forked from GoogleCloudPlatform/k8s-config-connector
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request GoogleCloudPlatform#1168 from justinsb/generate_ap…
…ikeys_apikey_from_terraform Generate APIKeys Key from Terraform
- Loading branch information
Showing
45 changed files
with
5,483 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
249 changes: 249 additions & 0 deletions
249
...ensions.k8s.io_v1_customresourcedefinition_apikeyskeys.apikeys.cnrm.cloud.google.com.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,249 @@ | ||
| apiVersion: apiextensions.k8s.io/v1 | ||
| kind: CustomResourceDefinition | ||
| metadata: | ||
| annotations: | ||
| cnrm.cloud.google.com/version: 0.0.0-dev | ||
| creationTimestamp: null | ||
| labels: | ||
| cnrm.cloud.google.com/managed-by-kcc: "true" | ||
| cnrm.cloud.google.com/stability-level: stable | ||
| cnrm.cloud.google.com/system: "true" | ||
| cnrm.cloud.google.com/tf2crd: "true" | ||
| name: apikeyskeys.apikeys.cnrm.cloud.google.com | ||
| spec: | ||
| group: apikeys.cnrm.cloud.google.com | ||
| names: | ||
| categories: | ||
| - gcp | ||
| kind: APIKeysKey | ||
| plural: apikeyskeys | ||
| shortNames: | ||
| - gcpapikeyskey | ||
| - gcpapikeyskeys | ||
| singular: apikeyskey | ||
| preserveUnknownFields: false | ||
| scope: Namespaced | ||
| versions: | ||
| - additionalPrinterColumns: | ||
| - jsonPath: .metadata.creationTimestamp | ||
| name: Age | ||
| type: date | ||
| - description: When 'True', the most recent reconcile of the resource succeeded | ||
| jsonPath: .status.conditions[?(@.type=='Ready')].status | ||
| name: Ready | ||
| type: string | ||
| - description: The reason for the value in 'Ready' | ||
| jsonPath: .status.conditions[?(@.type=='Ready')].reason | ||
| name: Status | ||
| type: string | ||
| - description: The last transition time for the value in 'Status' | ||
| jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime | ||
| name: Status Age | ||
| type: date | ||
| name: v1alpha1 | ||
| schema: | ||
| openAPIV3Schema: | ||
| properties: | ||
| apiVersion: | ||
| description: 'apiVersion defines the versioned schema of this representation | ||
| of an object. Servers should convert recognized schemas to the latest | ||
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' | ||
| type: string | ||
| kind: | ||
| description: 'kind is a string value representing the REST resource this | ||
| object represents. Servers may infer this from the endpoint the client | ||
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' | ||
| type: string | ||
| metadata: | ||
| type: object | ||
| spec: | ||
| properties: | ||
| displayName: | ||
| description: Human-readable display name of this API key. Modifiable | ||
| by user. | ||
| type: string | ||
| projectRef: | ||
| description: The project that this resource belongs to. | ||
| oneOf: | ||
| - not: | ||
| required: | ||
| - external | ||
| required: | ||
| - name | ||
| - not: | ||
| anyOf: | ||
| - required: | ||
| - name | ||
| - required: | ||
| - namespace | ||
| required: | ||
| - external | ||
| properties: | ||
| external: | ||
| description: 'Allowed value: The `name` field of a `Project` resource.' | ||
| type: string | ||
| name: | ||
| description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' | ||
| type: string | ||
| namespace: | ||
| description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' | ||
| type: string | ||
| type: object | ||
| resourceID: | ||
| description: Immutable. Optional. The name of the resource. Used for | ||
| creation and acquisition. When unset, the value of `metadata.name` | ||
| is used as the default. | ||
| type: string | ||
| restrictions: | ||
| description: Key restrictions. | ||
| properties: | ||
| androidKeyRestrictions: | ||
| description: The Android apps that are allowed to use the key. | ||
| properties: | ||
| allowedApplications: | ||
| description: A list of Android applications that are allowed | ||
| to make API calls with this key. | ||
| items: | ||
| properties: | ||
| packageName: | ||
| description: The package name of the application. | ||
| type: string | ||
| sha1Fingerprint: | ||
| description: 'The SHA1 fingerprint of the application. | ||
| For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 | ||
| or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output | ||
| format is the latter.' | ||
| type: string | ||
| required: | ||
| - packageName | ||
| - sha1Fingerprint | ||
| type: object | ||
| type: array | ||
| required: | ||
| - allowedApplications | ||
| type: object | ||
| apiTargets: | ||
| description: A restriction for a specific service and optionally | ||
| one or more specific methods. Requests are allowed if they match | ||
| any of these restrictions. If no restrictions are specified, | ||
| all targets are allowed. | ||
| items: | ||
| properties: | ||
| methods: | ||
| description: 'Optional. List of one or more methods that | ||
| can be called. If empty, all methods for the service are | ||
| allowed. A wildcard (*) can be used as the last symbol. | ||
| Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` | ||
| `TranslateText` `Get*` `translate.googleapis.com.Get*`.' | ||
| items: | ||
| type: string | ||
| type: array | ||
| service: | ||
| description: 'The service for this restriction. It should | ||
| be the canonical service name, for example: `translate.googleapis.com`. | ||
| You can use `gcloud services list` to get a list of services | ||
| that are enabled in the project.' | ||
| type: string | ||
| required: | ||
| - service | ||
| type: object | ||
| type: array | ||
| browserKeyRestrictions: | ||
| description: The HTTP referrers (websites) that are allowed to | ||
| use the key. | ||
| properties: | ||
| allowedReferrers: | ||
| description: A list of regular expressions for the referrer | ||
| URLs that are allowed to make API calls with this key. | ||
| items: | ||
| type: string | ||
| type: array | ||
| required: | ||
| - allowedReferrers | ||
| type: object | ||
| iosKeyRestrictions: | ||
| description: The iOS apps that are allowed to use the key. | ||
| properties: | ||
| allowedBundleIds: | ||
| description: A list of bundle IDs that are allowed when making | ||
| API calls with this key. | ||
| items: | ||
| type: string | ||
| type: array | ||
| required: | ||
| - allowedBundleIds | ||
| type: object | ||
| serverKeyRestrictions: | ||
| description: The IP addresses of callers that are allowed to use | ||
| the key. | ||
| properties: | ||
| allowedIps: | ||
| description: A list of the caller IP addresses that are allowed | ||
| to make API calls with this key. | ||
| items: | ||
| type: string | ||
| type: array | ||
| required: | ||
| - allowedIps | ||
| type: object | ||
| type: object | ||
| required: | ||
| - projectRef | ||
| type: object | ||
| status: | ||
| properties: | ||
| conditions: | ||
| description: Conditions represent the latest available observation | ||
| of the resource's current state. | ||
| items: | ||
| properties: | ||
| lastTransitionTime: | ||
| description: Last time the condition transitioned from one status | ||
| to another. | ||
| type: string | ||
| message: | ||
| description: Human-readable message indicating details about | ||
| last transition. | ||
| type: string | ||
| reason: | ||
| description: Unique, one-word, CamelCase reason for the condition's | ||
| last transition. | ||
| type: string | ||
| status: | ||
| description: Status is the status of the condition. Can be True, | ||
| False, Unknown. | ||
| type: string | ||
| type: | ||
| description: Type is the type of the condition. | ||
| type: string | ||
| type: object | ||
| type: array | ||
| keyString: | ||
| description: Output only. An encrypted and signed value held by this | ||
| key. This field can be accessed only through the `GetKeyString` | ||
| method. | ||
| type: string | ||
| observedGeneration: | ||
| description: ObservedGeneration is the generation of the resource | ||
| that was most recently observed by the Config Connector controller. | ||
| If this is equal to metadata.generation, then that means that the | ||
| current reported status reflects the most recent desired state of | ||
| the resource. | ||
| type: integer | ||
| uid: | ||
| description: Output only. Unique id in UUID4 format. | ||
| type: string | ||
| type: object | ||
| required: | ||
| - spec | ||
| type: object | ||
| served: true | ||
| storage: true | ||
| subresources: | ||
| status: {} | ||
| status: | ||
| acceptedNames: | ||
| kind: "" | ||
| plural: "" | ||
| conditions: [] | ||
| storedVersions: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletions
28
config/samples/resources/apikeyskey/apikeys_v1alpha1_apikeyskey.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # Copyright 2024 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| apiVersion: apikeys.cnrm.cloud.google.com/v1alpha1 | ||
| kind: APIKeysKey | ||
| metadata: | ||
| name: apikeyskey-sample | ||
| spec: | ||
| displayName: "Human readable name" | ||
| projectRef: | ||
| # Replace ${PROJECT_ID?} with your project ID | ||
| external: "projects/${PROJECT_ID?}" | ||
| resourceID: sample | ||
| restrictions: | ||
| apiTargets: | ||
| - service: "translate.googleapis.com" | ||
| methods: [ "GET" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # Copyright 2024 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| apiVersion: core.cnrm.cloud.google.com/v1alpha1 | ||
| kind: ServiceMapping | ||
| metadata: | ||
| name: apikeys.cnrm.cloud.google.com | ||
| namespace: cnrm-system | ||
| spec: | ||
| name: APIKeys | ||
| version: v1alpha1 | ||
| serviceHostName: "apikeys.googleapis.com" | ||
| resources: | ||
| - name: google_apikeys_key | ||
| kind: APIKeysKey | ||
| metadataMapping: | ||
| name: name | ||
| resourceID: | ||
| targetField: name | ||
| resourceAvailableInAssetInventory: true | ||
| idTemplate: "projects/{{project}}/locations/global/keys/{{name}}" | ||
| idTemplateCanBeUsedToMatchResourceName: true | ||
| hierarchicalReferences: | ||
| - type: project | ||
| key: projectRef | ||
| resourceReferences: | ||
| - tfField: project | ||
| key: projectRef | ||
| description: |- | ||
| The project that this resource belongs to. | ||
| gvk: | ||
| kind: Project | ||
| version: v1beta1 | ||
| group: resourcemanager.cnrm.cloud.google.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.