iam.global.gdc.goog/v1
Package v1 contains API Schema definitions for the iam.global.gdc.goog v1 API group
CustomRole
Represents a template for a global CustomRole Custom roles provide fine-grained control over user permissions, unlike predefined roles. This allows organizations to tailor access rights to their specific needs, balancing operational efficiency with security. By adhering to the principle of least privilege, custom roles significantly enhance security and protect sensitive data.
Appears in: - CustomRoleList - CustomRoleReplicaList
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
CustomRole |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec CustomRoleSpec |
|
status CustomRoleStatus |
CustomRoleList
Contains a list of CustomRole resource
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
CustomRoleList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items CustomRole array |
CustomRoleMetadata
Represents the data necessary to create a Custom Role
Appears in: - CustomRoleSpec
| Field | Description |
|---|---|
scope CustomRoleScopeType |
scope of the custom role created which can either be organization or project |
roleNamespaces string array |
namespace of the role (optional) only required for role deployment if: case 1: when scope is project then it denotes the project namespaces case 2: when scope is project and roleNamespaces contain ['*'] then it denotes all project namespaces case 3: when scope is organization and deployment roleType is role not clusterRole then it denotes literal namespaces |
title string |
title is a friendly title for the role, such as "My Company Admin". |
description string |
description is a short description of the role, such as "My custom role description". |
id string |
id is the name of the role, such as "myCompanyAdmin". |
stage StageType |
stage indicates the stage of a role in the launch lifecycle which can either be [ALPHA, BETA, GA, DISABLED] |
CustomRoleReplica
Represents a template for a zonal CustomRole replica
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
CustomRoleReplica |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec CustomRoleSpec |
|
status CustomRoleReplicaStatus |
CustomRoleReplicaList
Contains a list of zonal CustomRole replica resources
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
CustomRoleReplicaList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items CustomRole array |
CustomRoleReplicaStatus
Provides a status of zonal CustomRole replica
Appears in: - CustomRoleReplica - CustomRoleZoneStatus
| Field | Description |
|---|---|
conditions Condition array |
Conditions represents the observations of this Custom role overall state |
propagatedCustomRoleName string |
Propagated custom role name for all the replicas |
CustomRoleScopeType
Underlying type: string
Appears in: - CustomRoleMetadata
CustomRoleSpec
Defines the CustomRole data in the ClusterRoleTemplate resource
Appears in: - CustomRole - CustomRoleReplica
| Field | Description |
|---|---|
metadata CustomRoleMetadata |
Refer to Kubernetes API documentation for fields of metadata. |
zonalRules PolicyRule array |
|
globalRules PolicyRule array |
CustomRoleStatus
Provides the status of an CustomRoleStatus resource
Appears in: - CustomRole
| Field | Description |
|---|---|
conditions Condition array |
The observations of the overall state of the resource. Known condition types: Ready. |
rollout RolloutStatus |
The current strategy used to roll out the resource to each zone. |
zones CustomRoleZoneStatus array |
The list of zone statuses where the resource is rolled out to |
propagationInfo PropagationInfo |
propagation information of converted template for global role template conversion |
CustomRoleZoneStatus
CustomRoleZoneStatus provides the status of a CustomRole rolling out to a particular zone
Appears in: - CustomRoleStatus
| Field | Description |
|---|---|
name string |
The name of the zone where the replica this status represents is in. |
rolloutStatus ZoneRolloutStatus |
The status of rolling out the replica to the zone. |
replicaStatus CustomRoleReplicaStatus |
The reconciliation status of the replica collected from the zone. Any condition within the field that has an .observedGeneration less than .rolloutStatus.replicaGeneration is out of date |
IAMRole
IAMRole references a predefined role in the global and/or zonal APIServer.
Appears in: - IAMRoleList
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
IAMRole |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec IAMRoleSpec |
|
status IAMRoleStatus |
IAMRoleBinding
IAMRoleBinding references a global IAMRole and adds who information via Subject.
Appears in: - IAMRoleBindingList
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
IAMRoleBinding |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec IAMRoleBindingSpec |
|
status IAMRoleBindingStatus |
IAMRoleBindingList
Contains a list of IAMRoleBinding resources.
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
IAMRoleBindingList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items IAMRoleBinding array |
IAMRoleBindingSpec
Provides the specification of the IAMRoleBindingSpec.
Appears in: - IAMRoleBinding
| Field | Description |
|---|---|
roleRef RoleRef |
RoleRef contains information that points to the IAMRole being used. |
subjects Subject array |
The subjects of the global IAMRoleBinding resource. |
IAMRoleBindingStatus
Provides the status of the IAMRoleBinding.
Appears in: - IAMRoleBinding
| Field | Description |
|---|---|
conditions Condition array |
IAMRoleList
Contains a list of IAMRole resources.
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
IAMRoleList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items IAMRole array |
IAMRoleSpec
Provides the specification for IAMRole.
Appears in: - IAMRole
| Field | Description |
|---|---|
roleRef RoleRef |
RoleRef contains information that points to the role in the global APIServer being used. |
zonalRoleRef RoleRef |
ZonalRoleRef contains information that points to the zonal role being used. |
IAMRoleStatus
Provides the status of the IAMRole.
Appears in: - IAMRole
| Field | Description |
|---|---|
conditions Condition array |
IdentityProviderConfig
Represents a configuration for an identity provider that supports OIDC or SAML.
Appears in: - IdentityProviderConfigList
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
IdentityProviderConfig |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec IdentityProviderConfigSpec |
|
status IdentityProviderConfigStatus |
IdentityProviderConfigList
Contains a list of IdentityProviderConfig resources.
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
IdentityProviderConfigList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items IdentityProviderConfig array |
IdentityProviderConfigReplica
Represents a configuration for an identity provider that supports OIDC or SAML.
Appears in: - IdentityProviderConfigReplicaList
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
IdentityProviderConfigReplica |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec IdentityProviderConfigSpec |
|
status IdentityProviderConfigReplicaStatus |
IdentityProviderConfigReplicaList
Contains a list of IdentityProviderConfigReplica resources.
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
IdentityProviderConfigReplicaList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items IdentityProviderConfigReplica array |
IdentityProviderConfigReplicaStatus
Provides the status of an IdentityProviderConfig resource.
Appears in: - IdentityProviderConfigReplica - IdentityProviderConfigZoneStatus
| Field | Description |
|---|---|
conditions Condition array |
IdentityProviderConfigSpec
Provides the specification, or desired state, of an IdentityProviderConfig resource.
Either OIDCConfig or SAMLConfig has to be provided but not both.
Appears in: - IdentityProviderConfig - IdentityProviderConfigReplica
| Field | Description |
|---|---|
oidc OIDCProviderConfig |
OIDC specific configuration. |
saml SAMLProviderConfig |
SAML specific configuration. |
IdentityProviderConfigStatus
Provides the status of an IdentityProviderConfig resource.
Appears in: - IdentityProviderConfig
| Field | Description |
|---|---|
conditions Condition array |
The observations of the overall state of the resource. Known condition types: Ready. |
rollout RolloutStatus |
The current strategy used to roll out the resource to each zone. |
zones IdentityProviderConfigZoneStatus array |
The list of zone statuses where the resource is rolled out to. |
IdentityProviderConfigZoneStatus
IdentityProviderConfigZoneStatus provides the status of a IdentityProviderConfig rolling out to a particular zone.
Appears in: - IdentityProviderConfigStatus
| Field | Description |
|---|---|
name string |
The name of the zone where the replica this status represents is in. |
rolloutStatus ZoneRolloutStatus |
The status of rolling out the replica to the zone. |
replicaStatus IdentityProviderConfigReplicaStatus |
The reconciliation status of the replica collected from the zone. Any condition within the field that has an .observedGeneration less than .rolloutStatus.replicaGeneration is out of date. |
PropagationInfo
Provides the information of converted role template
Appears in: - CustomRoleStatus
| Field | Description |
|---|---|
roleName string |
name of the role |
roleType RoleType |
type of the role, it can be [role, clusterRole, projectRole, organizationRole] |
namespaces string array |
namespaces of the role where role deployment will occur |
RoleType
Underlying type: string
Appears in: - PropagationInfo
StageType
Underlying type: string
Appears in: - CustomRoleMetadata
ZonalRoleBinding
ZonalRoleBinding references a zonal Role and adds who information via Subject.
Appears in: - ZonalRoleBindingList
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
ZonalRoleBinding |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec ZonalRoleBindingSpec |
|
status ZonalRoleBindingStatus |
ZonalRoleBindingList
Contains a list of ZonalRoleBinding resources.
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
ZonalRoleBindingList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items ZonalRoleBinding array |
ZonalRoleBindingReplica
Represents a replicated ZonalRoleBinding resource that will be synced to a particular zonal API server.
Appears in: - ZonalRoleBindingReplicaList
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
ZonalRoleBindingReplica |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec ZonalRoleBindingSpec |
|
status ZonalRoleBindingReplicaStatus |
ZonalRoleBindingReplicaList
Contains a list of ZonalRoleBindingReplica resources.
| Field | Description |
|---|---|
apiVersion string |
iam.global.gdc.goog/v1 |
kind string |
ZonalRoleBindingReplicaList |
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
items ZonalRoleBindingReplica array |
ZonalRoleBindingReplicaStatus
Provides the status of the ZonalRoleBindingReplica.
Appears in: - ZonalRoleBindingReplica - ZonalRoleBindingZoneStatus
| Field | Description |
|---|---|
conditions Condition array |
|
propagatedName string |
PropagatedName of the ZonalRoleBinding that requires propagation in the user clusters within the organization. |
clusters ClusterStatus array |
The list of propagation statuses for the clusters for ZonalRoleBinding that requires propagation in the user clusters within the organization. |
errorStatus ErrorStatus |
The most recent errors with the observed times included. |
ZonalRoleBindingSpec
Provides the specification of the ZonalRoleBinding.
Appears in: - ZonalRoleBinding - ZonalRoleBindingReplica
| Field | Description |
|---|---|
roleRef RoleRef |
RoleRef contains information that points to the zonal role being used. |
subjects Subject array |
The subjects of the global ZonalRoleBinding resource. |
ZonalRoleBindingStatus
Provides the status of the ZonalRoleBinding resource.
Appears in: - ZonalRoleBinding
| Field | Description |
|---|---|
conditions Condition array |
The observations of the overall state of the resource. Known condition types: Ready. |
rollout RolloutStatus |
The current strategy used to roll out the resource to each zone. |
zones ZonalRoleBindingZoneStatus array |
The list of zone statuses where the resource is rolled out to. |
ZonalRoleBindingZoneStatus
ZonalRoleBindingZoneStatus provides the status of a ZonalRoleBinding rolling out to a particular zone.
Appears in: - ZonalRoleBindingStatus
| Field | Description |
|---|---|
name string |
The name of the zone where the replica this status represents is in. |
rolloutStatus ZoneRolloutStatus |
The status of rolling out the replica to the zone. |
replicaStatus ZonalRoleBindingReplicaStatus |
The reconciliation status of the replica collected from the zone. Any condition within the field that has an .observedGeneration less than .rolloutStatus.replicaGeneration is out of date. |