-
Notifications
You must be signed in to change notification settings - Fork 64
/
zz_accesslevelcondition_types.go
executable file
·446 lines (357 loc) · 21.3 KB
/
zz_accesslevelcondition_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
// SPDX-FileCopyrightText: 2024 The Crossplane Authors <https://crossplane.io>
//
// SPDX-License-Identifier: Apache-2.0
// Code generated by upjet. DO NOT EDIT.
package v1beta2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
v1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
)
type AccessLevelConditionDevicePolicyInitParameters struct {
// A list of allowed device management levels.
// An empty list allows all management levels.
// Each value may be one of: MANAGEMENT_UNSPECIFIED, NONE, BASIC, COMPLETE.
AllowedDeviceManagementLevels []*string `json:"allowedDeviceManagementLevels,omitempty" tf:"allowed_device_management_levels,omitempty"`
// A list of allowed encryptions statuses.
// An empty list allows all statuses.
// Each value may be one of: ENCRYPTION_UNSPECIFIED, ENCRYPTION_UNSUPPORTED, UNENCRYPTED, ENCRYPTED.
AllowedEncryptionStatuses []*string `json:"allowedEncryptionStatuses,omitempty" tf:"allowed_encryption_statuses,omitempty"`
// A list of allowed OS versions.
// An empty list allows all types and all versions.
// Structure is documented below.
OsConstraints []DevicePolicyOsConstraintsInitParameters `json:"osConstraints,omitempty" tf:"os_constraints,omitempty"`
// Whether the device needs to be approved by the customer admin.
RequireAdminApproval *bool `json:"requireAdminApproval,omitempty" tf:"require_admin_approval,omitempty"`
// Whether the device needs to be corp owned.
RequireCorpOwned *bool `json:"requireCorpOwned,omitempty" tf:"require_corp_owned,omitempty"`
// Whether or not screenlock is required for the DevicePolicy
// to be true. Defaults to false.
RequireScreenLock *bool `json:"requireScreenLock,omitempty" tf:"require_screen_lock,omitempty"`
}
type AccessLevelConditionDevicePolicyObservation struct {
// A list of allowed device management levels.
// An empty list allows all management levels.
// Each value may be one of: MANAGEMENT_UNSPECIFIED, NONE, BASIC, COMPLETE.
AllowedDeviceManagementLevels []*string `json:"allowedDeviceManagementLevels,omitempty" tf:"allowed_device_management_levels,omitempty"`
// A list of allowed encryptions statuses.
// An empty list allows all statuses.
// Each value may be one of: ENCRYPTION_UNSPECIFIED, ENCRYPTION_UNSUPPORTED, UNENCRYPTED, ENCRYPTED.
AllowedEncryptionStatuses []*string `json:"allowedEncryptionStatuses,omitempty" tf:"allowed_encryption_statuses,omitempty"`
// A list of allowed OS versions.
// An empty list allows all types and all versions.
// Structure is documented below.
OsConstraints []DevicePolicyOsConstraintsObservation `json:"osConstraints,omitempty" tf:"os_constraints,omitempty"`
// Whether the device needs to be approved by the customer admin.
RequireAdminApproval *bool `json:"requireAdminApproval,omitempty" tf:"require_admin_approval,omitempty"`
// Whether the device needs to be corp owned.
RequireCorpOwned *bool `json:"requireCorpOwned,omitempty" tf:"require_corp_owned,omitempty"`
// Whether or not screenlock is required for the DevicePolicy
// to be true. Defaults to false.
RequireScreenLock *bool `json:"requireScreenLock,omitempty" tf:"require_screen_lock,omitempty"`
}
type AccessLevelConditionDevicePolicyParameters struct {
// A list of allowed device management levels.
// An empty list allows all management levels.
// Each value may be one of: MANAGEMENT_UNSPECIFIED, NONE, BASIC, COMPLETE.
// +kubebuilder:validation:Optional
AllowedDeviceManagementLevels []*string `json:"allowedDeviceManagementLevels,omitempty" tf:"allowed_device_management_levels,omitempty"`
// A list of allowed encryptions statuses.
// An empty list allows all statuses.
// Each value may be one of: ENCRYPTION_UNSPECIFIED, ENCRYPTION_UNSUPPORTED, UNENCRYPTED, ENCRYPTED.
// +kubebuilder:validation:Optional
AllowedEncryptionStatuses []*string `json:"allowedEncryptionStatuses,omitempty" tf:"allowed_encryption_statuses,omitempty"`
// A list of allowed OS versions.
// An empty list allows all types and all versions.
// Structure is documented below.
// +kubebuilder:validation:Optional
OsConstraints []DevicePolicyOsConstraintsParameters `json:"osConstraints,omitempty" tf:"os_constraints,omitempty"`
// Whether the device needs to be approved by the customer admin.
// +kubebuilder:validation:Optional
RequireAdminApproval *bool `json:"requireAdminApproval,omitempty" tf:"require_admin_approval,omitempty"`
// Whether the device needs to be corp owned.
// +kubebuilder:validation:Optional
RequireCorpOwned *bool `json:"requireCorpOwned,omitempty" tf:"require_corp_owned,omitempty"`
// Whether or not screenlock is required for the DevicePolicy
// to be true. Defaults to false.
// +kubebuilder:validation:Optional
RequireScreenLock *bool `json:"requireScreenLock,omitempty" tf:"require_screen_lock,omitempty"`
}
type AccessLevelConditionInitParameters struct {
// The name of the Access Level to add this condition to.
// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/accesscontextmanager/v1beta2.AccessLevel
// +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",false)
AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"`
// Reference to a AccessLevel in accesscontextmanager to populate accessLevel.
// +kubebuilder:validation:Optional
AccessLevelRef *v1.Reference `json:"accessLevelRef,omitempty" tf:"-"`
// Selector for a AccessLevel in accesscontextmanager to populate accessLevel.
// +kubebuilder:validation:Optional
AccessLevelSelector *v1.Selector `json:"accessLevelSelector,omitempty" tf:"-"`
// Device specific restrictions, all restrictions must hold for
// the Condition to be true. If not specified, all devices are
// allowed.
// Structure is documented below.
DevicePolicy *AccessLevelConditionDevicePolicyInitParameters `json:"devicePolicy,omitempty" tf:"device_policy,omitempty"`
// A list of CIDR block IP subnetwork specification. May be IPv4
// or IPv6.
// Note that for a CIDR IP address block, the specified IP address
// portion must be properly truncated (i.e. all the host bits must
// be zero) or the input is considered malformed. For example,
// "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
// for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
// is not. The originating IP of a request must be in one of the
// listed subnets in order for this Condition to be true.
// If empty, all IP addresses are allowed.
IPSubnetworks []*string `json:"ipSubnetworks,omitempty" tf:"ip_subnetworks,omitempty"`
// An allowed list of members (users, service accounts).
// Using groups is not supported yet.
// The signed-in user originating the request must be a part of one
// of the provided members. If not specified, a request may come
// from any user (logged in/not logged in, not present in any
// groups, etc.).
// Formats: user:{emailid}, serviceAccount:{emailid}
Members []*string `json:"members,omitempty" tf:"members,omitempty"`
// Whether to negate the Condition. If true, the Condition becomes
// a NAND over its non-empty fields, each field must be false for
// the Condition overall to be satisfied. Defaults to false.
Negate *bool `json:"negate,omitempty" tf:"negate,omitempty"`
// The request must originate from one of the provided
// countries/regions.
// Format: A valid ISO 3166-1 alpha-2 code.
Regions []*string `json:"regions,omitempty" tf:"regions,omitempty"`
// A list of other access levels defined in the same Policy,
// referenced by resource name. Referencing an AccessLevel which
// does not exist is an error. All access levels listed must be
// granted for the Condition to be true.
// Format: accessPolicies/{policy_id}/accessLevels/{short_name}
RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"`
// The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks.
// Structure is documented below.
VPCNetworkSources []AccessLevelConditionVPCNetworkSourcesInitParameters `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"`
}
type AccessLevelConditionObservation struct {
// The name of the Access Level to add this condition to.
AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"`
// Device specific restrictions, all restrictions must hold for
// the Condition to be true. If not specified, all devices are
// allowed.
// Structure is documented below.
DevicePolicy *AccessLevelConditionDevicePolicyObservation `json:"devicePolicy,omitempty" tf:"device_policy,omitempty"`
// an identifier for the resource with format {{access_level}}
ID *string `json:"id,omitempty" tf:"id,omitempty"`
// A list of CIDR block IP subnetwork specification. May be IPv4
// or IPv6.
// Note that for a CIDR IP address block, the specified IP address
// portion must be properly truncated (i.e. all the host bits must
// be zero) or the input is considered malformed. For example,
// "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
// for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
// is not. The originating IP of a request must be in one of the
// listed subnets in order for this Condition to be true.
// If empty, all IP addresses are allowed.
IPSubnetworks []*string `json:"ipSubnetworks,omitempty" tf:"ip_subnetworks,omitempty"`
// An allowed list of members (users, service accounts).
// Using groups is not supported yet.
// The signed-in user originating the request must be a part of one
// of the provided members. If not specified, a request may come
// from any user (logged in/not logged in, not present in any
// groups, etc.).
// Formats: user:{emailid}, serviceAccount:{emailid}
Members []*string `json:"members,omitempty" tf:"members,omitempty"`
// Whether to negate the Condition. If true, the Condition becomes
// a NAND over its non-empty fields, each field must be false for
// the Condition overall to be satisfied. Defaults to false.
Negate *bool `json:"negate,omitempty" tf:"negate,omitempty"`
// The request must originate from one of the provided
// countries/regions.
// Format: A valid ISO 3166-1 alpha-2 code.
Regions []*string `json:"regions,omitempty" tf:"regions,omitempty"`
// A list of other access levels defined in the same Policy,
// referenced by resource name. Referencing an AccessLevel which
// does not exist is an error. All access levels listed must be
// granted for the Condition to be true.
// Format: accessPolicies/{policy_id}/accessLevels/{short_name}
RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"`
// The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks.
// Structure is documented below.
VPCNetworkSources []AccessLevelConditionVPCNetworkSourcesObservation `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"`
}
type AccessLevelConditionParameters struct {
// The name of the Access Level to add this condition to.
// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/accesscontextmanager/v1beta2.AccessLevel
// +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("name",false)
// +kubebuilder:validation:Optional
AccessLevel *string `json:"accessLevel,omitempty" tf:"access_level,omitempty"`
// Reference to a AccessLevel in accesscontextmanager to populate accessLevel.
// +kubebuilder:validation:Optional
AccessLevelRef *v1.Reference `json:"accessLevelRef,omitempty" tf:"-"`
// Selector for a AccessLevel in accesscontextmanager to populate accessLevel.
// +kubebuilder:validation:Optional
AccessLevelSelector *v1.Selector `json:"accessLevelSelector,omitempty" tf:"-"`
// Device specific restrictions, all restrictions must hold for
// the Condition to be true. If not specified, all devices are
// allowed.
// Structure is documented below.
// +kubebuilder:validation:Optional
DevicePolicy *AccessLevelConditionDevicePolicyParameters `json:"devicePolicy,omitempty" tf:"device_policy,omitempty"`
// A list of CIDR block IP subnetwork specification. May be IPv4
// or IPv6.
// Note that for a CIDR IP address block, the specified IP address
// portion must be properly truncated (i.e. all the host bits must
// be zero) or the input is considered malformed. For example,
// "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
// for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
// is not. The originating IP of a request must be in one of the
// listed subnets in order for this Condition to be true.
// If empty, all IP addresses are allowed.
// +kubebuilder:validation:Optional
IPSubnetworks []*string `json:"ipSubnetworks,omitempty" tf:"ip_subnetworks,omitempty"`
// An allowed list of members (users, service accounts).
// Using groups is not supported yet.
// The signed-in user originating the request must be a part of one
// of the provided members. If not specified, a request may come
// from any user (logged in/not logged in, not present in any
// groups, etc.).
// Formats: user:{emailid}, serviceAccount:{emailid}
// +kubebuilder:validation:Optional
Members []*string `json:"members,omitempty" tf:"members,omitempty"`
// Whether to negate the Condition. If true, the Condition becomes
// a NAND over its non-empty fields, each field must be false for
// the Condition overall to be satisfied. Defaults to false.
// +kubebuilder:validation:Optional
Negate *bool `json:"negate,omitempty" tf:"negate,omitempty"`
// The request must originate from one of the provided
// countries/regions.
// Format: A valid ISO 3166-1 alpha-2 code.
// +kubebuilder:validation:Optional
Regions []*string `json:"regions,omitempty" tf:"regions,omitempty"`
// A list of other access levels defined in the same Policy,
// referenced by resource name. Referencing an AccessLevel which
// does not exist is an error. All access levels listed must be
// granted for the Condition to be true.
// Format: accessPolicies/{policy_id}/accessLevels/{short_name}
// +kubebuilder:validation:Optional
RequiredAccessLevels []*string `json:"requiredAccessLevels,omitempty" tf:"required_access_levels,omitempty"`
// The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with ip_subnetworks.
// Structure is documented below.
// +kubebuilder:validation:Optional
VPCNetworkSources []AccessLevelConditionVPCNetworkSourcesParameters `json:"vpcNetworkSources,omitempty" tf:"vpc_network_sources,omitempty"`
}
type AccessLevelConditionVPCNetworkSourcesInitParameters struct {
// Sub networks within a VPC network.
// Structure is documented below.
VPCSubnetwork *VPCNetworkSourcesVPCSubnetworkInitParameters `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"`
}
type AccessLevelConditionVPCNetworkSourcesObservation struct {
// Sub networks within a VPC network.
// Structure is documented below.
VPCSubnetwork *VPCNetworkSourcesVPCSubnetworkObservation `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"`
}
type AccessLevelConditionVPCNetworkSourcesParameters struct {
// Sub networks within a VPC network.
// Structure is documented below.
// +kubebuilder:validation:Optional
VPCSubnetwork *VPCNetworkSourcesVPCSubnetworkParameters `json:"vpcSubnetwork,omitempty" tf:"vpc_subnetwork,omitempty"`
}
type DevicePolicyOsConstraintsInitParameters struct {
// The minimum allowed OS version. If not set, any version
// of this OS satisfies the constraint.
// Format: "major.minor.patch" such as "10.5.301", "9.2.1".
MinimumVersion *string `json:"minimumVersion,omitempty" tf:"minimum_version,omitempty"`
// The operating system type of the device.
// Possible values are: OS_UNSPECIFIED, DESKTOP_MAC, DESKTOP_WINDOWS, DESKTOP_LINUX, DESKTOP_CHROME_OS, ANDROID, IOS.
OsType *string `json:"osType,omitempty" tf:"os_type,omitempty"`
}
type DevicePolicyOsConstraintsObservation struct {
// The minimum allowed OS version. If not set, any version
// of this OS satisfies the constraint.
// Format: "major.minor.patch" such as "10.5.301", "9.2.1".
MinimumVersion *string `json:"minimumVersion,omitempty" tf:"minimum_version,omitempty"`
// The operating system type of the device.
// Possible values are: OS_UNSPECIFIED, DESKTOP_MAC, DESKTOP_WINDOWS, DESKTOP_LINUX, DESKTOP_CHROME_OS, ANDROID, IOS.
OsType *string `json:"osType,omitempty" tf:"os_type,omitempty"`
}
type DevicePolicyOsConstraintsParameters struct {
// The minimum allowed OS version. If not set, any version
// of this OS satisfies the constraint.
// Format: "major.minor.patch" such as "10.5.301", "9.2.1".
// +kubebuilder:validation:Optional
MinimumVersion *string `json:"minimumVersion,omitempty" tf:"minimum_version,omitempty"`
// The operating system type of the device.
// Possible values are: OS_UNSPECIFIED, DESKTOP_MAC, DESKTOP_WINDOWS, DESKTOP_LINUX, DESKTOP_CHROME_OS, ANDROID, IOS.
// +kubebuilder:validation:Optional
OsType *string `json:"osType" tf:"os_type,omitempty"`
}
type VPCNetworkSourcesVPCSubnetworkInitParameters struct {
// Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller.
Network *string `json:"network,omitempty" tf:"network,omitempty"`
// CIDR block IP subnetwork specification. Must be IPv4.
VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"`
}
type VPCNetworkSourcesVPCSubnetworkObservation struct {
// Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller.
Network *string `json:"network,omitempty" tf:"network,omitempty"`
// CIDR block IP subnetwork specification. Must be IPv4.
VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"`
}
type VPCNetworkSourcesVPCSubnetworkParameters struct {
// Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires compute.network.get permission to be granted to caller.
// +kubebuilder:validation:Optional
Network *string `json:"network" tf:"network,omitempty"`
// CIDR block IP subnetwork specification. Must be IPv4.
// +kubebuilder:validation:Optional
VPCIPSubnetworks []*string `json:"vpcIpSubnetworks,omitempty" tf:"vpc_ip_subnetworks,omitempty"`
}
// AccessLevelConditionSpec defines the desired state of AccessLevelCondition
type AccessLevelConditionSpec struct {
v1.ResourceSpec `json:",inline"`
ForProvider AccessLevelConditionParameters `json:"forProvider"`
// THIS IS A BETA FIELD. It will be honored
// unless the Management Policies feature flag is disabled.
// InitProvider holds the same fields as ForProvider, with the exception
// of Identifier and other resource reference fields. The fields that are
// in InitProvider are merged into ForProvider when the resource is created.
// The same fields are also added to the terraform ignore_changes hook, to
// avoid updating them after creation. This is useful for fields that are
// required on creation, but we do not desire to update them after creation,
// for example because of an external controller is managing them, like an
// autoscaler.
InitProvider AccessLevelConditionInitParameters `json:"initProvider,omitempty"`
}
// AccessLevelConditionStatus defines the observed state of AccessLevelCondition.
type AccessLevelConditionStatus struct {
v1.ResourceStatus `json:",inline"`
AtProvider AccessLevelConditionObservation `json:"atProvider,omitempty"`
}
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// AccessLevelCondition is the Schema for the AccessLevelConditions API. Allows configuring a single access level condition to be appended to an access level's conditions.
// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
// +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,gcp}
type AccessLevelCondition struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec AccessLevelConditionSpec `json:"spec"`
Status AccessLevelConditionStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// AccessLevelConditionList contains a list of AccessLevelConditions
type AccessLevelConditionList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []AccessLevelCondition `json:"items"`
}
// Repository type metadata.
var (
AccessLevelCondition_Kind = "AccessLevelCondition"
AccessLevelCondition_GroupKind = schema.GroupKind{Group: CRDGroup, Kind: AccessLevelCondition_Kind}.String()
AccessLevelCondition_KindAPIVersion = AccessLevelCondition_Kind + "." + CRDGroupVersion.String()
AccessLevelCondition_GroupVersionKind = CRDGroupVersion.WithKind(AccessLevelCondition_Kind)
)
func init() {
SchemeBuilder.Register(&AccessLevelCondition{}, &AccessLevelConditionList{})
}