{ "description": "CloudIdentityMembership is the Schema for the CloudIdentityMembership API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "CloudIdentityMembershipSpec defines the desired state of CloudIdentityMembership", "properties": { "groupRef": { "description": "Immutable.", "oneOf": [ { "not": { "required": [ "external" ] }, "required": [ "name" ] }, { "not": { "anyOf": [ { "required": [ "name" ] }, { "required": [ "namespace" ] } ] }, "required": [ "external" ] } ], "properties": { "external": { "description": "A reference to an externally managed CloudIdentityGroup resource. Should be in the format \"groups/{{groupID}}\".", "type": "string" }, "name": { "description": "The name of a CloudIdentityGroup resource.", "type": "string" }, "namespace": { "description": "The namespace of a CloudIdentityGroup resource.", "type": "string" } }, "type": "object", "additionalProperties": false }, "memberKey": { "description": "Immutable. The `EntityKey` of the member. Either `member_key` or `preferred_member_key` must be set when calling MembershipsService.CreateMembership but not both; both shall be set when returned. Do not set. This is a legacy OUTPUT-ONLY field.", "properties": { "id": { "description": "Immutable. The ID of the entity. For Google-managed entities, the `id` must be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`.", "type": "string" }, "namespace": { "description": "Immutable. The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source_id}`.", "type": "string" } }, "required": [ "id" ], "type": "object", "additionalProperties": false }, "preferredMemberKey": { "description": "Required. Immutable. The `EntityKey` of the member. Either `member_key` or `preferred_member_key` must be set when calling MembershipsService.CreateMembership but not both; both shall be set when returned.", "properties": { "id": { "description": "Immutable. The ID of the entity. For Google-managed entities, the `id` must be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`.", "type": "string" }, "namespace": { "description": "Immutable. The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source_id}`.", "type": "string" } }, "required": [ "id" ], "type": "object", "additionalProperties": false }, "resourceID": { "description": "Immutable. Optional. The service-generated name of the resource. Format: {membershipID}. Used for acquisition only. Leave unset to create a new resource.", "type": "string" }, "roles": { "description": "The `MembershipRole`s that apply to the `Membership`. If unspecified, defaults to a single `MembershipRole` with `name` `MEMBER`. Must not contain duplicate `MembershipRole`s with the same `name`.", "items": { "properties": { "expiryDetail": { "description": "The expiry details of the `MembershipRole`. Expiry details are only supported for `MEMBER` `MembershipRoles`. May be set if `name` is `MEMBER`. Must not be set if `name` is any other value.", "properties": { "expireTime": { "description": "The time at which the `MembershipRole` will expire.", "format": "date-time", "type": "string" } }, "type": "object", "additionalProperties": false }, "name": { "description": "The name of the `MembershipRole`. Must be one of `OWNER`, `MANAGER`, `MEMBER`.", "type": "string" }, "restrictionEvaluations": { "description": "Evaluations of restrictions applied to parent group on this membership.", "properties": { "memberRestrictionEvaluation": { "description": "Evaluation of the member restriction applied to this membership. Empty if the user lacks permission to view the restriction evaluation.", "properties": { "state": { "description": "Output only. The current state of the restriction", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "groupRef", "preferredMemberKey", "roles" ], "type": "object", "additionalProperties": false }, "status": { "description": "CloudIdentityMembershipStatus defines the config connector machine state of CloudIdentityMembership", "properties": { "conditions": { "description": "Conditions represent the latest available observations of the object's current state.", "items": { "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "type": "string" }, "message": { "description": "Human-readable message indicating details about last transition.", "type": "string" }, "reason": { "description": "Unique, one-word, CamelCase reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status is the status of the condition. Can be True, False, Unknown.", "type": "string" }, "type": { "description": "Type is the type of the condition.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "createTime": { "description": "Output only. The time when the `Membership` was created.", "format": "date-time", "type": "string" }, "deliverySetting": { "description": "Output only. Delivery setting associated with the membership. Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, DAILY, NONE, DISABLED", "type": "string" }, "displayName": { "description": "Output only. The display name of this member, if available", "properties": { "familyName": { "description": "Output only. Member's family name", "type": "string" }, "fullName": { "description": "Output only. Localized UTF-16 full name for the member. Localization is done based on the language in the request and the language of the stored display name.", "type": "string" }, "givenName": { "description": "Output only. Member's given name", "type": "string" } }, "type": "object", "additionalProperties": false }, "externalRef": { "description": "A unique Config Connector specifier for the resource in GCP.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", "format": "int64", "type": "integer" }, "type": { "description": "Output only. The type of the membership. Possible values: OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER", "type": "string" }, "updateTime": { "description": "Output only. The time when the `Membership` was last updated.", "format": "date-time", "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }