{ "description": "ObjectCopy is the Schema for the ObjectCopys API. Provides a resource for copying an S3 object.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ObjectCopySpec defines the desired state of ObjectCopy", "properties": { "deletionPolicy": { "default": "Delete", "description": "DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "enum": [ "Orphan", "Delete" ], "type": "string" }, "forProvider": { "properties": { "acl": { "description": "Canned ACL to apply. Valid values are private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, and bucket-owner-full-control. Conflicts with grant.", "type": "string" }, "bucket": { "description": "Name of the bucket to put the file in.", "type": "string" }, "bucketKeyEnabled": { "type": "boolean" }, "cacheControl": { "description": "Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.", "type": "string" }, "checksumAlgorithm": { "description": "Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the kms:Decrypt action. Valid values: CRC32, CRC32C, CRC64NVME SHA1, SHA256.", "type": "string" }, "contentDisposition": { "description": "Specifies presentational information for the object. Read w3c content_disposition for further information.", "type": "string" }, "contentEncoding": { "description": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.", "type": "string" }, "contentLanguage": { "description": "Language the content is in e.g., en-US or en-GB.", "type": "string" }, "contentType": { "description": "Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.", "type": "string" }, "copyIfMatch": { "description": "Copies the object if its entity tag (ETag) matches the specified tag.", "type": "string" }, "copyIfModifiedSince": { "description": "Copies the object if it has been modified since the specified time, in RFC3339 format.", "type": "string" }, "copyIfNoneMatch": { "description": "Copies the object if its entity tag (ETag) is different than the specified ETag.", "type": "string" }, "copyIfUnmodifiedSince": { "description": "Copies the object if it hasn't been modified since the specified time, in RFC3339 format.", "type": "string" }, "customerAlgorithm": { "description": "Specifies the algorithm to use to when encrypting the object (for example, AES256).", "type": "string" }, "customerKeyMd5": { "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.", "type": "string" }, "customerKeySecretRef": { "description": "Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "expectedBucketOwner": { "description": "Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.", "type": "string" }, "expectedSourceBucketOwner": { "description": "Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.", "type": "string" }, "expires": { "description": "Date and time at which the object is no longer cacheable, in RFC3339 format.", "type": "string" }, "forceDestroy": { "description": "Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.", "type": "boolean" }, "grant": { "description": "Configuration block for header grants. Documented below. Conflicts with acl.", "items": { "properties": { "email": { "description": "Email address of the grantee. Used only when type is AmazonCustomerByEmail.", "type": "string" }, "id": { "description": "Canonical user ID of the grantee. Used only when type is CanonicalUser.", "type": "string" }, "permissions": { "description": "List of permissions to grant to grantee. Valid values are READ, READ_ACP, WRITE_ACP, FULL_CONTROL.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "type": { "description": "- Type of grantee. Valid values are CanonicalUser, Group, and AmazonCustomerByEmail.", "type": "string" }, "uri": { "description": "URI of the grantee group. Used only when type is Group.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "key": { "description": "Name of the object once it is in the bucket.", "type": "string" }, "kmsEncryptionContextSecretRef": { "description": "Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "kmsKeyIdSecretRef": { "description": "Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws_kms_key, use the exported arn attribute: kms_key_id = aws_kms_key.foo.arn", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "metadata": { "additionalProperties": { "type": "string" }, "description": "Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).", "type": "object", "x-kubernetes-map-type": "granular" }, "metadataDirective": { "description": "Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are COPY and REPLACE.", "type": "string" }, "objectLockLegalHoldStatus": { "description": "The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.", "type": "string" }, "objectLockMode": { "description": "Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.", "type": "string" }, "objectLockRetainUntilDate": { "description": "Date and time, in RFC3339 format, when this object's object lock will expire.", "type": "string" }, "overrideProvider": { "properties": { "defaultTags": { "description": "Override the provider default_tags configuration block.", "properties": { "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "requestPayer": { "description": "Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is requester.", "type": "string" }, "serverSideEncryption": { "description": "Specifies server-side encryption of the object in S3. Valid values are AES256 and aws:kms.", "type": "string" }, "source": { "description": "Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (/). For example, testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the format arn:aws:s3:::accesspoint//object/. For example, arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.", "type": "string" }, "sourceCustomerAlgorithm": { "description": "Specifies the algorithm to use when decrypting the source object (for example, AES256).", "type": "string" }, "sourceCustomerKeyMd5": { "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.", "type": "string" }, "sourceCustomerKeySecretRef": { "description": "Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "storageClass": { "description": "Specifies the desired storage class for the object. Defaults to STANDARD.", "type": "string" }, "taggingDirective": { "description": "Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are COPY and REPLACE.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "websiteRedirect": { "description": "Specifies a target URL for website redirect.", "type": "string" } }, "required": [ "region" ], "type": "object", "additionalProperties": false }, "initProvider": { "description": "THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.", "properties": { "acl": { "description": "Canned ACL to apply. Valid values are private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, and bucket-owner-full-control. Conflicts with grant.", "type": "string" }, "bucket": { "description": "Name of the bucket to put the file in.", "type": "string" }, "bucketKeyEnabled": { "type": "boolean" }, "cacheControl": { "description": "Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.", "type": "string" }, "checksumAlgorithm": { "description": "Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the kms:Decrypt action. Valid values: CRC32, CRC32C, CRC64NVME SHA1, SHA256.", "type": "string" }, "contentDisposition": { "description": "Specifies presentational information for the object. Read w3c content_disposition for further information.", "type": "string" }, "contentEncoding": { "description": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.", "type": "string" }, "contentLanguage": { "description": "Language the content is in e.g., en-US or en-GB.", "type": "string" }, "contentType": { "description": "Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.", "type": "string" }, "copyIfMatch": { "description": "Copies the object if its entity tag (ETag) matches the specified tag.", "type": "string" }, "copyIfModifiedSince": { "description": "Copies the object if it has been modified since the specified time, in RFC3339 format.", "type": "string" }, "copyIfNoneMatch": { "description": "Copies the object if its entity tag (ETag) is different than the specified ETag.", "type": "string" }, "copyIfUnmodifiedSince": { "description": "Copies the object if it hasn't been modified since the specified time, in RFC3339 format.", "type": "string" }, "customerAlgorithm": { "description": "Specifies the algorithm to use to when encrypting the object (for example, AES256).", "type": "string" }, "customerKeyMd5": { "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.", "type": "string" }, "customerKeySecretRef": { "description": "Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "expectedBucketOwner": { "description": "Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.", "type": "string" }, "expectedSourceBucketOwner": { "description": "Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.", "type": "string" }, "expires": { "description": "Date and time at which the object is no longer cacheable, in RFC3339 format.", "type": "string" }, "forceDestroy": { "description": "Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.", "type": "boolean" }, "grant": { "description": "Configuration block for header grants. Documented below. Conflicts with acl.", "items": { "properties": { "email": { "description": "Email address of the grantee. Used only when type is AmazonCustomerByEmail.", "type": "string" }, "id": { "description": "Canonical user ID of the grantee. Used only when type is CanonicalUser.", "type": "string" }, "permissions": { "description": "List of permissions to grant to grantee. Valid values are READ, READ_ACP, WRITE_ACP, FULL_CONTROL.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "type": { "description": "- Type of grantee. Valid values are CanonicalUser, Group, and AmazonCustomerByEmail.", "type": "string" }, "uri": { "description": "URI of the grantee group. Used only when type is Group.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "key": { "description": "Name of the object once it is in the bucket.", "type": "string" }, "kmsEncryptionContextSecretRef": { "description": "Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "kmsKeyIdSecretRef": { "description": "Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified ARN of the KMS Key. If using aws_kms_key, use the exported arn attribute: kms_key_id = aws_kms_key.foo.arn", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "metadata": { "additionalProperties": { "type": "string" }, "description": "Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).", "type": "object", "x-kubernetes-map-type": "granular" }, "metadataDirective": { "description": "Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are COPY and REPLACE.", "type": "string" }, "objectLockLegalHoldStatus": { "description": "The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.", "type": "string" }, "objectLockMode": { "description": "Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.", "type": "string" }, "objectLockRetainUntilDate": { "description": "Date and time, in RFC3339 format, when this object's object lock will expire.", "type": "string" }, "overrideProvider": { "properties": { "defaultTags": { "description": "Override the provider default_tags configuration block.", "properties": { "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "requestPayer": { "description": "Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is requester.", "type": "string" }, "serverSideEncryption": { "description": "Specifies server-side encryption of the object in S3. Valid values are AES256 and aws:kms.", "type": "string" }, "source": { "description": "Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (/). For example, testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the format arn:aws:s3:::accesspoint//object/. For example, arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.", "type": "string" }, "sourceCustomerAlgorithm": { "description": "Specifies the algorithm to use when decrypting the source object (for example, AES256).", "type": "string" }, "sourceCustomerKeyMd5": { "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.", "type": "string" }, "sourceCustomerKeySecretRef": { "description": "Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "key", "name", "namespace" ], "type": "object", "additionalProperties": false }, "storageClass": { "description": "Specifies the desired storage class for the object. Defaults to STANDARD.", "type": "string" }, "taggingDirective": { "description": "Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are COPY and REPLACE.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "websiteRedirect": { "description": "Specifies a target URL for website redirect.", "type": "string" } }, "type": "object", "additionalProperties": false }, "managementPolicies": { "default": [ "*" ], "description": "THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "items": { "description": "A ManagementAction represents an action that the Crossplane controllers\ncan take on an external resource.", "enum": [ "Observe", "Create", "Update", "Delete", "LateInitialize", "*" ], "type": "string" }, "type": "array" }, "providerConfigRef": { "default": { "name": "default" }, "description": "ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "writeConnectionSecretToRef": { "description": "WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.", "properties": { "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object", "additionalProperties": false } }, "required": [ "forProvider" ], "type": "object", "x-kubernetes-validations": [ { "message": "spec.forProvider.bucket is a required parameter", "rule": "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.bucket) || (has(self.initProvider) && has(self.initProvider.bucket))" }, { "message": "spec.forProvider.key is a required parameter", "rule": "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.key) || (has(self.initProvider) && has(self.initProvider.key))" }, { "message": "spec.forProvider.source is a required parameter", "rule": "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.source) || (has(self.initProvider) && has(self.initProvider.source))" } ], "additionalProperties": false }, "status": { "description": "ObjectCopyStatus defines the observed state of ObjectCopy.", "properties": { "atProvider": { "properties": { "acl": { "description": "Canned ACL to apply. Valid values are private, public-read, public-read-write, authenticated-read, aws-exec-read, bucket-owner-read, and bucket-owner-full-control. Conflicts with grant.", "type": "string" }, "arn": { "description": "ARN of the object.", "type": "string" }, "bucket": { "description": "Name of the bucket to put the file in.", "type": "string" }, "bucketKeyEnabled": { "type": "boolean" }, "cacheControl": { "description": "Specifies caching behavior along the request/reply chain Read w3c cache_control for further details.", "type": "string" }, "checksumAlgorithm": { "description": "Indicates the algorithm used to create the checksum for the object. If a value is specified and the object is encrypted with KMS, you must have permission to use the kms:Decrypt action. Valid values: CRC32, CRC32C, CRC64NVME SHA1, SHA256.", "type": "string" }, "checksumCrc32": { "description": "The base64-encoded, 32-bit CRC32 checksum of the object.", "type": "string" }, "checksumCrc32C": { "description": "The base64-encoded, 32-bit CRC32C checksum of the object.", "type": "string" }, "checksumCrc64Nvme": { "description": "The base64-encoded, 64-bit CRC64NVME checksum of the object.", "type": "string" }, "checksumSha1": { "description": "The base64-encoded, 160-bit SHA-1 digest of the object.", "type": "string" }, "checksumSha256": { "description": "The base64-encoded, 256-bit SHA-256 digest of the object.", "type": "string" }, "contentDisposition": { "description": "Specifies presentational information for the object. Read w3c content_disposition for further information.", "type": "string" }, "contentEncoding": { "description": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read w3c content encoding for further information.", "type": "string" }, "contentLanguage": { "description": "Language the content is in e.g., en-US or en-GB.", "type": "string" }, "contentType": { "description": "Standard MIME type describing the format of the object data, e.g., application/octet-stream. All Valid MIME Types are valid for this input.", "type": "string" }, "copyIfMatch": { "description": "Copies the object if its entity tag (ETag) matches the specified tag.", "type": "string" }, "copyIfModifiedSince": { "description": "Copies the object if it has been modified since the specified time, in RFC3339 format.", "type": "string" }, "copyIfNoneMatch": { "description": "Copies the object if its entity tag (ETag) is different than the specified ETag.", "type": "string" }, "copyIfUnmodifiedSince": { "description": "Copies the object if it hasn't been modified since the specified time, in RFC3339 format.", "type": "string" }, "customerAlgorithm": { "description": "Specifies the algorithm to use to when encrypting the object (for example, AES256).", "type": "string" }, "customerKeyMd5": { "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.", "type": "string" }, "etag": { "description": "ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on Common Response Headers.", "type": "string" }, "expectedBucketOwner": { "description": "Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.", "type": "string" }, "expectedSourceBucketOwner": { "description": "Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.", "type": "string" }, "expiration": { "description": "If the object expiration is configured, this attribute will be set.", "type": "string" }, "expires": { "description": "Date and time at which the object is no longer cacheable, in RFC3339 format.", "type": "string" }, "forceDestroy": { "description": "Allow the object to be deleted by removing any legal hold on any object version. Default is false. This value should be set to true only if the bucket has S3 object lock enabled.", "type": "boolean" }, "grant": { "description": "Configuration block for header grants. Documented below. Conflicts with acl.", "items": { "properties": { "email": { "description": "Email address of the grantee. Used only when type is AmazonCustomerByEmail.", "type": "string" }, "id": { "description": "Canonical user ID of the grantee. Used only when type is CanonicalUser.", "type": "string" }, "permissions": { "description": "List of permissions to grant to grantee. Valid values are READ, READ_ACP, WRITE_ACP, FULL_CONTROL.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "type": { "description": "- Type of grantee. Valid values are CanonicalUser, Group, and AmazonCustomerByEmail.", "type": "string" }, "uri": { "description": "URI of the grantee group. Used only when type is Group.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "id": { "description": "Canonical user ID of the grantee. Used only when type is CanonicalUser.", "type": "string" }, "key": { "description": "Name of the object once it is in the bucket.", "type": "string" }, "lastModified": { "description": "Returns the date that the object was last modified, in RFC3339 format.", "type": "string" }, "metadata": { "additionalProperties": { "type": "string" }, "description": "Map of keys/values to provision metadata (will be automatically prefixed by x-amz-meta-, note that only lowercase label are currently supported by the AWS Go API).", "type": "object", "x-kubernetes-map-type": "granular" }, "metadataDirective": { "description": "Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are COPY and REPLACE.", "type": "string" }, "objectLockLegalHoldStatus": { "description": "The legal hold status that you want to apply to the specified object. Valid values are ON and OFF.", "type": "string" }, "objectLockMode": { "description": "Object lock retention mode that you want to apply to this object. Valid values are GOVERNANCE and COMPLIANCE.", "type": "string" }, "objectLockRetainUntilDate": { "description": "Date and time, in RFC3339 format, when this object's object lock will expire.", "type": "string" }, "overrideProvider": { "properties": { "defaultTags": { "description": "Override the provider default_tags configuration block.", "properties": { "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "requestCharged": { "description": "If present, indicates that the requester was successfully charged for the request.", "type": "boolean" }, "requestPayer": { "description": "Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is requester.", "type": "string" }, "serverSideEncryption": { "description": "Specifies server-side encryption of the object in S3. Valid values are AES256 and aws:kms.", "type": "string" }, "source": { "description": "Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (/). For example, testbucket/test1.json. For objects accessed through access points, specify the ARN of the object as accessed through the access point, in the format arn:aws:s3:::accesspoint//object/. For example, arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json.", "type": "string" }, "sourceCustomerAlgorithm": { "description": "Specifies the algorithm to use when decrypting the source object (for example, AES256).", "type": "string" }, "sourceCustomerKeyMd5": { "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.", "type": "string" }, "sourceVersionId": { "description": "Version of the copied object in the source bucket.", "type": "string" }, "storageClass": { "description": "Specifies the desired storage class for the object. Defaults to STANDARD.", "type": "string" }, "taggingDirective": { "description": "Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are COPY and REPLACE.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "versionId": { "description": "Version ID of the newly created copy.", "type": "string" }, "websiteRedirect": { "description": "Specifies a target URL for website redirect.", "type": "string" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions of the resource.", "items": { "description": "A Condition that may apply to a resource.", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "format": "date-time", "type": "string" }, "message": { "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the latest metadata.generation\nwhich resulted in either a ready state, or stalled due to error\nit can not recover from without human intervention.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }