-
Notifications
You must be signed in to change notification settings - Fork 193
/
computeorganizationsecuritypolicyrule_types.go
172 lines (142 loc) · 7.48 KB
/
computeorganizationsecuritypolicyrule_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
//
// ----------------------------------------------------------------------------
//
// This file is automatically generated by Config Connector and manual
// changes will be clobbered when the file is regenerated.
//
// ----------------------------------------------------------------------------
// *** DISCLAIMER ***
// Config Connector's go-client for CRDs is currently in ALPHA, which means
// that future versions of the go-client may include breaking changes.
// Please try it out and give us feedback!
package v1alpha1
import (
"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/k8s/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
type OrganizationsecuritypolicyruleConfig struct {
/* Destination IP address range in CIDR format. Required for
EGRESS rules. */
// +optional
DestIpRanges []string `json:"destIpRanges,omitempty"`
/* Pairs of IP protocols and ports that the rule should match. */
Layer4Config []OrganizationsecuritypolicyruleLayer4Config `json:"layer4Config"`
/* Source IP address range in CIDR format. Required for
INGRESS rules. */
// +optional
SrcIpRanges []string `json:"srcIpRanges,omitempty"`
}
type OrganizationsecuritypolicyruleLayer4Config struct {
/* The IP protocol to which this rule applies. The protocol
type is required when creating a firewall rule.
This value can either be one of the following well
known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
or the IP protocol number. */
IpProtocol string `json:"ipProtocol"`
/* An optional list of ports to which this rule applies. This field
is only applicable for UDP or TCP protocol. Each entry must be
either an integer or a range. If not specified, this rule
applies to connections through any port.
Example inputs include: ["22"], ["80","443"], and
["12345-12349"]. */
// +optional
Ports []string `json:"ports,omitempty"`
}
type OrganizationsecuritypolicyruleMatch struct {
/* The configuration options for matching the rule. */
Config OrganizationsecuritypolicyruleConfig `json:"config"`
/* A description of the rule. */
// +optional
Description *string `json:"description,omitempty"`
/* Preconfigured versioned expression. For organization security policy rules,
the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. */
// +optional
VersionedExpr *string `json:"versionedExpr,omitempty"`
}
type ComputeOrganizationSecurityPolicyRuleSpec struct {
/* The Action to perform when the client connection triggers the rule. Can currently be either
"allow", "deny" or "goto_next". */
Action string `json:"action"`
/* A description of the rule. */
// +optional
Description *string `json:"description,omitempty"`
/* The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"]. */
// +optional
Direction *string `json:"direction,omitempty"`
/* Denotes whether to enable logging for a particular rule.
If logging is enabled, logs will be exported to the
configured export destination in Stackdriver. */
// +optional
EnableLogging *bool `json:"enableLogging,omitempty"`
/* A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. */
Match OrganizationsecuritypolicyruleMatch `json:"match"`
/* Immutable. The ID of the OrganizationSecurityPolicy this rule applies to. */
PolicyId string `json:"policyId"`
/* If set to true, the specified action is not enforced. */
// +optional
Preview *bool `json:"preview,omitempty"`
/* Immutable. Optional. The priority of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
// +optional
ResourceID *string `json:"resourceID,omitempty"`
/* A list of network resource URLs to which this rule applies.
This field allows you to control which network's VMs get
this rule. If this field is left blank, all VMs
within the organization will receive the rule. */
// +optional
TargetResources []string `json:"targetResources,omitempty"`
/* A list of service accounts indicating the sets of
instances that are applied with this rule. */
// +optional
TargetServiceAccounts []string `json:"targetServiceAccounts,omitempty"`
}
type ComputeOrganizationSecurityPolicyRuleStatus struct {
/* Conditions represent the latest available observations of the
ComputeOrganizationSecurityPolicyRule's current state. */
Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
/* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */
// +optional
ObservedGeneration *int64 `json:"observedGeneration,omitempty"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=gcp,shortName=gcpcomputeorganizationsecuritypolicyrule;gcpcomputeorganizationsecuritypolicyrules
// +kubebuilder:subresource:status
// +kubebuilder:metadata:labels="cnrm.cloud.google.com/managed-by-kcc=true";"cnrm.cloud.google.com/stability-level=alpha";"cnrm.cloud.google.com/system=true";"cnrm.cloud.google.com/tf2crd=true"
// +kubebuilder:printcolumn:name="Age",JSONPath=".metadata.creationTimestamp",type="date"
// +kubebuilder:printcolumn:name="Ready",JSONPath=".status.conditions[?(@.type=='Ready')].status",type="string",description="When 'True', the most recent reconcile of the resource succeeded"
// +kubebuilder:printcolumn:name="Status",JSONPath=".status.conditions[?(@.type=='Ready')].reason",type="string",description="The reason for the value in 'Ready'"
// +kubebuilder:printcolumn:name="Status Age",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime",type="date",description="The last transition time for the value in 'Status'"
// ComputeOrganizationSecurityPolicyRule is the Schema for the compute API
// +k8s:openapi-gen=true
type ComputeOrganizationSecurityPolicyRule struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ComputeOrganizationSecurityPolicyRuleSpec `json:"spec,omitempty"`
Status ComputeOrganizationSecurityPolicyRuleStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ComputeOrganizationSecurityPolicyRuleList contains a list of ComputeOrganizationSecurityPolicyRule
type ComputeOrganizationSecurityPolicyRuleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ComputeOrganizationSecurityPolicyRule `json:"items"`
}
func init() {
SchemeBuilder.Register(&ComputeOrganizationSecurityPolicyRule{}, &ComputeOrganizationSecurityPolicyRuleList{})
}