-
Notifications
You must be signed in to change notification settings - Fork 61
/
zz_attestor_types.go
executable file
·210 lines (171 loc) · 8.67 KB
/
zz_attestor_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
/*
Copyright 2021 The Crossplane Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by upjet. DO NOT EDIT.
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
v1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
)
type AttestationAuthorityNoteObservation struct {
// This field will contain the service account email address that
// this Attestor will use as the principal when querying Container
// Analysis. Attestor administrators must grant this service account
// the IAM role needed to read attestations from the noteReference in
// Container Analysis (containeranalysis.notes.occurrences.viewer).
// This email address is fixed for the lifetime of the Attestor, but
// callers should not make any other assumptions about the service
// account email; future versions may use an email based on a
// different naming pattern.
DelegationServiceAccountEmail *string `json:"delegationServiceAccountEmail,omitempty" tf:"delegation_service_account_email,omitempty"`
}
type AttestationAuthorityNoteParameters struct {
// The resource name of a ATTESTATION_AUTHORITY Note, created by the
// user. If the Note is in a different project from the Attestor, it
// should be specified in the format projects/*/notes/* (or the legacy
// providers/*/notes/*). This field may not be updated.
// An attestation by this attestor is stored as a Container Analysis
// ATTESTATION_AUTHORITY Occurrence that names a container image
// and that links to this Note.
// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/containeranalysis/v1beta1.Note
// +kubebuilder:validation:Optional
NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"`
// Reference to a Note in containeranalysis to populate noteReference.
// +kubebuilder:validation:Optional
NoteReferenceRef *v1.Reference `json:"noteReferenceRef,omitempty" tf:"-"`
// Selector for a Note in containeranalysis to populate noteReference.
// +kubebuilder:validation:Optional
NoteReferenceSelector *v1.Selector `json:"noteReferenceSelector,omitempty" tf:"-"`
// Public keys that verify attestations signed by this attestor. This
// field may be updated.
// If this field is non-empty, one of the specified public keys must
// verify that an attestation was signed by this attestor for the
// image specified in the admission request.
// If this field is empty, this attestor always returns that no valid
// attestations exist.
// Structure is documented below.
// +kubebuilder:validation:Optional
PublicKeys []PublicKeysParameters `json:"publicKeys,omitempty" tf:"public_keys,omitempty"`
}
type AttestorObservation struct {
// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
// Structure is documented below.
// +kubebuilder:validation:Required
AttestationAuthorityNote []AttestationAuthorityNoteObservation `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"`
// an identifier for the resource with format projects/{{project}}/attestors/{{name}}
ID *string `json:"id,omitempty" tf:"id,omitempty"`
}
type AttestorParameters struct {
// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
// Structure is documented below.
// +kubebuilder:validation:Required
AttestationAuthorityNote []AttestationAuthorityNoteParameters `json:"attestationAuthorityNote" tf:"attestation_authority_note,omitempty"`
// A descriptive comment. This field may be updated. The field may be
// displayed in chooser dialogs.
// +kubebuilder:validation:Optional
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// The ID of the project in which the resource belongs.
// If it is not provided, the provider project is used.
// +kubebuilder:validation:Optional
Project *string `json:"project,omitempty" tf:"project,omitempty"`
}
type PkixPublicKeyObservation struct {
}
type PkixPublicKeyParameters struct {
// A PEM-encoded public key, as described in
// https://tools.ietf.org/html/rfc7468#section-13
// +kubebuilder:validation:Optional
PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"`
// The signature algorithm used to verify a message against
// a signature using this key. These signature algorithm must
// match the structure and any object identifiers encoded in
// publicKeyPem (i.e. this algorithm must match that of the
// public key).
// +kubebuilder:validation:Optional
SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"`
}
type PublicKeysObservation struct {
}
type PublicKeysParameters struct {
// ASCII-armored representation of a PGP public key, as the
// entire output by the command
// gpg --export --armor foo@example.com (either LF or CRLF
// line endings). When using this field, id should be left
// blank. The BinAuthz API handlers will calculate the ID
// and fill it in automatically. BinAuthz computes this ID
// as the OpenPGP RFC4880 V4 fingerprint, represented as
// upper-case hex. If id is provided by the caller, it will
// be overwritten by the API-calculated ID.
// +kubebuilder:validation:Optional
ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"`
// A descriptive comment. This field may be updated.
// +kubebuilder:validation:Optional
Comment *string `json:"comment,omitempty" tf:"comment,omitempty"`
// The ID of this public key. Signatures verified by BinAuthz
// must include the ID of the public key that can be used to
// verify them, and that ID must match the contents of this
// field exactly. Additional restrictions on this field can
// be imposed based on which public key type is encapsulated.
// See the documentation on publicKey cases below for details.
// +kubebuilder:validation:Optional
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// A raw PKIX SubjectPublicKeyInfo format public key.
// NOTE: id may be explicitly provided by the caller when using this
// type of public key, but it MUST be a valid RFC3986 URI. If id is left
// blank, a default one will be computed based on the digest of the DER
// encoding of the public key.
// Structure is documented below.
// +kubebuilder:validation:Optional
PkixPublicKey []PkixPublicKeyParameters `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"`
}
// AttestorSpec defines the desired state of Attestor
type AttestorSpec struct {
v1.ResourceSpec `json:",inline"`
ForProvider AttestorParameters `json:"forProvider"`
}
// AttestorStatus defines the observed state of Attestor.
type AttestorStatus struct {
v1.ResourceStatus `json:",inline"`
AtProvider AttestorObservation `json:"atProvider,omitempty"`
}
// +kubebuilder:object:root=true
// Attestor is the Schema for the Attestors API. An attestor that attests to container image artifacts.
// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}
type Attestor struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec AttestorSpec `json:"spec"`
Status AttestorStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// AttestorList contains a list of Attestors
type AttestorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Attestor `json:"items"`
}
// Repository type metadata.
var (
Attestor_Kind = "Attestor"
Attestor_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Attestor_Kind}.String()
Attestor_KindAPIVersion = Attestor_Kind + "." + CRDGroupVersion.String()
Attestor_GroupVersionKind = CRDGroupVersion.WithKind(Attestor_Kind)
)
func init() {
SchemeBuilder.Register(&Attestor{}, &AttestorList{})
}