{ "description": "BucketACL is the Schema for the BucketACLs API. Provides an S3 bucket ACL resource.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "BucketACLSpec defines the desired state of BucketACL", "properties": { "deletionPolicy": { "default": "Delete", "description": "DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "enum": [ "Orphan", "Delete" ], "type": "string" }, "forProvider": { "properties": { "accessControlPolicy": { "description": "Configuration block that sets the ACL permissions for an object per grantee. See below.", "properties": { "grant": { "description": "Set of grant configuration blocks. See below.", "items": { "properties": { "grantee": { "description": "Configuration block for the person being granted permissions. See below.", "properties": { "emailAddress": { "description": "Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.", "type": "string" }, "id": { "description": "ID of the owner.", "type": "string" }, "type": { "description": "Type of grantee. Valid values: CanonicalUser, AmazonCustomerByEmail, Group.", "type": "string" }, "uri": { "description": "URI of the grantee group.", "type": "string" } }, "type": "object", "additionalProperties": false }, "permission": { "description": "Logging permissions assigned to the grantee for the bucket. Valid values: FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP. See What permissions can I grant? for more details about what each permission means in the context of buckets.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "owner": { "description": "Configuration block for the bucket owner's display name and ID. See below.", "properties": { "displayName": { "description": "Display name of the owner.", "type": "string" }, "id": { "description": "ID of the owner.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "acl": { "description": "Specifies the Canned ACL to apply to the bucket. Valid values: private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, bucket-owner-full-control, log-delivery-write. Full details are available on the AWS documentation.", "type": "string" }, "bucket": { "description": "Bucket to which to apply the ACL.", "type": "string" }, "bucketRef": { "description": "Reference to a Bucket in s3 to populate bucket.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "bucketSelector": { "description": "Selector for a Bucket in s3 to populate bucket.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "expectedBucketOwner": { "description": "Account ID of the expected bucket owner.", "type": "string" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" } }, "required": [ "region" ], "type": "object", "additionalProperties": false }, "initProvider": { "description": "THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.", "properties": { "accessControlPolicy": { "description": "Configuration block that sets the ACL permissions for an object per grantee. See below.", "properties": { "grant": { "description": "Set of grant configuration blocks. See below.", "items": { "properties": { "grantee": { "description": "Configuration block for the person being granted permissions. See below.", "properties": { "emailAddress": { "description": "Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.", "type": "string" }, "id": { "description": "ID of the owner.", "type": "string" }, "type": { "description": "Type of grantee. Valid values: CanonicalUser, AmazonCustomerByEmail, Group.", "type": "string" }, "uri": { "description": "URI of the grantee group.", "type": "string" } }, "type": "object", "additionalProperties": false }, "permission": { "description": "Logging permissions assigned to the grantee for the bucket. Valid values: FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP. See What permissions can I grant? for more details about what each permission means in the context of buckets.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "owner": { "description": "Configuration block for the bucket owner's display name and ID. See below.", "properties": { "displayName": { "description": "Display name of the owner.", "type": "string" }, "id": { "description": "ID of the owner.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "acl": { "description": "Specifies the Canned ACL to apply to the bucket. Valid values: private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, bucket-owner-full-control, log-delivery-write. Full details are available on the AWS documentation.", "type": "string" }, "bucket": { "description": "Bucket to which to apply the ACL.", "type": "string" }, "bucketRef": { "description": "Reference to a Bucket in s3 to populate bucket.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "bucketSelector": { "description": "Selector for a Bucket in s3 to populate bucket.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "expectedBucketOwner": { "description": "Account ID of the expected bucket owner.", "type": "string" } }, "type": "object", "additionalProperties": false }, "managementPolicies": { "default": [ "*" ], "description": "THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "items": { "description": "A ManagementAction represents an action that the Crossplane controllers\ncan take on an external resource.", "enum": [ "Observe", "Create", "Update", "Delete", "LateInitialize", "*" ], "type": "string" }, "type": "array" }, "providerConfigRef": { "default": { "name": "default" }, "description": "ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "writeConnectionSecretToRef": { "description": "WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.", "properties": { "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object", "additionalProperties": false } }, "required": [ "forProvider" ], "type": "object", "additionalProperties": false }, "status": { "description": "BucketACLStatus defines the observed state of BucketACL.", "properties": { "atProvider": { "properties": { "accessControlPolicy": { "description": "Configuration block that sets the ACL permissions for an object per grantee. See below.", "properties": { "grant": { "description": "Set of grant configuration blocks. See below.", "items": { "properties": { "grantee": { "description": "Configuration block for the person being granted permissions. See below.", "properties": { "displayName": { "description": "Display name of the owner.", "type": "string" }, "emailAddress": { "description": "Email address of the grantee. See Regions and Endpoints for supported AWS regions where this argument can be specified.", "type": "string" }, "id": { "description": "ID of the owner.", "type": "string" }, "type": { "description": "Type of grantee. Valid values: CanonicalUser, AmazonCustomerByEmail, Group.", "type": "string" }, "uri": { "description": "URI of the grantee group.", "type": "string" } }, "type": "object", "additionalProperties": false }, "permission": { "description": "Logging permissions assigned to the grantee for the bucket. Valid values: FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP. See What permissions can I grant? for more details about what each permission means in the context of buckets.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "owner": { "description": "Configuration block for the bucket owner's display name and ID. See below.", "properties": { "displayName": { "description": "Display name of the owner.", "type": "string" }, "id": { "description": "ID of the owner.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "acl": { "description": "Specifies the Canned ACL to apply to the bucket. Valid values: private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, bucket-owner-full-control, log-delivery-write. Full details are available on the AWS documentation.", "type": "string" }, "bucket": { "description": "Bucket to which to apply the ACL.", "type": "string" }, "expectedBucketOwner": { "description": "Account ID of the expected bucket owner.", "type": "string" }, "id": { "description": "The bucket, expected_bucket_owner (if configured), and acl (if configured) separated by commas (,).", "type": "string" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions of the resource.", "items": { "description": "A Condition that may apply to a resource.", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "format": "date-time", "type": "string" }, "message": { "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the latest metadata.generation\nwhich resulted in either a ready state, or stalled due to error\nit can not recover from without human intervention.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }