-
Notifications
You must be signed in to change notification settings - Fork 62
/
zz_workloadidentitypoolprovider_types.go
executable file
·179 lines (141 loc) · 7.82 KB
/
zz_workloadidentitypoolprovider_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
/*
Copyright 2021 The Crossplane Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by upjet. DO NOT EDIT.
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
v1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
)
type AwsObservation struct {
}
type AwsParameters struct {
// The AWS account ID.
// +kubebuilder:validation:Required
AccountID *string `json:"accountId" tf:"account_id,omitempty"`
}
type OidcObservation struct {
}
type OidcParameters struct {
// Acceptable values for the aud field (audience) in the OIDC token. Token exchange
// requests are rejected if the token audience does not match one of the configured
// values. Each audience may be at most 256 characters. A maximum of 10 audiences may
// be configured.
// If this list is empty, the OIDC token audience must be equal to the full canonical
// resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.
// For example:
// +kubebuilder:validation:Optional
AllowedAudiences []*string `json:"allowedAudiences,omitempty" tf:"allowed_audiences,omitempty"`
// The OIDC issuer URL.
// +kubebuilder:validation:Required
IssuerURI *string `json:"issuerUri" tf:"issuer_uri,omitempty"`
}
type WorkloadIdentityPoolProviderObservation struct {
// an identifier for the resource with format projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}}
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// The resource name of the provider as
// projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}.
Name *string `json:"name,omitempty" tf:"name,omitempty"`
// The state of the provider.
State *string `json:"state,omitempty" tf:"state,omitempty"`
}
type WorkloadIdentityPoolProviderParameters struct {
// A Common Expression Language expression, in
// plain text, to restrict what otherwise valid authentication credentials issued by the
// provider should not be accepted.
// The expression must output a boolean representing whether to allow the federation.
// The following keywords may be referenced in the expressions:
// +kubebuilder:validation:Optional
AttributeCondition *string `json:"attributeCondition,omitempty" tf:"attribute_condition,omitempty"`
// Maps attributes from authentication credentials issued by an external identity provider
// to Google Cloud attributes, such as subject and segment.
// Each key must be a string specifying the Google Cloud IAM attribute to map to.
// The following keys are supported:
// +kubebuilder:validation:Optional
AttributeMapping map[string]*string `json:"attributeMapping,omitempty" tf:"attribute_mapping,omitempty"`
// An Amazon Web Services identity provider. Not compatible with the property oidc.
// Structure is documented below.
// +kubebuilder:validation:Optional
Aws []AwsParameters `json:"aws,omitempty" tf:"aws,omitempty"`
// A description for the provider. Cannot exceed 256 characters.
// +kubebuilder:validation:Optional
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.
// However, existing tokens still grant access.
// +kubebuilder:validation:Optional
Disabled *bool `json:"disabled,omitempty" tf:"disabled,omitempty"`
// A display name for the provider. Cannot exceed 32 characters.
// +kubebuilder:validation:Optional
DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"`
// An OpenId Connect 1.0 identity provider. Not compatible with the property aws.
// Structure is documented below.
// +kubebuilder:validation:Optional
Oidc []OidcParameters `json:"oidc,omitempty" tf:"oidc,omitempty"`
// The ID of the project in which the resource belongs.
// If it is not provided, the provider project is used.
// +kubebuilder:validation:Optional
Project *string `json:"project,omitempty" tf:"project,omitempty"`
// The ID used for the pool, which is the final component of the pool resource name. This
// value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix
// gcp- is reserved for use by Google, and may not be specified.
// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/iam/v1beta1.WorkloadIdentityPool
// +kubebuilder:validation:Optional
WorkloadIdentityPoolID *string `json:"workloadIdentityPoolId,omitempty" tf:"workload_identity_pool_id,omitempty"`
// Reference to a WorkloadIdentityPool in iam to populate workloadIdentityPoolId.
// +kubebuilder:validation:Optional
WorkloadIdentityPoolIDRef *v1.Reference `json:"workloadIdentityPoolIdRef,omitempty" tf:"-"`
// Selector for a WorkloadIdentityPool in iam to populate workloadIdentityPoolId.
// +kubebuilder:validation:Optional
WorkloadIdentityPoolIDSelector *v1.Selector `json:"workloadIdentityPoolIdSelector,omitempty" tf:"-"`
}
// WorkloadIdentityPoolProviderSpec defines the desired state of WorkloadIdentityPoolProvider
type WorkloadIdentityPoolProviderSpec struct {
v1.ResourceSpec `json:",inline"`
ForProvider WorkloadIdentityPoolProviderParameters `json:"forProvider"`
}
// WorkloadIdentityPoolProviderStatus defines the observed state of WorkloadIdentityPoolProvider.
type WorkloadIdentityPoolProviderStatus struct {
v1.ResourceStatus `json:",inline"`
AtProvider WorkloadIdentityPoolProviderObservation `json:"atProvider,omitempty"`
}
// +kubebuilder:object:root=true
// WorkloadIdentityPoolProvider is the Schema for the WorkloadIdentityPoolProviders API. A configuration for an external identity provider.
// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}
type WorkloadIdentityPoolProvider struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec WorkloadIdentityPoolProviderSpec `json:"spec"`
Status WorkloadIdentityPoolProviderStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// WorkloadIdentityPoolProviderList contains a list of WorkloadIdentityPoolProviders
type WorkloadIdentityPoolProviderList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []WorkloadIdentityPoolProvider `json:"items"`
}
// Repository type metadata.
var (
WorkloadIdentityPoolProvider_Kind = "WorkloadIdentityPoolProvider"
WorkloadIdentityPoolProvider_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: WorkloadIdentityPoolProvider_Kind}.String()
WorkloadIdentityPoolProvider_KindAPIVersion = WorkloadIdentityPoolProvider_Kind + "." + CRDGroupVersion.String()
WorkloadIdentityPoolProvider_GroupVersionKind = CRDGroupVersion.WithKind(WorkloadIdentityPoolProvider_Kind)
)
func init() {
SchemeBuilder.Register(&WorkloadIdentityPoolProvider{}, &WorkloadIdentityPoolProviderList{})
}