{ "description": "Policy is the Schema for the Policies API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "PolicySpec defines the desired state of Policy.\n\nContains information about a managed policy.\n\nThis data type is used as a response element in the CreatePolicy, GetPolicy,\nand ListPolicies operations.\n\nFor more information about managed policies, refer to Managed policies and\ninline policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html)\nin the IAM User Guide.", "properties": { "description": { "description": "A friendly description of the policy.\n\nTypically used to store information about the permissions defined in the\npolicy. For example, \"Grants access to production DynamoDB tables.\"\n\nThe policy description is immutable. After a value is assigned, it cannot\nbe changed.", "type": "string" }, "name": { "description": "The friendly name of the policy.\n\nIAM user, group, role, and policy names must be unique within the account.\nNames are not distinguished by case. For example, you cannot create resources\nnamed both \"MyResource\" and \"myresource\".", "type": "string" }, "path": { "description": "The path for the policy.\n\nFor more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)\nin the IAM User Guide.\n\nThis parameter is optional. If it is not included, it defaults to a slash\n(/).\n\nThis parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))\na string of characters consisting of either a forward slash (/) by itself\nor a string that must begin and end with forward slashes. In addition, it\ncan contain any ASCII character from the ! (\\u0021) through the DEL character\n(\\u007F), including most punctuation characters, digits, and upper and lowercased\nletters.\n\nYou cannot use an asterisk (*) in the path name.", "type": "string" }, "policyDocument": { "description": "The JSON policy document that you want to use as the content for the new\npolicy.\n\nYou must provide policies in JSON format in IAM. However, for CloudFormation\ntemplates formatted in YAML, you can provide the policy in JSON or YAML format.\nCloudFormation always converts a YAML policy to JSON format before submitting\nit to IAM.\n\nThe maximum length of the policy document that you can pass in this operation,\nincluding whitespace, is listed below. To view the maximum character counts\nof a managed policy with no whitespaces, see IAM and STS character quotas\n(https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).\n\nTo learn more about JSON policy grammar, see Grammar of the IAM JSON policy\nlanguage (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html)\nin the IAM User Guide.\n\nThe regex pattern (http://wikipedia.org/wiki/regex) used to validate this\nparameter is a string of characters consisting of the following:\n\n - Any printable ASCII character ranging from the space character (\\u0020)\n through the end of the ASCII character range\n\n - The printable characters in the Basic Latin and Latin-1 Supplement character\n set (through \\u00FF)\n\n - The special characters tab (\\u0009), line feed (\\u000A), and carriage\n return (\\u000D)", "type": "string" }, "tags": { "description": "A list of tags that you want to attach to the new IAM customer managed policy.\nEach tag consists of a key name and an associated value. For more information\nabout tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)\nin the IAM User Guide.\n\nIf any one of the tags is invalid or if you exceed the allowed maximum number\nof tags, then the entire request fails and the resource is not created.", "items": { "description": "A structure that represents user-provided metadata that can be associated\nwith an IAM resource. For more information about tagging, see Tagging IAM\nresources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)\nin the IAM User Guide.", "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "name", "policyDocument" ], "type": "object", "additionalProperties": false }, "status": { "description": "PolicyStatus defines the observed state of Policy", "properties": { "ackResourceMetadata": { "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", "type": "string" }, "region": { "description": "Region is the AWS region in which the resource exists or will exist.", "type": "string" } }, "required": [ "ownerAccountID", "region" ], "type": "object", "additionalProperties": false }, "attachmentCount": { "description": "The number of entities (users, groups, and roles) that the policy is attached\nto.", "format": "int64", "type": "integer" }, "conditions": { "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { "description": "The reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "Type is the type of the Condition", "type": "string" } }, "required": [ "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "createDate": { "description": "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),\nwhen the policy was created.", "format": "date-time", "type": "string" }, "defaultVersionID": { "description": "The identifier for the version of the policy that is set as the default version.", "type": "string" }, "isAttachable": { "description": "Specifies whether the policy can be attached to an IAM user, group, or role.", "type": "boolean" }, "permissionsBoundaryUsageCount": { "description": "The number of entities (users and roles) for which the policy is used to\nset the permissions boundary.\n\nFor more information about permissions boundaries, see Permissions boundaries\nfor IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)\nin the IAM User Guide.", "format": "int64", "type": "integer" }, "policyID": { "description": "The stable and unique string identifying the policy.\n\nFor more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)\nin the IAM User Guide.", "type": "string" }, "updateDate": { "description": "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),\nwhen the policy was last updated.\n\nWhen a policy has only one version, this field contains the date and time\nwhen the policy was created. When a policy has more than one version, this\nfield contains the date and time when the most recent policy version was\ncreated.", "format": "date-time", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }