sigs.k8s.io/cluster-api-provider-aws@v1.5.5/config/crd/bases/infrastructure.cluster.x-k8s.io_awsclusterroleidentities.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1 7 creationTimestamp: null 8 name: awsclusterroleidentities.infrastructure.cluster.x-k8s.io 9 spec: 10 group: infrastructure.cluster.x-k8s.io 11 names: 12 categories: 13 - cluster-api 14 kind: AWSClusterRoleIdentity 15 listKind: AWSClusterRoleIdentityList 16 plural: awsclusterroleidentities 17 shortNames: 18 - awsri 19 singular: awsclusterroleidentity 20 scope: Cluster 21 versions: 22 - name: v1alpha3 23 schema: 24 openAPIV3Schema: 25 description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities 26 API It is used to assume a role using the provided sourceRef. 27 properties: 28 apiVersion: 29 description: 'APIVersion defines the versioned schema of this representation 30 of an object. Servers should convert recognized schemas to the latest 31 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 32 type: string 33 kind: 34 description: 'Kind is a string value representing the REST resource this 35 object represents. Servers may infer this from the endpoint the client 36 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 37 type: string 38 metadata: 39 type: object 40 spec: 41 description: Spec for this AWSClusterRoleIdentity. 42 properties: 43 allowedNamespaces: 44 description: AllowedNamespaces is used to identify which namespaces 45 are allowed to use the identity from. Namespaces can be selected 46 either using an array of namespaces or with label selector. An empty 47 AllowedNamespaces object indicates that AWSClusters can use this 48 identity from any namespace. If this object is nil, no namespaces 49 will be allowed (default behaviour, if this field is not provided) 50 A namespace should be either in the NamespaceList or match with 51 Selector to use the identity. 52 nullable: true 53 properties: 54 list: 55 description: An nil or empty list indicates that AWSClusters cannot 56 use the identity from any namespace. 57 items: 58 type: string 59 nullable: true 60 type: array 61 selector: 62 description: An empty selector indicates that AWSClusters cannot 63 use this AWSClusterIdentity from any namespace. 64 properties: 65 matchExpressions: 66 description: matchExpressions is a list of label selector 67 requirements. The requirements are ANDed. 68 items: 69 description: A label selector requirement is a selector 70 that contains values, a key, and an operator that relates 71 the key and values. 72 properties: 73 key: 74 description: key is the label key that the selector 75 applies to. 76 type: string 77 operator: 78 description: operator represents a key's relationship 79 to a set of values. Valid operators are In, NotIn, 80 Exists and DoesNotExist. 81 type: string 82 values: 83 description: values is an array of string values. If 84 the operator is In or NotIn, the values array must 85 be non-empty. If the operator is Exists or DoesNotExist, 86 the values array must be empty. This array is replaced 87 during a strategic merge patch. 88 items: 89 type: string 90 type: array 91 required: 92 - key 93 - operator 94 type: object 95 type: array 96 matchLabels: 97 additionalProperties: 98 type: string 99 description: matchLabels is a map of {key,value} pairs. A 100 single {key,value} in the matchLabels map is equivalent 101 to an element of matchExpressions, whose key field is "key", 102 the operator is "In", and the values array contains only 103 "value". The requirements are ANDed. 104 type: object 105 type: object 106 type: object 107 durationSeconds: 108 description: The duration, in seconds, of the role session before 109 it is renewed. 110 format: int32 111 maximum: 43200 112 minimum: 900 113 type: integer 114 externalID: 115 description: A unique identifier that might be required when you assume 116 a role in another account. If the administrator of the account to 117 which the role belongs provided you with an external ID, then provide 118 that value in the ExternalId parameter. This value can be any string, 119 such as a passphrase or account number. A cross-account role is 120 usually set up to trust everyone in an account. Therefore, the administrator 121 of the trusting account might send an external ID to the administrator 122 of the trusted account. That way, only someone with the ID can assume 123 the role, rather than everyone in the account. For more information 124 about the external ID, see How to Use an External ID When Granting 125 Access to Your AWS Resources to a Third Party in the IAM User Guide. 126 type: string 127 inlinePolicy: 128 description: An IAM policy as a JSON-encoded string that you want 129 to use as an inline session policy. 130 type: string 131 policyARNs: 132 description: The Amazon Resource Names (ARNs) of the IAM managed policies 133 that you want to use as managed session policies. The policies must 134 exist in the same account as the role. 135 items: 136 type: string 137 type: array 138 roleARN: 139 description: The Amazon Resource Name (ARN) of the role to assume. 140 type: string 141 sessionName: 142 description: An identifier for the assumed role session 143 type: string 144 sourceIdentityRef: 145 description: SourceIdentityRef is a reference to another identity 146 which will be chained to do role assumption. All identity types 147 are accepted. 148 properties: 149 kind: 150 description: Kind of the identity. 151 enum: 152 - AWSClusterControllerIdentity 153 - AWSClusterRoleIdentity 154 - AWSClusterStaticIdentity 155 type: string 156 name: 157 description: Name of the identity. 158 minLength: 1 159 type: string 160 required: 161 - kind 162 - name 163 type: object 164 required: 165 - roleARN 166 type: object 167 type: object 168 served: true 169 storage: false 170 - name: v1alpha4 171 schema: 172 openAPIV3Schema: 173 description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities 174 API It is used to assume a role using the provided sourceRef. 175 properties: 176 apiVersion: 177 description: 'APIVersion defines the versioned schema of this representation 178 of an object. Servers should convert recognized schemas to the latest 179 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 180 type: string 181 kind: 182 description: 'Kind is a string value representing the REST resource this 183 object represents. Servers may infer this from the endpoint the client 184 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 185 type: string 186 metadata: 187 type: object 188 spec: 189 description: Spec for this AWSClusterRoleIdentity. 190 properties: 191 allowedNamespaces: 192 description: AllowedNamespaces is used to identify which namespaces 193 are allowed to use the identity from. Namespaces can be selected 194 either using an array of namespaces or with label selector. An empty 195 allowedNamespaces object indicates that AWSClusters can use this 196 identity from any namespace. If this object is nil, no namespaces 197 will be allowed (default behaviour, if this field is not provided) 198 A namespace should be either in the NamespaceList or match with 199 Selector to use the identity. 200 nullable: true 201 properties: 202 list: 203 description: An nil or empty list indicates that AWSClusters cannot 204 use the identity from any namespace. 205 items: 206 type: string 207 nullable: true 208 type: array 209 selector: 210 description: An empty selector indicates that AWSClusters cannot 211 use this AWSClusterIdentity from any namespace. 212 properties: 213 matchExpressions: 214 description: matchExpressions is a list of label selector 215 requirements. The requirements are ANDed. 216 items: 217 description: A label selector requirement is a selector 218 that contains values, a key, and an operator that relates 219 the key and values. 220 properties: 221 key: 222 description: key is the label key that the selector 223 applies to. 224 type: string 225 operator: 226 description: operator represents a key's relationship 227 to a set of values. Valid operators are In, NotIn, 228 Exists and DoesNotExist. 229 type: string 230 values: 231 description: values is an array of string values. If 232 the operator is In or NotIn, the values array must 233 be non-empty. If the operator is Exists or DoesNotExist, 234 the values array must be empty. This array is replaced 235 during a strategic merge patch. 236 items: 237 type: string 238 type: array 239 required: 240 - key 241 - operator 242 type: object 243 type: array 244 matchLabels: 245 additionalProperties: 246 type: string 247 description: matchLabels is a map of {key,value} pairs. A 248 single {key,value} in the matchLabels map is equivalent 249 to an element of matchExpressions, whose key field is "key", 250 the operator is "In", and the values array contains only 251 "value". The requirements are ANDed. 252 type: object 253 type: object 254 type: object 255 durationSeconds: 256 description: The duration, in seconds, of the role session before 257 it is renewed. 258 format: int32 259 maximum: 43200 260 minimum: 900 261 type: integer 262 externalID: 263 description: A unique identifier that might be required when you assume 264 a role in another account. If the administrator of the account to 265 which the role belongs provided you with an external ID, then provide 266 that value in the ExternalId parameter. This value can be any string, 267 such as a passphrase or account number. A cross-account role is 268 usually set up to trust everyone in an account. Therefore, the administrator 269 of the trusting account might send an external ID to the administrator 270 of the trusted account. That way, only someone with the ID can assume 271 the role, rather than everyone in the account. For more information 272 about the external ID, see How to Use an External ID When Granting 273 Access to Your AWS Resources to a Third Party in the IAM User Guide. 274 type: string 275 inlinePolicy: 276 description: An IAM policy as a JSON-encoded string that you want 277 to use as an inline session policy. 278 type: string 279 policyARNs: 280 description: The Amazon Resource Names (ARNs) of the IAM managed policies 281 that you want to use as managed session policies. The policies must 282 exist in the same account as the role. 283 items: 284 type: string 285 type: array 286 roleARN: 287 description: The Amazon Resource Name (ARN) of the role to assume. 288 type: string 289 sessionName: 290 description: An identifier for the assumed role session 291 type: string 292 sourceIdentityRef: 293 description: SourceIdentityRef is a reference to another identity 294 which will be chained to do role assumption. All identity types 295 are accepted. 296 properties: 297 kind: 298 description: Kind of the identity. 299 enum: 300 - AWSClusterControllerIdentity 301 - AWSClusterRoleIdentity 302 - AWSClusterStaticIdentity 303 type: string 304 name: 305 description: Name of the identity. 306 minLength: 1 307 type: string 308 required: 309 - kind 310 - name 311 type: object 312 required: 313 - roleARN 314 type: object 315 type: object 316 served: true 317 storage: false 318 - name: v1beta1 319 schema: 320 openAPIV3Schema: 321 description: AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities 322 API It is used to assume a role using the provided sourceRef. 323 properties: 324 apiVersion: 325 description: 'APIVersion defines the versioned schema of this representation 326 of an object. Servers should convert recognized schemas to the latest 327 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 328 type: string 329 kind: 330 description: 'Kind is a string value representing the REST resource this 331 object represents. Servers may infer this from the endpoint the client 332 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 333 type: string 334 metadata: 335 type: object 336 spec: 337 description: Spec for this AWSClusterRoleIdentity. 338 properties: 339 allowedNamespaces: 340 description: AllowedNamespaces is used to identify which namespaces 341 are allowed to use the identity from. Namespaces can be selected 342 either using an array of namespaces or with label selector. An empty 343 allowedNamespaces object indicates that AWSClusters can use this 344 identity from any namespace. If this object is nil, no namespaces 345 will be allowed (default behaviour, if this field is not provided) 346 A namespace should be either in the NamespaceList or match with 347 Selector to use the identity. 348 nullable: true 349 properties: 350 list: 351 description: An nil or empty list indicates that AWSClusters cannot 352 use the identity from any namespace. 353 items: 354 type: string 355 nullable: true 356 type: array 357 selector: 358 description: An empty selector indicates that AWSClusters cannot 359 use this AWSClusterIdentity from any namespace. 360 properties: 361 matchExpressions: 362 description: matchExpressions is a list of label selector 363 requirements. The requirements are ANDed. 364 items: 365 description: A label selector requirement is a selector 366 that contains values, a key, and an operator that relates 367 the key and values. 368 properties: 369 key: 370 description: key is the label key that the selector 371 applies to. 372 type: string 373 operator: 374 description: operator represents a key's relationship 375 to a set of values. Valid operators are In, NotIn, 376 Exists and DoesNotExist. 377 type: string 378 values: 379 description: values is an array of string values. If 380 the operator is In or NotIn, the values array must 381 be non-empty. If the operator is Exists or DoesNotExist, 382 the values array must be empty. This array is replaced 383 during a strategic merge patch. 384 items: 385 type: string 386 type: array 387 required: 388 - key 389 - operator 390 type: object 391 type: array 392 matchLabels: 393 additionalProperties: 394 type: string 395 description: matchLabels is a map of {key,value} pairs. A 396 single {key,value} in the matchLabels map is equivalent 397 to an element of matchExpressions, whose key field is "key", 398 the operator is "In", and the values array contains only 399 "value". The requirements are ANDed. 400 type: object 401 type: object 402 type: object 403 durationSeconds: 404 description: The duration, in seconds, of the role session before 405 it is renewed. 406 format: int32 407 maximum: 43200 408 minimum: 900 409 type: integer 410 externalID: 411 description: A unique identifier that might be required when you assume 412 a role in another account. If the administrator of the account to 413 which the role belongs provided you with an external ID, then provide 414 that value in the ExternalId parameter. This value can be any string, 415 such as a passphrase or account number. A cross-account role is 416 usually set up to trust everyone in an account. Therefore, the administrator 417 of the trusting account might send an external ID to the administrator 418 of the trusted account. That way, only someone with the ID can assume 419 the role, rather than everyone in the account. For more information 420 about the external ID, see How to Use an External ID When Granting 421 Access to Your AWS Resources to a Third Party in the IAM User Guide. 422 type: string 423 inlinePolicy: 424 description: An IAM policy as a JSON-encoded string that you want 425 to use as an inline session policy. 426 type: string 427 policyARNs: 428 description: The Amazon Resource Names (ARNs) of the IAM managed policies 429 that you want to use as managed session policies. The policies must 430 exist in the same account as the role. 431 items: 432 type: string 433 type: array 434 roleARN: 435 description: The Amazon Resource Name (ARN) of the role to assume. 436 type: string 437 sessionName: 438 description: An identifier for the assumed role session 439 type: string 440 sourceIdentityRef: 441 description: SourceIdentityRef is a reference to another identity 442 which will be chained to do role assumption. All identity types 443 are accepted. 444 properties: 445 kind: 446 description: Kind of the identity. 447 enum: 448 - AWSClusterControllerIdentity 449 - AWSClusterRoleIdentity 450 - AWSClusterStaticIdentity 451 type: string 452 name: 453 description: Name of the identity. 454 minLength: 1 455 type: string 456 required: 457 - kind 458 - name 459 type: object 460 required: 461 - roleARN 462 type: object 463 type: object 464 served: true 465 storage: true 466 status: 467 acceptedNames: 468 kind: "" 469 plural: "" 470 conditions: [] 471 storedVersions: []