Skip to content

Instantly share code, notes, and snippets.

@dflemstr

dflemstr/gist:0d83bcf60ff5d30daf1fa211812732fd

Created August 14, 2020 12:44
Show Gist options
  • Save dflemstr/0d83bcf60ff5d30daf1fa211812732fd to your computer and use it in GitHub Desktop.
Save dflemstr/0d83bcf60ff5d30daf1fa211812732fd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
--- iampolicy-1.13.1.yaml 2020-08-14 14:19:42.352668574 +0200
+++ iampolicy-1.17.0.yaml 2020-08-14 14:41:04.743959061 +0200
@@ -1,147 +1,183 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- cnrm.cloud.google.com/version: 1.17.0
- creationTimestamp: null
+ cnrm.cloud.google.com/version: 1.13.1
+ kubectl.kubernetes.io/last-applied-configuration: |
+ {"apiVersion":"apiextensions.k8s.io/v1beta1","kind":"CustomResourceDefinition","metadata":{"annotations":{"cnrm.cloud.google.com/version":"1.13.1"},"creationTimestamp":null,"labels":{"cnrm.cloud.google.com/managed-by-kcc":"true","cnrm.cloud.google.com/system":"true","controller-tools.k8s.io":"1.0","core.cnrm.cloud.google.com/configconnector":"configconnector.core.cnrm.cloud.google.com"},"name":"iampolicies.iam.cnrm.cloud.google.com","ownerReferences":[{"apiVersion":"core.cnrm.cloud.google.com/v1beta1","blockOwnerDeletion":true,"controller":true,"kind":"ConfigConnector","name":"configconnector.core.cnrm.cloud.google.com","uid":"e8f3126a-0c6d-4e76-bd21-f83b397b6f36"}]},"spec":{"group":"iam.cnrm.cloud.google.com","names":{"kind":"IAMPolicy","plural":"iampolicies"},"scope":"Namespaced","validation":{"openAPIV3Schema":{"properties":{"apiVersion":{"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"properties":{"bindings":{"description":"Optional. The list of IAM bindings.","items":{"properties":{"condition":{"description":"Optional. The condition under which the binding applies.","properties":{"description":{"type":"string"},"expression":{"type":"string"},"title":{"type":"string"}},"required":["title","expression"],"type":"object"},"members":{"description":"Optional. The list of IAM users to be bound to the role.","items":{"pattern":"^(user|serviceAccount|group|domain|projectEditor|projectOwner):.+|allUsers|allAuthenticatedUsers$","type":"string"},"pattern":"^(user|serviceAccount|group|domain|projectEditor|projectOwner):.+|allUsers|allAuthenticatedUsers$","type":"array"},"role":{"description":"Required. The role to bind the users to.","pattern":"^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$","type":"string"}},"required":["role"],"type":"object"},"type":"array"},"resourceRef":{"description":"Required. The GCP resource to set the IAM policy on.","oneOf":[{"not":{"required":["external"]},"required":["name"]},{"not":{"anyOf":[{"required":["name"]},{"required":["namespace"]}]},"required":["external"]},{"not":{"anyOf":[{"required":["name"]},{"required":["namespace"]},{"required":["apiVersion"]},{"required":["external"]}]}}],"properties":{"apiVersion":{"type":"string"},"external":{"type":"string"},"kind":{"type":"string"},"name":{"type":"string"},"namespace":{"type":"string"}},"required":["kind"],"type":"object"}},"required":["resourceRef"],"type":"object"},"status":{"properties":{"conditions":{"description":"Conditions represents the latest available observations of the IAM policy's current state.","items":{"properties":{"lastTransitionTime":{"description":"Last time the condition transitioned from one status to another.","type":"string"},"message":{"description":"Human-readable message indicating details about last transition.","type":"string"},"reason":{"description":"Unique, one-word, CamelCase reason for the condition's last transition.","type":"string"},"status":{"description":"Status is the status of the condition. Can be True, False, Unknown.","type":"string"},"type":{"description":"Type is the type of the condition.","type":"string"}},"type":"object"},"type":"array"}},"type":"object"}},"type":"object"}},"version":"v1beta1"},"status":{"acceptedNames":{"kind":"","plural":""},"conditions":[],"storedVersions":[]}}
+ creationTimestamp: "2020-06-11T13:47:47Z"
+ generation: 3
labels:
cnrm.cloud.google.com/managed-by-kcc: "true"
cnrm.cloud.google.com/system: "true"
controller-tools.k8s.io: "1.0"
+ core.cnrm.cloud.google.com/configconnector: configconnector.core.cnrm.cloud.google.com
name: iampolicies.iam.cnrm.cloud.google.com
+ ownerReferences:
+ - apiVersion: core.cnrm.cloud.google.com/v1beta1
+ blockOwnerDeletion: true
+ controller: true
+ kind: ConfigConnector
+ name: configconnector.core.cnrm.cloud.google.com
+ uid: e8f3126a-0c6d-4e76-bd21-f83b397b6f36
+ resourceVersion: "17693339"
+ selfLink: /apis/apiextensions.k8s.io/v1/customresourcedefinitions/iampolicies.iam.cnrm.cloud.google.com
+ uid: 17974089-48f8-4acc-ab0c-5b291efc89e6
spec:
+ conversion:
+ strategy: None
group: iam.cnrm.cloud.google.com
names:
kind: IAMPolicy
+ listKind: IAMPolicyList
plural: iampolicies
+ singular: iampolicy
+ preserveUnknownFields: true
scope: Namespaced
- validation:
- openAPIV3Schema:
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- properties:
- bindings:
- description: Optional. The list of IAM bindings.
- items:
- properties:
- condition:
- description: Optional. The condition under which the binding applies.
- properties:
- description:
- type: string
- expression:
- type: string
- title:
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ bindings:
+ description: Optional. The list of IAM bindings.
+ items:
+ properties:
+ condition:
+ description: Optional. The condition under which the binding
+ applies.
+ properties:
+ description:
+ type: string
+ expression:
+ type: string
+ title:
+ type: string
+ required:
+ - title
+ - expression
+ type: object
+ members:
+ description: Optional. The list of IAM users to be bound to
+ the role.
+ items:
+ pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner):.+|allUsers|allAuthenticatedUsers$
type: string
+ pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner):.+|allUsers|allAuthenticatedUsers$
+ type: array
+ role:
+ description: Required. The role to bind the users to.
+ pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$
+ type: string
+ required:
+ - role
+ type: object
+ type: array
+ resourceRef:
+ description: Required. The GCP resource to set the IAM policy on.
+ oneOf:
+ - not:
required:
- - title
- - expression
- type: object
- members:
- description: Optional. The list of IAM users to be bound to the
- role.
- items:
- pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$
- type: string
- pattern: ^(user|serviceAccount|group|domain|projectEditor|projectOwner|projectViewer):.+|allUsers|allAuthenticatedUsers$
- type: array
- role:
- description: Required. The role to bind the users to.
- pattern: ^(projects/[^/]+/)?roles/[\w_\.]+$
- type: string
- required:
- - role
- type: object
- type: array
- resourceRef:
- description: Required. The GCP resource to set the IAM policy on.
- oneOf:
- - not:
+ - external
+ required:
+ - name
+ - not:
+ anyOf:
+ - required:
+ - name
+ - required:
+ - namespace
required:
- external
- required:
- - name
- - not:
- anyOf:
- - required:
- - name
- - required:
- - namespace
- required:
- - external
- - not:
- anyOf:
- - required:
- - name
- - required:
- - namespace
- - required:
- - apiVersion
- - required:
- - external
- properties:
- apiVersion:
- type: string
- external:
- type: string
- kind:
- type: string
- name:
- type: string
- namespace:
- type: string
- required:
- - kind
- type: object
- required:
- - resourceRef
- type: object
- status:
- properties:
- conditions:
- description: Conditions represents the latest available observations
- of the IAM policy's current state.
- items:
+ - not:
+ anyOf:
+ - required:
+ - name
+ - required:
+ - namespace
+ - required:
+ - apiVersion
+ - required:
+ - external
properties:
- lastTransitionTime:
- description: Last time the condition transitioned from one status
- to another.
+ apiVersion:
type: string
- message:
- description: Human-readable message indicating details about last
- transition.
+ external:
type: string
- reason:
- description: Unique, one-word, CamelCase reason for the condition's
- last transition.
+ kind:
type: string
- status:
- description: Status is the status of the condition. Can be True,
- False, Unknown.
+ name:
type: string
- type:
- description: Type is the type of the condition.
+ namespace:
type: string
+ required:
+ - kind
type: object
- type: array
- type: object
- type: object
- version: v1beta1
+ required:
+ - resourceRef
+ type: object
+ status:
+ properties:
+ conditions:
+ description: Conditions represents the latest available observations
+ of the IAM policy's current state.
+ items:
+ properties:
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status
+ to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about
+ last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's
+ last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True,
+ False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
status:
acceptedNames:
- kind: ""
- plural: ""
- conditions: []
- storedVersions: []
+ kind: IAMPolicy
+ listKind: IAMPolicyList
+ plural: iampolicies
+ singular: iampolicy
+ conditions:
+ - lastTransitionTime: "2020-06-11T13:47:47Z"
+ message: no conflicts found
+ reason: NoConflicts
+ status: "True"
+ type: NamesAccepted
+ - lastTransitionTime: "2020-06-11T13:47:47Z"
+ message: the initial names have been accepted
+ reason: InitialNamesAccepted
+ status: "True"
+ type: Established
+ storedVersions:
+ - v1beta1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment