diff --git a/config/crd/bases/iam/iam.miloapis.com_platformaccessdenials.yaml b/config/crd/bases/iam/iam.miloapis.com_platformaccessdenials.yaml deleted file mode 100644 index aacce160..00000000 --- a/config/crd/bases/iam/iam.miloapis.com_platformaccessdenials.yaml +++ /dev/null @@ -1,158 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - discovery.miloapis.com/parent-contexts: Platform - name: platformaccessdenials.iam.miloapis.com -spec: - group: iam.miloapis.com - names: - kind: PlatformAccessDenial - listKind: PlatformAccessDenialList - plural: platformaccessdenials - singular: platformaccessdenial - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - PlatformAccessDenial is the Schema for the platformaccessapprovals API. - It represents a platform access approval for a user. Once the platform access approval is created, an email will be sent to the user. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PlatformAccessDenialSpec defines the desired state of PlatformAccessDenial. - properties: - approverRef: - description: |- - ApproverRef is the reference to the approver being approved. - If not specified, the approval was made by the system. - properties: - name: - description: Name is the name of the User being referenced. - type: string - required: - - name - type: object - subjectRef: - description: SubjectRef is the reference to the subject being approved. - properties: - email: - description: |- - Email is the email of the user being approved. - Use Email to approve an email address that is not associated with a created user. (e.g. when using PlatformInvitation) - UserRef and Email are mutually exclusive. Exactly one of them must be specified. - type: string - userRef: - description: |- - UserRef is the reference to the user being approved. - UserRef and Email are mutually exclusive. Exactly one of them must be specified. - properties: - name: - description: Name is the name of the User being referenced. - type: string - required: - - name - type: object - type: object - x-kubernetes-validations: - - message: Exactly one of email or userRef must be specified - rule: (has(self.email) && !has(self.userRef)) || (!has(self.email) - && has(self.userRef)) - required: - - subjectRef - type: object - x-kubernetes-validations: - - message: spec is immutable - rule: self == oldSelf - status: - properties: - conditions: - default: - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Platform access approval reconciliation is pending - reason: ReconcilePending - status: Unknown - type: Ready - description: Conditions provide conditions that represent the current - status of the PlatformAccessDenial. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/crd/bases/iam/kustomization.yaml b/config/crd/bases/iam/kustomization.yaml index 366abfce..485b046b 100644 --- a/config/crd/bases/iam/kustomization.yaml +++ b/config/crd/bases/iam/kustomization.yaml @@ -11,3 +11,4 @@ resources: - iam.miloapis.com_userdeactivations.yaml - iam.miloapis.com_platforminvitations.yaml - iam.miloapis.com_platformaccessapprovals.yaml +- iam.miloapis.com_platformaccessrejections.yaml diff --git a/docs/api/iam.md b/docs/api/iam.md index 6edfe9c3..cf5c14f5 100644 --- a/docs/api/iam.md +++ b/docs/api/iam.md @@ -16,8 +16,6 @@ Resource Types: - [PlatformAccessApproval](#platformaccessapproval) -- [PlatformAccessDenial](#platformaccessdenial) - - [PlatformAccessRejection](#platformaccessrejection) - [PlatformInvitation](#platforminvitation) @@ -834,298 +832,6 @@ If not specified, the approval was made by the system. -## PlatformAccessDenial -[↩ Parent](#iammiloapiscomv1alpha1 ) - - - - - - -PlatformAccessDenial is the Schema for the platformaccessapprovals API. -It represents a platform access approval for a user. Once the platform access approval is created, an email will be sent to the user. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
apiVersionstringiam.miloapis.com/v1alpha1true
kindstringPlatformAccessDenialtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject - PlatformAccessDenialSpec defines the desired state of PlatformAccessDenial.
-
- Validations:
  • self == oldSelf: spec is immutable
  • -
    false
    statusobject -
    -
    false
    - - -### PlatformAccessDenial.spec -[↩ Parent](#platformaccessdenial) - - - -PlatformAccessDenialSpec defines the desired state of PlatformAccessDenial. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    subjectRefobject - SubjectRef is the reference to the subject being approved.
    -
    - Validations:
  • (has(self.email) && !has(self.userRef)) || (!has(self.email) && has(self.userRef)): Exactly one of email or userRef must be specified
  • -
    true
    approverRefobject - ApproverRef is the reference to the approver being approved. -If not specified, the approval was made by the system.
    -
    false
    - - -### PlatformAccessDenial.spec.subjectRef -[↩ Parent](#platformaccessdenialspec) - - - -SubjectRef is the reference to the subject being approved. - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    emailstring - Email is the email of the user being approved. -Use Email to approve an email address that is not associated with a created user. (e.g. when using PlatformInvitation) -UserRef and Email are mutually exclusive. Exactly one of them must be specified.
    -
    false
    userRefobject - UserRef is the reference to the user being approved. -UserRef and Email are mutually exclusive. Exactly one of them must be specified.
    -
    false
    - - -### PlatformAccessDenial.spec.subjectRef.userRef -[↩ Parent](#platformaccessdenialspecsubjectref) - - - -UserRef is the reference to the user being approved. -UserRef and Email are mutually exclusive. Exactly one of them must be specified. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -
    true
    - - -### PlatformAccessDenial.spec.approverRef -[↩ Parent](#platformaccessdenialspec) - - - -ApproverRef is the reference to the approver being approved. -If not specified, the approval was made by the system. - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    namestring - Name is the name of the User being referenced.
    -
    true
    - - -### PlatformAccessDenial.status -[↩ Parent](#platformaccessdenial) - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    conditions[]object - Conditions provide conditions that represent the current status of the PlatformAccessDenial.
    -
    - Default: [map[lastTransitionTime:1970-01-01T00:00:00Z message:Platform access approval reconciliation is pending reason:ReconcilePending status:Unknown type:Ready]]
    -
    false
    - - -### PlatformAccessDenial.status.conditions[index] -[↩ Parent](#platformaccessdenialstatus) - - - -Condition contains details for one aspect of the current state of this API Resource. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescriptionRequired
    lastTransitionTimestring - lastTransitionTime is the last time the condition transitioned from one status to another. -This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
    -
    - Format: date-time
    -
    true
    messagestring - message is a human readable message indicating details about the transition. -This may be an empty string.
    -
    true
    reasonstring - reason contains a programmatic identifier indicating the reason for the condition's last transition. -Producers of specific condition types may define expected values and meanings for this field, -and whether the values are considered a guaranteed API. -The value should be a CamelCase string. -This field may not be empty.
    -
    true
    statusenum - status of the condition, one of True, False, Unknown.
    -
    - Enum: True, False, Unknown
    -
    true
    typestring - type of condition in CamelCase or in foo.example.com/CamelCase.
    -
    true
    observedGenerationinteger - observedGeneration represents the .metadata.generation that the condition was set based upon. -For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date -with respect to the current state of the instance.
    -
    - Format: int64
    - Minimum: 0
    -
    false
    - ## PlatformAccessRejection [↩ Parent](#iammiloapiscomv1alpha1 )