{ "type": "object", "description": "TwingateResourceAccess represents a resource access policy in Twingate. It allows to configure an access between a Resource and a Principal which is either a Group or a ServiceAccount.", "required": [ "spec" ], "properties": { "spec": { "type": "object", "description": "TwingateResourceAccessSpec defines the desired state of TwingateResourceAccess", "oneOf": [ { "required": [ "resourceRef", "principalId" ] }, { "required": [ "resourceRef", "principalExternalRef" ] }, { "required": [ "resourceRef", "groupRef" ] } ], "properties": { "principalId": { "type": "string", "pattern": "^[-A-Za-z0-9+/]*={0,3}$", "description": "principalId is the ID of the principal (Group/ServiceAccount) to provide access to the resource.", "x-kubernetes-validations": [ { "rule": "self == oldSelf", "message": "principalId is immutable" } ] }, "groupRef": { "type": "object", "description": "groupRef specifies the TwingateGroup kubernetes object reference to provide access to.", "x-kubernetes-validations": [ { "rule": "self == oldSelf", "message": "groupRef is immutable." } ], "properties": { "name": { "type": "string", "description": "Name of the TwingateGroup object." }, "namespace": { "type": "string", "default": "default", "description": "Namespace of TwingateGroup object." } }, "additionalProperties": false }, "principalExternalRef": { "type": "object", "required": [ "type", "name" ], "description": "principalExternalRef allows referencing a Principal (Group/ServiceAccount) by name.", "properties": { "type": { "type": "string", "description": "Type of the external reference.", "enum": [ "group", "serviceAccount" ], "x-kubernetes-validations": [ { "rule": "self == oldSelf", "message": "principalExternalRef.type is immutable" } ] }, "name": { "type": "string", "description": "Name of the external reference to match. (Note: name uniqueness is not enforce, if 2 entities match the same name, the first will be used)", "x-kubernetes-validations": [ { "rule": "self == oldSelf", "message": "principalExternalRef.name is immutable" } ] } }, "additionalProperties": false }, "securityPolicyId": { "type": "string", "nullable": true, "pattern": "^[-A-Za-z0-9+/]*={0,3}$" }, "resourceRef": { "type": "object", "description": "resourceRef specifies the TwingateResource reference to provide access to.", "x-kubernetes-validations": [ { "rule": "self == oldSelf", "message": "resourceRef is immutable." } ], "properties": { "name": { "type": "string", "description": "Name of the resource." }, "namespace": { "type": "string", "nullable": true, "description": "Namespace of the resource." } }, "additionalProperties": false } }, "additionalProperties": false }, "status": { "type": "object", "x-kubernetes-preserve-unknown-fields": true } } }