WorkloadIdentity

Packages:

identity-manager.io/v1alpha1

identity-manager.io/v1alpha1

Package v1alpha1 contains resources for identity-manager

Resource Types:

AWSAuth

AWSAuth is the Schema for the awsauths API

Field Description

metadata
Kubernetes meta/v1.ObjectMeta Refer to the Kubernetes API documentation for the fields of the metadata field.

spec
AWSAuthSpec

`mapRoles` []MapRoleItem	MapRoles holds a list of MapRoleItem
`mapUsers` []MapUserItem	MapUsers holds a list of MapUserItem

status
AWSAuthStatus

AWSAuthSpec

(Appears on: AWSAuth)

AWSAuthSpec defines the desired state of AWSAuth

Field	Description
`mapRoles` []MapRoleItem	MapRoles holds a list of MapRoleItem
`mapUsers` []MapUserItem	MapUsers holds a list of MapUserItem

AWSAuthStatus

(Appears on: AWSAuth)

AWSAuthStatus defines the observed state of AWSAuth

Field	Description
`ConditionedStatus` ConditionedStatus	(Members of `ConditionedStatus` are embedded into this type.)

AzureIdentity

(Appears on: WorkloadIdentityAzure)

AzureIdentity is the definition of Azure’s Identity

Field Description

apiVersion
string

(Optional)

APIVersion of the identity

kind
string

(Optional)

Kind of the identity

metadata
Metadata

(Optional)

Metadata of the identity

spec
AzureIdentitySpec

(Optional)

Spec of the identity

AzureIdentityBinding

(Appears on: WorkloadIdentityAzure)

AzureIdentityBinding is the definition of Azure Identity Binding

Field Description

apiVersion
string

(Optional)

APIVersion of the IdentityBinding

kind
string

(Optional)

Kind of the IdentityBinding

metadata
Metadata

(Optional)

Metadata of the IdentityBinding

spec
AzureIdentityBindingSpec

(Optional)

Spec of the IdentityBinding

AzureIdentityBindingSpec

(Appears on: AzureIdentityBinding)

AzureIdentityBindingSpec defines the spec of the Identity Binding

Field	Description
`selector` string	(Optional) Selector of the IdentityBinding

AzureIdentitySpec

(Appears on: AzureIdentity)

AzureIdentitySpec defines the spec of the Identity

Field	Description
`type` int	(Optional) Type of the identity

Condition

(Appears on: ConditionedStatus)

A Condition that may apply to a resource.

Field	Description
`type` ConditionType	Type of this condition. At most one of each condition type may apply to a resource at any point in time.
`status` Kubernetes core/v1.ConditionStatus	Status of this condition; is it currently True, False, or Unknown?
`lastTransitionTime` Kubernetes meta/v1.Time	LastTransitionTime is the last time this condition transitioned from one status to another.
`reason` ConditionReason	A Reason for this condition’s last transition from one status to another.
`message` string	(Optional) A Message containing details about this condition’s last transition from one status to another, if any.

ConditionReason (`string` alias)

(Appears on: Condition)

A ConditionReason represents the reason a resource is in a condition.

Value	Description
"Available"
"Creating"
"Deleting"
"ReconcileError"
"ReconcileSuccess"
"Unavailable"

ConditionType (`string` alias)

(Appears on: Condition)

A ConditionType represents a condition a resource could be in.

Value	Description
"Ready"	TypeReady resources are believed to be ready to handle work.
"Synced"	TypeSynced resources are believed to be in sync with the Kubernetes resources that manage their lifecycle.

ConditionedStatus

(Appears on: AWSAuthStatus, WorkloadIdentityStatus)

A ConditionedStatus reflects the observed status of a resource. Only one condition of each type may exist.

Field	Description
`conditions` []Condition	(Optional) Conditions of the resource.

Credentials

(Appears on: WorkloadIdentitySpec)

Credentials defines the credentials of the cloud provider

Field	Description
`source` CredentialsSource	(Optional) Source of the credentials
`secretRef` SecretRef	(Optional) SecretRef to fetch the credentials
`properties` map[string]string	(Optional) Properties indicates extra properties of credentials

CredentialsSource (`string` alias)

(Appears on: Credentials)

A CredentialsSource is a source from which provider credentials may be acquired.

Value	Description
"Secret"	CredentialsSourceSecret indicates that a provider should acquire credentials from a secret.

ExternalResource

(Appears on: WorkloadIdentityStatus)

ExternalResource is the external resource’s definition

Field	Description
`id` string	(Optional) ID of the external resource
`type` string	(Optional) Type of the external resource

GCPCustomRole

(Appears on: WorkloadIdentityGCP)

GCPCustomRole defines Custom Role in GCP

Field	Description
`title` string	(Optional) Title of the Role
`desc` string	(Optional) Desc of the Role
`permissions` []string	(Optional) Permissions of the Role
`stage` string	(Optional) Stage of the Role

GCPExpr

GCPExpr defines expr for Role

Field	Description
`description` string	Description: Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
`expression` string	Expression: Textual representation of an expression in Common Expression Language syntax.
`location` string	Location: Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
`title` string	Title: Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

MapRoleItem

(Appears on: AWSAuthSpec)

MapRoleItem defines the mapRole item of AWSAuth

Field	Description
`rolearn` string	The ARN of the IAM role to add
`username` string	The user name within Kubernetes to map to the IAM role
`groups` []string	A list of groups within Kubernetes to which the role is mapped

MapUserItem

(Appears on: AWSAuthSpec)

MapUserItem defines the mapUser item of AWSAuth

Field	Description
`userarn` string	The ARN of the IAM user to add
`username` string	The user name within Kubernetes to map to the IAM user
`groups` []string	A list of groups within Kubernetes to which the user is mapped to

Metadata

(Appears on: AzureIdentity, AzureIdentityBinding)

Metadata defines kubernetes resource’s metadata

Field	Description
`name` string	(Optional) Name of the Resource
`namespace` string	(Optional) Namespace of the Resource
`labels` map[string]string	(Optional) Labels of the Resource
`annotations` map[string]string	(Optional) Annotations of the Resource

PodSelector

PodSelector defines the pod selector

Field	Description
`LabelSelector` Kubernetes meta/v1.LabelSelector	(Members of `LabelSelector` are embedded into this type.)
`namespace` string	(Optional) Namespace of the Pod

Provider (`string` alias)

(Appears on: WorkloadIdentitySpec)

Provider defines the cloud provider of the WorkloadIdentity

Value	Description
"AWS"	ProviderAWS is the AWS provider.
"Azure"	ProviderAzure is the Azure provider.
"GCP"	ProviderGCP is the GCP provider.

Resource

(Appears on: WorkloadIdentityStatus)

Resource is the definition of the kubernetes resource

Field	Description
`apiVersion` string	(Optional) APIVersion of the resource
`kind` string	(Optional) Kind of the resource
`name` string	(Optional) Name of the resource
`namespace` string	(Optional) Namespace of the resource

RoleAssignment

(Appears on: WorkloadIdentityAzure)

RoleAssignment defines the role assignment

Field	Description
`role` string	Role of the role assignment
`scope` string	(Optional) Scope of the role assignment

RoleDefinition

RoleDefinition is the definition for a Role

Field	Description
`id` string	ID of the role definition (this will be used to generate internal UUID for role)
`roleName` string	RoleName of the role definition
`roleType` string	RoleType of the role definition
`description` string	(Optional) Description of the role definition
`assignableScopes` []string	(Optional) AssignableScopes is a list of assignable scopes
`permissions` []RolePermission	Permissions of the role definition

RolePermission

(Appears on: RoleDefinition)

RolePermission defines the permissions of a Role

Field	Description
`actions` []string	(Optional) Actions is a list of actions
`notActions` []string	(Optional) NotActions is a list of not actions
`dataActions` []string	(Optional) DataActions is a list of data actions
`notDataActions` []string	(Optional) NotDataActions is a list of not data actions

SecretRef

(Appears on: Credentials)

SecretRef defines the reference to the secret

Field	Description
`namespace` string	(Optional) Namespace of the secret.
`name` string	Name of the secret.

ServiceAccount

ServiceAccount defines the service account’s metadata

Field	Description
`action` ServiceAccountAction	Action to be perform on ServiceAccount
`name` string	(Optional) Name of the ServiceAccount
`namespace` string	(Optional) Namespace of the ServiceAccount
`Annotations` map[string]string	(Optional) Annotations to be added on ServiceAccount

ServiceAccountAction (`string` alias)

(Appears on: ServiceAccount)

A ServiceAccountAction indicates action to be perform on ServiceAccount

Value	Description
"Create"	ServiceAccountActionCreate indicates create service account
""	ServiceAccountActionDefault indicates no action
"Update"	ServiceAccountActionUpdate indicates updating service account

SyncKey

SyncKey is the sync key’s definition

Field	Description
`source` SyncKeySource	(Optional) Source of the sync key
`params` map[string]string	(Optional) Parameters of the sync key
`writeToSecretRef` WriteToSecretRef	(Optional) WriteToSecretRef is a reference to a secret

SyncKeySource (`string` alias)

(Appears on: SyncKey)

A SyncKeySource indicates type of the azure resource keys to synced

Value	Description
"Cosmos"	SyncKeySourceCosmos indicates azure resource type cosmos
""	SyncKeySourceDefault indicates no resource type
"Storage"	SyncKeySourceStorage indicates azure resource type storage