forked from GoogleCloudPlatform/k8s-config-connector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
core_v1alpha1_servicemapping.yaml
422 lines (421 loc) · 24.4 KB
/
core_v1alpha1_servicemapping.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
cnrm.cloud.google.com/version: 1.29.0
creationTimestamp: null
labels:
cnrm.cloud.google.com/managed-by-kcc: "true"
cnrm.cloud.google.com/system: "true"
controller-tools.k8s.io: "1.0"
name: servicemappings.core.cnrm.cloud.google.com
spec:
group: core.cnrm.cloud.google.com
names:
kind: ServiceMapping
plural: servicemappings
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ServiceMappingSpec defines the aspects common to all resources
of a particular service being mapped from the Terraform provider to Kubernetes
Resource Model (KRM).
properties:
name:
description: Name is the name of the service being mapped (e.g. Spanner,
PubSub). This is used for the construction of the generated CRDs'
API group and kind.
type: string
resources:
description: Resources is a list of configurations specifying how to
map a specific resource from the Terraform provider to KRM.
items:
properties:
containers:
description: Containers describes all the container mappings this
resource understands. Config Connector maps Kubernetes namespaces
to the abstract GCP container objects they are scoped by via
namespaces. For most resource types, this is a project, but
certain resources live outside the scope of a project, like
folders or projects themselves. Containers are expressed as
annotations on a given Namespace, though users may provide resource-level
overrides.
items:
properties:
tfField:
description: TFField is the path to the field in the underlying
Terraform provider that represents the implicit reference
to the container object. Use periods to delimit the fields
in the path. For example, if the field is "bar" nested
inside "foo" ("foo" being either an object or a list of
objects), the associated TFField should be "foo.bar")
type: string
type:
description: Type is the type of container this represents.
type: string
valueTemplate:
description: ValueTemplate is a template by which the value
of the container annotation should be interpreted before
being passed to the Terraform provider. {{value}} is used
in place of this sourced value. e.g. If the value sourced
from the container annotation is "123456789", a valueTemplate
of "folders/{{value}}" would mean the final value passed
to the provider is "folders/123456789"
type: string
required:
- type
- tfField
type: object
type: array
directives:
description: Directives is a list of Terraform fields that perform
unique behaviors on top of the resource which are not part of
a GET response. If the KCC annotation's key contains a directive
from this list (e.g. `cnrm.cloud.google.com/force-destroy`),
the value from the annotation is stored/overwritten in the TF
config (e.g. force_destroy -> true)
items:
type: string
type: array
iamConfig:
description: IAMConfig contains the mappings from a given resource
onto its associated terraform IAM resources (policies, bindings,
and members)
properties:
auditConfigName:
description: AuditConfigName is the terraform name of the
associated IAM Audit Config resource, if there is any (e.g.
google_project_iam_audit_config for the Project resource)
type: string
policyMemberName:
description: PolicyMemberName is the terraform name of the
associated IAM Policy Member resource (e.g. google_spanner_instance_iam_member)
type: string
policyName:
description: PolicyName is the terraform name of the associated
IAM Policy resource (e.g. google_spanner_instance_iam_policy)
type: string
referenceField:
description: A description of the manner in which the IAM
Policy references its resource.
properties:
name:
description: The name of the field in the policy or binding
which references the resource. For 'google_spanner_instance_iam_policy'
this value is 'instance'.
type: string
type:
description: The type of value that should be used in
this field. It can be one of { name, id }. For 'google_spanner_instance_iam_policy'
it would be 'name' for 'google_kms_key_ring_iam_policy'
it would be 'id'.
type: string
required:
- name
- type
type: object
supportsConditions:
description: SupportsConditions indicates whether or not the
resource supports IAM Conditions.
type: boolean
required:
- policyName
- policyMemberName
- supportsConditions
type: object
idTemplate:
description: IDTemplate defines the format in which the ID fed
into the TF resource's importer should look. Fields may be sourced
from the TF resource by using the `{{foo}}` syntax. (e.g. {{project}}/{{location}}/{{name}}. All
fields are required. A field can be marked as optional with
the ? suffix, e.g. with {{project}}/{{host?}}, the host field
is optional An OR condition can be defined on a portion of
the template by enclosing the portion with brackets `[...]`
and using a bar character, `|`, to deliminate the OR. Example,
`my-template/[{{field1}}|text_{{field2}]`. If SkipImport is
true, this must be specified, and its expanded form will be
directly used as the TF resource's `id` field.
type: string
ignoredFields:
description: IgnoredFields is a list of fields that should be
dropped from the underlying Terraform resource.
items:
type: string
type: array
kind:
description: Kind is the Kubernetes kind you wish the resource
to have.
type: string
locationality:
description: 'Locationality categorizes the GCP resources as global,
regional, or zonal. It''s only applicable to the effort of unifying
multiple locational TF resources into one, e.g. KCC could have
a single ComputeAddress CRD to represent two TF/GCE resources
- compute address and global compute address. The location field
in ComputeAddress CRD is used to specify whether it is a global
address or regional address. If unset, it''s assumed that there
is no multiple TF locational resources mapping to the same compute
resource schema. Currently, this supports the following values:
global, regional, zonal.'
type: string
metadataMapping:
description: MetadataMapping determines how to map Kubernetes
metadata fields to the Terraform resource's configuration.
properties:
labels:
description: Labels is a JSONPath to the field in the TF resource
where the KRM "metadata.labels" field will be mapped to.
By default, this is mapped to the "labels" field, if that
field is found in the TF resource schema.
type: string
name:
description: Name is a JSONPath to the field in the TF resource
where the KRM "metadata.name" field will be mapped to. By
default, this is mapped to the "name" field, if that field
is found in the TF resource schema.
type: string
nameValueTemplate:
description: NameValueTemplate is a template by which the
value of the metadata.name field should be interpreted before
being passed to the Terraform provider. {{value}} is used
in place of this sourced value. e.g. If the value sourced
from metadata.name is "foo_bar", a nameValueTemplate of
"resource/{{value}}" would mean the final value passed to
the provider is "resource/foo_bar"
type: string
type: object
mutableButUnreadableFields:
description: MutableButUnreadableFields is a list of Terraform
fields that are mutable but not returned by the Terraform read.
KCC tracks the values of such fields to be able to determine
if the user changed their values on the spec.
items:
type: string
type: array
name:
description: Name is the Terraform name of the resource (e.g.
google_spanner_instance)
type: string
resourceID:
description: ResourceID determines how to map the `spec.resourceID`
field to the Terraform resource's configuration. For multiple
ResourceConfigs that map to the same Kind, their ResourceID
definition must be the same.
properties:
targetField:
description: TargetField is the name of the field in the TF
resource where the KRM `spec.resourceID` field will be mapped
to.
type: string
valueTemplate:
description: ValueTemplate is a template by which the value
of the `spec.resourceID` field should be interpreted before
being passed to the Terraform provider. {{value}} is used
in place of the source value, i.e. the value of `spec.resourceID`. E.g.
If `spec.resourceID` is "foo", a ValueTemplate of "resources/{{value}}"
means the final value passed to the Terraform provider is
"resources/foo".
type: string
type: object
resourceReferences:
description: ResourceReferences configures the mapping of fields
in the Terraform resource that implicitly define references
to other GCP resources into explicit Kubernetes-style references.
items:
properties:
description:
description: Description is the description for the resource
reference that will be exposed in the CRD.
type: string
gvk:
description: GVK is the Group,Version,Kind of the resource
being referenced. This field is mutually exclusive with
JSONSchemaType.
type: object
jsonSchemaType:
description: JSONSchemaType specifies the type as understood
by JSON schema validation of this reference field. Should
never be specified for a TypeConfig inlined in the ReferenceConfig. This
field is mutually exclusive with Kind and TargetField.
type: string
key:
description: 'Key is the field name that will be exposed
through the KRM resource''s spec. It should follow the
Kubernetes reference naming semantics: `fooRef`, where
foo is some describer of what is being referenced (e.g. instanceRef,
healthCheckRef) Complex references (those with a "Types"
list defined) or lists of references should not specify
a key.'
type: string
parent:
description: Parent specifies whether the referenced resource
is a parent. If the parent is successfully deleted, this
resource may be deleted without any call to the underlying
API. Only one parent may be present. A parent reference's
TFField must not be a nested path.
type: boolean
targetField:
description: TargetField is the referenced resource's Terraform
field that will be extracted and set as the value of the
TFField. For example, a ComputeSubnetwork can reference
a ComputeNetwork's self link by setting TargetField to
"self_link", a field defined on the google_compute_network
resource.
type: string
tfField:
description: TFField is the path to the field in the underlying
Terraform provider that is the implicit reference. Use
periods to delimit the fields in the path. For example,
if the reference field is "bar" nested inside "foo" ("foo"
being either an object or a list of objects), the associated
TFField should be "foo.bar")
type: string
types:
description: Types is the supported types this resource
reference supports. Must not be specified if the inlined
TypeConfig is filled out. If the value for the reference
is not specified in the KRM spec, it is possible that
a default value may be set by GCP. This default reference
value will be populated in the KRM resource's spec. In
cases where a resource reference has multiple types, the
first type in this list will become the default TypeConfig
for that value.
items:
properties:
gvk:
description: GVK is the Group,Version,Kind of the
resource being referenced. This field is mutually
exclusive with JSONSchemaType.
type: object
jsonSchemaType:
description: JSONSchemaType specifies the type as
understood by JSON schema validation of this reference
field. Should never be specified for a TypeConfig
inlined in the ReferenceConfig. This field is mutually
exclusive with Kind and TargetField.
type: string
key:
description: 'Key is the field name that will be exposed
through the KRM resource''s spec. It should follow
the Kubernetes reference naming semantics: `fooRef`,
where foo is some describer of what is being referenced
(e.g. instanceRef, healthCheckRef) Complex references
(those with a "Types" list defined) or lists of
references should not specify a key.'
type: string
parent:
description: Parent specifies whether the referenced
resource is a parent. If the parent is successfully
deleted, this resource may be deleted without any
call to the underlying API. Only one parent may
be present. A parent reference's TFField must not
be a nested path.
type: boolean
targetField:
description: TargetField is the referenced resource's
Terraform field that will be extracted and set as
the value of the TFField. For example, a ComputeSubnetwork
can reference a ComputeNetwork's self link by setting
TargetField to "self_link", a field defined on the
google_compute_network resource.
type: string
valueTemplate:
description: ValueTemplate is a template by which
the value sourced from the reference should be interpreted
before being passed to the Terraform provider. {{value}}
is used in place of this sourced value. The template
can contain other value placeholders that need to
be sourced from the reference resource. e.g. If
the value sourced from the reference is "foo@domain.com",
a valueTemplate of "serviceAccount:{{value}}" would
mean the final value passed to the provider is "serviceAccount:foo@domain.com"
e.g. If the template is "projects/{{project}}/topics/{{value}}",
the project value will be sourced from the referenced
resource.
type: string
type: object
type: array
valueTemplate:
description: ValueTemplate is a template by which the value
sourced from the reference should be interpreted before
being passed to the Terraform provider. {{value}} is used
in place of this sourced value. The template can contain
other value placeholders that need to be sourced from
the reference resource. e.g. If the value sourced from
the reference is "foo@domain.com", a valueTemplate of
"serviceAccount:{{value}}" would mean the final value
passed to the provider is "serviceAccount:foo@domain.com"
e.g. If the template is "projects/{{project}}/topics/{{value}}",
the project value will be sourced from the referenced
resource.
type: string
required:
- tfField
type: object
type: array
serverGeneratedIDField:
description: ServerGeneratedIDField is the field in the resource's
status that corresponds to the server-generated resource ID.
If unset, it's assumed the resource ID is specified by the user.
Resources with this set do not support acquisition.
type: string
skipImport:
description: SkipImport skips the import step when fetching the
live state of the underlying resource. If specified, IDTemplate
must also be specified, and its expanded form will be used as
the TF resource's `id` field.
type: boolean
required:
- name
- kind
type: object
type: array
serviceHostName:
description: ServiceHostName is the host portion of the URL for the
associated service. IE, for Spanner, it is 'spanner.googleapis.com'
type: string
version:
description: Version is the API version for all the resource CRDs being
generated.
type: string
required:
- name
- version
- serviceHostName
- resources
type: object
type: object
version: v1alpha1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []