{ "description": "User is the Schema for the Users API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "UserSpec defines the desired state of User.\n\nContains information about an IAM user entity.\n\nThis data type is used as a response element in the following operations:\n\n - CreateUser\n\n - GetUser\n\n - ListUsers", "properties": { "inlinePolicies": { "additionalProperties": { "type": "string" }, "type": "object" }, "name": { "description": "The name of the user to create.\n\nIAM user, group, role, and policy names must be unique within the account.\nNames are not distinguished by case. For example, you cannot create resources\nnamed both \"MyResource\" and \"myresource\".", "type": "string" }, "path": { "description": "The path for the user name. For more information about paths, see IAM identifiers\n(https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)\nin the IAM User Guide.\n\nThis parameter is optional. If it is not included, it defaults to a slash\n(/).\n\nThis parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex))\na string of characters consisting of either a forward slash (/) by itself\nor a string that must begin and end with forward slashes. In addition, it\ncan contain any ASCII character from the ! (\\u0021) through the DEL character\n(\\u007F), including most punctuation characters, digits, and upper and lowercased\nletters.", "type": "string" }, "permissionsBoundary": { "description": "The ARN of the managed policy that is used to set the permissions boundary\nfor the user.\n\nA permissions boundary policy defines the maximum permissions that identity-based\npolicies can grant to an entity, but does not grant permissions. Permissions\nboundaries do not define the maximum permissions that a resource-based policy\ncan grant to an entity. To learn more, see Permissions boundaries for IAM\nentities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html)\nin the IAM User Guide.\n\nFor more information about policy types, see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types)\nin the IAM User Guide.", "type": "string" }, "permissionsBoundaryRef": { "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", "properties": { "from": { "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "policies": { "items": { "type": "string" }, "type": "array" }, "policyRefs": { "items": { "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", "properties": { "from": { "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "tags": { "description": "A list of tags that you want to attach to the new user. Each tag consists\nof a key name and an associated value. For more information about tagging,\nsee Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)\nin the IAM User Guide.\n\nIf any one of the tags is invalid or if you exceed the allowed maximum number\nof tags, then the entire request fails and the resource is not created.", "items": { "description": "A structure that represents user-provided metadata that can be associated\nwith an IAM resource. For more information about tagging, see Tagging IAM\nresources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)\nin the IAM User Guide.", "properties": { "key": { "type": "string" }, "value": { "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "status": { "description": "UserStatus defines the observed state of User", "properties": { "ackResourceMetadata": { "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", "type": "string" }, "region": { "description": "Region is the AWS region in which the resource exists or will exist.", "type": "string" } }, "required": [ "ownerAccountID", "region" ], "type": "object", "additionalProperties": false }, "conditions": { "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { "description": "The reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "Type is the type of the Condition", "type": "string" } }, "required": [ "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "createDate": { "description": "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),\nwhen the user was created.", "format": "date-time", "type": "string" }, "passwordLastUsed": { "description": "The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601),\nwhen the user's password was last used to sign in to an Amazon Web Services\nwebsite. For a list of Amazon Web Services websites that capture a user's\nlast sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)\ntopic in the IAM User Guide. If a password is used more than once in a five-minute\nspan, only the first use is returned in this field. If the field is null\n(no value), then it indicates that they never signed in with a password.\nThis can be because:\n\n * The user never had a password.\n\n * A password exists but has not been used since IAM started tracking this\n information on October 20, 2014.\n\nA null value does not mean that the user never had a password. Also, if the\nuser does not currently have a password but had one in the past, then this\nfield contains the date and time the most recent password was used.\n\nThis value is returned only in the GetUser and ListUsers operations.", "format": "date-time", "type": "string" }, "userID": { "description": "The stable and unique string identifying the user. For more information about\nIDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html)\nin the IAM User Guide.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }