-
Notifications
You must be signed in to change notification settings - Fork 217
/
cloudidentity_v1beta1_cloudidentitymembership.yaml
279 lines (277 loc) · 12.4 KB
/
cloudidentity_v1beta1_cloudidentitymembership.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cnrm.cloud.google.com/version: 1.111.0
creationTimestamp: null
labels:
cnrm.cloud.google.com/dcl2crd: "true"
cnrm.cloud.google.com/managed-by-kcc: "true"
cnrm.cloud.google.com/stability-level: stable
cnrm.cloud.google.com/system: "true"
name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com
spec:
group: cloudidentity.cnrm.cloud.google.com
names:
categories:
- gcp
kind: CloudIdentityMembership
plural: cloudidentitymemberships
shortNames:
- gcpcloudidentitymembership
- gcpcloudidentitymemberships
singular: cloudidentitymembership
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- description: When 'True', the most recent reconcile of the resource succeeded
jsonPath: .status.conditions[?(@.type=='Ready')].status
name: Ready
type: string
- description: The reason for the value in 'Ready'
jsonPath: .status.conditions[?(@.type=='Ready')].reason
name: Status
type: string
- description: The last transition time for the value in 'Status'
jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
name: Status Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'apiVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
groupRef:
description: Immutable.
oneOf:
- not:
required:
- external
required:
- name
- not:
anyOf:
- required:
- name
- required:
- namespace
required:
- external
properties:
external:
description: |-
The group for the resource
Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`).
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
type: object
memberKey:
description: Immutable. The `EntityKey` of the member. Either `member_key`
or `preferred_member_key` must be set when calling MembershipsService.CreateMembership
but not both; both shall be set when returned.
properties:
id:
description: The ID of the entity. For Google-managed entities,
the `id` must be the email address of an existing group or user.
For external-identity-mapped entities, the `id` must be a string
conforming to the Identity Source's requirements. Must be unique
within a `namespace`.
type: string
namespace:
description: The namespace in which the entity exists. If not
specified, the `EntityKey` represents a Google-managed entity
such as a Google user or a Google Group. If specified, the `EntityKey`
represents an external-identity-mapped group. The namespace
must correspond to an identity source created in Admin Console
and must be in the form of `identitysources/{identity_source_id}`.
type: string
type: object
preferredMemberKey:
description: Immutable. Required. Immutable. The `EntityKey` of the
member.
properties:
id:
description: Immutable. The ID of the entity. For Google-managed
entities, the `id` must be the email address of a group or user.
For external-identity-mapped entities, the `id` must be a string
conforming to the Identity Source's requirements. Must be unique
within a `namespace`.
type: string
namespace:
description: Immutable. The namespace in which the entity exists.
If not specified, the `EntityKey` represents a Google-managed
entity such as a Google user or a Google Group. If specified,
the `EntityKey` represents an external-identity-mapped group.
The namespace must correspond to an identity source created
in Admin Console and must be in the form of `identitysources/{identity_source_id}`.
type: string
required:
- id
type: object
resourceID:
description: Immutable. Optional. The service-generated name of the
resource. Used for acquisition only. Leave unset to create a new
resource.
type: string
roles:
description: The `MembershipRole`s that apply to the `Membership`.
If unspecified, defaults to a single `MembershipRole` with `name`
`MEMBER`. Must not contain duplicate `MembershipRole`s with the
same `name`.
items:
properties:
expiryDetail:
description: The expiry details of the `MembershipRole`. Expiry
details are only supported for `MEMBER` `MembershipRoles`.
May be set if `name` is `MEMBER`. Must not be set if `name`
is any other value.
properties:
expireTime:
description: The time at which the `MembershipRole` will
expire.
format: date-time
type: string
type: object
name:
type: string
restrictionEvaluations:
description: Evaluations of restrictions applied to parent group
on this membership.
properties:
memberRestrictionEvaluation:
description: Evaluation of the member restriction applied
to this membership. Empty if the user lacks permission
to view the restriction evaluation.
properties:
state:
description: 'Output only. The current state of the
restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED,
UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED'
type: string
type: object
type: object
required:
- name
type: object
type: array
required:
- groupRef
- preferredMemberKey
- roles
type: object
status:
properties:
conditions:
description: Conditions represent the latest available observation
of the resource's current state.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition. Can be True,
False, Unknown.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
createTime:
description: Output only. The time when the `Membership` was created.
format: date-time
type: string
deliverySetting:
description: 'Output only. Delivery setting associated with the membership.
Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST,
DAILY, NONE, DISABLED'
type: string
displayName:
description: Output only. The display name of this member, if available
properties:
familyName:
description: Output only. Member's family name
type: string
fullName:
description: Output only. Localized UTF-16 full name for the member.
Localization is done based on the language in the request and
the language of the stored display name.
type: string
givenName:
description: Output only. Member's given name
type: string
type: object
observedGeneration:
description: ObservedGeneration is the generation of the resource
that was most recently observed by the Config Connector controller.
If this is equal to metadata.generation, then that means that the
current reported status reflects the most recent desired state of
the resource.
type: integer
type:
description: 'Output only. The type of the membership. Possible values:
OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER'
type: string
updateTime:
description: Output only. The time when the `Membership` was last
updated.
format: date-time
type: string
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []