Documentation
¶
Overview ¶
Package common contains shared types that are used in multiple CRDs. +kubebuilder:object:generate=true
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSPrincipal ¶
type AWSPrincipal struct {
// UserARN contains the ARN of an IAM user
// +optional
// +immutable
UserARN *string `json:"iamUserArn,omitempty"`
// UserARNRef contains the reference to an User
// +optional
UserARNRef *xpv1.Reference `json:"iamUserArnRef,omitempty"`
// UserARNSelector queries for an User to retrieve its userName
// +optional
UserARNSelector *xpv1.Selector `json:"iamUserArnSelector,omitempty"`
// AWSAccountID identifies an AWS account as the principal
// +optional
// +immutable
AWSAccountID *string `json:"awsAccountId,omitempty"`
// IAMRoleARN contains the ARN of an IAM role
// +optional
// +immutable
IAMRoleARN *string `json:"iamRoleArn,omitempty"`
// IAMRoleARNRef contains the reference to an IAMRole
// +optional
IAMRoleARNRef *xpv1.Reference `json:"iamRoleArnRef,omitempty"`
// IAMRoleARNSelector queries for an IAM role to retrieve its userName
// +optional
IAMRoleARNSelector *xpv1.Selector `json:"iamRoleArnSelector,omitempty"`
}
AWSPrincipal wraps the potential values a policy principal can take. Only one of the values should be set.
func (*AWSPrincipal) DeepCopy ¶
func (in *AWSPrincipal) DeepCopy() *AWSPrincipal
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPrincipal.
func (*AWSPrincipal) DeepCopyInto ¶
func (in *AWSPrincipal) DeepCopyInto(out *AWSPrincipal)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Condition ¶
type Condition struct {
// OperatorKey matches the condition key and value in the policy against values in the request context
OperatorKey string `json:"operatorKey"`
// Conditions represents each of the key/value pairs for the operator key
Conditions []ConditionPair `json:"conditions"`
}
Condition represents a set of condition pairs for a resource policy
func (*Condition) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
func (*Condition) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConditionPair ¶
type ConditionPair struct {
// ConditionKey is the key condition being applied to the parent condition
ConditionKey string `json:"key"`
// ConditionStringValue is the expected string value of the key from the parent condition
// +optional
ConditionStringValue *string `json:"stringValue,omitempty"`
// ConditionDateValue is the expected string value of the key from the parent condition. The
// date value must be in ISO 8601 format. The time is always midnight UTC.
// +optional
ConditionDateValue *metav1.Time `json:"dateValue,omitempty"`
// ConditionNumericValue is the expected string value of the key from the parent condition
// +optional
ConditionNumericValue *int64 `json:"numericValue,omitempty"`
// ConditionBooleanValue is the expected boolean value of the key from the parent condition
// +optional
ConditionBooleanValue *bool `json:"booleanValue,omitempty"`
// ConditionListValue is the list value of the key from the parent condition
// +optional
ConditionListValue []string `json:"listValue,omitempty"`
}
ConditionPair represents one condition inside of the set of conditions for a resource policy
func (*ConditionPair) DeepCopy ¶
func (in *ConditionPair) DeepCopy() *ConditionPair
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionPair.
func (*ConditionPair) DeepCopyInto ¶
func (in *ConditionPair) DeepCopyInto(out *ConditionPair)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourcePolicy ¶
type ResourcePolicy struct {
// Version is the current IAM policy version
// +kubebuilder:validation:Enum="2012-10-17";"2008-10-17"
// +kubebuilder:default:="2012-10-17"
Version string `json:"version"`
// ID is the policy's optional identifier
// +immutable
// +optional
ID *string `json:"id,omitempty"`
// Statements is the list of statement this policy applies
// either jsonStatements or statements must be specified in the policy
// +optional
Statements []ResourcePolicyStatement `json:"statements,omitempty"`
}
ResourcePolicy represents an AWS resource policy manifest
func (*ResourcePolicy) DeepCopy ¶
func (in *ResourcePolicy) DeepCopy() *ResourcePolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicy.
func (*ResourcePolicy) DeepCopyInto ¶
func (in *ResourcePolicy) DeepCopyInto(out *ResourcePolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourcePolicyStatement ¶
type ResourcePolicyStatement struct {
// Optional identifier for this statement, must be unique within the
// policy if provided.
// +optional
SID *string `json:"sid,omitempty"`
// The effect is required and specifies whether the statement results
// in an allow or an explicit deny. Valid values for Effect are Allow and Deny.
// +kubebuilder:validation:Enum=Allow;Deny
Effect string `json:"effect"`
// Used with the resource policy to specify the principal that is allowed
// or denied access to a resource.
// +optional
Principal *ResourcePrincipal `json:"principal,omitempty"`
// Used with the resource policy to specify the users which are not included
// in this policy
// +optional
NotPrincipal *ResourcePrincipal `json:"notPrincipal,omitempty"`
// Each element of the PolicyAction array describes the specific
// action or actions that will be allowed or denied with this PolicyStatement.
// +optional
Action []string `json:"action,omitempty"`
// Each element of the NotPolicyAction array will allow the property to match
// all but the listed actions.
// +optional
NotAction []string `json:"notAction,omitempty"`
// The paths on which this resource will apply
// +optional
Resource []string `json:"resource,omitempty"`
// This will explicitly match all resource paths except the ones
// specified in this array
// +optional
NotResource []string `json:"notResource,omitempty"`
// Condition specifies where conditions for policy are in effect.
// https://docs.aws.amazon.com/Amazonresource/latest/dev/amazon-resource-policy-keys.html
// +optional
Condition []Condition `json:"condition,omitempty"`
}
ResourcePolicyStatement defines an individual statement within the ResourcePolicyBody
func (*ResourcePolicyStatement) DeepCopy ¶
func (in *ResourcePolicyStatement) DeepCopy() *ResourcePolicyStatement
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyStatement.
func (*ResourcePolicyStatement) DeepCopyInto ¶
func (in *ResourcePolicyStatement) DeepCopyInto(out *ResourcePolicyStatement)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourcePrincipal ¶
type ResourcePrincipal struct {
// This flag indicates if the policy should be made available
// to all anonymous users.
// +optional
AllowAnon bool `json:"allowAnon,omitempty"`
// This list contains the all of the AWS IAM users which are affected
// by the policy statement.
// +optional
AWSPrincipals []AWSPrincipal `json:"awsPrincipals,omitempty"`
// This string contains the identifier for any federated web identity
// provider.
// +optional
Federated *string `json:"federated,omitempty"`
// Service define the services which can have access to this resource
// +optional
Service []string `json:"service,omitempty"`
}
ResourcePrincipal defines the principal users affected by the ResourcePolicyStatement Please see the AWS resource docs for more information https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
func (*ResourcePrincipal) DeepCopy ¶
func (in *ResourcePrincipal) DeepCopy() *ResourcePrincipal
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePrincipal.
func (*ResourcePrincipal) DeepCopyInto ¶
func (in *ResourcePrincipal) DeepCopyInto(out *ResourcePrincipal)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files