Created
August 14, 2020 12:44
-
-
Save dflemstr/0d83bcf60ff5d30daf1fa211812732fd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- iampolicy-1.13.1.yaml 2020-08-14 14:19:42.352668574 +0200 | |
| +++ iampolicy-1.17.0.yaml 2020-08-14 14:41:04.743959061 +0200 | |
| @@ -1,147 +1,183 @@ | |
| -apiVersion: apiextensions.k8s.io/v1beta1 | |
| +apiVersion: apiextensions.k8s.io/v1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| annotations: | |
| - cnrm.cloud.google.com/version: 1.17.0 | |
| - creationTimestamp: null | |
| + cnrm.cloud.google.com/version: 1.13.1 | |
| + kubectl.kubernetes.io/last-applied-configuration: | | |
| + {"apiVersion":"apiextensions.k8s.io/v1beta1","kind":"CustomResourceDefinition","metadata":{"annotations":{"cnrm.cloud.google.com/version":"1.13.1"},"creationTimestamp":null,"labels":{"cnrm.cloud.google.com/managed-by-kcc":"true","cnrm.cloud.google.com/system":"true","controller-tools.k8s.io":"1.0","core.cnrm.cloud.google.com/configconnector":"configconnector.core.cnrm.cloud.google.com"},"name":"iampolicies.iam.cnrm.cloud.google.com","ownerReferences":[{"apiVersion":"core.cnrm.cloud.google.com/v1beta1","blockOwnerDeletion":true,"controller":true,"kind":"ConfigConnector","name":"configconnector.core.cnrm.cloud.google.com","uid":"e8f3126a-0c6d-4e76-bd21-f83b397b6f36"}]},"spec":{"group":"iam.cnrm.cloud.google.com","names":{"kind":"IAMPolicy","plural":"iampolicies"},"scope":"Namespaced","validation":{"openAPIV3Schema":{"properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"properties":{"bindings":{"description":"Optional. The list of IAM bindings.","items":{"properties":{"condition":{"description":"Optional. The condition under which the binding applies.","properties":{"description":{"type":"string"},"expression":{"type":"string"},"title":{"type":"string"}},"required":["title","expression"],"type":"object"},"members":{"description":"Optional. The list of IAM users to be bound to the role.","items":{"pattern":"^(user|serviceAccount|group|domain|projectEditor|projectOwner):.+|allUsers|allAuthenticatedUsers$","type":"string"},"pattern":"^(user|serviceAccount|group|domain|projectEditor|projectOwner):.+|allUsers|allAuthenticatedUsers$","type":"array"},"role":{"description":"Required. The role to bind the users to.","pattern":"^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$","type":"string"}},"required":["role"],"type":"object"},"type":"array"},"resourceRef":{"description":"Required. The GCP resource to set the IAM policy on.","oneOf":[{"not":{"required":["external"]},"required":["name"]},{"not":{"anyOf":[{"required":["name"]},{"required":["namespace"]}]},"required":["external"]},{"not":{"anyOf":[{"required":["name"]},{"required":["namespace"]},{"required":["apiVersion"]},{"required":["external"]}]}}],"properties":{"apiVersion":{"type":"string"},"external":{"type":"string"},"kind":{"type":"string"},"name":{"type":"string"},"namespace":{"type":"string"}},"required":["kind"],"type":"object"}},"required":["resourceRef"],"type":"object"},"status":{"properties":{"conditions":{"description":"Conditions represents the latest available observations of the IAM policy's current state.","items":{"properties":{"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, one-word, CamelCase reason for the condition's last transition.","type":"string"},"status":{"description":"Status is the status of the condition. Can be True, False, Unknown.","type":"string"},"type":{"description":"Type is the type of the condition.","type":"string"}},"type":"object"},"type":"array"}},"type":"object"}},"type":"object"}},"version":"v1beta1"},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}} | |
| + creationTimestamp: "2020-06-11T13:47:47Z" | |
| + generation: 3 | |
| labels: | |
| cnrm.cloud.google.com/managed-by-kcc: "true" | |
| cnrm.cloud.google.com/system: "true" | |
| controller-tools.k8s.io: "1.0" | |
| + core.cnrm.cloud.google.com/configconnector: configconnector.core.cnrm.cloud.google.com | |
| name: iampolicies.iam.cnrm.cloud.google.com | |
| + ownerReferences: | |
| + - apiVersion: core.cnrm.cloud.google.com/v1beta1 | |
| + blockOwnerDeletion: true | |
| + controller: true | |
| + kind: ConfigConnector | |
| + name: configconnector.core.cnrm.cloud.google.com | |
| + uid: e8f3126a-0c6d-4e76-bd21-f83b397b6f36 | |
| + resourceVersion: "17693339" | |
| + selfLink: /apis/apiextensions.k8s.io/v1/customresourcedefinitions/iampolicies.iam.cnrm.cloud.google.com | |
| + uid: 17974089-48f8-4acc-ab0c-5b291efc89e6 | |
| spec: | |
| + conversion: | |
| + strategy: None | |
| group: iam.cnrm.cloud.google.com | |
| names: | |
| kind: IAMPolicy | |
| + listKind: IAMPolicyList | |
| plural: iampolicies | |
| + singular: iampolicy | |
| + preserveUnknownFields: true | |
| scope: Namespaced | |
| - validation: | |
| - openAPIV3Schema: | |
| - properties: | |
| - apiVersion: | |
| - description: 'APIVersion defines the versioned schema of this representation | |
| - of an object. Servers should convert recognized schemas to the latest | |
| - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| - type: string | |
| - kind: | |
| - description: 'Kind is a string value representing the REST resource this | |
| - object represents. Servers may infer this from the endpoint the client | |
| - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| - type: string | |
| - metadata: | |
| - type: object | |
| - spec: | |
| - properties: | |
| - bindings: | |
| - description: Optional. The list of IAM bindings. | |
| - items: | |
| - properties: | |
| - condition: | |
| - description: Optional. The condition under which the binding applies. | |
| - properties: | |
| - description: | |
| - type: string | |
| - expression: | |
| - type: string | |
| - title: | |
| + versions: | |
| + - name: v1beta1 | |
| + schema: | |
| + openAPIV3Schema: | |
| + properties: | |
| + apiVersion: | |
| + description: 'APIVersion defines the versioned schema of this representation | |
| + of an object. Servers should convert recognized schemas to the latest | |
| + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | |
| + type: string | |
| + kind: | |
| + description: 'Kind is a string value representing the REST resource this | |
| + object represents. Servers may infer this from the endpoint the client | |
| + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | |
| + type: string | |
| + metadata: | |
| + type: object | |
| + spec: | |
| + properties: | |
| + bindings: | |
| + description: Optional. The list of IAM bindings. | |
| + items: | |
| + properties: | |
| + condition: | |
| + description: Optional. The condition under which the binding | |
| + applies. | |
| + properties: | |
| + description: | |
| + type: string | |
| + expression: | |
| + type: string | |
| + title: | |
| + type: string | |
| + required: | |
| + - title | |
| + - expression | |
| + type: object | |
| + members: | |
| + description: Optional. The list of IAM users to be bound to | |
| + the role. | |
| + items: | |
| + pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner):.+|allUsers|allAuthenticatedUsers$ | |
| type: string | |
| + pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner):.+|allUsers|allAuthenticatedUsers$ | |
| + type: array | |
| + role: | |
| + description: Required. The role to bind the users to. | |
| + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ | |
| + type: string | |
| + required: | |
| + - role | |
| + type: object | |
| + type: array | |
| + resourceRef: | |
| + description: Required. The GCP resource to set the IAM policy on. | |
| + oneOf: | |
| + - not: | |
| required: | |
| - - title | |
| - - expression | |
| - type: object | |
| - members: | |
| - description: Optional. The list of IAM users to be bound to the | |
| - role. | |
| - items: | |
| - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ | |
| - type: string | |
| - pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$ | |
| - type: array | |
| - role: | |
| - description: Required. The role to bind the users to. | |
| - pattern: ^(projects/[^/]+/)?roles/[\w_\.]+$ | |
| - type: string | |
| - required: | |
| - - role | |
| - type: object | |
| - type: array | |
| - resourceRef: | |
| - description: Required. The GCP resource to set the IAM policy on. | |
| - oneOf: | |
| - - not: | |
| + - external | |
| + required: | |
| + - name | |
| + - not: | |
| + anyOf: | |
| + - required: | |
| + - name | |
| + - required: | |
| + - namespace | |
| required: | |
| - external | |
| - required: | |
| - - name | |
| - - not: | |
| - anyOf: | |
| - - required: | |
| - - name | |
| - - required: | |
| - - namespace | |
| - required: | |
| - - external | |
| - - not: | |
| - anyOf: | |
| - - required: | |
| - - name | |
| - - required: | |
| - - namespace | |
| - - required: | |
| - - apiVersion | |
| - - required: | |
| - - external | |
| - properties: | |
| - apiVersion: | |
| - type: string | |
| - external: | |
| - type: string | |
| - kind: | |
| - type: string | |
| - name: | |
| - type: string | |
| - namespace: | |
| - type: string | |
| - required: | |
| - - kind | |
| - type: object | |
| - required: | |
| - - resourceRef | |
| - type: object | |
| - status: | |
| - properties: | |
| - conditions: | |
| - description: Conditions represents the latest available observations | |
| - of the IAM policy's current state. | |
| - items: | |
| + - not: | |
| + anyOf: | |
| + - required: | |
| + - name | |
| + - required: | |
| + - namespace | |
| + - required: | |
| + - apiVersion | |
| + - required: | |
| + - external | |
| properties: | |
| - lastTransitionTime: | |
| - description: Last time the condition transitioned from one status | |
| - to another. | |
| + apiVersion: | |
| type: string | |
| - message: | |
| - description: Human-readable message indicating details about last | |
| - transition. | |
| + external: | |
| type: string | |
| - reason: | |
| - description: Unique, one-word, CamelCase reason for the condition's | |
| - last transition. | |
| + kind: | |
| type: string | |
| - status: | |
| - description: Status is the status of the condition. Can be True, | |
| - False, Unknown. | |
| + name: | |
| type: string | |
| - type: | |
| - description: Type is the type of the condition. | |
| + namespace: | |
| type: string | |
| + required: | |
| + - kind | |
| type: object | |
| - type: array | |
| - type: object | |
| - type: object | |
| - version: v1beta1 | |
| + required: | |
| + - resourceRef | |
| + type: object | |
| + status: | |
| + properties: | |
| + conditions: | |
| + description: Conditions represents the latest available observations | |
| + of the IAM policy's current state. | |
| + items: | |
| + properties: | |
| + lastTransitionTime: | |
| + description: Last time the condition transitioned from one status | |
| + to another. | |
| + type: string | |
| + message: | |
| + description: Human-readable message indicating details about | |
| + last transition. | |
| + type: string | |
| + reason: | |
| + description: Unique, one-word, CamelCase reason for the condition's | |
| + last transition. | |
| + type: string | |
| + status: | |
| + description: Status is the status of the condition. Can be True, | |
| + False, Unknown. | |
| + type: string | |
| + type: | |
| + description: Type is the type of the condition. | |
| + type: string | |
| + type: object | |
| + type: array | |
| + type: object | |
| + type: object | |
| + served: true | |
| + storage: true | |
| status: | |
| acceptedNames: | |
| - kind: "" | |
| - plural: "" | |
| - conditions: [] | |
| - storedVersions: [] | |
| + kind: IAMPolicy | |
| + listKind: IAMPolicyList | |
| + plural: iampolicies | |
| + singular: iampolicy | |
| + conditions: | |
| + - lastTransitionTime: "2020-06-11T13:47:47Z" | |
| + message: no conflicts found | |
| + reason: NoConflicts | |
| + status: "True" | |
| + type: NamesAccepted | |
| + - lastTransitionTime: "2020-06-11T13:47:47Z" | |
| + message: the initial names have been accepted | |
| + reason: InitialNamesAccepted | |
| + status: "True" | |
| + type: Established | |
| + storedVersions: | |
| + - v1beta1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment