common

package
v0.52.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 15, 2025 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Package common contains shared types that are used in multiple CRDs. +kubebuilder:object:generate=true

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AWSPrincipal

type AWSPrincipal struct {
	// UserARN contains the ARN of an IAM user
	// +optional
	// +immutable
	UserARN *string `json:"iamUserArn,omitempty"`

	// UserARNRef contains the reference to an User
	// +optional
	UserARNRef *xpv1.Reference `json:"iamUserArnRef,omitempty"`

	// UserARNSelector queries for an User to retrieve its userName
	// +optional
	UserARNSelector *xpv1.Selector `json:"iamUserArnSelector,omitempty"`

	// AWSAccountID identifies an AWS account as the principal
	// +optional
	// +immutable
	AWSAccountID *string `json:"awsAccountId,omitempty"`

	// IAMRoleARN contains the ARN of an IAM role
	// +optional
	// +immutable
	IAMRoleARN *string `json:"iamRoleArn,omitempty"`

	// IAMRoleARNRef contains the reference to an IAMRole
	// +optional
	IAMRoleARNRef *xpv1.Reference `json:"iamRoleArnRef,omitempty"`

	// IAMRoleARNSelector queries for an IAM role to retrieve its userName
	// +optional
	IAMRoleARNSelector *xpv1.Selector `json:"iamRoleArnSelector,omitempty"`
}

AWSPrincipal wraps the potential values a policy principal can take. Only one of the values should be set.

func (*AWSPrincipal) DeepCopy

func (in *AWSPrincipal) DeepCopy() *AWSPrincipal

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPrincipal.

func (*AWSPrincipal) DeepCopyInto

func (in *AWSPrincipal) DeepCopyInto(out *AWSPrincipal)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Condition

type Condition struct {
	// OperatorKey matches the condition key and value in the policy against values in the request context
	OperatorKey string `json:"operatorKey"`

	// Conditions represents each of the key/value pairs for the operator key
	Conditions []ConditionPair `json:"conditions"`
}

Condition represents a set of condition pairs for a resource policy

func (*Condition) DeepCopy

func (in *Condition) DeepCopy() *Condition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.

func (*Condition) DeepCopyInto

func (in *Condition) DeepCopyInto(out *Condition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConditionPair

type ConditionPair struct {
	// ConditionKey is the key condition being applied to the parent condition
	ConditionKey string `json:"key"`

	// ConditionStringValue is the expected string value of the key from the parent condition
	// +optional
	ConditionStringValue *string `json:"stringValue,omitempty"`

	// ConditionDateValue is the expected string value of the key from the parent condition. The
	// date value must be in ISO 8601 format. The time is always midnight UTC.
	// +optional
	ConditionDateValue *metav1.Time `json:"dateValue,omitempty"`

	// ConditionNumericValue is the expected string value of the key from the parent condition
	// +optional
	ConditionNumericValue *int64 `json:"numericValue,omitempty"`

	// ConditionBooleanValue is the expected boolean value of the key from the parent condition
	// +optional
	ConditionBooleanValue *bool `json:"booleanValue,omitempty"`

	// ConditionListValue is the list value of the key from the parent condition
	// +optional
	ConditionListValue []string `json:"listValue,omitempty"`
}

ConditionPair represents one condition inside of the set of conditions for a resource policy

func (*ConditionPair) DeepCopy

func (in *ConditionPair) DeepCopy() *ConditionPair

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionPair.

func (*ConditionPair) DeepCopyInto

func (in *ConditionPair) DeepCopyInto(out *ConditionPair)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourcePolicy

type ResourcePolicy struct {
	// Version is the current IAM policy version
	// +kubebuilder:validation:Enum="2012-10-17";"2008-10-17"
	// +kubebuilder:default:="2012-10-17"
	Version string `json:"version"`

	// ID is the policy's optional identifier
	// +immutable
	// +optional
	ID *string `json:"id,omitempty"`

	// Statements is the list of statement this policy applies
	// either jsonStatements or statements must be specified in the policy
	// +optional
	Statements []ResourcePolicyStatement `json:"statements,omitempty"`
}

ResourcePolicy represents an AWS resource policy manifest

func (*ResourcePolicy) DeepCopy

func (in *ResourcePolicy) DeepCopy() *ResourcePolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicy.

func (*ResourcePolicy) DeepCopyInto

func (in *ResourcePolicy) DeepCopyInto(out *ResourcePolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourcePolicyStatement

type ResourcePolicyStatement struct {
	// Optional identifier for this statement, must be unique within the
	// policy if provided.
	// +optional
	SID *string `json:"sid,omitempty"`

	// The effect is required and specifies whether the statement results
	// in an allow or an explicit deny. Valid values for Effect are Allow and Deny.
	// +kubebuilder:validation:Enum=Allow;Deny
	Effect string `json:"effect"`

	// Used with the resource policy to specify the principal that is allowed
	// or denied access to a resource.
	// +optional
	Principal *ResourcePrincipal `json:"principal,omitempty"`

	// Used with the resource policy to specify the users which are not included
	// in this policy
	// +optional
	NotPrincipal *ResourcePrincipal `json:"notPrincipal,omitempty"`

	// Each element of the PolicyAction array describes the specific
	// action or actions that will be allowed or denied with this PolicyStatement.
	// +optional
	Action []string `json:"action,omitempty"`

	// Each element of the NotPolicyAction array will allow the property to match
	// all but the listed actions.
	// +optional
	NotAction []string `json:"notAction,omitempty"`

	// The paths on which this resource will apply
	// +optional
	Resource []string `json:"resource,omitempty"`

	// This will explicitly match all resource paths except the ones
	// specified in this array
	// +optional
	NotResource []string `json:"notResource,omitempty"`

	// Condition specifies where conditions for policy are in effect.
	// https://docs.aws.amazon.com/Amazonresource/latest/dev/amazon-resource-policy-keys.html
	// +optional
	Condition []Condition `json:"condition,omitempty"`
}

ResourcePolicyStatement defines an individual statement within the ResourcePolicyBody

func (*ResourcePolicyStatement) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePolicyStatement.

func (*ResourcePolicyStatement) DeepCopyInto

func (in *ResourcePolicyStatement) DeepCopyInto(out *ResourcePolicyStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourcePrincipal

type ResourcePrincipal struct {
	// This flag indicates if the policy should be made available
	// to all anonymous users.
	// +optional
	AllowAnon bool `json:"allowAnon,omitempty"`

	// This list contains the all of the AWS IAM users which are affected
	// by the policy statement.
	// +optional
	AWSPrincipals []AWSPrincipal `json:"awsPrincipals,omitempty"`

	// This string contains the identifier for any federated web identity
	// provider.
	// +optional
	Federated *string `json:"federated,omitempty"`

	// Service define the services which can have access to this resource
	// +optional
	Service []string `json:"service,omitempty"`
}

ResourcePrincipal defines the principal users affected by the ResourcePolicyStatement Please see the AWS resource docs for more information https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

func (*ResourcePrincipal) DeepCopy

func (in *ResourcePrincipal) DeepCopy() *ResourcePrincipal

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourcePrincipal.

func (*ResourcePrincipal) DeepCopyInto

func (in *ResourcePrincipal) DeepCopyInto(out *ResourcePrincipal)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL