.g. a file name and a position in the file
	// +optional
	Location *string `json:"location,omitempty" tf:"location"`
	// Title for the expression, i.e. a short string describing its purpose.
	// +optional
	Title *string `json:"title,omitempty" tf:"title"`
}

func (*ManagerAccessLevelSpecCustomExpr) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelSpecCustomExpr.

func (*ManagerAccessLevelSpecCustomExpr) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelSpecCustomExprCodec

type ManagerAccessLevelSpecCustomExprCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerAccessLevelSpecCustomExprCodec) Decode

func (ManagerAccessLevelSpecCustomExprCodec) Encode

func (ManagerAccessLevelSpecCustomExprCodec) IsEmpty

type ManagerAccessLevelSpecResource

type ManagerAccessLevelSpecResource struct {
	Timeouts *base.ResourceTimeout `json:"timeouts,omitempty" tf:"timeouts"`

	ID string `json:"id,omitempty" tf:"id,omitempty"`

	// A set of predefined conditions for the access level and a combining function.
	// +optional
	Basic *ManagerAccessLevelSpecBasic `json:"basic,omitempty" tf:"basic"`
	// Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.
	// See CEL spec at: https://github.com/google/cel-spec.
	// +optional
	Custom *ManagerAccessLevelSpecCustom `json:"custom,omitempty" tf:"custom"`
	// Description of the AccessLevel and its use. Does not affect behavior.
	// +optional
	Description *string `json:"description,omitempty" tf:"description"`
	// Resource name for the Access Level. The short_name component must begin
	// with a letter and only include alphanumeric and '_'.
	// Format: accessPolicies/{policy_id}/accessLevels/{short_name}
	Name *string `json:"name" tf:"name"`
	// The AccessPolicy this AccessLevel lives in.
	// Format: accessPolicies/{policy_id}
	Parent *string `json:"parent" tf:"parent"`
	// Human readable title. Must be unique within the Policy.
	Title *string `json:"title" tf:"title"`
}

func (*ManagerAccessLevelSpecResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelSpecResource.

func (*ManagerAccessLevelSpecResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessLevelStatus

type ManagerAccessLevelStatus struct {
	// Resource generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// +optional
	Phase status.Status `json:"phase,omitempty"`
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*ManagerAccessLevelStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessLevelStatus.

func (*ManagerAccessLevelStatus) DeepCopyInto

func (in *ManagerAccessLevelStatus) DeepCopyInto(out *ManagerAccessLevelStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessPolicy

type ManagerAccessPolicy struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ManagerAccessPolicySpec   `json:"spec,omitempty"`
	Status            ManagerAccessPolicyStatus `json:"status,omitempty"`
}

func (*ManagerAccessPolicy) DeepCopy

func (in *ManagerAccessPolicy) DeepCopy() *ManagerAccessPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessPolicy.

func (*ManagerAccessPolicy) DeepCopyInto

func (in *ManagerAccessPolicy) DeepCopyInto(out *ManagerAccessPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerAccessPolicy) DeepCopyObject

func (in *ManagerAccessPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagerAccessPolicy) SetupWebhookWithManager

func (r *ManagerAccessPolicy) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ManagerAccessPolicy) ValidateCreate

func (r *ManagerAccessPolicy) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ManagerAccessPolicy) ValidateDelete

func (r *ManagerAccessPolicy) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ManagerAccessPolicy) ValidateUpdate

func (r *ManagerAccessPolicy) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ManagerAccessPolicyList

type ManagerAccessPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	// Items is a list of ManagerAccessPolicy CRD objects
	Items []ManagerAccessPolicy `json:"items,omitempty"`
}

ManagerAccessPolicyList is a list of ManagerAccessPolicys

func (*ManagerAccessPolicyList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessPolicyList.

func (*ManagerAccessPolicyList) DeepCopyInto

func (in *ManagerAccessPolicyList) DeepCopyInto(out *ManagerAccessPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerAccessPolicyList) DeepCopyObject

func (in *ManagerAccessPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagerAccessPolicySpec

type ManagerAccessPolicySpec struct {
	State *ManagerAccessPolicySpecResource `json:"state,omitempty" tf:"-"`

	Resource ManagerAccessPolicySpecResource `json:"resource" tf:"resource"`

	UpdatePolicy base.UpdatePolicy `json:"updatePolicy,omitempty" tf:"-"`

	TerminationPolicy base.TerminationPolicy `json:"terminationPolicy,omitempty" tf:"-"`

	ProviderRef core.LocalObjectReference `json:"providerRef" tf:"-"`
}

func (*ManagerAccessPolicySpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessPolicySpec.

func (*ManagerAccessPolicySpec) DeepCopyInto

func (in *ManagerAccessPolicySpec) DeepCopyInto(out *ManagerAccessPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessPolicySpecResource

type ManagerAccessPolicySpecResource struct {
	Timeouts *base.ResourceTimeout `json:"timeouts,omitempty" tf:"timeouts"`

	ID string `json:"id,omitempty" tf:"id,omitempty"`

	// Time the AccessPolicy was created in UTC.
	// +optional
	CreateTime *string `json:"createTime,omitempty" tf:"create_time"`
	// Resource name of the AccessPolicy. Format: {policy_id}
	// +optional
	Name *string `json:"name,omitempty" tf:"name"`
	// The parent of this AccessPolicy in the Cloud Resource Hierarchy.
	// Format: organizations/{organization_id}
	Parent *string `json:"parent" tf:"parent"`
	// Human readable title. Does not affect behavior.
	Title *string `json:"title" tf:"title"`
	// Time the AccessPolicy was updated in UTC.
	// +optional
	UpdateTime *string `json:"updateTime,omitempty" tf:"update_time"`
}

func (*ManagerAccessPolicySpecResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessPolicySpecResource.

func (*ManagerAccessPolicySpecResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerAccessPolicyStatus

type ManagerAccessPolicyStatus struct {
	// Resource generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// +optional
	Phase status.Status `json:"phase,omitempty"`
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*ManagerAccessPolicyStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerAccessPolicyStatus.

func (*ManagerAccessPolicyStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerGcpUserAccessBinding

type ManagerGcpUserAccessBinding struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ManagerGcpUserAccessBindingSpec   `json:"spec,omitempty"`
	Status            ManagerGcpUserAccessBindingStatus `json:"status,omitempty"`
}

func (*ManagerGcpUserAccessBinding) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerGcpUserAccessBinding.

func (*ManagerGcpUserAccessBinding) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerGcpUserAccessBinding) DeepCopyObject

func (in *ManagerGcpUserAccessBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagerGcpUserAccessBinding) SetupWebhookWithManager

func (r *ManagerGcpUserAccessBinding) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ManagerGcpUserAccessBinding) ValidateCreate

func (r *ManagerGcpUserAccessBinding) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ManagerGcpUserAccessBinding) ValidateDelete

func (r *ManagerGcpUserAccessBinding) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ManagerGcpUserAccessBinding) ValidateUpdate

func (r *ManagerGcpUserAccessBinding) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ManagerGcpUserAccessBindingList

type ManagerGcpUserAccessBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	// Items is a list of ManagerGcpUserAccessBinding CRD objects
	Items []ManagerGcpUserAccessBinding `json:"items,omitempty"`
}

ManagerGcpUserAccessBindingList is a list of ManagerGcpUserAccessBindings

func (*ManagerGcpUserAccessBindingList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerGcpUserAccessBindingList.

func (*ManagerGcpUserAccessBindingList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerGcpUserAccessBindingList) DeepCopyObject

func (in *ManagerGcpUserAccessBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagerGcpUserAccessBindingSpec

type ManagerGcpUserAccessBindingSpec struct {
	State *ManagerGcpUserAccessBindingSpecResource `json:"state,omitempty" tf:"-"`

	Resource ManagerGcpUserAccessBindingSpecResource `json:"resource" tf:"resource"`

	UpdatePolicy base.UpdatePolicy `json:"updatePolicy,omitempty" tf:"-"`

	TerminationPolicy base.TerminationPolicy `json:"terminationPolicy,omitempty" tf:"-"`

	ProviderRef core.LocalObjectReference `json:"providerRef" tf:"-"`
}

func (*ManagerGcpUserAccessBindingSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerGcpUserAccessBindingSpec.

func (*ManagerGcpUserAccessBindingSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerGcpUserAccessBindingSpecResource

type ManagerGcpUserAccessBindingSpecResource struct {
	Timeouts *base.ResourceTimeout `json:"timeouts,omitempty" tf:"timeouts"`

	ID string `json:"id,omitempty" tf:"id,omitempty"`

	// Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
	AccessLevels []string `json:"accessLevels" tf:"access_levels"`
	// Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
	GroupKey *string `json:"groupKey" tf:"group_key"`
	// Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
	// +optional
	Name *string `json:"name,omitempty" tf:"name"`
	// Required. ID of the parent organization.
	OrganizationID *string `json:"organizationID" tf:"organization_id"`
}

func (*ManagerGcpUserAccessBindingSpecResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerGcpUserAccessBindingSpecResource.

func (*ManagerGcpUserAccessBindingSpecResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerGcpUserAccessBindingStatus

type ManagerGcpUserAccessBindingStatus struct {
	// Resource generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// +optional
	Phase status.Status `json:"phase,omitempty"`
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*ManagerGcpUserAccessBindingStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerGcpUserAccessBindingStatus.

func (*ManagerGcpUserAccessBindingStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeter

type ManagerServicePerimeter struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ManagerServicePerimeterSpec   `json:"spec,omitempty"`
	Status            ManagerServicePerimeterStatus `json:"status,omitempty"`
}

func (*ManagerServicePerimeter) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeter.

func (*ManagerServicePerimeter) DeepCopyInto

func (in *ManagerServicePerimeter) DeepCopyInto(out *ManagerServicePerimeter)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerServicePerimeter) DeepCopyObject

func (in *ManagerServicePerimeter) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagerServicePerimeter) SetupWebhookWithManager

func (r *ManagerServicePerimeter) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ManagerServicePerimeter) ValidateCreate

func (r *ManagerServicePerimeter) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ManagerServicePerimeter) ValidateDelete

func (r *ManagerServicePerimeter) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ManagerServicePerimeter) ValidateUpdate

func (r *ManagerServicePerimeter) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ManagerServicePerimeterBatch

type ManagerServicePerimeterBatch struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ManagerServicePerimeterBatchSpec   `json:"spec,omitempty"`
	Status            ManagerServicePerimeterBatchStatus `json:"status,omitempty"`
}

func (*ManagerServicePerimeterBatch) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatch.

func (*ManagerServicePerimeterBatch) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerServicePerimeterBatch) DeepCopyObject

func (in *ManagerServicePerimeterBatch) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagerServicePerimeterBatch) SetupWebhookWithManager

func (r *ManagerServicePerimeterBatch) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ManagerServicePerimeterBatch) ValidateCreate

func (r *ManagerServicePerimeterBatch) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ManagerServicePerimeterBatch) ValidateDelete

func (r *ManagerServicePerimeterBatch) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ManagerServicePerimeterBatch) ValidateUpdate

func (r *ManagerServicePerimeterBatch) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ManagerServicePerimeterBatchList

type ManagerServicePerimeterBatchList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	// Items is a list of ManagerServicePerimeterBatch CRD objects
	Items []ManagerServicePerimeterBatch `json:"items,omitempty"`
}

ManagerServicePerimeterBatchList is a list of ManagerServicePerimeterBatchs

func (*ManagerServicePerimeterBatchList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchList.

func (*ManagerServicePerimeterBatchList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerServicePerimeterBatchList) DeepCopyObject

func (in *ManagerServicePerimeterBatchList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagerServicePerimeterBatchSpec

type ManagerServicePerimeterBatchSpec struct {
	State *ManagerServicePerimeterBatchSpecResource `json:"state,omitempty" tf:"-"`

	Resource ManagerServicePerimeterBatchSpecResource `json:"resource" tf:"resource"`

	UpdatePolicy base.UpdatePolicy `json:"updatePolicy,omitempty" tf:"-"`

	TerminationPolicy base.TerminationPolicy `json:"terminationPolicy,omitempty" tf:"-"`

	ProviderRef core.LocalObjectReference `json:"providerRef" tf:"-"`
}

func (*ManagerServicePerimeterBatchSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpec.

func (*ManagerServicePerimeterBatchSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecResource

type ManagerServicePerimeterBatchSpecResource struct {
	Timeouts *base.ResourceTimeout `json:"timeouts,omitempty" tf:"timeouts"`

	ID string `json:"id,omitempty" tf:"id,omitempty"`

	// The AccessPolicy this ServicePerimeter lives in.
	// Format: accessPolicies/{policy_id}
	Parent *string `json:"parent" tf:"parent"`
	// The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.
	// +optional
	ServicePerimeters []ManagerServicePerimeterBatchSpecServicePerimeters `json:"servicePerimeters,omitempty" tf:"service_perimeters"`
}

func (*ManagerServicePerimeterBatchSpecResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecResource.

func (*ManagerServicePerimeterBatchSpecResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimeters

type ManagerServicePerimeterBatchSpecServicePerimeters struct {
	// Time the AccessPolicy was created in UTC.
	// +optional
	CreateTime *string `json:"createTime,omitempty" tf:"create_time"`
	// Description of the ServicePerimeter and its use. Does not affect
	// behavior.
	// +optional
	Description *string `json:"description,omitempty" tf:"description"`
	// Resource name for the ServicePerimeter. The short_name component must
	// begin with a letter and only include alphanumeric and '_'.
	// Format: accessPolicies/{policy_id}/servicePerimeters/{short_name}
	Name *string `json:"name" tf:"name"`
	// Specifies the type of the Perimeter. There are two types: regular and
	// bridge. Regular Service Perimeter contains resources, access levels,
	// and restricted services. Every resource can be in at most
	// ONE regular Service Perimeter.
	//
	// In addition to being in a regular service perimeter, a resource can also
	// be in zero or more perimeter bridges. A perimeter bridge only contains
	// resources. Cross project operations are permitted if all effected
	// resources share some perimeter (whether bridge or regular). Perimeter
	// Bridge does not contain access levels or services: those are governed
	// entirely by the regular perimeter that resource is in.
	//
	// Perimeter Bridges are typically useful when building more complex
	// topologies with many independent perimeters that need to share some data
	// with a common perimeter, but should not be able to share data among
	// themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"]
	// +optional
	PerimeterType *string `json:"perimeterType,omitempty" tf:"perimeter_type"`
	// Proposed (or dry run) ServicePerimeter configuration.
	// This configuration allows to specify and test ServicePerimeter configuration
	// without enforcing actual access restrictions. Only allowed to be set when
	// the 'useExplicitDryRunSpec' flag is set.
	// +optional
	Spec *ManagerServicePerimeterBatchSpecServicePerimetersSpec `json:"spec,omitempty" tf:"spec"`
	// ServicePerimeter configuration. Specifies sets of resources,
	// restricted services and access levels that determine
	// perimeter content and boundaries.
	// +optional
	Status *ManagerServicePerimeterBatchSpecServicePerimetersStatus `json:"status,omitempty" tf:"status"`
	// Human readable title. Must be unique within the Policy.
	Title *string `json:"title" tf:"title"`
	// Time the AccessPolicy was updated in UTC.
	// +optional
	UpdateTime *string `json:"updateTime,omitempty" tf:"update_time"`
	// Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists
	// for all Service Perimeters, and that spec is identical to the status for those
	// Service Perimeters. When this flag is set, it inhibits the generation of the
	// implicit spec, thereby allowing the user to explicitly provide a
	// configuration ("spec") to use in a dry-run version of the Service Perimeter.
	// This allows the user to test changes to the enforced config ("status") without
	// actually enforcing them. This testing is done through analyzing the differences
	// between currently enforced and suggested restrictions. useExplicitDryRunSpec must
	// bet set to True if any of the fields in the spec are set to non-default values.
	// +optional
	UseExplicitDryRunSpec *bool `json:"useExplicitDryRunSpec,omitempty" tf:"use_explicit_dry_run_spec"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimeters) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimeters.

func (*ManagerServicePerimeterBatchSpecServicePerimeters) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpec

type ManagerServicePerimeterBatchSpecServicePerimetersSpec struct {
	// A list of AccessLevel resource names that allow resources within
	// the ServicePerimeter to be accessed from the internet.
	// AccessLevels listed must be in the same policy as this
	// ServicePerimeter. Referencing a nonexistent AccessLevel is a
	// syntax error. If no AccessLevel names are listed, resources within
	// the perimeter can only be accessed via GCP calls with request
	// origins within the perimeter. For Service Perimeter Bridge, must
	// be empty.
	//
	// Format: accessPolicies/{policy_id}/accessLevels/{access_level_name}
	// +optional
	AccessLevels []string `json:"accessLevels,omitempty" tf:"access_levels"`
	// List of EgressPolicies to apply to the perimeter. A perimeter may
	// have multiple EgressPolicies, each of which is evaluated separately.
	// Access is granted if any EgressPolicy grants it. Must be empty for
	// a perimeter bridge.
	// +optional
	EgressPolicies []ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPolicies `json:"egressPolicies,omitempty" tf:"egress_policies"`
	// List of 'IngressPolicies' to apply to the perimeter. A perimeter may
	// have multiple 'IngressPolicies', each of which is evaluated
	// separately. Access is granted if any 'Ingress Policy' grants it.
	// Must be empty for a perimeter bridge.
	// +optional
	IngressPolicies []ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPolicies `json:"ingressPolicies,omitempty" tf:"ingress_policies"`
	// A list of GCP resources that are inside of the service perimeter.
	// Currently only projects are allowed.
	// Format: projects/{project_number}
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
	// GCP services that are subject to the Service Perimeter
	// restrictions. Must contain a list of services. For example, if
	// 'storage.googleapis.com' is specified, access to the storage
	// buckets inside the perimeter must meet the perimeter's access
	// restrictions.
	// +optional
	RestrictedServices []string `json:"restrictedServices,omitempty" tf:"restricted_services"`
	// Specifies how APIs are allowed to communicate within the Service
	// Perimeter.
	// +optional
	VpcAccessibleServices *ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServices `json:"vpcAccessibleServices,omitempty" tf:"vpc_accessible_services"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpec.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecCodec

type ManagerServicePerimeterBatchSpecServicePerimetersSpecCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPolicies

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPolicies struct {
	// Defines conditions on the source of a request causing this 'EgressPolicy' to apply.
	// +optional
	EgressFrom *ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFrom `json:"egressFrom,omitempty" tf:"egress_from"`
	// Defines the conditions on the 'ApiOperation' and destination resources that
	// cause this 'EgressPolicy' to apply.
	// +optional
	EgressTo *ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressTo `json:"egressTo,omitempty" tf:"egress_to"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPolicies) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPolicies.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPolicies) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFrom

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFrom struct {
	// A list of identities that are allowed access through this 'EgressPolicy'.
	// Should be in the format of email address. The email address should
	// represent individual user or service account only.
	// +optional
	Identities []string `json:"identities,omitempty" tf:"identities"`
	// Specifies the type of identities that are allowed access to outside the
	// perimeter. If left unspecified, then members of 'identities' field will
	// be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]
	// +optional
	IdentityType *string `json:"identityType,omitempty" tf:"identity_type"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFrom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFrom.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFrom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFromCodec

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFromCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFromCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFromCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressFromCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressTo

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressTo struct {
	// A list of 'ApiOperations' that this egress rule applies to. A request matches
	// if it contains an operation/service in this list.
	// +optional
	Operations []ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperations `json:"operations,omitempty" tf:"operations"`
	// A list of resources, currently only projects in the form
	// 'projects/<projectnumber>', that match this to stanza. A request matches
	// if it contains a resource in this list. If * is specified for resources,
	// then this 'EgressTo' rule will authorize access to all resources outside
	// the perimeter.
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressTo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressTo.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressTo) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToCodec

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperations

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperations struct {
	// API methods or permissions to allow. Method or permission must belong
	// to the service specified by 'serviceName' field. A single MethodSelector
	// entry with '*' specified for the 'method' field will allow all methods
	// AND permissions for the service specified in 'serviceName'.
	// +optional
	MethodSelectors []ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperationsMethodSelectors `json:"methodSelectors,omitempty" tf:"method_selectors"`
	// The name of the API whose methods or permissions the 'IngressPolicy' or
	// 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName
	// field set to '*' will allow all methods AND permissions for all services.
	// +optional
	ServiceName *string `json:"serviceName,omitempty" tf:"service_name"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperations) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperations.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperations) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperationsMethodSelectors

type ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperationsMethodSelectors struct {
	// Value for 'method' should be a valid method name for the corresponding
	// 'serviceName' in 'ApiOperation'. If '*' used as value for method,
	// then ALL methods and permissions are allowed.
	// +optional
	Method *string `json:"method,omitempty" tf:"method"`
	// Value for permission should be a valid Cloud IAM permission for the
	// corresponding 'serviceName' in 'ApiOperation'.
	// +optional
	Permission *string `json:"permission,omitempty" tf:"permission"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperationsMethodSelectors) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperationsMethodSelectors.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecEgressPoliciesEgressToOperationsMethodSelectors) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPolicies

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPolicies struct {
	// Defines the conditions on the source of a request causing this 'IngressPolicy'
	// to apply.
	// +optional
	IngressFrom *ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFrom `json:"ingressFrom,omitempty" tf:"ingress_from"`
	// Defines the conditions on the 'ApiOperation' and request destination that cause
	// this 'IngressPolicy' to apply.
	// +optional
	IngressTo *ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressTo `json:"ingressTo,omitempty" tf:"ingress_to"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPolicies) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPolicies.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPolicies) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFrom

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFrom struct {
	// A list of identities that are allowed access through this ingress policy.
	// Should be in the format of email address. The email address should represent
	// individual user or service account only.
	// +optional
	Identities []string `json:"identities,omitempty" tf:"identities"`
	// Specifies the type of identities that are allowed access from outside the
	// perimeter. If left unspecified, then members of 'identities' field will be
	// allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]
	// +optional
	IdentityType *string `json:"identityType,omitempty" tf:"identity_type"`
	// Sources that this 'IngressPolicy' authorizes access from.
	// +optional
	Sources []ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromSources `json:"sources,omitempty" tf:"sources"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFrom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFrom.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFrom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromCodec

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromSources

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromSources struct {
	// An 'AccessLevel' resource name that allow resources within the
	// 'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed
	// must be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent
	// 'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,
	// resources within the perimeter can only be accessed via Google Cloud calls
	// with request origins within the perimeter.
	// Example 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'
	// If * is specified, then all IngressSources will be allowed.
	// +optional
	AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level"`
	// A Google Cloud resource that is allowed to ingress the perimeter.
	// Requests from these resources will be allowed to access perimeter data.
	// Currently only projects are allowed. Format 'projects/{project_number}'
	// The project may be in any Google Cloud organization, not just the
	// organization that the perimeter is defined in. '*' is not allowed, the case
	// of allowing all Google Cloud resources only is not supported.
	// +optional
	Resource *string `json:"resource,omitempty" tf:"resource"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromSources) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromSources.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressFromSources) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressTo

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressTo struct {
	// A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'
	// are allowed to perform in this 'ServicePerimeter'.
	// +optional
	Operations []ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperations `json:"operations,omitempty" tf:"operations"`
	// A list of resources, currently only projects in the form
	// 'projects/<projectnumber>', protected by this 'ServicePerimeter'
	// that are allowed to be accessed by sources defined in the
	// corresponding 'IngressFrom'. A request matches if it contains
	// a resource in this list. If '*' is specified for resources,
	// then this 'IngressTo' rule will authorize access to all
	// resources inside the perimeter, provided that the request
	// also matches the 'operations' field.
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressTo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressTo.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressTo) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToCodec

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperations

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperations struct {
	// API methods or permissions to allow. Method or permission must belong to
	// the service specified by serviceName field. A single 'MethodSelector' entry
	// with '*' specified for the method field will allow all methods AND
	// permissions for the service specified in 'serviceName'.
	// +optional
	MethodSelectors []ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperationsMethodSelectors `json:"methodSelectors,omitempty" tf:"method_selectors"`
	// The name of the API whose methods or permissions the 'IngressPolicy' or
	// 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'
	// field set to '*' will allow all methods AND permissions for all services.
	// +optional
	ServiceName *string `json:"serviceName,omitempty" tf:"service_name"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperations) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperations.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperations) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperationsMethodSelectors

type ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperationsMethodSelectors struct {
	// Value for method should be a valid method name for the corresponding
	// serviceName in 'ApiOperation'. If '*' used as value for 'method', then
	// ALL methods and permissions are allowed.
	// +optional
	Method *string `json:"method,omitempty" tf:"method"`
	// Value for permission should be a valid Cloud IAM permission for the
	// corresponding 'serviceName' in 'ApiOperation'.
	// +optional
	Permission *string `json:"permission,omitempty" tf:"permission"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperationsMethodSelectors) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperationsMethodSelectors.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecIngressPoliciesIngressToOperationsMethodSelectors) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServices

type ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServices struct {
	// The list of APIs usable within the Service Perimeter.
	// Must be empty unless 'enableRestriction' is True.
	// +optional
	AllowedServices []string `json:"allowedServices,omitempty" tf:"allowed_services"`
	// Whether to restrict API calls within the Service Perimeter to the
	// list of APIs specified in 'allowedServices'.
	// +optional
	EnableRestriction *bool `json:"enableRestriction,omitempty" tf:"enable_restriction"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServices) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServices.

func (*ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServices) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServicesCodec

type ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServicesCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServicesCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServicesCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersSpecVpcAccessibleServicesCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersStatus

type ManagerServicePerimeterBatchSpecServicePerimetersStatus struct {
	// A list of AccessLevel resource names that allow resources within
	// the ServicePerimeter to be accessed from the internet.
	// AccessLevels listed must be in the same policy as this
	// ServicePerimeter. Referencing a nonexistent AccessLevel is a
	// syntax error. If no AccessLevel names are listed, resources within
	// the perimeter can only be accessed via GCP calls with request
	// origins within the perimeter. For Service Perimeter Bridge, must
	// be empty.
	//
	// Format: accessPolicies/{policy_id}/accessLevels/{access_level_name}
	// +optional
	AccessLevels []string `json:"accessLevels,omitempty" tf:"access_levels"`
	// List of EgressPolicies to apply to the perimeter. A perimeter may
	// have multiple EgressPolicies, each of which is evaluated separately.
	// Access is granted if any EgressPolicy grants it. Must be empty for
	// a perimeter bridge.
	// +optional
	EgressPolicies []ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPolicies `json:"egressPolicies,omitempty" tf:"egress_policies"`
	// List of 'IngressPolicies' to apply to the perimeter. A perimeter may
	// have multiple 'IngressPolicies', each of which is evaluated
	// separately. Access is granted if any 'Ingress Policy' grants it.
	// Must be empty for a perimeter bridge.
	// +optional
	IngressPolicies []ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPolicies `json:"ingressPolicies,omitempty" tf:"ingress_policies"`
	// A list of GCP resources that are inside of the service perimeter.
	// Currently only projects are allowed.
	// Format: projects/{project_number}
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
	// GCP services that are subject to the Service Perimeter
	// restrictions. Must contain a list of services. For example, if
	// 'storage.googleapis.com' is specified, access to the storage
	// buckets inside the perimeter must meet the perimeter's access
	// restrictions.
	// +optional
	RestrictedServices []string `json:"restrictedServices,omitempty" tf:"restricted_services"`
	// Specifies how APIs are allowed to communicate within the Service
	// Perimeter.
	// +optional
	VpcAccessibleServices *ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServices `json:"vpcAccessibleServices,omitempty" tf:"vpc_accessible_services"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatus.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusCodec

type ManagerServicePerimeterBatchSpecServicePerimetersStatusCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPolicies

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPolicies struct {
	// Defines conditions on the source of a request causing this 'EgressPolicy' to apply.
	// +optional
	EgressFrom *ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFrom `json:"egressFrom,omitempty" tf:"egress_from"`
	// Defines the conditions on the 'ApiOperation' and destination resources that
	// cause this 'EgressPolicy' to apply.
	// +optional
	EgressTo *ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressTo `json:"egressTo,omitempty" tf:"egress_to"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPolicies) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPolicies.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPolicies) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFrom

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFrom struct {
	// A list of identities that are allowed access through this 'EgressPolicy'.
	// Should be in the format of email address. The email address should
	// represent individual user or service account only.
	// +optional
	Identities []string `json:"identities,omitempty" tf:"identities"`
	// Specifies the type of identities that are allowed access to outside the
	// perimeter. If left unspecified, then members of 'identities' field will
	// be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]
	// +optional
	IdentityType *string `json:"identityType,omitempty" tf:"identity_type"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFrom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFrom.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFrom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFromCodec

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFromCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFromCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFromCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressFromCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressTo

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressTo struct {
	// A list of 'ApiOperations' that this egress rule applies to. A request matches
	// if it contains an operation/service in this list.
	// +optional
	Operations []ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperations `json:"operations,omitempty" tf:"operations"`
	// A list of resources, currently only projects in the form
	// 'projects/<projectnumber>', that match this to stanza. A request matches
	// if it contains a resource in this list. If * is specified for resources,
	// then this 'EgressTo' rule will authorize access to all resources outside
	// the perimeter.
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressTo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressTo.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressTo) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToCodec

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperations

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperations struct {
	// API methods or permissions to allow. Method or permission must belong
	// to the service specified by 'serviceName' field. A single MethodSelector
	// entry with '*' specified for the 'method' field will allow all methods
	// AND permissions for the service specified in 'serviceName'.
	// +optional
	MethodSelectors []ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperationsMethodSelectors `json:"methodSelectors,omitempty" tf:"method_selectors"`
	// The name of the API whose methods or permissions the 'IngressPolicy' or
	// 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName
	// field set to '*' will allow all methods AND permissions for all services.
	// +optional
	ServiceName *string `json:"serviceName,omitempty" tf:"service_name"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperations) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperations.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperations) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperationsMethodSelectors

type ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperationsMethodSelectors struct {
	// Value for 'method' should be a valid method name for the corresponding
	// 'serviceName' in 'ApiOperation'. If '*' used as value for method,
	// then ALL methods and permissions are allowed.
	// +optional
	Method *string `json:"method,omitempty" tf:"method"`
	// Value for permission should be a valid Cloud IAM permission for the
	// corresponding 'serviceName' in 'ApiOperation'.
	// +optional
	Permission *string `json:"permission,omitempty" tf:"permission"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperationsMethodSelectors) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperationsMethodSelectors.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusEgressPoliciesEgressToOperationsMethodSelectors) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPolicies

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPolicies struct {
	// Defines the conditions on the source of a request causing this 'IngressPolicy'
	// to apply.
	// +optional
	IngressFrom *ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFrom `json:"ingressFrom,omitempty" tf:"ingress_from"`
	// Defines the conditions on the 'ApiOperation' and request destination that cause
	// this 'IngressPolicy' to apply.
	// +optional
	IngressTo *ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressTo `json:"ingressTo,omitempty" tf:"ingress_to"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPolicies) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPolicies.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPolicies) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFrom

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFrom struct {
	// A list of identities that are allowed access through this ingress policy.
	// Should be in the format of email address. The email address should represent
	// individual user or service account only.
	// +optional
	Identities []string `json:"identities,omitempty" tf:"identities"`
	// Specifies the type of identities that are allowed access from outside the
	// perimeter. If left unspecified, then members of 'identities' field will be
	// allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]
	// +optional
	IdentityType *string `json:"identityType,omitempty" tf:"identity_type"`
	// Sources that this 'IngressPolicy' authorizes access from.
	// +optional
	Sources []ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromSources `json:"sources,omitempty" tf:"sources"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFrom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFrom.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFrom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromCodec

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromSources

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromSources struct {
	// An 'AccessLevel' resource name that allow resources within the
	// 'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed
	// must be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent
	// 'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,
	// resources within the perimeter can only be accessed via Google Cloud calls
	// with request origins within the perimeter.
	// Example 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'
	// If * is specified, then all IngressSources will be allowed.
	// +optional
	AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level"`
	// A Google Cloud resource that is allowed to ingress the perimeter.
	// Requests from these resources will be allowed to access perimeter data.
	// Currently only projects are allowed. Format 'projects/{project_number}'
	// The project may be in any Google Cloud organization, not just the
	// organization that the perimeter is defined in. '*' is not allowed, the case
	// of allowing all Google Cloud resources only is not supported.
	// +optional
	Resource *string `json:"resource,omitempty" tf:"resource"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromSources) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromSources.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressFromSources) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressTo

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressTo struct {
	// A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'
	// are allowed to perform in this 'ServicePerimeter'.
	// +optional
	Operations []ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperations `json:"operations,omitempty" tf:"operations"`
	// A list of resources, currently only projects in the form
	// 'projects/<projectnumber>', protected by this 'ServicePerimeter'
	// that are allowed to be accessed by sources defined in the
	// corresponding 'IngressFrom'. A request matches if it contains
	// a resource in this list. If '*' is specified for resources,
	// then this 'IngressTo' rule will authorize access to all
	// resources inside the perimeter, provided that the request
	// also matches the 'operations' field.
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressTo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressTo.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressTo) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToCodec

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToCodec) IsEmpty

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperations

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperations struct {
	// API methods or permissions to allow. Method or permission must belong to
	// the service specified by serviceName field. A single 'MethodSelector' entry
	// with '*' specified for the method field will allow all methods AND
	// permissions for the service specified in 'serviceName'.
	// +optional
	MethodSelectors []ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperationsMethodSelectors `json:"methodSelectors,omitempty" tf:"method_selectors"`
	// The name of the API whose methods or permissions the 'IngressPolicy' or
	// 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'
	// field set to '*' will allow all methods AND permissions for all services.
	// +optional
	ServiceName *string `json:"serviceName,omitempty" tf:"service_name"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperations) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperations.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperations) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperationsMethodSelectors

type ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperationsMethodSelectors struct {
	// Value for method should be a valid method name for the corresponding
	// serviceName in 'ApiOperation'. If '*' used as value for 'method', then
	// ALL methods and permissions are allowed.
	// +optional
	Method *string `json:"method,omitempty" tf:"method"`
	// Value for permission should be a valid Cloud IAM permission for the
	// corresponding 'serviceName' in 'ApiOperation'.
	// +optional
	Permission *string `json:"permission,omitempty" tf:"permission"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperationsMethodSelectors) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperationsMethodSelectors.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusIngressPoliciesIngressToOperationsMethodSelectors) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServices

type ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServices struct {
	// The list of APIs usable within the Service Perimeter.
	// Must be empty unless 'enableRestriction' is True.
	// +optional
	AllowedServices []string `json:"allowedServices,omitempty" tf:"allowed_services"`
	// Whether to restrict API calls within the Service Perimeter to the
	// list of APIs specified in 'allowedServices'.
	// +optional
	EnableRestriction *bool `json:"enableRestriction,omitempty" tf:"enable_restriction"`
}

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServices) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServices.

func (*ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServices) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServicesCodec

type ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServicesCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServicesCodec) Decode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServicesCodec) Encode

func (ManagerServicePerimeterBatchSpecServicePerimetersStatusVpcAccessibleServicesCodec) IsEmpty

type ManagerServicePerimeterBatchStatus

type ManagerServicePerimeterBatchStatus struct {
	// Resource generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// +optional
	Phase status.Status `json:"phase,omitempty"`
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*ManagerServicePerimeterBatchStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterBatchStatus.

func (*ManagerServicePerimeterBatchStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterList

type ManagerServicePerimeterList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	// Items is a list of ManagerServicePerimeter CRD objects
	Items []ManagerServicePerimeter `json:"items,omitempty"`
}

ManagerServicePerimeterList is a list of ManagerServicePerimeters

func (*ManagerServicePerimeterList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterList.

func (*ManagerServicePerimeterList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerServicePerimeterList) DeepCopyObject

func (in *ManagerServicePerimeterList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagerServicePerimeterResource

type ManagerServicePerimeterResource struct {
	metav1.TypeMeta   `json:",inline,omitempty"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              ManagerServicePerimeterResourceSpec   `json:"spec,omitempty"`
	Status            ManagerServicePerimeterResourceStatus `json:"status,omitempty"`
}

func (*ManagerServicePerimeterResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterResource.

func (*ManagerServicePerimeterResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerServicePerimeterResource) DeepCopyObject

func (in *ManagerServicePerimeterResource) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*ManagerServicePerimeterResource) SetupWebhookWithManager

func (r *ManagerServicePerimeterResource) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*ManagerServicePerimeterResource) ValidateCreate

func (r *ManagerServicePerimeterResource) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*ManagerServicePerimeterResource) ValidateDelete

func (r *ManagerServicePerimeterResource) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*ManagerServicePerimeterResource) ValidateUpdate

func (r *ManagerServicePerimeterResource) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type ManagerServicePerimeterResourceList

type ManagerServicePerimeterResourceList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	// Items is a list of ManagerServicePerimeterResource CRD objects
	Items []ManagerServicePerimeterResource `json:"items,omitempty"`
}

ManagerServicePerimeterResourceList is a list of ManagerServicePerimeterResources

func (*ManagerServicePerimeterResourceList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterResourceList.

func (*ManagerServicePerimeterResourceList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ManagerServicePerimeterResourceList) DeepCopyObject

func (in *ManagerServicePerimeterResourceList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ManagerServicePerimeterResourceSpec

type ManagerServicePerimeterResourceSpec struct {
	State *ManagerServicePerimeterResourceSpecResource `json:"state,omitempty" tf:"-"`

	Resource ManagerServicePerimeterResourceSpecResource `json:"resource" tf:"resource"`

	UpdatePolicy base.UpdatePolicy `json:"updatePolicy,omitempty" tf:"-"`

	TerminationPolicy base.TerminationPolicy `json:"terminationPolicy,omitempty" tf:"-"`

	ProviderRef core.LocalObjectReference `json:"providerRef" tf:"-"`
}

func (*ManagerServicePerimeterResourceSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterResourceSpec.

func (*ManagerServicePerimeterResourceSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterResourceSpecResource

type ManagerServicePerimeterResourceSpecResource struct {
	Timeouts *base.ResourceTimeout `json:"timeouts,omitempty" tf:"timeouts"`

	ID string `json:"id,omitempty" tf:"id,omitempty"`

	// The name of the Service Perimeter to add this resource to.
	PerimeterName *string `json:"perimeterName" tf:"perimeter_name"`
	// A GCP resource that is inside of the service perimeter.
	// Currently only projects are allowed.
	// Format: projects/{project_number}
	Resource *string `json:"resource" tf:"resource"`
}

func (*ManagerServicePerimeterResourceSpecResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterResourceSpecResource.

func (*ManagerServicePerimeterResourceSpecResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterResourceStatus

type ManagerServicePerimeterResourceStatus struct {
	// Resource generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// +optional
	Phase status.Status `json:"phase,omitempty"`
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*ManagerServicePerimeterResourceStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterResourceStatus.

func (*ManagerServicePerimeterResourceStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpec

type ManagerServicePerimeterSpec struct {
	State *ManagerServicePerimeterSpecResource `json:"state,omitempty" tf:"-"`

	Resource ManagerServicePerimeterSpecResource `json:"resource" tf:"resource"`

	UpdatePolicy base.UpdatePolicy `json:"updatePolicy,omitempty" tf:"-"`

	TerminationPolicy base.TerminationPolicy `json:"terminationPolicy,omitempty" tf:"-"`

	ProviderRef core.LocalObjectReference `json:"providerRef" tf:"-"`
}

func (*ManagerServicePerimeterSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpec.

func (*ManagerServicePerimeterSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecResource

type ManagerServicePerimeterSpecResource struct {
	Timeouts *base.ResourceTimeout `json:"timeouts,omitempty" tf:"timeouts"`

	ID string `json:"id,omitempty" tf:"id,omitempty"`

	// Time the AccessPolicy was created in UTC.
	// +optional
	CreateTime *string `json:"createTime,omitempty" tf:"create_time"`
	// Description of the ServicePerimeter and its use. Does not affect
	// behavior.
	// +optional
	Description *string `json:"description,omitempty" tf:"description"`
	// Resource name for the ServicePerimeter. The short_name component must
	// begin with a letter and only include alphanumeric and '_'.
	// Format: accessPolicies/{policy_id}/servicePerimeters/{short_name}
	Name *string `json:"name" tf:"name"`
	// The AccessPolicy this ServicePerimeter lives in.
	// Format: accessPolicies/{policy_id}
	Parent *string `json:"parent" tf:"parent"`
	// Specifies the type of the Perimeter. There are two types: regular and
	// bridge. Regular Service Perimeter contains resources, access levels,
	// and restricted services. Every resource can be in at most
	// ONE regular Service Perimeter.
	//
	// In addition to being in a regular service perimeter, a resource can also
	// be in zero or more perimeter bridges. A perimeter bridge only contains
	// resources. Cross project operations are permitted if all effected
	// resources share some perimeter (whether bridge or regular). Perimeter
	// Bridge does not contain access levels or services: those are governed
	// entirely by the regular perimeter that resource is in.
	//
	// Perimeter Bridges are typically useful when building more complex
	// topologies with many independent perimeters that need to share some data
	// with a common perimeter, but should not be able to share data among
	// themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"]
	// +optional
	PerimeterType *string `json:"perimeterType,omitempty" tf:"perimeter_type"`
	// Proposed (or dry run) ServicePerimeter configuration.
	// This configuration allows to specify and test ServicePerimeter configuration
	// without enforcing actual access restrictions. Only allowed to be set when
	// the 'useExplicitDryRunSpec' flag is set.
	// +optional
	Spec *ManagerServicePerimeterSpecSpec `json:"spec,omitempty" tf:"spec"`
	// ServicePerimeter configuration. Specifies sets of resources,
	// restricted services and access levels that determine
	// perimeter content and boundaries.
	// +optional
	Status *ManagerServicePerimeterSpecStatus `json:"status,omitempty" tf:"status"`
	// Human readable title. Must be unique within the Policy.
	Title *string `json:"title" tf:"title"`
	// Time the AccessPolicy was updated in UTC.
	// +optional
	UpdateTime *string `json:"updateTime,omitempty" tf:"update_time"`
	// Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists
	// for all Service Perimeters, and that spec is identical to the status for those
	// Service Perimeters. When this flag is set, it inhibits the generation of the
	// implicit spec, thereby allowing the user to explicitly provide a
	// configuration ("spec") to use in a dry-run version of the Service Perimeter.
	// This allows the user to test changes to the enforced config ("status") without
	// actually enforcing them. This testing is done through analyzing the differences
	// between currently enforced and suggested restrictions. useExplicitDryRunSpec must
	// bet set to True if any of the fields in the spec are set to non-default values.
	// +optional
	UseExplicitDryRunSpec *bool `json:"useExplicitDryRunSpec,omitempty" tf:"use_explicit_dry_run_spec"`
}

func (*ManagerServicePerimeterSpecResource) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecResource.

func (*ManagerServicePerimeterSpecResource) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpec

type ManagerServicePerimeterSpecSpec struct {
	// A list of AccessLevel resource names that allow resources within
	// the ServicePerimeter to be accessed from the internet.
	// AccessLevels listed must be in the same policy as this
	// ServicePerimeter. Referencing a nonexistent AccessLevel is a
	// syntax error. If no AccessLevel names are listed, resources within
	// the perimeter can only be accessed via GCP calls with request
	// origins within the perimeter. For Service Perimeter Bridge, must
	// be empty.
	//
	// Format: accessPolicies/{policy_id}/accessLevels/{access_level_name}
	// +optional
	AccessLevels []string `json:"accessLevels,omitempty" tf:"access_levels"`
	// List of EgressPolicies to apply to the perimeter. A perimeter may
	// have multiple EgressPolicies, each of which is evaluated separately.
	// Access is granted if any EgressPolicy grants it. Must be empty for
	// a perimeter bridge.
	// +optional
	EgressPolicies []ManagerServicePerimeterSpecSpecEgressPolicies `json:"egressPolicies,omitempty" tf:"egress_policies"`
	// List of 'IngressPolicies' to apply to the perimeter. A perimeter may
	// have multiple 'IngressPolicies', each of which is evaluated
	// separately. Access is granted if any 'Ingress Policy' grants it.
	// Must be empty for a perimeter bridge.
	// +optional
	IngressPolicies []ManagerServicePerimeterSpecSpecIngressPolicies `json:"ingressPolicies,omitempty" tf:"ingress_policies"`
	// A list of GCP resources that are inside of the service perimeter.
	// Currently only projects are allowed.
	// Format: projects/{project_number}
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
	// GCP services that are subject to the Service Perimeter
	// restrictions. Must contain a list of services. For example, if
	// 'storage.googleapis.com' is specified, access to the storage
	// buckets inside the perimeter must meet the perimeter's access
	// restrictions.
	// +optional
	RestrictedServices []string `json:"restrictedServices,omitempty" tf:"restricted_services"`
	// Specifies how APIs are allowed to communicate within the Service
	// Perimeter.
	// +optional
	VpcAccessibleServices *ManagerServicePerimeterSpecSpecVpcAccessibleServices `json:"vpcAccessibleServices,omitempty" tf:"vpc_accessible_services"`
}

func (*ManagerServicePerimeterSpecSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpec.

func (*ManagerServicePerimeterSpecSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecCodec

type ManagerServicePerimeterSpecSpecCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecSpecCodec) Decode

func (ManagerServicePerimeterSpecSpecCodec) Encode

func (ManagerServicePerimeterSpecSpecCodec) IsEmpty

type ManagerServicePerimeterSpecSpecEgressPolicies

type ManagerServicePerimeterSpecSpecEgressPolicies struct {
	// Defines conditions on the source of a request causing this 'EgressPolicy' to apply.
	// +optional
	EgressFrom *ManagerServicePerimeterSpecSpecEgressPoliciesEgressFrom `json:"egressFrom,omitempty" tf:"egress_from"`
	// Defines the conditions on the 'ApiOperation' and destination resources that
	// cause this 'EgressPolicy' to apply.
	// +optional
	EgressTo *ManagerServicePerimeterSpecSpecEgressPoliciesEgressTo `json:"egressTo,omitempty" tf:"egress_to"`
}

func (*ManagerServicePerimeterSpecSpecEgressPolicies) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecEgressPolicies.

func (*ManagerServicePerimeterSpecSpecEgressPolicies) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressFrom

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressFrom struct {
	// A list of identities that are allowed access through this 'EgressPolicy'.
	// Should be in the format of email address. The email address should
	// represent individual user or service account only.
	// +optional
	Identities []string `json:"identities,omitempty" tf:"identities"`
	// Specifies the type of identities that are allowed access to outside the
	// perimeter. If left unspecified, then members of 'identities' field will
	// be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]
	// +optional
	IdentityType *string `json:"identityType,omitempty" tf:"identity_type"`
}

func (*ManagerServicePerimeterSpecSpecEgressPoliciesEgressFrom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecEgressPoliciesEgressFrom.

func (*ManagerServicePerimeterSpecSpecEgressPoliciesEgressFrom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressFromCodec

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressFromCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecSpecEgressPoliciesEgressFromCodec) Decode

func (ManagerServicePerimeterSpecSpecEgressPoliciesEgressFromCodec) Encode

func (ManagerServicePerimeterSpecSpecEgressPoliciesEgressFromCodec) IsEmpty

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressTo

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressTo struct {
	// A list of 'ApiOperations' that this egress rule applies to. A request matches
	// if it contains an operation/service in this list.
	// +optional
	Operations []ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperations `json:"operations,omitempty" tf:"operations"`
	// A list of resources, currently only projects in the form
	// 'projects/<projectnumber>', that match this to stanza. A request matches
	// if it contains a resource in this list. If * is specified for resources,
	// then this 'EgressTo' rule will authorize access to all resources outside
	// the perimeter.
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
}

func (*ManagerServicePerimeterSpecSpecEgressPoliciesEgressTo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecEgressPoliciesEgressTo.

func (*ManagerServicePerimeterSpecSpecEgressPoliciesEgressTo) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressToCodec

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressToCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecSpecEgressPoliciesEgressToCodec) Decode

func (ManagerServicePerimeterSpecSpecEgressPoliciesEgressToCodec) Encode

func (ManagerServicePerimeterSpecSpecEgressPoliciesEgressToCodec) IsEmpty

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperations

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperations struct {
	// API methods or permissions to allow. Method or permission must belong
	// to the service specified by 'serviceName' field. A single MethodSelector
	// entry with '*' specified for the 'method' field will allow all methods
	// AND permissions for the service specified in 'serviceName'.
	// +optional
	MethodSelectors []ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperationsMethodSelectors `json:"methodSelectors,omitempty" tf:"method_selectors"`
	// The name of the API whose methods or permissions the 'IngressPolicy' or
	// 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName
	// field set to '*' will allow all methods AND permissions for all services.
	// +optional
	ServiceName *string `json:"serviceName,omitempty" tf:"service_name"`
}

func (*ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperations) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperations.

func (*ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperations) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperationsMethodSelectors

type ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperationsMethodSelectors struct {
	// Value for 'method' should be a valid method name for the corresponding
	// 'serviceName' in 'ApiOperation'. If '*' used as value for method,
	// then ALL methods and permissions are allowed.
	// +optional
	Method *string `json:"method,omitempty" tf:"method"`
	// Value for permission should be a valid Cloud IAM permission for the
	// corresponding 'serviceName' in 'ApiOperation'.
	// +optional
	Permission *string `json:"permission,omitempty" tf:"permission"`
}

func (*ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperationsMethodSelectors) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperationsMethodSelectors.

func (*ManagerServicePerimeterSpecSpecEgressPoliciesEgressToOperationsMethodSelectors) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecIngressPolicies

type ManagerServicePerimeterSpecSpecIngressPolicies struct {
	// Defines the conditions on the source of a request causing this 'IngressPolicy'
	// to apply.
	// +optional
	IngressFrom *ManagerServicePerimeterSpecSpecIngressPoliciesIngressFrom `json:"ingressFrom,omitempty" tf:"ingress_from"`
	// Defines the conditions on the 'ApiOperation' and request destination that cause
	// this 'IngressPolicy' to apply.
	// +optional
	IngressTo *ManagerServicePerimeterSpecSpecIngressPoliciesIngressTo `json:"ingressTo,omitempty" tf:"ingress_to"`
}

func (*ManagerServicePerimeterSpecSpecIngressPolicies) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecIngressPolicies.

func (*ManagerServicePerimeterSpecSpecIngressPolicies) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressFrom

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressFrom struct {
	// A list of identities that are allowed access through this ingress policy.
	// Should be in the format of email address. The email address should represent
	// individual user or service account only.
	// +optional
	Identities []string `json:"identities,omitempty" tf:"identities"`
	// Specifies the type of identities that are allowed access from outside the
	// perimeter. If left unspecified, then members of 'identities' field will be
	// allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]
	// +optional
	IdentityType *string `json:"identityType,omitempty" tf:"identity_type"`
	// Sources that this 'IngressPolicy' authorizes access from.
	// +optional
	Sources []ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromSources `json:"sources,omitempty" tf:"sources"`
}

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressFrom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecIngressPoliciesIngressFrom.

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressFrom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromCodec

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromCodec) Decode

func (ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromCodec) Encode

func (ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromCodec) IsEmpty

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromSources

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromSources struct {
	// An 'AccessLevel' resource name that allow resources within the
	// 'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed
	// must be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent
	// 'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,
	// resources within the perimeter can only be accessed via Google Cloud calls
	// with request origins within the perimeter.
	// Example 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'
	// If * is specified, then all IngressSources will be allowed.
	// +optional
	AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level"`
	// A Google Cloud resource that is allowed to ingress the perimeter.
	// Requests from these resources will be allowed to access perimeter data.
	// Currently only projects are allowed. Format 'projects/{project_number}'
	// The project may be in any Google Cloud organization, not just the
	// organization that the perimeter is defined in. '*' is not allowed, the case
	// of allowing all Google Cloud resources only is not supported.
	// +optional
	Resource *string `json:"resource,omitempty" tf:"resource"`
}

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromSources) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromSources.

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressFromSources) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressTo

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressTo struct {
	// A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'
	// are allowed to perform in this 'ServicePerimeter'.
	// +optional
	Operations []ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperations `json:"operations,omitempty" tf:"operations"`
	// A list of resources, currently only projects in the form
	// 'projects/<projectnumber>', protected by this 'ServicePerimeter'
	// that are allowed to be accessed by sources defined in the
	// corresponding 'IngressFrom'. A request matches if it contains
	// a resource in this list. If '*' is specified for resources,
	// then this 'IngressTo' rule will authorize access to all
	// resources inside the perimeter, provided that the request
	// also matches the 'operations' field.
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
}

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressTo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecIngressPoliciesIngressTo.

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressTo) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressToCodec

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressToCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecSpecIngressPoliciesIngressToCodec) Decode

func (ManagerServicePerimeterSpecSpecIngressPoliciesIngressToCodec) Encode

func (ManagerServicePerimeterSpecSpecIngressPoliciesIngressToCodec) IsEmpty

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperations

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperations struct {
	// API methods or permissions to allow. Method or permission must belong to
	// the service specified by serviceName field. A single 'MethodSelector' entry
	// with '*' specified for the method field will allow all methods AND
	// permissions for the service specified in 'serviceName'.
	// +optional
	MethodSelectors []ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperationsMethodSelectors `json:"methodSelectors,omitempty" tf:"method_selectors"`
	// The name of the API whose methods or permissions the 'IngressPolicy' or
	// 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'
	// field set to '*' will allow all methods AND permissions for all services.
	// +optional
	ServiceName *string `json:"serviceName,omitempty" tf:"service_name"`
}

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperations) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperations.

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperations) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperationsMethodSelectors

type ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperationsMethodSelectors struct {
	// Value for method should be a valid method name for the corresponding
	// serviceName in 'ApiOperation'. If '*' used as value for 'method', then
	// ALL methods and permissions are allowed.
	// +optional
	Method *string `json:"method,omitempty" tf:"method"`
	// Value for permission should be a valid Cloud IAM permission for the
	// corresponding 'serviceName' in 'ApiOperation'.
	// +optional
	Permission *string `json:"permission,omitempty" tf:"permission"`
}

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperationsMethodSelectors) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperationsMethodSelectors.

func (*ManagerServicePerimeterSpecSpecIngressPoliciesIngressToOperationsMethodSelectors) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecVpcAccessibleServices

type ManagerServicePerimeterSpecSpecVpcAccessibleServices struct {
	// The list of APIs usable within the Service Perimeter.
	// Must be empty unless 'enableRestriction' is True.
	// +optional
	AllowedServices []string `json:"allowedServices,omitempty" tf:"allowed_services"`
	// Whether to restrict API calls within the Service Perimeter to the
	// list of APIs specified in 'allowedServices'.
	// +optional
	EnableRestriction *bool `json:"enableRestriction,omitempty" tf:"enable_restriction"`
}

func (*ManagerServicePerimeterSpecSpecVpcAccessibleServices) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecSpecVpcAccessibleServices.

func (*ManagerServicePerimeterSpecSpecVpcAccessibleServices) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecSpecVpcAccessibleServicesCodec

type ManagerServicePerimeterSpecSpecVpcAccessibleServicesCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecSpecVpcAccessibleServicesCodec) Decode

func (ManagerServicePerimeterSpecSpecVpcAccessibleServicesCodec) Encode

func (ManagerServicePerimeterSpecSpecVpcAccessibleServicesCodec) IsEmpty

type ManagerServicePerimeterSpecStatus

type ManagerServicePerimeterSpecStatus struct {
	// A list of AccessLevel resource names that allow resources within
	// the ServicePerimeter to be accessed from the internet.
	// AccessLevels listed must be in the same policy as this
	// ServicePerimeter. Referencing a nonexistent AccessLevel is a
	// syntax error. If no AccessLevel names are listed, resources within
	// the perimeter can only be accessed via GCP calls with request
	// origins within the perimeter. For Service Perimeter Bridge, must
	// be empty.
	//
	// Format: accessPolicies/{policy_id}/accessLevels/{access_level_name}
	// +optional
	AccessLevels []string `json:"accessLevels,omitempty" tf:"access_levels"`
	// List of EgressPolicies to apply to the perimeter. A perimeter may
	// have multiple EgressPolicies, each of which is evaluated separately.
	// Access is granted if any EgressPolicy grants it. Must be empty for
	// a perimeter bridge.
	// +optional
	EgressPolicies []ManagerServicePerimeterSpecStatusEgressPolicies `json:"egressPolicies,omitempty" tf:"egress_policies"`
	// List of 'IngressPolicies' to apply to the perimeter. A perimeter may
	// have multiple 'IngressPolicies', each of which is evaluated
	// separately. Access is granted if any 'Ingress Policy' grants it.
	// Must be empty for a perimeter bridge.
	// +optional
	IngressPolicies []ManagerServicePerimeterSpecStatusIngressPolicies `json:"ingressPolicies,omitempty" tf:"ingress_policies"`
	// A list of GCP resources that are inside of the service perimeter.
	// Currently only projects are allowed.
	// Format: projects/{project_number}
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
	// GCP services that are subject to the Service Perimeter
	// restrictions. Must contain a list of services. For example, if
	// 'storage.googleapis.com' is specified, access to the storage
	// buckets inside the perimeter must meet the perimeter's access
	// restrictions.
	// +optional
	RestrictedServices []string `json:"restrictedServices,omitempty" tf:"restricted_services"`
	// Specifies how APIs are allowed to communicate within the Service
	// Perimeter.
	// +optional
	VpcAccessibleServices *ManagerServicePerimeterSpecStatusVpcAccessibleServices `json:"vpcAccessibleServices,omitempty" tf:"vpc_accessible_services"`
}

func (*ManagerServicePerimeterSpecStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatus.

func (*ManagerServicePerimeterSpecStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusCodec

type ManagerServicePerimeterSpecStatusCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecStatusCodec) Decode

func (ManagerServicePerimeterSpecStatusCodec) Encode

func (ManagerServicePerimeterSpecStatusCodec) IsEmpty

type ManagerServicePerimeterSpecStatusEgressPolicies

type ManagerServicePerimeterSpecStatusEgressPolicies struct {
	// Defines conditions on the source of a request causing this 'EgressPolicy' to apply.
	// +optional
	EgressFrom *ManagerServicePerimeterSpecStatusEgressPoliciesEgressFrom `json:"egressFrom,omitempty" tf:"egress_from"`
	// Defines the conditions on the 'ApiOperation' and destination resources that
	// cause this 'EgressPolicy' to apply.
	// +optional
	EgressTo *ManagerServicePerimeterSpecStatusEgressPoliciesEgressTo `json:"egressTo,omitempty" tf:"egress_to"`
}

func (*ManagerServicePerimeterSpecStatusEgressPolicies) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusEgressPolicies.

func (*ManagerServicePerimeterSpecStatusEgressPolicies) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressFrom

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressFrom struct {
	// A list of identities that are allowed access through this 'EgressPolicy'.
	// Should be in the format of email address. The email address should
	// represent individual user or service account only.
	// +optional
	Identities []string `json:"identities,omitempty" tf:"identities"`
	// Specifies the type of identities that are allowed access to outside the
	// perimeter. If left unspecified, then members of 'identities' field will
	// be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]
	// +optional
	IdentityType *string `json:"identityType,omitempty" tf:"identity_type"`
}

func (*ManagerServicePerimeterSpecStatusEgressPoliciesEgressFrom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusEgressPoliciesEgressFrom.

func (*ManagerServicePerimeterSpecStatusEgressPoliciesEgressFrom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressFromCodec

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressFromCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecStatusEgressPoliciesEgressFromCodec) Decode

func (ManagerServicePerimeterSpecStatusEgressPoliciesEgressFromCodec) Encode

func (ManagerServicePerimeterSpecStatusEgressPoliciesEgressFromCodec) IsEmpty

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressTo

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressTo struct {
	// A list of 'ApiOperations' that this egress rule applies to. A request matches
	// if it contains an operation/service in this list.
	// +optional
	Operations []ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperations `json:"operations,omitempty" tf:"operations"`
	// A list of resources, currently only projects in the form
	// 'projects/<projectnumber>', that match this to stanza. A request matches
	// if it contains a resource in this list. If * is specified for resources,
	// then this 'EgressTo' rule will authorize access to all resources outside
	// the perimeter.
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
}

func (*ManagerServicePerimeterSpecStatusEgressPoliciesEgressTo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusEgressPoliciesEgressTo.

func (*ManagerServicePerimeterSpecStatusEgressPoliciesEgressTo) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressToCodec

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressToCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecStatusEgressPoliciesEgressToCodec) Decode

func (ManagerServicePerimeterSpecStatusEgressPoliciesEgressToCodec) Encode

func (ManagerServicePerimeterSpecStatusEgressPoliciesEgressToCodec) IsEmpty

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperations

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperations struct {
	// API methods or permissions to allow. Method or permission must belong
	// to the service specified by 'serviceName' field. A single MethodSelector
	// entry with '*' specified for the 'method' field will allow all methods
	// AND permissions for the service specified in 'serviceName'.
	// +optional
	MethodSelectors []ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperationsMethodSelectors `json:"methodSelectors,omitempty" tf:"method_selectors"`
	// The name of the API whose methods or permissions the 'IngressPolicy' or
	// 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName
	// field set to '*' will allow all methods AND permissions for all services.
	// +optional
	ServiceName *string `json:"serviceName,omitempty" tf:"service_name"`
}

func (*ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperations) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperations.

func (*ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperations) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperationsMethodSelectors

type ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperationsMethodSelectors struct {
	// Value for 'method' should be a valid method name for the corresponding
	// 'serviceName' in 'ApiOperation'. If '*' used as value for method,
	// then ALL methods and permissions are allowed.
	// +optional
	Method *string `json:"method,omitempty" tf:"method"`
	// Value for permission should be a valid Cloud IAM permission for the
	// corresponding 'serviceName' in 'ApiOperation'.
	// +optional
	Permission *string `json:"permission,omitempty" tf:"permission"`
}

func (*ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperationsMethodSelectors) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperationsMethodSelectors.

func (*ManagerServicePerimeterSpecStatusEgressPoliciesEgressToOperationsMethodSelectors) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusIngressPolicies

type ManagerServicePerimeterSpecStatusIngressPolicies struct {
	// Defines the conditions on the source of a request causing this 'IngressPolicy'
	// to apply.
	// +optional
	IngressFrom *ManagerServicePerimeterSpecStatusIngressPoliciesIngressFrom `json:"ingressFrom,omitempty" tf:"ingress_from"`
	// Defines the conditions on the 'ApiOperation' and request destination that cause
	// this 'IngressPolicy' to apply.
	// +optional
	IngressTo *ManagerServicePerimeterSpecStatusIngressPoliciesIngressTo `json:"ingressTo,omitempty" tf:"ingress_to"`
}

func (*ManagerServicePerimeterSpecStatusIngressPolicies) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusIngressPolicies.

func (*ManagerServicePerimeterSpecStatusIngressPolicies) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressFrom

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressFrom struct {
	// A list of identities that are allowed access through this ingress policy.
	// Should be in the format of email address. The email address should represent
	// individual user or service account only.
	// +optional
	Identities []string `json:"identities,omitempty" tf:"identities"`
	// Specifies the type of identities that are allowed access from outside the
	// perimeter. If left unspecified, then members of 'identities' field will be
	// allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]
	// +optional
	IdentityType *string `json:"identityType,omitempty" tf:"identity_type"`
	// Sources that this 'IngressPolicy' authorizes access from.
	// +optional
	Sources []ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromSources `json:"sources,omitempty" tf:"sources"`
}

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressFrom) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusIngressPoliciesIngressFrom.

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressFrom) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromCodec

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromCodec) Decode

func (ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromCodec) Encode

func (ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromCodec) IsEmpty

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromSources

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromSources struct {
	// An 'AccessLevel' resource name that allow resources within the
	// 'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed
	// must be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent
	// 'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,
	// resources within the perimeter can only be accessed via Google Cloud calls
	// with request origins within the perimeter.
	// Example 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'
	// If * is specified, then all IngressSources will be allowed.
	// +optional
	AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level"`
	// A Google Cloud resource that is allowed to ingress the perimeter.
	// Requests from these resources will be allowed to access perimeter data.
	// Currently only projects are allowed. Format 'projects/{project_number}'
	// The project may be in any Google Cloud organization, not just the
	// organization that the perimeter is defined in. '*' is not allowed, the case
	// of allowing all Google Cloud resources only is not supported.
	// +optional
	Resource *string `json:"resource,omitempty" tf:"resource"`
}

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromSources) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromSources.

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressFromSources) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressTo

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressTo struct {
	// A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'
	// are allowed to perform in this 'ServicePerimeter'.
	// +optional
	Operations []ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperations `json:"operations,omitempty" tf:"operations"`
	// A list of resources, currently only projects in the form
	// 'projects/<projectnumber>', protected by this 'ServicePerimeter'
	// that are allowed to be accessed by sources defined in the
	// corresponding 'IngressFrom'. A request matches if it contains
	// a resource in this list. If '*' is specified for resources,
	// then this 'IngressTo' rule will authorize access to all
	// resources inside the perimeter, provided that the request
	// also matches the 'operations' field.
	// +optional
	Resources []string `json:"resources,omitempty" tf:"resources"`
}

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressTo) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusIngressPoliciesIngressTo.

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressTo) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressToCodec

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressToCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecStatusIngressPoliciesIngressToCodec) Decode

func (ManagerServicePerimeterSpecStatusIngressPoliciesIngressToCodec) Encode

func (ManagerServicePerimeterSpecStatusIngressPoliciesIngressToCodec) IsEmpty

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperations

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperations struct {
	// API methods or permissions to allow. Method or permission must belong to
	// the service specified by serviceName field. A single 'MethodSelector' entry
	// with '*' specified for the method field will allow all methods AND
	// permissions for the service specified in 'serviceName'.
	// +optional
	MethodSelectors []ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperationsMethodSelectors `json:"methodSelectors,omitempty" tf:"method_selectors"`
	// The name of the API whose methods or permissions the 'IngressPolicy' or
	// 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'
	// field set to '*' will allow all methods AND permissions for all services.
	// +optional
	ServiceName *string `json:"serviceName,omitempty" tf:"service_name"`
}

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperations) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperations.

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperations) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperationsMethodSelectors

type ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperationsMethodSelectors struct {
	// Value for method should be a valid method name for the corresponding
	// serviceName in 'ApiOperation'. If '*' used as value for 'method', then
	// ALL methods and permissions are allowed.
	// +optional
	Method *string `json:"method,omitempty" tf:"method"`
	// Value for permission should be a valid Cloud IAM permission for the
	// corresponding 'serviceName' in 'ApiOperation'.
	// +optional
	Permission *string `json:"permission,omitempty" tf:"permission"`
}

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperationsMethodSelectors) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperationsMethodSelectors.

func (*ManagerServicePerimeterSpecStatusIngressPoliciesIngressToOperationsMethodSelectors) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusVpcAccessibleServices

type ManagerServicePerimeterSpecStatusVpcAccessibleServices struct {
	// The list of APIs usable within the Service Perimeter.
	// Must be empty unless 'enableRestriction' is True.
	// +optional
	AllowedServices []string `json:"allowedServices,omitempty" tf:"allowed_services"`
	// Whether to restrict API calls within the Service Perimeter to the
	// list of APIs specified in 'allowedServices'.
	// +optional
	EnableRestriction *bool `json:"enableRestriction,omitempty" tf:"enable_restriction"`
}

func (*ManagerServicePerimeterSpecStatusVpcAccessibleServices) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterSpecStatusVpcAccessibleServices.

func (*ManagerServicePerimeterSpecStatusVpcAccessibleServices) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagerServicePerimeterSpecStatusVpcAccessibleServicesCodec

type ManagerServicePerimeterSpecStatusVpcAccessibleServicesCodec struct {
}

+k8s:deepcopy-gen=false

func (ManagerServicePerimeterSpecStatusVpcAccessibleServicesCodec) Decode

func (ManagerServicePerimeterSpecStatusVpcAccessibleServicesCodec) Encode

func (ManagerServicePerimeterSpecStatusVpcAccessibleServicesCodec) IsEmpty

type ManagerServicePerimeterStatus

type ManagerServicePerimeterStatus struct {
	// Resource generation, which is updated on mutation by the API Server.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
	// +optional
	Phase status.Status `json:"phase,omitempty"`
	// +optional
	Conditions []kmapi.Condition `json:"conditions,omitempty"`
}

func (*ManagerServicePerimeterStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerServicePerimeterStatus.

func (*ManagerServicePerimeterStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL