iam.gdc.goog/v1
Contains API Schema definitions for the identity API group.
Package v1 contains API Schema definitions for the iam.gdc.goog v1 API group
CustomRole
Represents a template for a zonal CustomRole Custom roles provide fine-grained control over user permissions, unlike predefined roles. This allows organizations to tailor access rights to their specific needs, balancing operational efficiency with security. By adhering to the principle of least privilege, custom roles significantly enhance security and protect sensitive data.
Appears in: - CustomRoleList
| Field | Description |
|---|---|
apiVersion string |
iam.gdc.goog/v1 |
kind string |
CustomRole |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec CustomRoleSpec |
|
status CustomRoleStatus |
CustomRoleList
Contains a list of CustomRole resource
| Field | Description |
|---|---|
apiVersion string |
iam.gdc.goog/v1 |
kind string |
CustomRoleList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items CustomRole array |
CustomRoleMetadata
Represents the data necessary to create a Custom Role
Appears in: - CustomRoleSpec
| Field | Description |
|---|---|
scope CustomRoleScopeType |
scope of the custom role created which can either be organization or project |
roleNamespaces string array |
namespace of the role (optional) only required for role deployment if: case 1: when scope is project then it denotes the project namespaces case 2: when scope is project and roleNamespaces contain ['*'] then it denotes all project namespaces case 3: when scope is organization and deployment roleType is role not clusterRole then it denotes literal namespaces |
title string |
title is a friendly title for the role, such as "My Company Admin". |
description string |
description is a short description of the role, such as "My custom role description". |
id string |
id is the name of the role, such as "my-company-admin". |
stage StageType |
stage indicates the stage of a role in the launch lifecycle which can either be [ALPHA, BETA, GA, DISABLED] |
CustomRoleSpec
Defines the CustomRole data in the ClusterRoleTemplate resource
Appears in: - CustomRole
| Field | Description |
|---|---|
metadata CustomRoleMetadata |
Refer to Kubernetes API documentation for fields of metadata. |
zonalRules PolicyRule array |
|
globalRules PolicyRule array |
CustomRoleStatus
Provides a status of CustomRole
Appears in: - CustomRole
| Field | Description |
|---|---|
conditions Condition array |
Conditions represents the observations of this Custom role overall state |
propagationInfo PropagationInfo |
propagation information of converted template for zonal role template conversion |
IdentityProviderConfig
Represents a configuration for an identity provider that supports OIDC or SAML.
Appears in: - IdentityProviderConfigList
| Field | Description |
|---|---|
apiVersion string |
iam.gdc.goog/v1 |
kind string |
IdentityProviderConfig |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec IdentityProviderConfigSpec |
|
status IdentityProviderConfigStatus |
IdentityProviderConfigList
Contains a list of IdentityProviderConfig resources.
| Field | Description |
|---|---|
apiVersion string |
iam.gdc.goog/v1 |
kind string |
IdentityProviderConfigList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items IdentityProviderConfig array |
IdentityProviderConfigSpec
Provides the specification, or desired state, of an IdentityProviderConfig resource.
Either OIDCConfig or SAMLConfig has to be provided but not both.
Appears in: - IdentityProviderConfig
| Field | Description |
|---|---|
oidc OIDCProviderConfig |
OIDC specific configuration. |
saml SAMLProviderConfig |
SAML specific configuration. |
IdentityProviderConfigStatus
Provides the status of an IdentityProviderConfig resource.
Appears in: - IdentityProviderConfig
| Field | Description |
|---|---|
conditions Condition array |
PropagationInfo
Provides the information of converted role template
Appears in: - CustomRoleStatus
| Field | Description |
|---|---|
roleName string |
name of the role |
roleType RoleType |
type of the role, it can be [role, clusterRole, projectRole, organizationRole] |
namespaces string array |
namespaces of the role where role deployment will occur |
StandardClusterRole
Represents a project resource that propagates the ClusterRole
configuration to all vanilla clusters under the project.
The namespace of the StandardClusterRole resource corresponds
to the project.
Appears in: - StandardClusterRoleList
| Field | Description |
|---|---|
apiVersion string |
iam.gdc.goog/v1 |
kind string |
StandardClusterRole |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec StandardClusterRoleSpec |
|
status StandardClusterRoleStatus |
StandardClusterRoleBinding
Represents a project resource that propagates the ClusterRoleBinding
resource configuration to all vanilla clusters in the same project.
The namespace for the StandardClusterRoleBinding resource
corresponds to the project.
Appears in: - StandardClusterRoleBindingList
| Field | Description |
|---|---|
apiVersion string |
iam.gdc.goog/v1 |
kind string |
StandardClusterRoleBinding |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec StandardClusterRoleBindingSpec |
|
status StandardClusterRoleBindingStatus |
StandardClusterRoleBindingList
Contains a list of StandardClusterRoleBinding resources.
| Field | Description |
|---|---|
apiVersion string |
iam.gdc.goog/v1 |
kind string |
StandardClusterRoleBindingList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items StandardClusterRoleBinding array |
StandardClusterRoleBindingSpec
Defines the specification of the StandardClusterRoleBinding resource.
It is the same definition as a native ClusterRoleBinding definition.
Appears in: - StandardClusterRoleBinding
| Field | Description |
|---|---|
subjects Subject array |
The subjects of the RoleBinding resource created in the cluster. |
roleRef RoleRef |
The RoleRef resource of the RoleBinding object to create in the cluster. |
StandardClusterRoleBindingStatus
Defines the observed state of the StandardClusterRoleBinding
resource.
Appears in: - StandardClusterRoleBinding
| Field | Description |
|---|---|
conditions Condition array |
|
clusters ClusterStatus array |
The list of propagation statuses for the clusters. |
propagatedName string |
The name of the propagated ClusterRoleBinding resource realized in the vanilla clusters. |
errorStatus ErrorStatus |
The most recent errors with the observed times included. |
StandardClusterRoleList
Contains a list of StandardClusterRole resources.
| Field | Description |
|---|---|
apiVersion string |
iam.gdc.goog/v1 |
kind string |
StandardClusterRoleList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items StandardClusterRole array |
StandardClusterRoleSpec
Defines the rules of a StandardClusterRole resource.
It is the same definition as a native Kubernetes ClusterRole.
Appears in: - StandardClusterRole
| Field | Description |
|---|---|
rules PolicyRule array |
StandardClusterRoleStatus
Defines the observed state of a StandardClusterRole resource.
Appears in: - StandardClusterRole
| Field | Description |
|---|---|
conditions Condition array |
|
clusters ClusterStatus array |
The list of propagation statuses on the clusters. |
propagatedName string |
The name of the propagated ClusterRole resource realized in the vanilla clusters. |
errorStatus ErrorStatus |
The most recent errors with the observed times included. |