-
Notifications
You must be signed in to change notification settings - Fork 59
/
zz_attestor_types.go
executable file
·369 lines (305 loc) · 16.7 KB
/
zz_attestor_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
// SPDX-FileCopyrightText: 2023 The Crossplane Authors <https://crossplane.io>
//
// SPDX-License-Identifier: Apache-2.0
/*
Copyright 2021 The Crossplane Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by upjet. DO NOT EDIT.
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
v1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
)
type AttestationAuthorityNoteInitParameters struct {
// Public keys that verify attestations signed by this attestor. This
// field may be updated.
// If this field is non-empty, one of the specified public keys must
// verify that an attestation was signed by this attestor for the
// image specified in the admission request.
// If this field is empty, this attestor always returns that no valid
// attestations exist.
// Structure is documented below.
PublicKeys []PublicKeysInitParameters `json:"publicKeys,omitempty" tf:"public_keys,omitempty"`
}
type AttestationAuthorityNoteObservation struct {
// (Output)
// This field will contain the service account email address that
// this Attestor will use as the principal when querying Container
// Analysis. Attestor administrators must grant this service account
// the IAM role needed to read attestations from the noteReference in
// Container Analysis (containeranalysis.notes.occurrences.viewer).
// This email address is fixed for the lifetime of the Attestor, but
// callers should not make any other assumptions about the service
// account email; future versions may use an email based on a
// different naming pattern.
DelegationServiceAccountEmail *string `json:"delegationServiceAccountEmail,omitempty" tf:"delegation_service_account_email,omitempty"`
// The resource name of a ATTESTATION_AUTHORITY Note, created by the
// user. If the Note is in a different project from the Attestor, it
// should be specified in the format projects/*/notes/* (or the legacy
// providers/*/notes/*). This field may not be updated.
// An attestation by this attestor is stored as a Container Analysis
// ATTESTATION_AUTHORITY Occurrence that names a container image
// and that links to this Note.
NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"`
// Public keys that verify attestations signed by this attestor. This
// field may be updated.
// If this field is non-empty, one of the specified public keys must
// verify that an attestation was signed by this attestor for the
// image specified in the admission request.
// If this field is empty, this attestor always returns that no valid
// attestations exist.
// Structure is documented below.
PublicKeys []PublicKeysObservation `json:"publicKeys,omitempty" tf:"public_keys,omitempty"`
}
type AttestationAuthorityNoteParameters struct {
// The resource name of a ATTESTATION_AUTHORITY Note, created by the
// user. If the Note is in a different project from the Attestor, it
// should be specified in the format projects/*/notes/* (or the legacy
// providers/*/notes/*). This field may not be updated.
// An attestation by this attestor is stored as a Container Analysis
// ATTESTATION_AUTHORITY Occurrence that names a container image
// and that links to this Note.
// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/containeranalysis/v1beta1.Note
// +kubebuilder:validation:Optional
NoteReference *string `json:"noteReference,omitempty" tf:"note_reference,omitempty"`
// Reference to a Note in containeranalysis to populate noteReference.
// +kubebuilder:validation:Optional
NoteReferenceRef *v1.Reference `json:"noteReferenceRef,omitempty" tf:"-"`
// Selector for a Note in containeranalysis to populate noteReference.
// +kubebuilder:validation:Optional
NoteReferenceSelector *v1.Selector `json:"noteReferenceSelector,omitempty" tf:"-"`
// Public keys that verify attestations signed by this attestor. This
// field may be updated.
// If this field is non-empty, one of the specified public keys must
// verify that an attestation was signed by this attestor for the
// image specified in the admission request.
// If this field is empty, this attestor always returns that no valid
// attestations exist.
// Structure is documented below.
// +kubebuilder:validation:Optional
PublicKeys []PublicKeysParameters `json:"publicKeys,omitempty" tf:"public_keys,omitempty"`
}
type AttestorInitParameters struct {
// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
// Structure is documented below.
AttestationAuthorityNote []AttestationAuthorityNoteInitParameters `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"`
// A descriptive comment. This field may be updated. The field may be
// displayed in chooser dialogs.
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// The ID of the project in which the resource belongs.
// If it is not provided, the provider project is used.
Project *string `json:"project,omitempty" tf:"project,omitempty"`
}
type AttestorObservation struct {
// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
// Structure is documented below.
AttestationAuthorityNote []AttestationAuthorityNoteObservation `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"`
// A descriptive comment. This field may be updated. The field may be
// displayed in chooser dialogs.
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// an identifier for the resource with format projects/{{project}}/attestors/{{name}}
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// The ID of the project in which the resource belongs.
// If it is not provided, the provider project is used.
Project *string `json:"project,omitempty" tf:"project,omitempty"`
}
type AttestorParameters struct {
// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
// Structure is documented below.
// +kubebuilder:validation:Optional
AttestationAuthorityNote []AttestationAuthorityNoteParameters `json:"attestationAuthorityNote,omitempty" tf:"attestation_authority_note,omitempty"`
// A descriptive comment. This field may be updated. The field may be
// displayed in chooser dialogs.
// +kubebuilder:validation:Optional
Description *string `json:"description,omitempty" tf:"description,omitempty"`
// The ID of the project in which the resource belongs.
// If it is not provided, the provider project is used.
// +kubebuilder:validation:Optional
Project *string `json:"project,omitempty" tf:"project,omitempty"`
}
type PkixPublicKeyInitParameters struct {
// A PEM-encoded public key, as described in
// https://tools.ietf.org/html/rfc7468#section-13
PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"`
// The signature algorithm used to verify a message against
// a signature using this key. These signature algorithm must
// match the structure and any object identifiers encoded in
// publicKeyPem (i.e. this algorithm must match that of the
// public key).
SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"`
}
type PkixPublicKeyObservation struct {
// A PEM-encoded public key, as described in
// https://tools.ietf.org/html/rfc7468#section-13
PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"`
// The signature algorithm used to verify a message against
// a signature using this key. These signature algorithm must
// match the structure and any object identifiers encoded in
// publicKeyPem (i.e. this algorithm must match that of the
// public key).
SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"`
}
type PkixPublicKeyParameters struct {
// A PEM-encoded public key, as described in
// https://tools.ietf.org/html/rfc7468#section-13
// +kubebuilder:validation:Optional
PublicKeyPem *string `json:"publicKeyPem,omitempty" tf:"public_key_pem,omitempty"`
// The signature algorithm used to verify a message against
// a signature using this key. These signature algorithm must
// match the structure and any object identifiers encoded in
// publicKeyPem (i.e. this algorithm must match that of the
// public key).
// +kubebuilder:validation:Optional
SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty" tf:"signature_algorithm,omitempty"`
}
type PublicKeysInitParameters struct {
// ASCII-armored representation of a PGP public key, as the
// entire output by the command
// gpg --export --armor foo@example.com (either LF or CRLF
// line endings). When using this field, id should be left
// blank. The BinAuthz API handlers will calculate the ID
// and fill it in automatically. BinAuthz computes this ID
// as the OpenPGP RFC4880 V4 fingerprint, represented as
// upper-case hex. If id is provided by the caller, it will
// be overwritten by the API-calculated ID.
ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"`
// A descriptive comment. This field may be updated.
Comment *string `json:"comment,omitempty" tf:"comment,omitempty"`
// The ID of this public key. Signatures verified by BinAuthz
// must include the ID of the public key that can be used to
// verify them, and that ID must match the contents of this
// field exactly. Additional restrictions on this field can
// be imposed based on which public key type is encapsulated.
// See the documentation on publicKey cases below for details.
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// A raw PKIX SubjectPublicKeyInfo format public key.
// NOTE: id may be explicitly provided by the caller when using this
// type of public key, but it MUST be a valid RFC3986 URI. If id is left
// blank, a default one will be computed based on the digest of the DER
// encoding of the public key.
// Structure is documented below.
PkixPublicKey []PkixPublicKeyInitParameters `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"`
}
type PublicKeysObservation struct {
// ASCII-armored representation of a PGP public key, as the
// entire output by the command
// gpg --export --armor foo@example.com (either LF or CRLF
// line endings). When using this field, id should be left
// blank. The BinAuthz API handlers will calculate the ID
// and fill it in automatically. BinAuthz computes this ID
// as the OpenPGP RFC4880 V4 fingerprint, represented as
// upper-case hex. If id is provided by the caller, it will
// be overwritten by the API-calculated ID.
ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"`
// A descriptive comment. This field may be updated.
Comment *string `json:"comment,omitempty" tf:"comment,omitempty"`
// The ID of this public key. Signatures verified by BinAuthz
// must include the ID of the public key that can be used to
// verify them, and that ID must match the contents of this
// field exactly. Additional restrictions on this field can
// be imposed based on which public key type is encapsulated.
// See the documentation on publicKey cases below for details.
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// A raw PKIX SubjectPublicKeyInfo format public key.
// NOTE: id may be explicitly provided by the caller when using this
// type of public key, but it MUST be a valid RFC3986 URI. If id is left
// blank, a default one will be computed based on the digest of the DER
// encoding of the public key.
// Structure is documented below.
PkixPublicKey []PkixPublicKeyObservation `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"`
}
type PublicKeysParameters struct {
// ASCII-armored representation of a PGP public key, as the
// entire output by the command
// gpg --export --armor foo@example.com (either LF or CRLF
// line endings). When using this field, id should be left
// blank. The BinAuthz API handlers will calculate the ID
// and fill it in automatically. BinAuthz computes this ID
// as the OpenPGP RFC4880 V4 fingerprint, represented as
// upper-case hex. If id is provided by the caller, it will
// be overwritten by the API-calculated ID.
// +kubebuilder:validation:Optional
ASCIIArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty" tf:"ascii_armored_pgp_public_key,omitempty"`
// A descriptive comment. This field may be updated.
// +kubebuilder:validation:Optional
Comment *string `json:"comment,omitempty" tf:"comment,omitempty"`
// The ID of this public key. Signatures verified by BinAuthz
// must include the ID of the public key that can be used to
// verify them, and that ID must match the contents of this
// field exactly. Additional restrictions on this field can
// be imposed based on which public key type is encapsulated.
// See the documentation on publicKey cases below for details.
// +kubebuilder:validation:Optional
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// A raw PKIX SubjectPublicKeyInfo format public key.
// NOTE: id may be explicitly provided by the caller when using this
// type of public key, but it MUST be a valid RFC3986 URI. If id is left
// blank, a default one will be computed based on the digest of the DER
// encoding of the public key.
// Structure is documented below.
// +kubebuilder:validation:Optional
PkixPublicKey []PkixPublicKeyParameters `json:"pkixPublicKey,omitempty" tf:"pkix_public_key,omitempty"`
}
// AttestorSpec defines the desired state of Attestor
type AttestorSpec struct {
v1.ResourceSpec `json:",inline"`
ForProvider AttestorParameters `json:"forProvider"`
// THIS IS A BETA FIELD. It will be honored
// unless the Management Policies feature flag is disabled.
// InitProvider holds the same fields as ForProvider, with the exception
// of Identifier and other resource reference fields. The fields that are
// in InitProvider are merged into ForProvider when the resource is created.
// The same fields are also added to the terraform ignore_changes hook, to
// avoid updating them after creation. This is useful for fields that are
// required on creation, but we do not desire to update them after creation,
// for example because of an external controller is managing them, like an
// autoscaler.
InitProvider AttestorInitParameters `json:"initProvider,omitempty"`
}
// AttestorStatus defines the observed state of Attestor.
type AttestorStatus struct {
v1.ResourceStatus `json:",inline"`
AtProvider AttestorObservation `json:"atProvider,omitempty"`
}
// +kubebuilder:object:root=true
// Attestor is the Schema for the Attestors API. An attestor that attests to container image artifacts.
// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}
type Attestor struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// +kubebuilder:validation:XValidation:rule="!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.attestationAuthorityNote) || (has(self.initProvider) && has(self.initProvider.attestationAuthorityNote))",message="spec.forProvider.attestationAuthorityNote is a required parameter"
Spec AttestorSpec `json:"spec"`
Status AttestorStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// AttestorList contains a list of Attestors
type AttestorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Attestor `json:"items"`
}
// Repository type metadata.
var (
Attestor_Kind = "Attestor"
Attestor_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: Attestor_Kind}.String()
Attestor_KindAPIVersion = Attestor_Kind + "." + CRDGroupVersion.String()
Attestor_GroupVersionKind = CRDGroupVersion.WithKind(Attestor_Kind)
)
func init() {
SchemeBuilder.Register(&Attestor{}, &AttestorList{})
}