-
Notifications
You must be signed in to change notification settings - Fork 201
/
krm_types.go
81 lines (68 loc) · 3.2 KB
/
krm_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1beta1
import "k8s.io/apimachinery/pkg/runtime/schema"
// *** PLEASE READ THE FOLLOWING COMMENT BEFORE MAKING CHANGES ***
// This ResourceReference definition is duplicated in the scripts/generate-go-crd-clients/k8s/ directory.
// If you're making modifications to this definition, please make sure to modify
// the corresponding struct in `types.go` (IAMResourceRef), so the generated
// go-clients have an accurate representation of this struct.
// ResourceReference defines a relationship to another resource
type ResourceReference struct {
Kind string `json:"kind"`
Namespace string `json:"namespace,omitempty"`
Name string `json:"name,omitempty"`
APIVersion string `json:"apiVersion,omitempty"`
External string `json:"external,omitempty"`
}
func (ref *ResourceReference) GroupVersionKind() schema.GroupVersionKind {
return schema.FromAPIVersionAndKind(ref.APIVersion, ref.Kind)
}
func (ref *ResourceReference) SetGroupVersionKind(gvk schema.GroupVersionKind) {
ref.APIVersion, ref.Kind = gvk.ToAPIVersionAndKind()
}
// MemberSource represents a source for an IAM identity
type MemberSource struct {
// The IAMServiceAccount to be bound to the role.
ServiceAccountRef *MemberReference `json:"serviceAccountRef,omitempty"`
// The LoggingLogSink whose writer identity (i.e. its
// 'status.writerIdentity') is to be bound to the role.
LogSinkRef *MemberReference `json:"logSinkRef,omitempty"`
// The SQLInstance whose service account (i.e. its
// 'status.serviceAccountEmailAddress') is to be bound to the role.
SQLInstanceRef *MemberReference `json:"sqlInstanceRef,omitempty"`
// The ServiceIdentity whose service account (i.e., its
// 'status.email') is to be bound to the role.
ServiceIdentityRef *MemberReference `json:"serviceIdentityRef,omitempty"`
}
// MemberReference represents a resource with an IAM identity
type MemberReference struct {
Namespace string `json:"namespace,omitempty"`
Name string `json:"name"`
}
// IAMCondition defines the IAM condition under which an IAM binding applies
type IAMCondition struct {
Title string `json:"title"`
Description string `json:"description,omitempty"`
Expression string `json:"expression"`
}
type AuditLogConfig struct {
// Permission type for which logging is to be configured. Must be one of
// 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'.
// +kubebuilder:validation:Pattern=^(DATA_READ|DATA_WRITE|ADMIN_READ)$
LogType string `json:"logType"`
// Identities that do not cause logging for this type of permission. The
// format is the same as that for 'members' in IAMPolicy/IAMPolicyMember.
ExemptedMembers []Member `json:"exemptedMembers,omitempty"`
}